diff --git a/.gitignore b/.gitignore
index a0e2c0d368..b674ff367c 100644
--- a/.gitignore
+++ b/.gitignore
@@ -6,7 +6,11 @@ _site/
 Tools/NuGet/
 .optemp/
 
+
 .openpublishing.build.mdproj
 .openpublishing.buildcore.ps1
 packages.config
-*.zip
\ No newline at end of file
+windows/keep-secure/index.md
+
+# User-specific files  
+.vs/
\ No newline at end of file
diff --git a/.localization-config b/.localization-config
deleted file mode 100644
index c24369eb99..0000000000
--- a/.localization-config
+++ /dev/null
@@ -1,8 +0,0 @@
-{
-  "locales": [ "zh-cn" ],
-  "files": ["!/*.md", "**/**/*.md", "**/*.md"],
-  "includeDependencies": true,
-  "autoPush": true,
-  "xliffVersion": "2.0",
-  "useJavascriptMarkdownTransformer": true
-}
diff --git a/.openpublishing.publish.config.json b/.openpublishing.publish.config.json
index 469c22cfdc..e06f28392e 100644
--- a/.openpublishing.publish.config.json
+++ b/.openpublishing.publish.config.json
@@ -1,78 +1,108 @@
 {
-    "build_entry_point": "",
-    "git_repository_url_open_to_public_contributors": "",
-    "docsets_to_publish": [
-        {
-            "docset_name": "microsoft-edge",
-            "build_output_subfolder": "browsers/edge",
-            "locale": "en-us",
-            "version": 0,
-            "open_to_public_contributors": "false",
-            "type_mapping": {
-                "Conceptual": "Content"
-            }
-        },
-        {
-            "docset_name": "internet-explorer",
-            "build_output_subfolder": "browsers/internet-explorer",
-            "locale": "en-us",
-            "version": 0,
-            "open_to_public_contributors": "false",
-            "type_mapping": {
-                "Conceptual": "Content"
-            }
-        },
-        {
-            "docset_name": "windows",
-            "build_output_subfolder": "windows",
-            "locale": "en-us",
-            "version": 0,
-            "open_to_public_contributors": "false",
-            "type_mapping": {
-                "Conceptual": "Content"
-            }
-        },
-        {
-            "docset_name": "surface",
-            "build_output_subfolder": "devices/surface",
-            "locale": "en-us",
-            "version": 0,
-            "open_to_public_contributors": "false",
-            "type_mapping": {
-                "Conceptual": "Content"
-            }
-        },
-        {
-            "docset_name": "surface-hub",
-            "build_output_subfolder": "devices/surface-hub",
-            "locale": "en-us",
-            "version": 0,
-            "open_to_public_contributors": "false",
-            "type_mapping": {
-                "Conceptual": "Content"
-            }
-        },
-	    {
-            "docset_name": "mdop",
-            "build_output_subfolder": "mdop",
-            "locale": "en-us",
-            "version": 0,
-            "open_to_public_contributors": "false",
-            "type_mapping": {
-                "Conceptual": "Content"
-            }
-        },
-        {
-            "docset_name": "education",
-            "build_output_subfolder": "education",
-            "locale": "en-us",
-            "version": 0,
-            "open_to_public_contributors": "false",
-            "type_mapping": {
-                "Conceptual": "Content"
-            }
-        }
-    ],
-    "notification_subscribers": ["brianlic@microsoft.com"],
-    "branches_to_filter": [""]
-}
+  "build_entry_point": "",
+  "need_generate_pdf": false,
+  "need_generate_intellisense": false,
+  "docsets_to_publish": [
+    {
+      "docset_name": "education",
+      "build_source_folder": "education",
+      "build_output_subfolder": "education",
+      "locale": "en-us",
+      "version": 0,
+      "open_to_public_contributors": true,
+      "type_mapping": {
+        "Conceptual": "Content"
+      }
+    },
+    {
+      "docset_name": "internet-explorer",
+      "build_source_folder": "browsers/internet-explorer",
+      "build_output_subfolder": "browsers/internet-explorer",
+      "locale": "en-us",
+      "version": 0,
+      "open_to_public_contributors": true,
+      "type_mapping": {
+        "Conceptual": "Content"
+      }
+    },
+    {
+      "docset_name": "itpro-hololens",
+      "build_source_folder": "devices/hololens",
+      "build_output_subfolder": "devices/hololens",
+      "locale": "en-us",
+      "version": 0,
+      "open_to_public_contributors": false,
+      "type_mapping": {
+        "Conceptual": "Content",
+        "ManagedReference": "Content",
+        "RestApi": "Content"
+      },
+      "build_entry_point": "op"
+    },
+    {
+      "docset_name": "mdop",
+      "build_source_folder": "mdop",
+      "build_output_subfolder": "mdop",
+      "locale": "en-us",
+      "version": 0,
+      "open_to_public_contributors": true,
+      "type_mapping": {
+        "Conceptual": "Content"
+      }
+    },
+    {
+      "docset_name": "microsoft-edge",
+      "build_source_folder": "browsers/edge",
+      "build_output_subfolder": "browsers/edge",
+      "locale": "en-us",
+      "version": 0,
+      "open_to_public_contributors": true,
+      "type_mapping": {
+        "Conceptual": "Content"
+      }
+    },
+    {
+      "docset_name": "surface",
+      "build_source_folder": "devices/surface",
+      "build_output_subfolder": "devices/surface",
+      "locale": "en-us",
+      "version": 0,
+      "open_to_public_contributors": true,
+      "type_mapping": {
+        "Conceptual": "Content"
+      }
+    },
+    {
+      "docset_name": "surface-hub",
+      "build_source_folder": "devices/surface-hub",
+      "build_output_subfolder": "devices/surface-hub",
+      "locale": "en-us",
+      "version": 0,
+      "open_to_public_contributors": true,
+      "type_mapping": {
+        "Conceptual": "Content"
+      }
+    },
+    {
+      "docset_name": "windows",
+      "build_source_folder": "windows",
+      "build_output_subfolder": "windows",
+      "locale": "en-us",
+      "version": 0,
+      "open_to_public_contributors": true,
+      "type_mapping": {
+        "Conceptual": "Content"
+      }
+    }
+  ],
+  "notification_subscribers": [
+    "brianlic@microsoft.com"
+  ],
+  "branches_to_filter": [
+    ""
+  ],
+  "git_repository_url_open_to_public_contributors": "https://github.com/Microsoft/windows-itpro-docs",
+  "git_repository_branch_open_to_public_contributors": "master",
+  "skip_source_output_uploading": false,
+  "dependent_repositories": []
+}
\ No newline at end of file
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
new file mode 100644
index 0000000000..fb6c3024d1
--- /dev/null
+++ b/CONTRIBUTING.md
@@ -0,0 +1,92 @@
+# Contributing to Windows IT professional documentation
+
+Thank you for your interest in the Windows IT professional documentation! We appreciate your feedback, edits, and additions to our docs.
+This page covers the basic steps for contributing to our technical documentation.
+
+## Sign a CLA
+
+All contributors who are ***not*** a Microsoft employee must [sign a Microsoft Contribution Licensing Agreement (CLA)](https://cla.microsoft.com/) before contributing to any Microsoft repositories. 
+If you've already contributed to Microsoft repositories in the past, congratulations! 
+You've already completed this step.
+
+## Editing topics
+
+We've tried to make editing an existing, public file as simple as possible.
+
+>**Note**<br>
+>At this time, only the English (en-us) content is available for editing.
+
+**To edit a topic**
+
+1.	Go to the page on TechNet that you want to update, and then click **Contribute**.
+
+       ![GitHub Web, showing the Contribute link](images/contribute-link.png)
+
+2. Log into (or sign up for) a GitHub account.
+    
+    You must have a GitHub account to get to the page that lets you edit a topic.
+
+3. Click the **Pencil** icon (in the red box) to edit the content.
+
+       ![GitHub Web, showing the Pencil icon in the red box](images/pencil-icon.png)
+
+4.	Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see:
+    - **If you're linked to the Microsoft organization in GitHub:** [Windows Open Publishing Guide Home](http://aka.ms/windows-op-guide)
+    
+    - **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) 
+
+5.	Make your suggested change, and then click **Preview Changes** to make sure it looks correct.
+
+       ![GitHub Web, showing the Preview Changes tab](images/preview-changes.png)
+
+6. When you’re done editing the topic, scroll to the bottom of the page, and then click **Propose file change** to create a fork in your personal GitHub account.
+
+    ![GitHub Web, showing the Propose file change button](images/propose-file-change.png)
+
+    The **Comparing changes** screen appears to see what the changes are between your fork and the original content.
+
+7.	On the **Comparing changes** screen, you’ll see if there are any problems with the file you’re checking in.
+
+    If there are no problems, you’ll see the message, **Able to merge**.
+
+    ![GitHub Web, showing the Comparing changes screen](images/compare-changes.png)
+
+8.	Click **Create pull request**.
+
+9.	Enter a title and description to give the approver the appropriate context about what’s in the request.
+
+10.	Scroll to the bottom of the page, making sure that only your changed files are in this pull request. Otherwise, you could overwrite changes from other people.
+
+11.	Click **Create pull request** again to actually submit the pull request.
+
+    The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to one of the following places:
+
+    - [Windows 10](https://technet.microsoft.com/itpro/windows)
+    - [Internet Explorer 11](https://technet.microsoft.com/itpro/internet-explorer)
+    - [Microsoft Edge](https://technet.microsoft.com/itpro/microsoft-edge)
+    - [Surface](https://technet.microsoft.com/itpro/surface)
+    - [Surface Hub](https://technet.microsoft.com/itpro/surface-hub)
+    - [Windows 10 for Education](https://technet.microsoft.com/edu/windows)
+    - [Microsoft Desktop Optimization Pack](https://technet.microsoft.com/itpro/mdop) 
+
+## Making more substantial changes
+
+To make substantial changes to an existing article, add or change images, or contribute a new article, you will need to create a local clone of the content. 
+For info about creating a fork or clone, see the GitHub help topic, [Fork a Repo](https://help.github.com/articles/fork-a-repo/).
+
+Fork the official repo into your personal GitHub account, and then clone the fork down to your local device.  Work locally, then push your changes back into your fork.  Then open a pull request back to the master branch of the official repo.
+
+## Using issues to provide feedback on documentation
+
+If you just want to provide feedback rather than directly modifying actual documentation pages, you can create an issue in the repository.
+
+At the top of a topic page you'll see an **Issues** tab. Click the tab and then click the **New issue** button. 
+
+Be sure to include the topic title and the URL for the page you're submitting the issue for, if that page is different from the page you launched the **New issue** dialog from.  
+
+## Resources
+
+You can use your favorite text editor to edit Markdown.  We recommend [Visual Studio Code](https://code.visualstudio.com/), a free lightweight open source editor from Microsoft.
+
+You can learn the basics of Markdown in just a few minutes.  To get started, check out [Mastering Markdown](https://guides.github.com/features/mastering-markdown/).
+
diff --git a/README.md b/README.md
index f5b28b423b..fa13a55593 100644
--- a/README.md
+++ b/README.md
@@ -1,6 +1,20 @@
-# win-cpub-itpro-docs
-This repo hosts the WDG ITPro content that is published to TechNet.
+# Windows IT professional documentation
+
+Welcome! This repository houses the docs that are written for IT professionals for the following products:
+
+- [Windows 10](https://technet.microsoft.com/itpro/windows)
+- [Internet Explorer 11](https://technet.microsoft.com/itpro/internet-explorer)
+- [Microsoft Edge](https://technet.microsoft.com/itpro/microsoft-edge)
+- [Surface](https://technet.microsoft.com/itpro/surface)
+- [Surface Hub](https://technet.microsoft.com/itpro/surface-hub)
+- [Windows 10 for Education](https://technet.microsoft.com/edu/windows)
+- [Microsoft Desktop Optimization Pack](https://technet.microsoft.com/itpro/mdop) 
+
+## Contributing
+
+We actively merge contributions into this repository via [pull request](https://help.github.com/articles/using-pull-requests/) into the *master* branch. 
+If you are not a Microsoft employee, before you submit a pull request you must [sign a Contribution License Agreement](https://cla.microsoft.com/) to ensure that the community is free to use your submissions.
+For more information on contributing, read our [contributions guide](CONTRIBUTING.md).
+
 
 This project has adopted the [Microsoft Open Source Code of Conduct](https://opensource.microsoft.com/codeofconduct/). For more information, see the [Code of Conduct FAQ](https://opensource.microsoft.com/codeofconduct/faq/) or contact [opencode@microsoft.com](mailto:opencode@microsoft.com) with any additional questions or comments.
-
-English Handoff Folder Structure Demo!
diff --git a/browsers/edge/Index.md b/browsers/edge/Index.md
index ab4caaef1d..29090e5faa 100644
--- a/browsers/edge/Index.md
+++ b/browsers/edge/Index.md
@@ -6,15 +6,17 @@ ms.prod: edge
 ms.mktglfcycl: general
 ms.sitesec: library
 title: Microsoft Edge - Deployment Guide for IT Pros (Microsoft Edge for IT Pros)
+localizationpriority: high
 ---
 
 # Microsoft Edge - Deployment Guide for IT Pros
 
 **Applies to:**
 
--   Windows 10
--   Windows 10 Mobile
+- Windows 10
+- Windows 10 Mobile
 
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
 
 Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge also introduces new features like Web Note, Reading View, and Cortana that you can use along with your normal web browsing abilities.
 
@@ -26,6 +28,7 @@ Microsoft Edge lets you stay up-to-date through the Windows Store and to manage
 | Topic                  | Description                         |
 | -----------------------| ----------------------------------- |
 |[Change history for Microsoft Edge](change-history-for-microsoft-edge.md) |Lists new and updated topics in the Microsoft Edge documentation for both Windows 10 and Windows 10 Mobile. |
+|[Enterprise guidance about using Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) |Guidance about how to use both Microsoft Edge and Internet Explorer 11 in your enterprise.|
 | [Microsoft Edge requirements and language support](hardware-and-software-requirements.md) | Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list.|
 | [Available policies for Microsoft Edge](available-policies.md)  | Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. <p>Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain. |
 | [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md) | If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11. <p>Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11. |
@@ -47,11 +50,11 @@ However, if you're running web apps that continue to use:
 
 * legacy document modes
 
-You'll need to keep running them using IE11. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](http://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can also use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. For info about Enterprise Mode and Edge, see [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md).
+You'll need to keep running them using IE11. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can also use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. For info about Enterprise Mode and Edge, see [Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md).
 
 ## Related topics
 
-- [Download Internet Explorer 11](http://go.microsoft.com/fwlink/p/?linkid=290956)
-- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760644)
-- [Internet Explorer 11 - FAQ for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760645)
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](http://go.microsoft.com/fwlink/p/?LinkId=760646)
+- [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=290956)
+- [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760644)
+- [Internet Explorer 11 - FAQ for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760645)
+- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](https://go.microsoft.com/fwlink/p/?LinkId=760646)
diff --git a/browsers/edge/TOC.md b/browsers/edge/TOC.md
index df9d4246da..fb5ad0c6f2 100644
--- a/browsers/edge/TOC.md
+++ b/browsers/edge/TOC.md
@@ -1,5 +1,6 @@
 #[Microsoft Edge - Deployment Guide for IT Pros](index.md)
 ##[Change history for Microsoft Edge](change-history-for-microsoft-edge.md)
+##[Enterprise guidance about using Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md)
 ##[Microsoft Edge requirements and language support](hardware-and-software-requirements.md)
 ##[Available policies for Microsoft Edge](available-policies.md)
 ##[Use Enterprise Mode to improve compatibility](emie-to-improve-compatibility.md)
diff --git a/browsers/edge/available-policies.md b/browsers/edge/available-policies.md
index c56c47624b..c7e1e2fcd2 100644
--- a/browsers/edge/available-policies.md
+++ b/browsers/edge/available-policies.md
@@ -6,21 +6,20 @@ ms.prod: edge
 ms.mktglfcycl: explore
 ms.sitesec: library
 title: Available policies for Microsoft Edge (Microsoft Edge for IT Pros)
+localizationpriority: high
 ---
 
 # Available policies for Microsoft Edge
 
 **Applies to:**
 
--   Windows 10 Insider Preview
--   Windows 10 Mobile
-
-<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
+- Windows 10
+- Windows 10 Mobile
 
 Microsoft Edge works with Group Policy and Microsoft Intune to help you manage your organization's computer settings. Group Policy objects (GPO's) can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences.
 
 By using Group Policy and Intune, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.
-<p>**Note**<br>For more info about Group Policy, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](http://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](http://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](http://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows Powershell](http://go.microsoft.com/fwlink/p/?LinkId=617924).
+<p>**Note**<br>For more info about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy. For more info about the tools you can use to change your Group Policy objects, see the Internet Explorer 11 topics, [Group Policy and the Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=617921), [Group Policy and the Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=617922), [Group Policy and the Advanced Group Policy Management (AGPM)](https://go.microsoft.com/fwlink/p/?LinkId=617923), and [Group Policy and Windows Powershell](https://go.microsoft.com/fwlink/p/?LinkId=617924).
 
 ## Group Policy settings
 Microsoft Edge works with these Group Policy settings (`Computer Configuration\Administrative Templates\Windows Components\Microsoft Edge\`) to help you manage your company's web browser configurations:
@@ -49,7 +48,7 @@ Microsoft Edge works with these Group Policy settings (`Computer Configuration\A
 |Show message when opening sites in Internet Explorer |Windows 10 Insider Preview |This policy setting lets you decide whether employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>If you enable this setting, employees see an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>If you disable or don’t configure this setting, the default app behavior occurs and no additional page appears. |**Enabled:** Shows an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11.<p>**Disabled or not configured (default):** Doesn’t show an additional page in Microsoft Edge, stating that a site has been opened using Internet Explorer 11. |
 
 ##  Using Microsoft Intune to manage your Mobile Data Management (MDM) settings for Microsoft Edge
-If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( http://go.microsoft.com/fwlink/p/?LinkId=722885) page.
+If you manage your policies using Intune, you'll want to use these MDM policy settings. You can see the full list of available policies, on the [Policy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=722885) page.
 
 <p>**Note**<br>The **Supports** column uses these options:
 
@@ -103,8 +102,8 @@ These are additional Windows 10-specific MDM policy settings that work with Mic
 |AllowSyncMySettings |Desktop |<ul><li>**URI full path.** ./Vendor/MSFT/Policy/Config/Experience/AllowSyncMySettings</li><li>**Data type.** Integer</li><li>**Allowed values:**<ul><li>**0.** Employees can’t sync settings between PCs.</li><li>**1 (default).** Employees can sync between PCs.</li></ul></li></ul> |
 
 ## Related topics
-* [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514)
-* [Mobile Data Management (MDM) settings]( http://go.microsoft.com/fwlink/p/?LinkId=722885)
+* [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514)
+* [Mobile Data Management (MDM) settings]( https://go.microsoft.com/fwlink/p/?LinkId=722885)
  
 
  
diff --git a/browsers/edge/change-history-for-microsoft-edge.md b/browsers/edge/change-history-for-microsoft-edge.md
index f10af1201c..61e8ba0de9 100644
--- a/browsers/edge/change-history-for-microsoft-edge.md
+++ b/browsers/edge/change-history-for-microsoft-edge.md
@@ -9,7 +9,19 @@ ms.sitesec: library
 # Change history for Microsoft Edge
 This topic lists new and updated topics in the Microsoft Edge documentation for both Windows 10 and Windows 10 Mobile.
 
-For a detailed feature list of what's in the current Microsoft Edge releases, the Windows Insider Preview builds, and what was introduced in previous releases, see the [Microsoft Edge changelog](https://developer.microsoft.com/en-us/microsoft-edge/platform/changelog/).
+For a detailed feature list of what's in the current Microsoft Edge releases, the Windows Insider Preview builds, and what was introduced in previous releases, see the [Microsoft Edge changelog](https://developer.microsoft.com/microsoft-edge/platform/changelog/).
+
+## July 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Microsoft Edge requirements and language support](hardware-and-software-requirements.md)| Updated to include a note about the Long Term Servicing Branch (LTSB). |
+
+## July 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Enterprise guidance about using Microsoft Edge and Internet Explorer 11](enterprise-guidance-using-microsoft-edge-and-ie11.md) | Content moved from What's New section. |
+|[Available policies for Microsoft Edge](available-policies.md) |Updated |
+
 
 ## June 2016
 |New or changed topic | Description |
diff --git a/browsers/edge/emie-to-improve-compatibility.md b/browsers/edge/emie-to-improve-compatibility.md
index adb462310e..4d6bfce510 100644
--- a/browsers/edge/emie-to-improve-compatibility.md
+++ b/browsers/edge/emie-to-improve-compatibility.md
@@ -7,18 +7,19 @@ ms.mktglfcycl: support
 ms.sitesec: library
 ms.pagetype: appcompat
 title: Use Enterprise Mode to improve compatibility (Microsoft Edge for IT Pros)
+localizationpriority: high
 ---
 
 # Use Enterprise Mode to improve compatibility
 
 **Applies to:**
 
--   Windows 10
+- Windows 10
 
 If you have specific web sites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the web sites will automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work properly with Microsoft Edge, you can set all intranet sites to automatically open using IE11.
 
 Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
-<p>**Note**<br>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( http://go.microsoft.com/fwlink/p/?LinkId=620714).
+<p>**Note**<br>If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714).
 
 ## Fix specific websites
 
@@ -26,7 +27,7 @@ Microsoft Edge doesn't support ActiveX controls, Browser Helper Objects, VBScrip
 
 ![](images/wedge.gif) **To add sites to your list**
 
-1.  In the Enterprise Mode Site List Manager, click **Add**.<p>If you already have an existing site list, you can import it into the tool. After it's in the tool, the xml updates the list, checking **Open in IE** for each site. For info about importing the site list, see [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](http://go.microsoft.com/fwlink/p/?LinkId=618322).<p>![Enterprise Mode Site List Manager with Open in IE box](images/emie_open_in_ie.png)
+1.  In the Enterprise Mode Site List Manager, click **Add**.<p>If you already have an existing site list, you can import it into the tool. After it's in the tool, the xml updates the list, checking **Open in IE** for each site. For info about importing the site list, see [Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](https://go.microsoft.com/fwlink/p/?LinkId=618322).<p>![Enterprise Mode Site List Manager with Open in IE box](images/emie_open_in_ie.png)
 
 2.  Type or paste the URL for the website that’s experiencing compatibility problems, like *&lt;domain&gt;*.com or *&lt;domain&gt;*.com/*&lt;path&gt;* into the **URL** box. <p>You don’t need to include the `http://` or `https://` designation. The tool will automatically try both versions during validation.
 
@@ -36,11 +37,11 @@ Microsoft Edge doesn't support ActiveX controls, Browser Helper Objects, VBScrip
 
 5.  Click **Save** to validate your website and to add it to the site list for your enterprise.<p>If your site passes validation, it’s added to the global compatibility list. If the site doesn’t pass validation, you’ll get an error message explaining the problem. You’ll then be able to either cancel the site or ignore the validation problem and add it to your list anyway.
 
-6.  On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p>You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your Group Policy setting. For more info, see [Turn on Enterprise Mode and use a site list](http://go.microsoft.com/fwlink/p/?LinkId=618952).
+6.  On the **File** menu, go to where you want to save the file, and then click **Save to XML**.<p>You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your Group Policy setting. For more info, see [Turn on Enterprise Mode and use a site list](https://go.microsoft.com/fwlink/p/?LinkId=618952).
 
 ### Set up Microsoft Edge to use the Enterprise Mode site list
 
-You must turn on the **Use Enterprise Mode Site List** Group Policy setting before Microsoft Edge can use the Enterprise Mode site list. This Group Policy applies to both Microsoft Edge and IE11, letting Microsoft Edge switch to IE11 as needed, based on the Enterprise Mode site list. For more info about IE11 and Enterprise Mode, see [Enterprise Mode for Internet Explorer 11 (IE11)](http://go.microsoft.com/fwlink/p/?linkid=618377).
+You must turn on the **Use Enterprise Mode Site List** Group Policy setting before Microsoft Edge can use the Enterprise Mode site list. This Group Policy applies to both Microsoft Edge and IE11, letting Microsoft Edge switch to IE11 as needed, based on the Enterprise Mode site list. For more info about IE11 and Enterprise Mode, see [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377).
 
 ![](images/wedge.gif) **To turn on Enterprise Mode using Group Policy**
 
@@ -69,7 +70,7 @@ You must turn on the **Use Enterprise Mode Site List** Group Policy setting befo
 ## Fix your intranet sites
 
 You can add the **Send all intranet traffic over to Internet Explorer** Group Policy setting for Windows 10 so that all of your intranet sites open in IE11. This means that even if your employees are using Microsoft Edge, they will automatically switch to IE11 while viewing the intranet.
-<p>**Note**<br>If you want to use Group Policy to set IE as the default browser for Internet sites, you can find the info here, [Set the default browser using Group Policy]( http://go.microsoft.com/fwlink/p/?LinkId=620714).
+<p>**Note**<br>If you want to use Group Policy to set IE as the default browser for Internet sites, you can find the info here, [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714).
 
 ![](images/wedge.gif) **To turn on Sends all intranet traffic over to Internet Explorer using Group Policy**
 
@@ -80,11 +81,11 @@ You can add the **Send all intranet traffic over to Internet Explorer** Group Po
 3.  Refresh your policy in your organization and then view the affected sites in Microsoft Edge.<p>The site shows a message in Microsoft Edge, saying that the page needs IE. At the same time, the page opens in IE11; in a new frame if it's not yet running, or in a new tab if it is.
 
 ## Related topics
-* [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](http://go.microsoft.com/fwlink/p/?LinkID=624035)
-* [Enterprise Mode Site List Manager for Windows 7 and Windows 8.1 download](http://go.microsoft.com/fwlink/p/?LinkId=394378)
-* [Enterprise Mode Site List Manager for Windows 10 download](http://go.microsoft.com/fwlink/?LinkId=746562)
-* [Enterprise Mode for Internet Explorer 11 (IE11)](http://go.microsoft.com/fwlink/p/?linkid=618377)
-* [Set the default browser using Group Policy]( http://go.microsoft.com/fwlink/p/?LinkId=620714)
+* [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035)
+* [Enterprise Mode Site List Manager for Windows 7 and Windows 8.1 download](https://go.microsoft.com/fwlink/p/?LinkId=394378)
+* [Enterprise Mode Site List Manager for Windows 10 download](https://go.microsoft.com/fwlink/?LinkId=746562)
+* [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377)
+* [Set the default browser using Group Policy]( https://go.microsoft.com/fwlink/p/?LinkId=620714)
  
 
  
diff --git a/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
new file mode 100644
index 0000000000..a3dcf46f40
--- /dev/null
+++ b/browsers/edge/enterprise-guidance-using-microsoft-edge-and-ie11.md
@@ -0,0 +1,52 @@
+---
+title: Microsoft Edge and Internet Explorer 11 (Microsoft Edge for IT Pros)
+description: Enterprise guidance for using Microsoft Edge and Internet Explorer 11.
+ms.assetid: 3c5bc4c4-1060-499e-9905-2504ea6dc6aa
+author: eross-msft
+ms.prod: edge
+ms.mktglfcycl: support
+ms.sitesec: library
+ms.pagetype: appcompat
+localizationpriority: high
+---
+
+# Browser: Microsoft Edge and Internet Explorer 11
+**Microsoft Edge content applies to:**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+**Internet Explorer 11 content applies to:**
+
+-   Windows 10
+
+## Enterprise guidance
+Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956).
+
+We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10.
+
+### Microsoft Edge
+Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.
+
+-   **Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on webpages.
+-   **Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout that's optimized for your screen size. While in reading view, you can also save webpages or PDF files to your reading list, for later viewing.
+-   **Cortana.** Cortana is automatically enabled on Microsoft Edge. Microsoft Edge lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
+-   **Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
+
+### IE11
+IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.
+
+-   **Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
+-   **Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps.
+-   **More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
+-   **Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
+-   **Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
+-   **Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment, and includes more than 1,600 Group Policies and preferences for granular control.
+
+## Related topics
+- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/en-us/browser/mt612809.aspx)
+- [Download Internet Explorer 11](http://windows.microsoft.com/en-US/internet-explorer/download-ie)
+- [Microsoft Edge - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/microsoft-edge/index)
+- [Internet Explorer 11 - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/index)
+- [IEAK 11 - Internet Explorer Administration Kit 11 Users Guide](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-ieak/index)
+- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
diff --git a/browsers/edge/hardware-and-software-requirements.md b/browsers/edge/hardware-and-software-requirements.md
index e7467694cc..d423c37bd4 100644
--- a/browsers/edge/hardware-and-software-requirements.md
+++ b/browsers/edge/hardware-and-software-requirements.md
@@ -7,18 +7,21 @@ ms.mktglfcycl: support
 ms.sitesec: library
 ms.pagetype: appcompat
 title: Microsoft Edge requirements and language support (Microsoft Edge for IT Pros)
+localizationpriority: high
 ---
 
 # Microsoft Edge requirements and language support
 
 **Applies to:**
 
--   Windows 10
--   Windows 10 Mobile
+- Windows 10
+- Windows 10 Mobile
 
 
 Microsoft Edge is pre-installed on all Windows 10-capable devices that meet the minimum system requirements and are on the supported language list.
 
+>**Note**<br>The Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, don't include Microsoft Edge or many other Universal Windows Platform (UWP) apps. These apps and their services are frequently updated with new functionality, and can't be supported on systems running the LTSB operating systems. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11.
+
 ## Minimum system requirements
 Some of the components in this table might also need additional system resources. Check the component's documentation for more information.
 
@@ -26,7 +29,7 @@ Some of the components in this table might also need additional system resources
 | Item               | Minimum requirements          |
 | ------------------ | -------------------------------------------- |
 | Computer/processor | 1 gigahertz (GHz) or faster (32-bit (x86) or 64-bit (x64)) |
-| Operating system   | <ul><li>Windows 10 (32-bit or 64-bit)</li><li>Windows 10 Mobile</li></ul><p>**Note**<br> For specific Windows 10 Mobile requirements, see the [Minimum hardware requirements for Windows 10 Mobile](http://go.microsoft.com/fwlink/p/?LinkID=699266) topic. |
+| Operating system   | <ul><li>Windows 10 (32-bit or 64-bit)</li><li>Windows 10 Mobile</li></ul><p>**Note**<br> For specific Windows 10 Mobile requirements, see the [Minimum hardware requirements for Windows 10 Mobile](https://go.microsoft.com/fwlink/p/?LinkID=699266) topic. |
 | Memory             | <ul><li>Windows 10 (32-bit) - 1 GB</li><li>Windows 10 (64-bit) - 2 GB</li></ul> |
 | Hard drive space   | <ul><li>Windows 10 (32-bit) - 16 GB</li><li>Windows 10 (64-bit) - 20 GB</li></ul> |
 | DVD drive          | DVD-ROM drive (if installing from a DVD-ROM) |
diff --git a/browsers/edge/security-enhancements-microsoft-edge.md b/browsers/edge/security-enhancements-microsoft-edge.md
index 9db29bd47d..17ac7d1722 100644
--- a/browsers/edge/security-enhancements-microsoft-edge.md
+++ b/browsers/edge/security-enhancements-microsoft-edge.md
@@ -5,9 +5,16 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 title: Security enhancements for Microsoft Edge (Microsoft Edge for IT Pros)
+localizationpriority: high
 ---
 
 # Security enhancements for Microsoft Edge
+
+**Applies to:**
+
+- Windows 10
+- Windows 10 Mobile
+
 Microsoft Edge is designed with significant security improvements, helping to defend people from increasingly sophisticated and prevalent web-based attacks against Windows.
 
 ## Help to protect against web-based security threats
@@ -43,15 +50,15 @@ Microsoft Edge has a new rendering engine, Microsoft EdgeHTML, which is focused
 
 The Microsoft EdgeHTML engine also helps to defend against hacking through these new security standards features:
 
-- Support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks.
+- Support for the W3C standard for [Content Security Policy (CSP)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/content-Security-Policy), which can help web developers defend their sites against cross-site scripting attacks.
 
-- Support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/en-us/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant). This helps ensure that connections to important sites, such as to your bank, are always secured.
+- Support for the [HTTP Strict Transport Security (HSTS)](https://developer.microsoft.com/microsoft-edge/platform/documentation/dev-guide/security/HSTS/) security feature (IETF-standard compliant). This helps ensure that connections to important sites, such as to your bank, are always secured.
 
     **Note**<br>
     Both Microsoft Edge and Internet Explorer 11 support HSTS.
 
 #### All web content runs in an app container sandbox
-Internet Explorer 7 on Windows Vista was the first web browser to provide a browsing sandbox, called [Protected Mode](http://windows.microsoft.com/en-US/windows-vista/What-does-Internet-Explorer-protected-mode-do). Protected Mode forced the part of the browser that rendered web content to run with less privilege than the browser controls or the user, providing a level of isolation and protection should a malicious website attempt to exploit a bug in the browser or one of its plug-ins.
+Internet Explorer 7 on Windows Vista was the first web browser to provide a browsing sandbox, called [Protected Mode](http://windows.microsoft.com/windows-vista/What-does-Internet-Explorer-protected-mode-do). Protected Mode forced the part of the browser that rendered web content to run with less privilege than the browser controls or the user, providing a level of isolation and protection should a malicious website attempt to exploit a bug in the browser or one of its plug-ins.
 
 Internet Explorer 10 introduced Enhanced Protected Mode (EPM), based on the Windows 8 app container technology, providing a stronger sandbox by adding deny-by-default and no-read-up semantics. EPM was turned on by default in the Windows 8 and Windows 8.1 immersive browser, but was optional on the Internet Explorer 10 and Internet Explorer 11 desktop versions.
 
@@ -68,10 +75,10 @@ The value of running 64-bit all the time is that it strengthens Windows Address
 #### New extension model and HTML5 support
 Back in 1996, we introduced ActiveX for web browser extensions in an attempt to let 3rd parties experiment with various forms of alternate content on the web. However, we quickly learned that browser extensions can come at a cost of security and reliability. For example, binary extensions can bring code and data into the browser’s processes without any protection, meaning that if anything goes wrong, the entire browser itself can be compromised or go down.
 
-Based on that learning, we’ve stopped supporting binary extensions in Microsoft Edge and instead encourage everyone to use our new, scripted HTML5-based extension model. For more info about the new extensions, see the [Microsoft Edge Developer Center](https://developer.microsoft.com/en-us/microsoft-edge/extensions/).
+Based on that learning, we’ve stopped supporting binary extensions in Microsoft Edge and instead encourage everyone to use our new, scripted HTML5-based extension model. For more info about the new extensions, see the [Microsoft Edge Developer Center](https://developer.microsoft.com/microsoft-edge/extensions/).
 
 #### Reduced attack surfaces
-In addition to removing support for VBScript, Jscript, VML, Browser Helper Objects, Toolbars, and ActiveX controls, Microsoft Edge also removed support for legacy Internet Explorer [document modes](https://msdn.microsoft.com/en-us/library/jj676915.aspx). Because many IE browser vulnerabilities are only present in legacy document modes, removing support for document modes significantly reduces attack surface, making the browser much more secure than before. However, it also means that it’s not as backward compatible.
+In addition to removing support for VBScript, Jscript, VML, Browser Helper Objects, Toolbars, and ActiveX controls, Microsoft Edge also removed support for legacy Internet Explorer [document modes](https://msdn.microsoft.com/library/jj676915.aspx). Because many IE browser vulnerabilities are only present in legacy document modes, removing support for document modes significantly reduces attack surface, making the browser much more secure than before. However, it also means that it’s not as backward compatible.
 
 Because of the reduced backward compatibility, we’ve given Microsoft Edge the ability to automatically fall back to Internet Explorer 11, using the Enterprise Mode Site List, for any apps that need backward compatibility.
 
diff --git a/browsers/internet-explorer/TOC.md b/browsers/internet-explorer/TOC.md
index 440e179791..f55624a429 100644
--- a/browsers/internet-explorer/TOC.md
+++ b/browsers/internet-explorer/TOC.md
@@ -1,4 +1,5 @@
 #[IE11 Deployment Guide for IT Pros](ie11-deploy-guide/index.md)
+##[Change history for the Internet Explorer 11 (IE11) Deployment Guide](ie11-deploy-guide/change-history-for-internet-explorer-11.md)
 ##[System requirements and language support for Internet Explorer 11](ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md)
 ##[List of updated features and tools - Internet Explorer 11 (IE11)](ie11-deploy-guide/updated-features-and-tools-with-ie11.md)
 ##[Install and Deploy Internet Explorer 11 (IE11)](ie11-deploy-guide/install-and-deploy-ie11.md)
@@ -22,23 +23,23 @@
 ###[What is Enterprise Mode?](ie11-deploy-guide/what-is-enterprise-mode.md)
 ###[Set up Enterprise Mode logging and data collection](ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md)
 ###[Turn on Enterprise Mode and use a site list](ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md)
-###[Enterprise Mode schema v.2 guidance for Windows 10 devices](ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md)
-###[Enterprise Mode schema v.1 guidance for Windows 7 and Windows 8.1 devices](ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md)
+###[Enterprise Mode schema v.2 guidance](ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md)
+###[Enterprise Mode schema v.1 guidance](ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md)
 ###[Check for a new Enterprise Mode site list xml file](ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md)
 ###[Turn on local control and logging for Enterprise Mode](ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md)
-###[Use the Enterprise Mode Site List Manager tool](ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md)
-####[Add sites to the Enterprise Mode site list using the Windows 10 Enterprise Mode Site List Manager tool](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
-####[Add sites to the Enterprise Mode site list using the Windows 7 and Windows 8.1 Enterprise Mode Site List Manager tool](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
-####[Add multiple sites to the Enterprise Mode site list using a file and the Windows 10 Enterprise Mode Site List Manager tool](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
-####[Add multiple sites to the Enterprise Mode site list using a file and the Windows 7 and Windows 8.1 Enterprise Mode Site List Manager tool](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
-####[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager tool](ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md)
-####[Fix validation problems using the Enterprise Mode Site List Manager tool](ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md)
-####[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager tool](ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
-####[Save your site list to XML in the Enterprise Mode Site List Manager tool](ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md)
-####[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager tool](ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md)
-####[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager tool](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md)
-####[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager tool](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
-####[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager tool](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
+###[Use the Enterprise Mode Site List Manager](ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md)
+####[Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md)
+####[Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
+####[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
+####[Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
+####[Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager](ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md)
+####[Fix validation problems using the Enterprise Mode Site List Manager](ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md)
+####[Search your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
+####[Save your site list to XML in the Enterprise Mode Site List Manager](ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md)
+####[Export your Enterprise Mode site list from the Enterprise Mode Site List Manager](ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md)
+####[Import your Enterprise Mode site list to the Enterprise Mode Site List Manager](ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md)
+####[Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
+####[Remove all sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager](ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md)
 ###[Using IE7 Enterprise Mode or IE8 Enterprise Mode](ie11-deploy-guide/using-enterprise-mode.md)
 ###[Fix web compatibility issues using document modes and the Enterprise Mode site list](ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md)
 ###[Remove sites from a local Enterprise Mode site list](ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md)
@@ -143,4 +144,5 @@
 ###[Use the URL .INS file to use an auto-configured proxy server](ie11-ieak/url-ins-file-setting.md)
 ##[IExpress Wizard for Windows Server 2008 R2 with SP1](ie11-ieak/iexpress-wizard-for-win-server.md)
 ###[IExpress Wizard command-line options](ie11-ieak/iexpress-command-line-options.md)
-###[Internet Explorer Setup command-line options and return codes](ie11-ieak/ie-setup-command-line-options-and-return-codes.md)
\ No newline at end of file
+###[Internet Explorer Setup command-line options and return codes](ie11-ieak/ie-setup-command-line-options-and-return-codes.md)
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/.vscode/settings.json b/browsers/internet-explorer/ie11-deploy-guide/.vscode/settings.json
new file mode 100644
index 0000000000..d6332e1831
--- /dev/null
+++ b/browsers/internet-explorer/ie11-deploy-guide/.vscode/settings.json
@@ -0,0 +1,5 @@
+// Place your settings in this file to overwrite default and user settings.
+{
+    "editor.snippetSuggestions": "none",
+    "editor.quickSuggestions": false
+}
\ No newline at end of file
diff --git a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
index 76fc4cad35..11347ac764 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: How to use Group Policy to install ActiveX controls.
-ms.assetid: 59185370-558c-47e0-930c-8a5ed657e9e3
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: 59185370-558c-47e0-930c-8a5ed657e9e3
 title: ActiveX installation using group policy (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Group Policy and ActiveX installation
 
 ActiveX controls are installed and invoked using the HTML object tag with the CODEBASE attribute. This attribute, through a URL, makes Internet Explorer:
@@ -33,7 +35,7 @@ You use the ActiveX Installer Service (AXIS) and Group Policy to manage your Act
 
 -   **ActiveX installation policy for sites in trusted zones.** Identifies how AXIS should behave when a website tries to install an ActiveX control. First, AXIS looks to see if the site appears in either the list of approved installation sites or in the **Trusted sites** zone. If the does, then AXIS checks to make sure the control meets your company's policy requirements. If the ActiveX control meets all of these requirements, the control is installed.
 
-For more information about the ActiveX Installer Service, see [Administering the ActiveX Installer Service in Windows 7](http://go.microsoft.com/fwlink/p/?LinkId=214503).
+For more information about the ActiveX Installer Service, see [Administering the ActiveX Installer Service in Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=214503).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
index 2a371e334b..a923c7b2dd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
-ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
 title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)
 
 **Applies to:**
@@ -97,7 +99,7 @@ After you’ve added all of your sites to the tool and saved the file to XML, yo
 
 ## Related topics
 - [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
  
 
  
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
index db61a49c80..4770a4ffb0 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
-ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
 title: Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)
 
 **Applies to:**
@@ -106,7 +108,7 @@ You can save the file locally or to a network share. However, you must make sure
 After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
 - [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
index bb761657fb..7e8c3c6910 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
 title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)
 
 **Applies to:**
@@ -51,7 +53,7 @@ You can save the file locally or to a network share. However, you must make sure
 After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
  
 
  
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
index 7ae8e40626..b18fa646cd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
-ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
 title: Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)
 
 **Applies to:**
@@ -67,7 +69,7 @@ You can save the file locally or to a network share. However, you must make sure
 After you’ve added all of your sites to the tool and saved the file to XML, you can configure the rest of the Enterprise Mode functionality to use it. You can also turn Enterprise Mode on locally, so your users have the option to use Enterprise Mode on individual websites from the **Tools** menu. For more information, see [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
  
 
  
diff --git a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
index 35311869b0..137b689b2f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Administrative templates and Internet Explorer 11
-ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
 title: Administrative templates and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Administrative templates and Internet Explorer 11
 
 Administrative Templates are made up of a hierarchy of policy categories and subcategories that define how your policy settings appear in the Local Group Policy Editor, including:
@@ -21,7 +23,7 @@ Administrative Templates are made up of a hierarchy of policy categories and sub
 
 -   Text explanations about each setting and the supported version of Internet Explorer.
 
-For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](http://go.microsoft.com/fwlink/p/?LinkId=214519).
+For a conceptual overview of Administrative Templates, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=214519).
 
 ## What are Administrative Templates?
 Administrative Templates are XML-based, multi-language files that define the registry-based Group Policy settings in the Local Group Policy Editor. There are two types of Administrative Templates:
@@ -32,7 +34,7 @@ Administrative Templates are XML-based, multi-language files that define the reg
 
 ## How do I store Administrative Templates?
 As an admin, you can create a central store folder on your SYSVOL directory, named **PolicyDefinitions**. For example, %*SystemRoot*%\\PolicyDefinitions. This folder provides a single, centralized storage location for your Administrative Templates (both ADMX and ADML) files, so they can be used by your domain-based Group Policy Objects (GPOs).
-<p>**Important**<br>Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see [Scenario 1: Editing the Local GPO Using ADMX Files](http://go.microsoft.com/fwlink/p/?LinkId=276810).
+<p>**Important**<br>Your Group Policy tools use the ADMX files in your store, ignoring any local copies. For more information about creating a central store, see [Scenario 1: Editing the Local GPO Using ADMX Files](https://go.microsoft.com/fwlink/p/?LinkId=276810).
 
 ## Administrative Templates-related Group Policy settings
 When you install Internet Explorer 11, it updates the local administrative files, Inetres.admx and Inetres.adml, both located in the **PolicyDefinitions** folder.
@@ -66,10 +68,11 @@ IE11 provides these new policy settings, which are editable in the Local Group P
 ## Editing Group Policy settings
 Regardless which tool you're using to edit your Group Policy settings, you'll need to follow one of these guides for step-by-step editing instructions:
 
--   **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](http://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates.
+-   **If you're using the Group Policy Management Console (GPMC) or the Local Group Policy Editor.** See [Edit Administrative Template Policy Settings](https://go.microsoft.com/fwlink/p/?LinkId=214521) for step-by-step instructions about editing your Administrative Templates.
 
--   **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](http://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
+-   **If you're using GPMC with Advanced Group Policy Management (AGPM).** See [Checklist: Create, Edit, and Deploy a GPO](https://go.microsoft.com/fwlink/p/?LinkId=214522) for step-by-step instructions about how to check out a GPO from the AGPM archive, edit it, and request deployment.
 
 ## Related topics
-- [Administrative templates (.admx) for Windows 10 download](http://go.microsoft.com/fwlink/p/?LinkId=746579)
-- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](http://go.microsoft.com/fwlink/p/?LinkId=746580)
\ No newline at end of file
+- [Administrative templates (.admx) for Windows 10 download](https://go.microsoft.com/fwlink/p/?LinkId=746579)
+- [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580)
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
index 128ec70d49..a64b645896 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: networking
 description: Auto configuration and auto proxy problems with Internet Explorer 11
-ms.assetid: 3fbbc2c8-859b-4b2e-abc3-de2c299e0938
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: networking
+ms.assetid: 3fbbc2c8-859b-4b2e-abc3-de2c299e0938
 title: Auto configuration and auto proxy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Auto configuration and auto proxy problems with Internet Explorer 11
 You might experience some problems using automatic configuration and auto-proxy with Internet Explorer 11.
 
@@ -30,7 +32,7 @@ If you experience issues while setting up your proxy server, you can try these t
 
 2.  Click **Settings** or **LAN Settings**, and then look at your proxy server address.
 
-3.  If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.<p>**Note**<br>If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](http://go.microsoft.com/fwlink/p/?LinkId=85652).
+3.  If you have multiple proxy servers, click **Advanced** to look at all of the additional addresses.<p>**Note**<br>If IE11 uses a proxy server for local IP addresses, regardless whether you turned on the **Bypass Proxy Server for Local Addresses** option, see [Internet Explorer Uses Proxy Server for Local IP Address Even if the "Bypass Proxy Server for Local Addresses" Option Is Turned On](https://go.microsoft.com/fwlink/p/?LinkId=85652).
 
  ![](images/wedge.gif) **To check that you've turned on the correct settings**
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
index b2219c09cc..f49ab30704 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: networking
 description: Auto configuration settings for Internet Explorer 11
-ms.assetid: 90308d59-45b9-4639-ab1b-497e5ba19023
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: networking
+ms.assetid: 90308d59-45b9-4639-ab1b-497e5ba19023
 title: Auto configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Auto configuration settings for Internet Explorer 11
 Automatic configuration lets you apply custom branding and graphics to your internal Internet Explorer installations, running on Windows 8.1 or Windows Server 2012 R2. For more information about adding custom branding and graphics to your IE package, see [Customize the toolbar button and Favorites List icons using IEAK 11](../ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md).<p>**Important**<br>You'll only see and be able to use the **IE Customization Wizard 11 - Automatic Configuration** page if you're creating an internal IE installation package. For more information about the **IE Customization Wizard 11 - Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
 
@@ -35,7 +37,7 @@ For custom graphics and branding, add the `FEATURE\AUTOCONFIG\BRANDING` registry
 
 ## Updating your automatic configuration settings
 After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your automatic configuration settings to pick up the updated branding.
-<p>**Important**<br>Your branding changes won't be added or updated if you've previously chosen the **Disable external branding of IE** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514).
+<p>**Important**<br>Your branding changes won't be added or updated if you've previously chosen the **Disable external branding of IE** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. This setting is intended to prevent branding by a third-party, like an Internet service or content provider. For more information about Group Policy, including videos and the latest technical documentation, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514).
 
  ![](images/wedge.gif) **To update your settings**
 
@@ -49,7 +51,7 @@ After adding the `FEATURE\AUTOCONFIG\BRANDING` registry key, you can change your
 
     -   **Automatic Configuration URL (.INS file) box:** Type the location of your automatic configuration script.
 
-    -   **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.<p> **Important**<br>Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like *http://share/test.ins*.
+    -   **Automatic proxy URL (.JS, .JVS, or .PAC file) box:** Type the location of your automatic proxy script.<p> **Important**<br>Internet Explorer 11 no longer supports using file server locations with your proxy configuration (.pac) files. To keep using your .pac files, you have to keep them on a web server and reference them using a URL, like `http://share/test.ins`.
 
 If your branding changes aren't correctly deployed after running through this process, see [Auto configuration and auto proxy problems with Internet Explorer 11](auto-configuration-and-auto-proxy-problems-with-ie11.md).
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
index 4705ca8638..b93b60f816 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: networking
 description: Auto detect settings Internet Explorer 11
-ms.assetid: c6753cf4-3276-43c5-aae9-200e9e82753f
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: networking
+ms.assetid: c6753cf4-3276-43c5-aae9-200e9e82753f
 title: Auto detect settings Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Auto detect settings Internet Explorer 11
 After you specify the specific settings related to automatic detection on your Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS) servers, you can set up your users' browser settings from a central location.
 
@@ -27,7 +29,7 @@ To use automatic detection, you have to set up your DHCP and DNS servers.<p>**No
 
 2.  Choose the **Automatically detect configuration settings** box to automatically detect your browser settings. For more information about the **Automatic Configuration** page, see [Use the Automatic Configuration page in the IEAK 11 Wizard](../ie11-ieak/auto-config-ieak11-wizard.md).
 
-3.  Open the [DHCP Administrative Tool](http://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](http://go.microsoft.com/fwlink/p/?LinkId=294649).
+3.  Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649).
 
  ![](images/wedge.gif) **To turn on automatic detection for DNS servers**
 
@@ -35,7 +37,7 @@ To use automatic detection, you have to set up your DHCP and DNS servers.<p>**No
 
 2.  Choose the **Automatically detect configuration settings** box to automatically detect your browser settings.
 
-3.  In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.<p>**-OR-**<p>Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.<p>**Note**<br>For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](http://go.microsoft.com/fwlink/p/?LinkId=294651). 
+3.  In your DNS database file, create a host record named, **WPAD**. This record has the IP address of the web server storing your automatic configuration (.js, .jvs, .pac, or .ins) file.<p>**-OR-**<p>Create a canonical name (CNAME) alias record named, **WPAD**. This record has the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.<p>**Note**<br>For more information about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651). 
 
 4.  After the database file propagates to the server, the DNS name, `wpad.<domain>.com` resolves to the server name that includes your automatic configuration file.<p>**Note**<br>Internet Explorer 11 creates a default URL template based on the host name, **wpad**. For example, `http://wpad.<domain>.com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
index b4de4ac246..119052b438 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: networking
 description: Auto proxy configuration settings for Internet Explorer 11
-ms.assetid: 5120aaf9-8ead-438a-8472-3cdd924b7d9e
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: networking
+ms.assetid: 5120aaf9-8ead-438a-8472-3cdd924b7d9e
 title: Auto proxy configuration settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Auto proxy configuration settings for Internet Explorer 11
 Configure and maintain your proxy settings, like pointing your users' browsers to your automatic proxy script, through the Internet Explorer Customization Wizard 11 running on either Windows 8.1 or Windows Server 2012 R2.
 
@@ -34,7 +36,7 @@ You have two options to restrict your users' ability to override the automatic c
 
 -   **Using Microsoft Active Directory.** Choose **Disable changing proxy settings** from the Administrative Templates setting.
 
--   **Not Using Active Directory.** Choose the **Prevent changing proxy settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. For more information about Group Policy, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514).
+-   **Not Using Active Directory.** Choose the **Prevent changing proxy settings** setting in the `User Configuration\Administrative Templates\Windows Components\Internet Explorer` Group Policy object. For more information about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
index 00ff5c0914..36de09f8ce 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
@@ -1,18 +1,20 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: performance
 description: Browser cache changes and roaming profiles
-ms.assetid: 85f0cd01-6f82-4bd1-9c0b-285af1ce3436
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: performance
+ms.assetid: 85f0cd01-6f82-4bd1-9c0b-285af1ce3436
 title: Browser cache changes and roaming profiles (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Browser cache changes and roaming profiles
 We’ve redesigned the browser cache to improve the performance, flexibility, reliability, and scalability of Internet Explorer and the apps that rely on the Windows Internet (WinINet) cache. Our new database design stops multiple clients from simultaneously accessing and using cached information, while also providing a higher level of data integrity.
 
-You won’t notice any changes to the management of your roaming profile data if you use our new database implementation in conjunction with the [roaming user profile guidelines](http://go.microsoft.com/fwlink/p/?LinkId=401544). This means that IE data that’s stored in the `AppData\Roaming` user profile folder is still be uploaded to your normal profile storage location after a user successfully logs off.<p>**Note**<br>Cookies in a roaming profile can only be set by Internet Explorer for the desktop, with Enhanced Protected Mode turned off. Cookies set by the immersive version of IE or by Windows Store apps, can’t be part of a roaming profile. For more information about persistent cookies and roaming, see [Persistent cookies are not roamed in Internet Explorer](http://go.microsoft.com/fwlink/p/?LinkId=401545).
+You won’t notice any changes to the management of your roaming profile data if you use our new database implementation in conjunction with the [roaming user profile guidelines](https://go.microsoft.com/fwlink/p/?LinkId=401544). This means that IE data that’s stored in the `AppData\Roaming` user profile folder is still be uploaded to your normal profile storage location after a user successfully logs off.<p>**Note**<br>Cookies in a roaming profile can only be set by Internet Explorer for the desktop, with Enhanced Protected Mode turned off. Cookies set by the immersive version of IE or by Windows Store apps, can’t be part of a roaming profile. For more information about persistent cookies and roaming, see [Persistent cookies are not roamed in Internet Explorer](https://go.microsoft.com/fwlink/p/?LinkId=401545).
 
 To get the best results while using roaming profiles, we strongly recommend the following:
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
index 90e7030ed4..fdd8ac9361 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/change-history-for-internet-explorer-11.md
@@ -1,16 +1,36 @@
 ---
-title: Change history for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
-description: This topic lists new and updated topics in the Internet Explorer 11 documentation for Windows 10 and Windows 10 Mobile.
-ms.prod: ie11
+localizationpriority: low
+title: Change history for Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
+description: This topic lists new and updated topics in the Internet Explorer 11 Deployment Guide documentation for Windows 10 and Windows 10 Mobile.
 ms.mktglfcycl: deploy
+ms.prod: ie11
 ms.sitesec: library
 ---
 
+
 # Change history for Internet Explorer 11
 This topic lists new and updated topics in the Internet Explorer 11 documentation for both Windows 10 and Windows 10 Mobile.
 
-## May 2016
-
+## August 2016
 |New or changed topic | Description |
 |----------------------|-------------|
-|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) | Added info about using &lt;emie&gt; and &lt;docMode&gt; together. |
\ No newline at end of file
+|[Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
+|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) |Updated to remove the IP range restrictions and to add code examples for both IPv4 and IPv6 addresses. |
+|[Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md)|Added the Understanding the returned reason codes section to the topic. |
+
+## July 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated to include the comprehensive list of Group Policies that were added with Internet Explorer 11. |
+
+## June 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[New group policy settings for Internet Explorer 11](new-group-policy-settings-for-ie11.md) |Updated with 2 new policies, Send all sites not included in the Enterprise Mode Site List to Microsoft Edge and Show message when opening sites in Microsoft Edge using Enterprise Mode. |
+
+
+## May 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md) | Added info about using &lt;emie&gt; and &lt;docMode&gt; together. |
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
index 0428d2e62b..846ede6863 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: You can have centralized control over Enterprise Mode by creating a single, global XML site list that includes the list of websites to render using Enterprise Mode.
-ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
 title: Check for a new Enterprise Mode site list xml file (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Check for a new Enterprise Mode site list xml file
 
 **Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
index 1ad3d887f4..ccf72489f1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Choose how to deploy Internet Explorer 11 (IE11)
-ms.assetid: 21b6a301-c222-40bc-ad0b-27f66fc54d9d
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 21b6a301-c222-40bc-ad0b-27f66fc54d9d
 title: Choose how to deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Choose how to deploy Internet Explorer 11 (IE11)
 In this section, you can learn about how to deploy your custom version of Internet Explorer using Automatic Version Synchronization (AVS) or using your software distribution tools.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
index fa044bc3ce..cf90d5c6b3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Choose how to install Internet Explorer 11 (IE11)
-ms.assetid: 9572f5f1-5d67-483e-bd63-ffea95053481
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 9572f5f1-5d67-483e-bd63-ffea95053481
 title: Choose how to install Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Choose how to install Internet Explorer 11 (IE11)
 Before you install Internet Explorer 11, you should:
 
@@ -15,13 +17,13 @@ Before you install Internet Explorer 11, you should:
 
 -   **Check vendor support for updated functionality.** Check whether third-party vendors have new versions or updates to necessary add-ons, apps, or code libraries.
 
--   **Choose the right version of Internet Explorer.** IE11 comes pre-installed on Windows 8.1 and Windows Server 2012 R2 or you can download it for Windows 7 SP1 or Windows Server 2008 R2 with Service Pack 1 (SP1) from the [Internet Explorer Downloads](http://go.microsoft.com/fwlink/p/?LinkId=214251) site.
+-   **Choose the right version of Internet Explorer.** IE11 comes pre-installed on Windows 8.1 and Windows Server 2012 R2 or you can download it for Windows 7 SP1 or Windows Server 2008 R2 with Service Pack 1 (SP1) from the [Internet Explorer Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214251) site.
 
 -   **Choose how you'll deploy your installation package.** Your deployment method should be based on whether you're installing to computers already running Windows, or if you're deploying IE11 as part of a Windows installation.
 
-    -   **Existing computers running Windows.** Use System Center R2 2012 System Center 2012 R2 Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [System Center 2012 R2 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkID=276664), [System Center Essentials 2010](http://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](http://go.microsoft.com/fwlink/p/?LinkID=276790), and [Microsoft Intune Overview](http://go.microsoft.com/fwlink/p/?linkid=276667).
+    -   **Existing computers running Windows.** Use System Center R2 2012 System Center 2012 R2 Configuration Manager, System Center Essentials 2010, Windows Server Updates Services (WSUS), or Microsoft Intune to deploy IE11. For more information about how to use these systems, see [System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=276664), [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?LinkId=395200), [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790), and [Microsoft Intune Overview](https://go.microsoft.com/fwlink/p/?linkid=276667).
 
-    -   **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](http://go.microsoft.com/fwlink/p/?LinkId=299408). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=331148), [Windows ADK Overview](http://go.microsoft.com/fwlink/p/?LinkId=276669).
+    -   **As part of a Windows deployment.** Update your Windows images to include IE11, and then add the update to your MDT deployment share or to your Windows image. For instructions about how to create and use Windows images, see [Create and Manage a Windows Image Using DISM](https://go.microsoft.com/fwlink/p/?LinkId=299408). For general information about deploying IE, see [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=331148), [Windows ADK Overview](https://go.microsoft.com/fwlink/p/?LinkId=276669).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
index a5b982f662..22d411f58d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/collect-data-using-enterprise-site-discovery.md
@@ -1,11 +1,12 @@
 ---
-description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
-ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
-ms.prod: ie11
+localizationpriority: low
 ms.mktglfcycl: deploy
-ms.sitesec: library
+description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
 author: eross-msft
+ms.prod: ie11
+ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
 title: Collect data using Enterprise Site Discovery
+ms.sitesec: library
 ---
 
 # Collect data using Enterprise Site Discovery
@@ -23,7 +24,7 @@ Before you start, you need to make sure you have the following:
 
 -   Latest cumulative security update (for all supported versions of Internet Explorer):
 
-    1.  Go to the [Microsoft Security Bulletin](http://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**.
+    1.  Go to the [Microsoft Security Bulletin](https://go.microsoft.com/fwlink/p/?LinkID=718223) page, and change the filter to **Windows Internet Explorer 11**.
 
         ![microsoft security bulletin techcenter](images/securitybulletin-filter.png)
 
@@ -33,7 +34,7 @@ Before you start, you need to make sure you have the following:
 
     3.  Click the link that represents both your operating system version and Internet Explorer 11, and then follow the instructions in the **How to get this update** section.
 
--   [Setup and configuration package](http://go.microsoft.com/fwlink/p/?LinkId=517719), including:
+-   [Setup and configuration package](https://go.microsoft.com/fwlink/p/?LinkId=517719), including:
 
     -   Configuration-related PowerShell scripts
 
@@ -62,9 +63,50 @@ Data is collected on the configuration characteristics of IE and the sites it br
 |Number of visits        |  X  |  X  |  X  |  X  |Number of times a site has been visited.                                |
 |Zone                    |  X  |  X  |  X  |  X  |Zone used by IE to browse sites, based on browser settings.             |
 
-<p>**Important**<br>By default, IE doesn’t collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions.
 
-The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
+>**Important**<br>By default, IE doesn’t collect this data; you have to turn this feature on if you want to use it. After you turn on this feature, data is collected on all sites visited by IE, except during InPrivate sessions. Additionally, the data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
+
+### Understanding the returned reason codes
+The following tables provide more info about the Document mode reason, Browser state reason, and the Zone codes that are returned as part of your data collection.
+
+#### DocMode reason
+The codes in this table can tell you what document mode was set by IE for a webpage.<br>These codes only apply to Internet Explorer 10 and Internet Explorer 11.
+
+|Code |Description |
+|-----|------------|
+|3 |Page state is set by the `FEATURE_DOCUMENT_COMPATIBLE_MODE` feature control key.|
+|4 |Page is using an X-UA-compatible meta tag. |
+|5 |Page is using an X-UA-compatible HTTP header. |
+|6 |Page appears on an active **Compatibility View** list. |
+|7 |Page is using native XML parsing. |
+|9 |Page is using a special Quirks Mode Emulation (QME) mode that uses the modern layout engine, but the quirks behavior of Internet Explorer 5. |
+
+#### Browser state reason
+The codes in this table can tell you why the browser is in its current state. Also called “browser mode”.<br>These codes only apply to Internet Explorer 10 and Internet Explorer 11.
+
+|Code |Description |
+|-----|------------|
+|1 |Site is on the intranet, with the **Display intranet sites in Compatibility View** box checked. |
+|2 |Site appears on an active **Compatibility View** list, created in Group Policy. |
+|3 |Site appears on an active **Compatibility View** list, created by the user. |
+|4 |Page is using an X-UA-compatible tag. |
+|5 |Page state is set by the **Developer** toolbar. |
+|6 |Page state is set by the `FEATURE_BROWSER_EMULATION` feature control key. |
+|7 |Site appears on the Microsoft **Compatibility View (CV)** list. |
+|8 |Site appears on the **Quirks** list, created in Group Policy. |
+|11 |Site is using the default browser. |
+
+#### Zone
+The codes in this table can tell you what zone is being used by IE to browse sites, based on browser settings.<br>These codes apply to Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11.
+
+|Code |Description |
+|-----|------------|
+|-1 |Internet Explorer is using an invalid zone. |
+|0 |Internet Explorer is using the Local machine zone. |
+|1 |Internet Explorer is using the Local intranet zone. |
+|2 |Internet Explorer is using the Trusted sites zone. |
+|3 |Internet Explorer is using the Internet zone. |
+|4 |Internet Explorer is using the Restricted sites zone. |
 
 ## Where is the data stored and how do I collect it?
 The data is stored locally, in an industry-standard WMI class, .MOF file or in an XML file, depending on your configuration. This file remains on the client computer until it’s collected. To collect the files, we recommend:
@@ -76,8 +118,9 @@ The data is stored locally, in an industry-standard WMI class, .MOF file or in a
 ## WMI Site Discovery suggestions
 We recommend that you collect your data for at most a month at a time, to capture a user’s typical workflow. We don’t recommend collecting data longer than that because the data is stored in a WMI provider and can fill up your computer’s hard drive. You may also want to collect data only for pilot users or a representative sample of people, instead of turning this feature on for everyone in your company.
 
-On average, a website generates about 250bytes of data for each visit, causing only a minor impact to Internet Explorer’s performance. Over the course of a month, collecting data from 20 sites per day from 1,000 users, you’ll get about 150MB of data:<br>\[250bytes (per site visit) \* 20sites/day\* 30days = (approximately) 150KB \*1000users = (approximately) 150MB\].
-<p>**Important**<br>The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
+On average, a website generates about 250bytes of data for each visit, causing only a minor impact to Internet Explorer’s performance. Over the course of a month, collecting data from 20 sites per day from 1,000 users, you’ll get about 150MB of data:<p>250 bytes (per site visit) X 20 sites/day X 30 days = (approximately) 150KB X 1000 users = (approximately) 150MB 
+
+>**Important**<br>The data collection process is silent, so there’s no notification to the employee. Therefore, you must get consent from the employee before you start collecting info. You must also make sure that using this feature complies with all applicable local laws and regulatory requirements.
 
 ## Getting ready to use Enterprise Site Discovery
 Before you can start to collect your data, you must run the provided PowerShell script (IETelemetrySetUp.ps1) on your client devices to start generating the site discovery data and to set up a place to store this data locally. Then, you must start collecting the site discovery data from the client devices, using one of these three options:
@@ -90,16 +133,17 @@ Before you can start to collect your data, you must run the provided PowerShell
 
 ### WMI only: Running the PowerShell script to compile the .MOF file and to update security privileges
 You need to set up your computers for data collection by running the provided PowerShell script (IETelemetrySetUp.ps1) to compile the .mof file and to update security privileges for the new WMI classes.
-<p>**Important**<br>You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output.
 
-![](images/wedge.gif) **To set up Enterprise Site Discovery**
+>**Important**<br>You must run this script if you’re using WMI as your data output. It's not necessary if you're using XML as your data output.
 
-- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
+**To set up Enterprise Site Discovery**
+
+- Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1 by by-passing the PowerShell execution policy, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1`. For more info, see [about Execution Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
 
 ### WMI only: Set up your firewall for WMI data
 If you choose to use WMI as your data output, you need to make sure that your WMI data can travel through your firewall for the domain. If you’re sure, you can skip this section; otherwise, follow these steps:
 
-![](images/wedge.gif) **To set up your firewall**
+**To set up your firewall**
 
 1.	In **Control Panel**, click **System and Security**, and then click **Windows Firewall**.
 
@@ -109,65 +153,107 @@ If you choose to use WMI as your data output, you need to make sure that your WM
 
 ## Use PowerShell to finish setting up Enterprise Site Discovery
 You can determine which zones or domains are used for data collection, using PowerShell. If you don’t want to use PowerShell, you can do this using Group Policy. For more info, see [Use Group Policy to finish setting up Enterprise Site Discovery](#use-group-policy-to-finish-setting-up-enterprise-site-discovery).
-<p>**Important**<br>The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device.
+
+>**Important**<br>The .ps1 file updates turn on Enterprise Site Discovery and WMI collection for all users on a device.
 
 - **Domain allow list.** If you have a domain allow list, a comma-separated list of domains that should have this feature turned on, you should use this process.
 
 - **Zone allow list.** If you have a zone allow list, a comma-separated list of zones that should have this feature turned on, you should use this process.
 
- ![](images/wedge.gif) **To set up data collection using a domain allow list**
+**To set up data collection using a domain allow list**
  
  - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -SiteAllowList sharepoint.com,outlook.com,onedrive.com`.
  
-    **Important**<br>Wildcards, like \*.microsoft.com, aren’t supported.
+    >**Important**<br>Wildcards, like \*.microsoft.com, aren’t supported.
 
- ![](images/wedge.gif) **To set up data collection using a zone allow list**
+**To set up data collection using a zone allow list**
  
  - Start PowerShell in elevated mode (using admin privileges) and run IETElemetrySetUp.ps1, using this command: `.\IETElemetrySetUp.ps1 [other args] -ZoneAllowList Computer,Intranet,TrustedSites,Internet,RestrictedSites`.
  
-    **Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
+    >**Important**<br>Only Computer, Intranet, TrustedSites, Internet, and RestrictedSites are supported.
 
 ## Use Group Policy to finish setting up Enterprise Site Discovery
 You can use Group Policy to finish setting up Enterprise Site Discovery. If you don’t want to use Group Policy, you can do this using PowerShell. For more info, see [Use Powershell to finish setting up Enterprise Site Discovery](#use-powershell-to-finish-setting-up-enterprise-site-discovery).
-<p>**Note**<br> All of the Group Policy settings can be used individually or as a group.
 
- ![](images/wedge.gif) **To set up Enterprise Site Discovery using Group Policy**
+>**Note**<br> All of the Group Policy settings can be used individually or as a group.
+
+ **To set up Enterprise Site Discovery using Group Policy**
 
 -   Open your Group Policy editor, and go to these new settings:
 
-|Setting name and location  |Description  |Options  |
-|---------------------------|-------------|---------|
-|Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output |Writes collected data to a WMI class, which can be aggregated using a client-management solution like Configuration Manager. |<ul><li>**On.** Turns on WMI recording.</li><li>**Off.** Turns off WMI recording.</li></ul> |
-|Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output |Writes collected data to an XML file, which is stored in your specified location. |<ul><li>**XML file path.** Including this turns on XML recording.</li>   <li>**Blank.** Turns off XML recording.</li></ul> |
-|Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by Zone |Manages which zone can collect data. |To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:<p>0 – Restricted Sites zone<br>0 – Internet zone<br>0 – Trusted Sites zone<br>0 – Local Intranet zone<br>0 – Local Machine zone<p>**Example 1:** Include only the Local Intranet zone<p>Binary representation: *00010*, based on:<p>0 – Restricted Sites zone<br>0 – Internet zone<br>0 – Trusted Sites zone<br>1 – Local Intranet zone<br>0 – Local Machine zone<p>**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones<p>Binary representation: *10110*, based on:<p>1 – Restricted Sites zone<br>0 – Internet zone<br>1 – Trusted Sites zone<br>1 – Local Intranet zone<br>1 – Local Machine zone |
-|Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:<p>microsoft.sharepoint.com<br>outlook.com<br>onedrive.com<br>timecard.contoso.com<br>LOBApp.contoso.com |
+    |Setting name and location  |Description  |Options  |
+    |---------------------------|-------------|---------|
+    |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output |Writes collected data to a WMI class, which can be aggregated using a client-management solution like Configuration Manager. |<ul><li>**On.** Turns on WMI recording.</li><li>**Off.** Turns off WMI recording.</li></ul> |
+    |Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery XML output |Writes collected data to an XML file, which is stored in your specified location. |<ul><li>**XML file path.** Including this turns on XML recording.</li><li>**Blank.** Turns off XML recording.</li></ul> |
+    |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by Zone |Manages which zone can collect data. |To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:<p>0 – Restricted Sites zone<br>0 – Internet zone<br>0 – Trusted Sites zone<br>0 – Local Intranet zone<br>0 – Local Machine zone<p>**Example 1:** Include only the Local Intranet zone<p>Binary representation: *00010*, based on:<p>0 – Restricted Sites zone<br>0 – Internet zone<br>0 – Trusted Sites zone<br>1 – Local Intranet zone<br>0 – Local Machine zone<p>**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones<p>Binary representation: *10110*, based on:<p>1 – Restricted Sites zone<br>0 – Internet zone<br>1 – Trusted Sites zone<br>1 – Local Intranet zone<br>1 – Local Machine zone |
+    |Administrative Templates\Windows Components\Internet Explorer\Limit Site Discovery output by domain |Manages which domains can collect data |To specify which domains can collect data, you must include your selected domains, one domain per line, in the provided box. It should look like:<p>microsoft.sharepoint.com<br>outlook.com<br>onedrive.com<br>timecard.contoso.com<br>LOBApp.contoso.com |
 
 ### Combining WMI and XML Group Policy settings
-You can use both the WMI and XML settings individually or together, based on:
+You can use both the WMI and XML settings individually or together:
 
- ![](images/wedge.gif) **To turn off Enterprise Site Discovery**
-<ul>
-  <li><b>Turn on Site Discovery WMI output:</b> Off</li>
-  <li><b>Turn on Site Discovery XML output:</b> Blank</li>
-</ul>
+**To turn off Enterprise Site Discovery**
+<table>
+    <tr>
+        <th>Setting name</th>
+        <th>Option</th>
+    </tr>
+    <tr>
+        <td>Turn on Site Discovery WMI output</td>
+        <td>Off</td>
+    </tr>
+        <tr>
+        <td>Turn on Site Discovery XML output</td>
+        <td>Blank</td>
+    </tr>
+</table>
 
- ![](images/wedge.gif) **To turn on WMI recording only**
-<ul>
-  <li><b>Turn on Site Discovery WMI output:</b> On</li>
-  <li><b>Turn on Site Discovery XML output:</b> Blank</li>
-</ul>
+**Turn on WMI recording only**
+<table>
+    <tr>
+        <th>Setting name</th>
+        <th>Option</th>
+    </tr>
+    <tr>
+        <td>Turn on Site Discovery WMI output</td>
+        <td>On</td>
+    </tr>
+        <tr>
+        <td>Turn on Site Discovery XML output</td>
+        <td>Blank</td>
+    </tr>
+</table>
 
- ![](images/wedge.gif) **To turn on XML recording only**
-<ul>
-  <li><b>Turn on Site Discovery WMI output:</b> Off</li>
-  <li><b>Turn on Site Discovery XML output:</b> XML file path</li>
-</ul>
+**To turn on XML recording only**
+<table>
+    <tr>
+        <th>Setting name</th>
+        <th>Option</th>
+    </tr>
+    <tr>
+        <td>Turn on Site Discovery WMI output</td>
+        <td>Off</td>
+    </tr>
+        <tr>
+        <td>Turn on Site Discovery XML output</td>
+        <td>XML file path</td>
+    </tr>
+</table>
  
- ![](images/wedge.gif) **To turn on both WMI and XML recording**
-<ul>
-  <li><b>Turn on Site Discovery WMI output:</b> On</li>
-  <li><b>Turn on Site Discovery XML output:</b> XML file path</li>
-</ul>
+**To turn on both WMI and XML recording**
+<table>
+    <tr>
+        <th>Setting name</th>
+        <th>Option</th>
+    </tr>
+    <tr>
+        <td>Turn on Site Discovery WMI output</td>
+        <td>On</td>
+    </tr>
+        <tr>
+        <td>Turn on Site Discovery XML output</td>
+        <td>XML file path</td>
+    </tr>
+</table>
 
 ## Use Configuration Manager to collect your data
 After you’ve collected your data, you’ll need to get the local files off of your employee’s computers. To do this, use the hardware inventory process in Configuration Manager, using one of these options:
@@ -181,7 +267,7 @@ After you’ve collected your data, you’ll need to get the local files off of
 ### Collect your hardware inventory using the MOF Editor while connected to a client device
 You can collect your hardware inventory using the MOF Editor, while you’re connected to your client devices.
 
- ![](images/wedge.gif) **To collect your inventory**
+ **To collect your inventory**
 
 1.  From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
 
@@ -207,7 +293,7 @@ Your environment is now ready to collect your hardware inventory and review the
 ### Collect your hardware inventory using the MOF Editor with a .MOF import file
 You can collect your hardware inventory using the MOF Editor and a .MOF import file.
 
- ![](images/wedge.gif) **To collect your inventory**
+ **To collect your inventory**
 
 1.  From the Configuration Manager, click **Administration**, click **Client Settings**, double-click **Default Client Settings**, click **Hardware Inventory**, and then click **Set Classes**.
 
@@ -221,7 +307,7 @@ Your environment is now ready to collect your hardware inventory and review the
 ### Collect your hardware inventory using the SMS\DEF.MOF file (System Center Configuration Manager 2007 only)
 You can collect your hardware inventory using the using the Systems Management Server (SMS\DEF.MOF) file. Editing this file lets you collect your data for System Center Configuration Manager 2007. If you aren’t using this version of Configuration Manager, you won’t want to use this option.
 
- ![](images/wedge.gif) **To collect your inventory**
+**To collect your inventory**
 
 1.  Using a text editor like Notepad, open the SMS\DEF.MOF file, located in your `<configmanager_install_location>\inboxes\clifiles.src\hinv` directory.
 
@@ -289,8 +375,8 @@ You can collect your hardware inventory using the using the Systems Management S
     };
     ```
 
-3.  Save the file and close it to the same location.<br>
-Your environment is now ready to collect your hardware inventory and review the sample reports.
+3.  Save the file and close it to the same location.
+    Your environment is now ready to collect your hardware inventory and review the sample reports.
 
 ## View the sample reports with your collected data
 The sample reports, **SCCM Report Sample – ActiveX.rdl** and **SCCM Report Sample – Site Discovery.rdl**, work with System Center 2012, so you can review your collected data.
@@ -337,26 +423,27 @@ After the XML files are created, you can use your own solutions to extract and p
 ```
 You can import this XML data into the correct version of the Enterprise Mode Site List Manager, automatically adding the included sites to your Enterprise Mode site list.
 
- ![](images/wedge.gif) **To add your XML data to your Enterprise Mode site list**
+**To add your XML data to your Enterprise Mode site list**
 
 1.  Open the Enterprise Mode Site List Manager, click **File**, and then click **Bulk add from file**.
-![Enterprise Mode Site List Manager with Bulk add from file option](images/bulkadd-emiesitelistmgr.png)
 
-2.  Go to your XML file to add the included sites to the tool, and then click **Open**.<br>
-Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
+    ![Enterprise Mode Site List Manager with Bulk add from file option](images/bulkadd-emiesitelistmgr.png)
+
+2.  Go to your XML file to add the included sites to the tool, and then click **Open**.<br>Each site is validated and if successful, added to the global site list when you click **OK** to close the menu. If a site doesn’t pass validation, you can try to fix the issues or pick the site and click **Add to list** to ignore the validation problem. For more information about fixing validation problems, see [Fix validation problems using the Enterprise Mode Site List Manager](fix-validation-problems-using-the-enterprise-mode-site-list-manager.md).
 
 3.  Click **OK** to close the **Bulk add sites to the list** menu.
 
 ## Turn off data collection on your client devices
 After you’ve collected your data, you’ll need to turn Enterprise Site Discovery off.
 
- ![](images/wedge.gif) **To stop collecting data, using PowerShell**
+**To stop collecting data, using PowerShell**
 
--   On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1 –IEFeatureOff`.<p>**Note**<br>
-Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer.
+-   On your client computer, start Windows PowerShell in elevated mode (using admin privileges) and run `IETelemetrySetUp.ps1`, using this command: `powershell -ExecutionPolicy Bypass .\IETElemetrySetUp.ps1 –IEFeatureOff`.
 
-     
- ![](images/wedge.gif) **To stop collecting data, using Group Policy**
+    >**Note**<br>Turning off data collection only disables the Enterprise Site Discovery feature – all data already written to WMI stays on your employee’s computer.
+
+
+**To stop collecting data, using Group Policy**
 
 1.  Open your Group Policy editor, go to `Administrative Templates\Windows Components\Internet Explorer\Turn on Site Discovery WMI output`, and click **Off**.
 
@@ -365,7 +452,7 @@ Turning off data collection only disables the Enterprise Site Discovery feature
 ### Delete already stored data from client computers
 You can completely remove the data stored on your employee’s computers.
 
- ![](images/wedge.gif) **To delete all existing data**
+**To delete all existing data**
 
 -   On the client computer, start PowerShell in elevated mode (using admin privileges) and run these four commands:
 
@@ -377,8 +464,8 @@ You can completely remove the data stored on your employee’s computers.
 
     -   `Remove-Item -Path 'HKCU:\Software\Microsoft\Internet Explorer\WMITelemetry'`
 
- ## Related topics
-* [Enterprise Mode Site List Manager (schema v.2) download](http://go.microsoft.com/fwlink/?LinkId=746562)
+## Related topics
+* [Enterprise Mode Site List Manager (schema v.2) download](https://go.microsoft.com/fwlink/?LinkId=746562)
 * [Enterprise Mode for Internet Explorer 11 (IE11)](enterprise-mode-overview-for-ie11.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
index 33f573e4ba..1d2df29b8f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Create packages for multiple operating systems or languages
-ms.assetid: 44051f9d-63a7-43bf-a427-d0a0a1c717da
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 44051f9d-63a7-43bf-a427-d0a0a1c717da
 title: Create packages for multiple operating systems or languages (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Create packages for multiple operating systems or languages
 You'll create multiple versions of your custom browser package if:
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
index b2e068e5f8..7a8162ee05 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/customize-ie11-install-packages.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Customize Internet Explorer 11 installation packages
-ms.assetid: 10a14a09-673b-4f8b-8d12-64036135e7fd
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 10a14a09-673b-4f8b-8d12-64036135e7fd
 title: Customize Internet Explorer 11 installation packages (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Customize Internet Explorer 11 installation packages
 You can customize Internet Explorer 11 to support various browser behaviors, multiple operating system versions and languages, and Setup information (.inf) files.
 
@@ -26,7 +28,7 @@ In addition, you can configure IE before, during, or after deployment, using the
 -   **Group Policy**. Configures and enforces IE11 settings. For more information about settings and configuration options, see [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md).
 
 -   **Unattend.xml**. Customizes some of the IE settings during your Windows installation. This option only applies if you're updating a Windows image with IE11.<p>**Note**<br>
-You'll only see the new IE11 Unattend.xml settings if your Unattend.xml file's associated with a Windows image that includes the IE11 update. For more information about editing and using the Unattend.xml file, see [Unattended Windows Setup Reference](http://go.microsoft.com/fwlink/p/?LinkId=276788). For more information about using the Windows System Image Manager, see [Windows System Image Manager Technical Reference](http://go.microsoft.com/fwlink/p/?LinkId=276789).
+You'll only see the new IE11 Unattend.xml settings if your Unattend.xml file's associated with a Windows image that includes the IE11 update. For more information about editing and using the Unattend.xml file, see [Unattended Windows Setup Reference](https://go.microsoft.com/fwlink/p/?LinkId=276788). For more information about using the Windows System Image Manager, see [Windows System Image Manager Technical Reference](https://go.microsoft.com/fwlink/p/?LinkId=276789).
 
      
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index ab440a2332..360620938d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
 description: Delete a single site from your global Enterprise Mode site list.
-title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
-ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
+ms.pagetype: appcompat
+ms.mktglfcycl: deploy
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
+ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
+title: Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
-ms.pagetype: appcompat
 ---
 
+
 # Delete sites from your Enterprise Mode site list in the Enterprise Mode Site List Manager
 
 **Applies to:**
@@ -32,8 +34,8 @@ If you delete a site by mistake, you’ll need to manually add it back using the
 -   [Add sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.1)](add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md)
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
index e91b8ce485..846a265850 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
@@ -1,12 +1,14 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: You can deploy Internet Explorer 11 to your users' computers by using your custom browser packages and Automatic Version Synchronization (AVS).
-ms.assetid: f51224bd-3371-4551-821d-1d62310e3384
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: f51224bd-3371-4551-821d-1d62310e3384
 title: Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
+
 # Deploy Internet Explorer 11 using Automatic Version Synchronization (AVS)
 You can deploy Internet Explorer 11 to your users' computers by using your custom browser packages and Automatic Version Synchronization (AVS).
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
index 9ba9bc1914..6654729ec6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
@@ -1,23 +1,25 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Deploy Internet Explorer 11 using software distribution tools
-ms.assetid: fd027775-651a-41e1-8ec3-d32eca876d8a
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: fd027775-651a-41e1-8ec3-d32eca876d8a
 title: Deploy Internet Explorer 11 using software distribution tools (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Deploy Internet Explorer 11 using software distribution tools
 If you already manage software distribution and updates on your network through software distribution tools, you can also use these tools for ongoing deployments of Internet Explorer. Software distribution tools include:
 
--   **System Center R2 2012 System Center 2012 R2 Configuration Manager.** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [System Center R2 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkID=276664).
+-   **System Center R2 2012 System Center 2012 R2 Configuration Manager.** Deploy and install Internet Explorer 11 on your user's computers through a software distribution package. For more information about using this tool, see [System Center R2 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=276664).
 
--   **Windows Server Update Services (WSUS).** Download a single copy of the IE11 updates, caching them to local servers so your users' computers can receive the updates directly from the WSUS servers, instead of through Windows Update. For more information about using this tool, see [Windows Server Update Services](http://go.microsoft.com/fwlink/p/?LinkID=276790).
+-   **Windows Server Update Services (WSUS).** Download a single copy of the IE11 updates, caching them to local servers so your users' computers can receive the updates directly from the WSUS servers, instead of through Windows Update. For more information about using this tool, see [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790).
 
--   **Group Policy Software Installation.** Deploy and install IE11 on your user's computers through a combination of Group Policy and Microsoft Active Directory. For more information about using this tool, see [Group Policy Software Installation overview](http://go.microsoft.com/fwlink/p/?LinkId=296365).
+-   **Group Policy Software Installation.** Deploy and install IE11 on your user's computers through a combination of Group Policy and Microsoft Active Directory. For more information about using this tool, see [Group Policy Software Installation overview](https://go.microsoft.com/fwlink/p/?LinkId=296365).
 
--   **Microsoft Deployment Toolkit (MDT).** Add the IE11 update to your deployment share, using MDT to update your previously-deployed Windows image. For more information about using this tool, see [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkID=331148).
+-   **Microsoft Deployment Toolkit (MDT).** Add the IE11 update to your deployment share, using MDT to update your previously-deployed Windows image. For more information about using this tool, see [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkID=331148).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
index cf0f73e234..affd42d162 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-pinned-sites-using-mdt-2013.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: You can pin websites to the Windows 8.1 taskbar for quick access using the Microsoft Deployment Toolkit (MDT) 2013.
-ms.assetid: 24f4dcac-9032-4fe8-bf6d-2d712d61cb0c
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 24f4dcac-9032-4fe8-bf6d-2d712d61cb0c
 title: Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013
 
 **Applies to:**
@@ -20,10 +22,10 @@ title: Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013 (Int
 
 You can pin websites to the Windows 8.1 taskbar for quick access. You pin a website simply by dragging its tab to the taskbar. Some websites can also extend the icon’s Jump List.
 
-The ability to pin websites to the Windows 8.1 taskbar can help make end users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to users. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=398474).
+The ability to pin websites to the Windows 8.1 taskbar can help make end users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to users. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=398474).
 
 ## Deploying pinned websites in MDT 2013
-This topic requires that you have a complete MDT 2013 deployment share that contains Windows 8.1 which comes with Internet Explorer 11. If you’re deploying to Windows 7 clients and need to learn how to add IE11 to an MDT 2013 deployment share as an update, see [Installing Internet Explorer 11 using Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=398475) in the TechNet library.
+This topic requires that you have a complete MDT 2013 deployment share that contains Windows 8.1 which comes with Internet Explorer 11. If you’re deploying to Windows 7 clients and need to learn how to add IE11 to an MDT 2013 deployment share as an update, see [Installing Internet Explorer 11 using Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=398475) in the TechNet library.
 
 Deploying pinned websites in MDT 2013 is a 4-step process:
 
@@ -99,13 +101,13 @@ With the .website files ready to copy to the **Public Links** folder on target c
 ## Updating intranet websites for pinning
 The MDT 2013 deployment share and task sequences are now ready to pin websites to the taskbar during deployment. This pinning feature can include intranet sites important in your organization.
 
-You can make your intranet websites act more like applications by extending them to fully support the Windows 8.1 taskbar. This includes creating custom Jump Lists, thumbnail previews, and notifications. For info about extending your intranet websites, see [Pinned Sites Developer Documentation](http://go.microsoft.com/fwlink/p/?LinkId=398484) on MSDN. For more ideas about what to pin, see [Add-ons](http://go.microsoft.com/fwlink/p/?LinkId=398483) in the Internet Explorer Gallery.
+You can make your intranet websites act more like applications by extending them to fully support the Windows 8.1 taskbar. This includes creating custom Jump Lists, thumbnail previews, and notifications. For info about extending your intranet websites, see [Pinned Sites Developer Documentation](https://go.microsoft.com/fwlink/p/?LinkId=398484) on MSDN. For more ideas about what to pin, see [Add-ons](https://go.microsoft.com/fwlink/p/?LinkId=398483) in the Internet Explorer Gallery.
 
 ## Related topics
-- [Unattended Windows Setup Reference](http://go.microsoft.com/fwlink/p/?LinkId=276788)
-- [Windows System Image Manager Technical Reference](http://go.microsoft.com/fwlink/p/?LinkId=276789)
-- [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=331148)
-- [Windows ADK Overview](http://go.microsoft.com/fwlink/p/?LinkId=276669)
+- [Unattended Windows Setup Reference](https://go.microsoft.com/fwlink/p/?LinkId=276788)
+- [Windows System Image Manager Technical Reference](https://go.microsoft.com/fwlink/p/?LinkId=276789)
+- [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=331148)
+- [Windows ADK Overview](https://go.microsoft.com/fwlink/p/?LinkId=276669)
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
index 77ad3c2aea..0be45f20c1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Windows Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices.
-ms.assetid: 00cb1f39-2b20-4d37-9436-62dc03a6320b
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 00cb1f39-2b20-4d37-9436-62dc03a6320b
 title: Deprecated document modes and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Deprecated document modes and Internet Explorer 11
 
 **Applies to:**
@@ -24,7 +26,7 @@ Windows Internet Explorer 8 introduced document modes as a way to move from the
 This means that while Internet Explorer 11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices.
 
 **Note**<br>
-For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](http://go.microsoft.com/fwlink/p/?LinkId=615953).
+For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](https://go.microsoft.com/fwlink/p/?LinkId=615953).
 
 ## What is document mode?
 Each release after Internet Explorer 8 has helped with the transition by introducing additional document modes that emulated previously supported versions, while also introducing support for features defined by industry standards. During this time, numerous websites and apps were updated to the latest and greatest industry standards, while many other sites and apps continued to simply rely on document modes to work properly.
diff --git a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
index 2df84a765e..7ebacccb8b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
-ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
 title: Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Edit the Enterprise Mode site list using the Enterprise Mode Site List Manager
 
 **Applies to:**
@@ -36,8 +38,8 @@ If your change passes validation, it’s added to the global site list. If the u
 You can save the file locally or to a network share. However, you must make sure you deploy it to the location specified in your registry key. For more information about the registry key, see [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md).
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
index ee46784821..4a7966faaa 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Enable and disable add-ons using administrative templates and group policy
-ms.assetid: c6fe1cd3-0bfc-4d23-8016-c9601f674c0b
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: c6fe1cd3-0bfc-4d23-8016-c9601f674c0b
 title: Enable and disable add-ons using administrative templates and group policy (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Enable and disable add-ons using administrative templates and group policy
 Add-ons let your employees personalize Internet Explorer. You can manage IE add-ons using Group Policy and Group Policy templates.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
index 9d30f3ba62..971612c41b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enhanced-protected-mode-problems-with-ie11.md
@@ -1,20 +1,22 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Enhanced Protected Mode problems with Internet Explorer
-ms.assetid: 15890ad1-733d-4f7e-a318-10399b389f45
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: 15890ad1-733d-4f7e-a318-10399b389f45
 title: Enhanced Protected Mode problems with Internet Explorer (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Enhanced Protected Mode problems with Internet Explorer
 Enhanced Protected Mode further restricts Protected Mode to deny potential attackers access to sensitive or personal information. If this feature is turned on, users might start to see errors asking them to turn it off, like **This webpage wants to run "npctrl.dll. If you trust this site, you can disable Enhanced Protected Mode for this site to run the control**. If your users click the **Disable** box, Enhanced Protected Mode is turned off for only the single visit to that specific site. After the user leaves the site, Enhanced Protected Mode is automatically turned back on.
 
 You can use your company’s Group Policy to turn Enhanced Protected Mode on or off for all users. For more information, see the [Group policy objects and Internet Explorer 11 (IE11)](group-policy-objects-and-ie11.md) information in this guide.
 
-For more information about Enhanced Protected Mode, see the [Enhanced Protected Mode](http://go.microsoft.com/fwlink/p/?LinkId=267512) post on IEBlog, and both the [Understanding Enhanced Protected Mode](http://go.microsoft.com/fwlink/p/?LinkId=282662) and the [Enhanced Protected Mode and Local Files](http://go.microsoft.com/fwlink/p/?LinkId=282663) blog posts on IEInternals.
+For more information about Enhanced Protected Mode, see the [Enhanced Protected Mode](https://go.microsoft.com/fwlink/p/?LinkId=267512) post on IEBlog, and both the [Understanding Enhanced Protected Mode](https://go.microsoft.com/fwlink/p/?LinkId=282662) and the [Enhanced Protected Mode and Local Files](https://go.microsoft.com/fwlink/p/?LinkId=282663) blog posts on IEInternals.
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
index 50970689b7..1624192493 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Use the topics in this section to learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
-ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
 title: Enterprise Mode for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Enterprise Mode for Internet Explorer 11
 
 **Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
index 1e91d25a85..e78df6c4c1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
@@ -1,20 +1,23 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update.
-ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
 title: Enterprise Mode schema v.1 guidance (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Enterprise Mode schema v.1 guidance
 
 **Applies to:**
 
--   Windows 8.1
--   Windows 7
+- Windows 10
+- Windows 8.1
+- Windows 7
 
 Use the Enterprise Mode Site List Manager (schema v.1) to create and update your Enterprise Mode site list for devices running the v.1 version of the schema, or the Enterprise Mode Site List Manager (schema v.2) to create and update your Enterprise Mode site list for devices running the v.2 version of the schema. We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md). 
 
@@ -84,7 +87,19 @@ This table includes the elements used by the Enterprise Mode schema.
   &lt;emie&gt;
     &lt;domain&gt;contoso.com&lt;/domain&gt;
   &lt;/emie&gt;
-&lt;/rules>&gt;</pre></td>
+&lt;/rules&gt;</pre>
+<strong>-or-</strong>
+<p>For IPv6 ranges:<pre class="syntax">&lt;rules version="205"&gt;
+  &lt;emie&gt;
+    &lt;domain&gt;[10.122.34.99]:8080&lt;/domain&gt;
+  &lt;/emie&gt;
+  &lt;/rules&gt;</pre>
+<strong>-or-</strong>
+<p>For IPv4 ranges:<pre class="syntax">&lt;rules version="205"&gt;
+  &lt;emie&gt;
+    &lt;domain&gt;10.122.34.99:8080&lt;/domain&gt;
+  &lt;/emie&gt;
+  &lt;/rules&gt;</pre></td>
 <td>Internet Explorer 11 and Microsoft Edge</td>
 </tr>
 <tr>
@@ -189,7 +204,6 @@ For example, say you want all of the sites in the contoso.com domain to open usi
 We recommend that you not add any of the following items to your schema because they can make your compatibility list behave in unexpected ways:
 - Don’t use protocols. For example, `http://`, `https://`, or custom protocols. They break parsing.
 - Don’t use wildcards.
-- Don't use IP Addresses.
 - Don’t use query strings, ampersands break parsing.
 
 ## How to use trailing slashes
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
index 88ee4fb670..5c003a24c1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
-ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
 title: Enterprise Mode schema v.2 guidance (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Enterprise Mode schema v.2 guidance
 
 **Applies to:**
@@ -116,7 +118,15 @@ This table includes the elements used by the v.2 version of the Enterprise Mode
 &lt;site url="contoso.com"&gt;
   &lt;compat-mode&gt;default&lt;/compat-mode&gt;
   &lt;open-in&gt;none&lt;/open-in&gt;
-&lt;/site&gt;</pre><p>
+&lt;/site&gt;</pre>
+<strong>-or-</strong>
+<p>For IPv4 ranges:<pre class="syntax">&lt;site url="10.122.34.99:8080"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;site&gt;</pre><p>
+<strong>-or-</strong>
+<p>For IPv6 ranges:<pre class="syntax">&lt;site url="[10.122.34.99]:8080"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;site&gt;</pre><p>
 You can also use the self-closing version, &lt;url="contoso.com" /&gt;, which also sets:
 <ul>
   <li>&lt;compat-mode&gt;default&lt;/compat-mode&gt;</li>
@@ -131,7 +141,15 @@ You can also use the self-closing version, &lt;url="contoso.com" /&gt;, which al
 <pre class="syntax">
 &lt;site url="contoso.com"&gt;
   &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
-&lt;/site&gt;</pre><p>
+&lt;/site&gt;</pre>
+<strong>-or-</strong>
+<p>For IPv4 ranges:<pre class="syntax">&lt;site url="10.122.34.99:8080"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;site&gt;</pre><p>
+<strong>-or-</strong>
+<p>For IPv6 ranges:<pre class="syntax">&lt;site url="[10.122.34.99]:8080"&gt;
+  &lt;compat-mode&gt;IE8Enterprise&lt;/compat-mode&gt;
+&lt;site&gt;</pre><p>
 Where:
 <ul>
   <li><b>IE8Enterprise.</b> Loads the site in IE8 Enterprise Mode.<br>This element is required for sites included in the <b>EmIE</b> section of the v.1 schema and is needed to load in IE8 Enterprise Mode.</li><p>
@@ -258,7 +276,6 @@ We recommend that you not add any of the following items to your schema because
 
 - Don’t use protocols. For example, http://, https://, or custom protocols. They break parsing.
 - Don’t use wildcards.
-- Don't use IP Addresses.
 - Don’t use query strings, ampersands break parsing.
 
 ## Related topics
diff --git a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
index 36e9f65461..b45f274bcc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
-ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
 title: Export your Enterprise Mode site list from the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Export your Enterprise Mode site list from the Enterprise Mode Site List Manager
 
 **Applies to:**
@@ -32,8 +34,8 @@ This file is not intended for distribution to your managed devices. Instead, it
 
 ## Related topics
 
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
index 4e146ead03..94e5e4a1da 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: The Internet Explorer 11 Enterprise Mode site list lets you specify document modes for specific websites, helping you fix compatibility issues without changing a single line of code on the site.
-ms.assetid: 4b21bb27-aeac-407f-ae58-ab4c6db2baf6
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 4b21bb27-aeac-407f-ae58-ab4c6db2baf6
 title: Fix web compatibility issues using document modes and the Enterprise Mode site list (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Fix web compatibility issues using document modes and the Enterprise Mode site list
 The Internet Explorer 11 Enterprise Mode site list lets you specify document modes for specific websites, helping you fix compatibility issues without changing a single line of code on the site. This addition to the site list is a continuation of our commitment to help you upgrade and stay up-to-date on the latest version of Internet Explorer, while still preserving your investments in existing apps.
 
@@ -16,7 +18,7 @@ The Internet Explorer 11 Enterprise Mode site list lets you specify document mo
 Enterprises can have critical apps that are coded explicitly for a specific browser version and that might not be in their direct control, making it very difficult and expensive to update to modern standards or newer browser versions. Because you can decide which URLs should open using specific document modes, this update helps ensure better compatibility, faster upgrades, and reduced testing and fixing costs.
 
 ## How does this fix work?
-You can continue to use your legacy and orphaned web apps, by specifying a document mode in the centralized Enterprise Mode site list. Then, when IE11 goes to a site on your list, the browser loads the page in the specified document mode just as it would if it were specified through an X-UA-Compatible meta tag on the site. For more information about document modes and X-UA-compatible headers, see [Defining document compatibility](http://go.microsoft.com/fwlink/p/?LinkId=518412).
+You can continue to use your legacy and orphaned web apps, by specifying a document mode in the centralized Enterprise Mode site list. Then, when IE11 goes to a site on your list, the browser loads the page in the specified document mode just as it would if it were specified through an X-UA-Compatible meta tag on the site. For more information about document modes and X-UA-compatible headers, see [Defining document compatibility](https://go.microsoft.com/fwlink/p/?LinkId=518412).
 
 **Important**<br>
 Enterprise Mode takes precedence over document modes, so sites that are already included in the Enterprise Mode site list won’t be affected by this update and will continue to load in Enterprise Mode, as usual.
@@ -38,7 +40,7 @@ To see if this fix might help you, run through this process one step at a time,
     ![Emulation tool showing document mode selection](images/docmode-f12.png)
 
 2.  Starting with the **11 (Default)** option, test your broken scenario.<br>
-If that doesn’t work, continue down to the next lowest document mode, stopping as soon as you find a document mode that fixes your problems. For more information about the Emulation tool, see [Emulate browsers, screen sizes, and GPS locations](http://go.microsoft.com/fwlink/p/?LinkId=518417).
+If that doesn’t work, continue down to the next lowest document mode, stopping as soon as you find a document mode that fixes your problems. For more information about the Emulation tool, see [Emulate browsers, screen sizes, and GPS locations](https://go.microsoft.com/fwlink/p/?LinkId=518417).
 
 3.  If none of the document modes fix your issue, change the **Browser Profile** to **Enterprise**, pick the mode you want to test with starting with **8** (IE8 Enterprise Mode), and then test your broken scenario.
 
@@ -92,8 +94,8 @@ By default, IE11 uses the **Display intranet sites in Compatibility View** setti
 To help you move forward, you can now use the Enterprise Mode site list to specify sites or web paths to use the IE7 document mode, which goes down to IE5 “Quirks” mode if the page doesn’t have an explicit `DOCTYPE` tag. Using this document mode effectively helps you provide the Compatibility View functionality for single sites or a group of sites, which after thorough testing, can help you turn off Compatibility View as the default setting for your intranet sites.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
index 60d261f86c..cb34e15ac9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: When you add multiple sites to your Enterprise Mode site list entries, they’re validated by the Enterprise Mode Site List Manager before they’re entered into your global list.
-ms.assetid: 9f80e39f-dcf1-4124-8931-131357f31d67
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 9f80e39f-dcf1-4124-8931-131357f31d67
 title: Fix validation problems using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Fix validation problems using the Enterprise Mode Site List Manager
 
 **Applies to:**
@@ -31,8 +33,8 @@ There are typically 3 types of errors you’ll see:
 Another possibility is that redirection happens multiple times, with an intermediary site experiencing compatibility issues. For example, an employee types a short URL that then redirects multiple times, finally ending up on a non-intranet site. In this situation, you might want to add the intermediary URLs to your Enterprise Mode site list, in case there’s logic in one of them that has compatibility issues.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
index 699ac6b08f..3ae9e11aab 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Overview about Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11
-ms.assetid: 63a7ef4a-6de2-4d08-aaba-0479131e3406
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: 63a7ef4a-6de2-4d08-aaba-0479131e3406
 title: Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11
 Advanced Group Policy Management (AGPM) is an add-on license that available for the Microsoft Desktop Optimization Pack (MDOP). This license gives you change control and a role assignment-model that helps optimize Group Policy management and reduce the risk of widespread failures.
 
@@ -27,7 +29,7 @@ From AGPM you can:
 -   **Manage your GPO lifecycle with change control features.** You can use the available version-control, history, and auditing features to help you manage your GPOs while moving through your archive, to your editing process, and finally to your GPO deployment.
 
 **Note**<br>
-For more information about AGPM, and to get the license, see [Microsoft Advanced Group Policy Management 4.0 SP1 Step-by-Step Guide](http://go.microsoft.com/fwlink/p/?LinkId=294916).
+For more information about AGPM, and to get the license, see [Microsoft Advanced Group Policy Management 4.0 SP1 Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=294916).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
index 93e3fc0b99..2a7f645030 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-group-policy-mgmt-console-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Overview about Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11
-ms.assetid: ae3d227d-3da7-46b8-8a61-c71bfeae0c63
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security 
+ms.assetid: ae3d227d-3da7-46b8-8a61-c71bfeae0c63
 title: Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Group Policy, the Group Policy Management Console (GPMC), and Internet Explorer 11
 A Microsoft Management Console (MMC)-based tool that uses scriptable interfaces to manage Group Policy. The 32-bit and 64-bit versions are included with Windows Server R2 with Service Pack 1 (SP1) and Windows Server 2012 R2.
 
@@ -29,10 +31,10 @@ The GPMC lets you:
 
 -   Create scriptable interfaces to support all of the operations available within the GPMC. You can't use scripts to edit individual policy settings in a GPO.
 
-For more information about the GPMC, see [Group Policy Management Console](http://go.microsoft.com/fwlink/p/?LinkId=214515) on TechNet.
+For more information about the GPMC, see [Group Policy Management Console](https://go.microsoft.com/fwlink/p/?LinkId=214515) on TechNet.
 
 ## Searching for Group Policy settings
-To search for Group Policy settings in the Group Policy Management Console (GPMC), use the [Group Policy Search tool](http://go.microsoft.com/fwlink/p/?LinkId=279857). To find the Group Policy settings, click **Windows Components**, and then click **Internet Explorer**.
+To search for Group Policy settings in the Group Policy Management Console (GPMC), use the [Group Policy Search tool](https://go.microsoft.com/fwlink/p/?LinkId=279857). To find the Group Policy settings, click **Windows Components**, and then click **Internet Explorer**.
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
index ec32390c66..c7f5e51beb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Use the topics in this section to learn about Group Policy and how to use it to manage Internet Explorer.
-ms.assetid: 50383d3f-9ac9-4a30-8852-354b6eb9434a
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: 50383d3f-9ac9-4a30-8852-354b6eb9434a
 title: Group Policy and Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Group Policy and Internet Explorer 11 (IE11)
 
 **Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
index fa923d9b37..4e9b26b3fc 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
@@ -1,18 +1,20 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Group Policy, the Local Group Policy Editor, and Internet Explorer 11
-ms.assetid: 6fc30e91-efac-4ba5-9ee2-fa77dcd36467
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: 6fc30e91-efac-4ba5-9ee2-fa77dcd36467
 title: Group Policy, the Local Group Policy Editor, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Group Policy, the Local Group Policy Editor, and Internet Explorer 11
 A Microsoft Management Console (MMC)-based tool that manages both computer and user-related configurations for an individual computer policy. This tool is included with Windows® 7 Service Pack 1 (SP1) and Windows 8.1.
 
-Here's a list of the policy settings you can use, based on the configuration type. For more info, see [Local Group Policy Editor](http://go.microsoft.com/fwlink/p/?LinkId=294912).
+Here's a list of the policy settings you can use, based on the configuration type. For more info, see [Local Group Policy Editor](https://go.microsoft.com/fwlink/p/?LinkId=294912).
 
 |Computer configuration |User configuration |
 |-----------------------|-------------------|
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md
index 35078a3e90..763f3e3eec 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatability-with-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Group Policy suggestions for compatibility with Internet Explorer 11
-ms.assetid: 7482c99f-5d79-4344-9e1c-aea9f0a68e18
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: 7482c99f-5d79-4344-9e1c-aea9f0a68e18
 title: Group Policy and compatibility with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Group Policy and compatibility with Internet Explorer 11
 Internet Explorer 11 has many Group Policy entries that can be configured for keeping your environment managed and safe. This table includes all of our recommendations around security, performance, and compatibility with the previous versions of Internet Explorer, regardless of which Zone the website is in.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
index 10f870a052..37e54ed67e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-objects-and-ie11.md
@@ -1,21 +1,23 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Overview of the available Group Policy management tools
-ms.assetid: e33bbfeb-6b80-4e71-8bba-1d0369a87312
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: e33bbfeb-6b80-4e71-8bba-1d0369a87312
 title: Group Policy management tools (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Group Policy management tools
 Group Policy, based on Microsoft Active Directory Domain Services (AD DS), lets you manage your organization's computer and user settings as part of your Group Policy objects (GPOs), which are added and changed in the Group Policy Management Console (GPMC). GPOs can include registry-based Administrative Template policy settings, security settings, software deployment information, scripts, folder redirection, and preferences. The most effective way to target a specific GPO is to use Windows Management Instrumentation (WMI) filters. Like, creating a WMI filter that applies a GPO only to computers with a specific make and model.
 
 By using Group Policy, you can set up a policy setting once, and then copy that setting onto many computers. For example, you can set up multiple Internet Explorer 11 security settings in a GPO that's linked to a domain, and then apply all of those settings to every computer in the domain.
 
 **Note**<br>  
-For more information about Group Policy, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy.
+For more information about Group Policy, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=214514). This site provides links to the latest technical documentation, videos, and downloads for Group Policy.
 
 ## Managing settings with GPOs
 After deploying IE11 to your organization, you can continue to manage the browser settings by using Active Directory Domain Services (AD DS) together with the following Group Policy-related setting management groups:
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
index 1cb342649a..4d460e76ab 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Info about Group Policy preferences versus Group Policy settings
-ms.assetid: f2264c97-7f09-4f28-bb5c-58ab80dcc6ee
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: f2264c97-7f09-4f28-bb5c-58ab80dcc6ee
 title: Group policy preferences and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Group policy preferences and Internet Explorer 11
 Group Policy preferences are less strict than Group Policy settings, based on:
 
@@ -22,7 +24,7 @@ Group Policy preferences are less strict than Group Policy settings, based on:
 |Targeting and filtering |<ul><li>Targeting is specific, with a user interface for each type of targeting item</li><li>Supports targeting at the individual preference item level</li></ul> |<ul><li>Filtering is based on Windows Management Instrumentation (WMI), and requires writing WMI queries</li><li>Supports filtering at the Group Policy Object (GPO) level</li></ul> |
 
 
-For more information about Group Policy preferences, see the [Group Policy Settings Reference for Windows and Windows Server](http://go.microsoft.com/fwlink/p/?LinkId=279876).
+For more information about Group Policy preferences, see the [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=279876).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
index ab3e07bb1c..037d8a5da7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
@@ -1,19 +1,21 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Links to troubleshooting topics and log files that can help address Group Policy problems with Internet Explorer 11.
-ms.assetid: 0da0d9a9-200c-46c4-96be-630e82de017b
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: 0da0d9a9-200c-46c4-96be-630e82de017b
 title: Group Policy problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Group Policy problems with Internet Explorer 11
-If you're having problems with Group Policy and Internet Explorer 11, or if you're looking for high-level information about the concepts and techniques used to troubleshoot Group Policy, as well as links to detailed reference topics, procedures, and troubleshooting scenario guides, see [Group Policy Analysis and Troubleshooting Overview](http://go.microsoft.com/fwlink/p/?LinkId=279872).
+If you're having problems with Group Policy and Internet Explorer 11, or if you're looking for high-level information about the concepts and techniques used to troubleshoot Group Policy, as well as links to detailed reference topics, procedures, and troubleshooting scenario guides, see [Group Policy Analysis and Troubleshooting Overview](https://go.microsoft.com/fwlink/p/?LinkId=279872).
 
 ## Group Policy Object-related Log Files
-You can use the Event Viewer to review Group Policy-related messages in the **Windows Logs**, **System** file. All of the Group Policy-related events are shown with a source of **GroupPolicy**. For more information about the Event Viewer, see [What information appears in event logs? (Event Viewer)](http://go.microsoft.com/fwlink/p/?LinkId=294917).
+You can use the Event Viewer to review Group Policy-related messages in the **Windows Logs**, **System** file. All of the Group Policy-related events are shown with a source of **GroupPolicy**. For more information about the Event Viewer, see [What information appears in event logs? (Event Viewer)](https://go.microsoft.com/fwlink/p/?LinkId=294917).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
index 932f43f074..a5c8385649 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Instructions about how to create and configure shortcut preference extensions to file system objects, URLs, and shell objects.
-ms.assetid: c6fbf990-13e4-4be7-9f08-5bdd43179b3b
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: c6fbf990-13e4-4be7-9f08-5bdd43179b3b
 title: Group Policy, Shortcut Extensions, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Group Policy, Shortcut Extensions, and Internet Explorer 11
 Group Policy includes the Shortcuts preference extension, which lets you configure shortcuts to:
 
@@ -33,7 +35,7 @@ You can create and configure shortcuts for any domain-based Group Policy Object
 
 5.  Type the required shortcut settings and your comments into the **Description** box, and click **OK**.
 
-For more information about shortcut extensions, including step-by-step guidance, see [Shortcuts Extension](http://go.microsoft.com/fwlink/p/?LinkId=214525) and [Configure a Shortcut Item](http://go.microsoft.com/fwlink/p/?LinkId=301837).
+For more information about shortcut extensions, including step-by-step guidance, see [Shortcuts Extension](https://go.microsoft.com/fwlink/p/?LinkId=214525) and [Configure a Shortcut Item](https://go.microsoft.com/fwlink/p/?LinkId=301837).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
index a3cf84a188..c44db29784 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-windows-powershell-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Overview about how Group Policy works with Windows Powershell and Internet Explorer 11
-ms.assetid: e3607cde-a498-4e04-9daa-b331412967fc
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: e3607cde-a498-4e04-9daa-b331412967fc
 title: Group Policy, Windows Powershell, and Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Group Policy, Windows Powershell, and Internet Explorer 11
 Your domain-joined Group Policy Objects (GPOs) can use any of Group Policy-related “cmdlets” that run within Windows PowerShell.
 
@@ -22,7 +24,7 @@ Each cmdlet is a single-function command-line tool that can:
 
 -   Configure registry-based policy settings and registry settings for Group Policy preferences.
 
-For more info about PowerShell and Group Policy management, see [Use Windows PowerShell to Manage Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=276828).
+For more info about PowerShell and Group Policy management, see [Use Windows PowerShell to Manage Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=276828).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
index 78cd0493c7..a52315fec5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
-ms.assetid: cacd5d68-700b-4a96-b4c9-ca2c40c1ac5f
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: cacd5d68-700b-4a96-b4c9-ca2c40c1ac5f
 title: Import your Enterprise Mode site list to the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Import your Enterprise Mode site list to the Enterprise Mode Site List Manager
 
 **Applies to:**
@@ -33,8 +35,8 @@ Importing your file overwrites everything that’s currently in the tool, so mak
 3.  Review the alert message about all of your entries being overwritten. If you still want to import the file, click **Yes**.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/index.md b/browsers/internet-explorer/ie11-deploy-guide/index.md
index 26af9a6794..b1b9d3ce0b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/index.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/index.md
@@ -1,13 +1,14 @@
 ---
+ms.mktglfcycl: deploy
 description: Use this guide to learn about the several options and processes you'll need to consider while you're planning for, deploying, and customizing Internet Explorer 11 for your employee's devices.
-ms.assetid: bddc2d97-c38d-45c5-9588-1f5bbff2e9c3
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: bddc2d97-c38d-45c5-9588-1f5bbff2e9c3
 title: Internet Explorer 11 (IE11) - Deployment Guide for IT Pros (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Internet Explorer 11 (IE11) - Deployment Guide for IT Pros
 
 **Applies to:**
@@ -36,11 +37,11 @@ Because this content isn't intended to be a step-by-step guide, not all of the s
 |[Manage Internet Explorer 11](manage-ie11-overview.md) |Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for IE. |
 |[Troubleshoot Internet Explorer 11 (IE11)](troubleshoot-ie11.md) |Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with IE. |
 |[Out-of-date ActiveX control blocking](out-of-date-activex-control-blocking.md) |ActiveX controls are small apps that let websites provide content, like videos, games, and let you interact with content like toolbars. Unfortunately, because many ActiveX controls aren’t automatically updated, they can become outdated as new versions are released. It’s very important that you keep your ActiveX controls up-to-date because malicious software (or malware) can target security flaws in outdated controls, damaging your computer by collecting info from it, installing unwanted software, or by letting someone else control it remotely. To help avoid this situation, IE includes a new security feature, called <em>out-of-date ActiveX control blocking</em>. |
-|[Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md) |Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices. Starting with Windows 10, we’re deprecating document modes.<p>This means that while IE11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices.<p><b>Note</b><br>For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](http://go.microsoft.com/fwlink/p/?LinkId=615953). |
+|[Deprecated document modes and Internet Explorer 11](deprecated-document-modes.md) |Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices. Starting with Windows 10, we’re deprecating document modes.<p>This means that while IE11 will continue to support document modes, Microsoft Edge won’t. And because of that, it also means that if you want to use Microsoft Edge, you’re going to have to update your legacy webpages and apps to support modern features, browsers, and devices.<p><b>Note</b><br>For specific details about the technologies and APIs that are no longer supported in Microsoft Edge, see [A break from the past, part 2: Saying goodbye to ActiveX, VBScript, attachEvent](https://go.microsoft.com/fwlink/p/?LinkId=615953). |
 |[What is the Internet Explorer 11 Blocker Toolkit?](what-is-the-internet-explorer-11-blocker-toolkit.md) |The IE11 Blocker Toolkit lets you turn off the automatic delivery of IE11 through the <b>Automatic Updates</b> feature of Windows Update. |
 |[Missing Internet Explorer Maintenance (IEM) settings for Internet Explorer 11](missing-internet-explorer-maintenance-settings-for-ie11.md) |The Internet Explorer Maintenance (IEM) settings have been deprecated in favor of Group Policy preferences, Administrative Templates (.admx), and the Internet Explorer Administration Kit 11 (IEAK 11).<p>Because of this change, your IEM-configured settings will no longer work on computers running Internet Explorer 10 or newer. To fix this, you need to update the affected settings using Group Policy preferences, Administrative Templates (.admx), or the IEAK 11.<p>Because Group Policy Preferences and IEAK 11 run using asynchronous processes, you should choose to use only one of the tools within each group of settings. For example, using only IEAK 11 in the <b>Security</b> settings or Group Policy Preferences within the <b>Internet Zone</b> settings. Also, it's important to remember that policy is enforced and can't be changed by the user, while preferences are configured, but can be changed by the user. |
 |[Missing the Compatibility View Button](missing-the-compatibility-view-button.md) |Compatibility View was introduced in Internet Explorer 8 to help existing content continue to work with Windows Internet Explorer 7, while developers updated their content to support modern interoperable web standards. Since then, the IE web platform, and the web itself, have changed so that most public web content looks for standards-based features instead of IE 7-compatible behavior.<p>Thanks to these changes, using IE11 in the latest standards mode is more compatible with the web than ever before. As a result, IE11 simplifies web page compatibility for users by removing the <b>Compatibility View</b> button and reducing the number of compatibility options in the F12 developer tools for developers. |
-|[Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013](deploy-pinned-sites-using-mdt-2013.md) |You can pin websites to the Windows 8.1 taskbar for quick access. You pin a website simply by dragging its tab to the taskbar. Some websites can also extend the icon’s Jump List.<p>The ability to pin websites to the Windows 8.1 taskbar can help make end-users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to employees. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=398474).
+|[Deploy pinned websites using Microsoft Deployment Toolkit (MDT) 2013](deploy-pinned-sites-using-mdt-2013.md) |You can pin websites to the Windows 8.1 taskbar for quick access. You pin a website simply by dragging its tab to the taskbar. Some websites can also extend the icon’s Jump List.<p>The ability to pin websites to the Windows 8.1 taskbar can help make end-users in businesses more productive. As an IT professional, for example, you can pin intranet and SharePoint websites to the taskbar to make them immediately available to employees. In this article, you learn how to deploy pinned websites by using Lite Touch Installation in the [Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=398474).
 
 
 ## IE11 naming conventions
@@ -55,4 +56,5 @@ IE11 offers differing experiences in Windows 8.1:
 ## Related topics
 - [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)
 - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760643)
\ No newline at end of file
+- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
index 34618dbf50..c75819476b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment.
-ms.assetid: caca18c1-d5c4-4404-84f8-d02bc562915f
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: caca18c1-d5c4-4404-84f8-d02bc562915f
 title: Install and Deploy Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Install and Deploy Internet Explorer 11 (IE11)
 
 **Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
index dd1116c424..37a5a38754 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
@@ -1,15 +1,17 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to add and deploy the Internet Explorer 11 update using Microsoft Intune.
-ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616
 title: Install Internet Explorer 11 (IE11) using Microsoft Intune (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 #  Install Internet Explorer 11 (IE11) using Microsoft Intune
-Internet Explorer 11 is available as an update in Microsoft Intune. Microsoft Intune uses Windows cloud services to help you manage updates, monitor and protect your computers, provide remote assistance, track hardware and software inventory, and set security policies. For more information, see the [Documentation Library for Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=301805).
+Internet Explorer 11 is available as an update in Microsoft Intune. Microsoft Intune uses Windows cloud services to help you manage updates, monitor and protect your computers, provide remote assistance, track hardware and software inventory, and set security policies. For more information, see the [Documentation Library for Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=301805).
 
 ## Adding and deploying the IE11 package
 You can add and then deploy the IE11 package to any computer that's managed by Microsoft Intune.
@@ -20,7 +22,7 @@ You can add and then deploy the IE11 package to any computer that's managed by M
 
 2.  Add your IE11 package as either an external link or as a Windows installer package (.exe or .msi). 
 
-For more info about how to decide which one to use, and how to use it, see [Deploy and configure apps](http://go.microsoft.com/fwlink/p/?LinkId=301806).
+For more info about how to decide which one to use, and how to use it, see [Deploy and configure apps](https://go.microsoft.com/fwlink/p/?LinkId=301806).
 
  ![](images/wedge.gif) **To automatically deploy and install the IE11 package**
 
@@ -30,7 +32,7 @@ For more info about how to decide which one to use, and how to use it, see [Depl
 
 3.  After the package is on your employee's computers, the installation process runs, based on what you set up in your wizard. 
 
-For more info about this, see [Deploy and configure apps](http://go.microsoft.com/fwlink/p/?LinkId=301806).
+For more info about this, see [Deploy and configure apps](https://go.microsoft.com/fwlink/p/?LinkId=301806).
 
  ![](images/wedge.gif) **To let your employees install the IE11 package**
 
@@ -38,7 +40,7 @@ For more info about this, see [Deploy and configure apps](http://go.microsoft.co
 
 2.  Any employee in the assigned group can now install the package. 
 
-For more info about this, see [Update apps using Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=301808)
+For more info about this, see [Update apps using Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=301808)
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
index f6560589bc..88f8a3c2f5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
@@ -1,28 +1,30 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using Microsoft Deployment Toolkit (MDT) and your Windows images.
-ms.assetid: e16f9144-170c-4964-a62d-0d1a16f4cd1f
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: e16f9144-170c-4964-a62d-0d1a16f4cd1f
 title: Install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images
 
 You can install Internet Explorer 11 (IE11) using Microsoft Deployment Toolkit (MDT) and your Windows images.
 
 You'll need to extract the .cab file for each supported operating system and platform combination and the .msu file for each prerequisite update. Download the IE11 update and prerequisites here:
 
--   [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=279697)
+-   [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=279697)
 
--   [Microsoft Update Catalog](http://go.microsoft.com/fwlink/p/?LinkId=214287)
+-   [Microsoft Update Catalog](https://go.microsoft.com/fwlink/p/?LinkId=214287)
 
 After you install the .msu file updates, you'll need to add them to your MDT deployment. You'll also need to extract the IE11 .cab update file from the IE11 installation package, using the `/x` command-line option. For example, `IE11-Windows6.1-x64-en-us.exe /x:c:\ie11cab`.
 
 ## Installing IE11 using Microsoft Deployment Toolkit (MDT) 
 
-MDT adds IE11 to your Windows images, regardless whether you are creating or deploying a customized or non-customized image. MDT also lets you perform offline servicing during the System Center 2012 R2 Configuration Manager task sequence, letting you add IE11 before starting Windows. For info, see [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?linkid=331148).
+MDT adds IE11 to your Windows images, regardless whether you are creating or deploying a customized or non-customized image. MDT also lets you perform offline servicing during the System Center 2012 R2 Configuration Manager task sequence, letting you add IE11 before starting Windows. For info, see [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?linkid=331148).
 
  ![](images/wedge.gif) **To add IE11 to a MDT deployment share**
 
@@ -41,9 +43,9 @@ You can add the IE11 update while you're performing offline servicing, or slipst
 
 These articles have step-by-step details about adding packages to your Windows images:
 
--   For Windows 8.1, see [Add or Remove Packages Offline Using DISM](http://go.microsoft.com/fwlink/p/?LinkId=276791).
+-   For Windows 8.1, see [Add or Remove Packages Offline Using DISM](https://go.microsoft.com/fwlink/p/?LinkId=276791).
 
--   For Windows 7 SP1, see [Add or Remove Packages Offline](http://go.microsoft.com/fwlink/p/?LinkId=214490).
+-   For Windows 7 SP1, see [Add or Remove Packages Offline](https://go.microsoft.com/fwlink/p/?LinkId=214490).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
index d89f7f25bd..3e5c532158 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-system-center-configuration-manager.md
@@ -1,16 +1,18 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: How to install the Internet Explorer 11 update using System Center 2012 R2 Configuration Manager
-ms.assetid: 9ede9722-29b3-4cb7-956d-ffa91e7bedbd
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 9ede9722-29b3-4cb7-956d-ffa91e7bedbd
 title: Install Internet Explorer 11 (IE11) using System Center 2012 R2 Configuration Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Install Internet Explorer 11 (IE11) using System Center 2012 R2 Configuration Manager
-You can install Internet Explorer 11 (IE11) by using [System Center R2 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?linkid=276664). Complete these steps for each operating system and platform combination.
+You can install Internet Explorer 11 (IE11) by using [System Center R2 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?linkid=276664). Complete these steps for each operating system and platform combination.
 
  ![](images/wedge.gif) **To install IE11**
 
@@ -22,7 +24,7 @@ You can install Internet Explorer 11 (IE11) by using [System Center R2 2012 Con
 
 4.  Move the installation package to your distribution points, and then advertise the package.
 
-You can also use System Center Essentials 2010 to deploy IE11 installation packages. For info, see [System Center Essentials 2010](http://go.microsoft.com/fwlink/p/?linkid=395200) and the [System Center Essentials 2010 Operations Guide](http://go.microsoft.com/fwlink/p/?LinkId=214266).
+You can also use System Center Essentials 2010 to deploy IE11 installation packages. For info, see [System Center Essentials 2010](https://go.microsoft.com/fwlink/p/?linkid=395200) and the [System Center Essentials 2010 Operations Guide](https://go.microsoft.com/fwlink/p/?LinkId=214266).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
index 82866d766a..90d10b49a1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using your network
-ms.assetid: 85f6429d-947a-4031-8f93-e26110a35828
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 85f6429d-947a-4031-8f93-e26110a35828
 title: Install Internet Explorer 11 (IE11) using your network (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Install Internet Explorer 11 (IE11) using your network
 You can install Internet Explorer 11 (IE11) over your network by putting your custom IE11 installation package in a shared network folder and letting your employees run the Setup program on their own computers. You can create the network folder structure manually, or you can run Internet Explorer Administration Kit 11 (IEAK 11).
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
index a6e2c79c58..bc3474ac70 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using third-party tools and command-line options.
-ms.assetid: 30190c66-49f7-4ca4-8b57-a47656aa0c7e
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 30190c66-49f7-4ca4-8b57-a47656aa0c7e
 title: Install Internet Explorer 11 (IE11) using third-party tools (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Install Internet Explorer 11 (IE11) using third-party tools
 You can install Internet Explorer 11 (IE11) using third-party electronic software distribution (ESD) systems and these command-line options:
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
index 61cf35bf43..d3d5a75fb7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
@@ -1,15 +1,17 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using Windows Server Update Services (WSUS)'
-ms.assetid: 6cbd6797-c670-4236-8423-e0919478f2ce
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 6cbd6797-c670-4236-8423-e0919478f2ce
 title: Install Internet Explorer 11 (IE11) using Windows Server Update Services (WSUS) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Install Internet Explorer 11 (IE11) using Windows Server Update Services (WSUS)
-Windows Server Update Services (WSUS) lets you download a single copy of the Microsoft product update and cache it on your local WSUS servers. You can then configure your computers to get the update from your local servers instead of Windows Update. For more information about WSUS, see [Windows Server Update Services](http://go.microsoft.com/fwlink/p/?LinkID=276790).
+Windows Server Update Services (WSUS) lets you download a single copy of the Microsoft product update and cache it on your local WSUS servers. You can then configure your computers to get the update from your local servers instead of Windows Update. For more information about WSUS, see [Windows Server Update Services](https://go.microsoft.com/fwlink/p/?LinkID=276790).
 
  ![](images/wedge.gif) **To import from Windows Update to WSUS**
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
index 1a16679847..b077e4a853 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-problems-with-ie11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to fix potential installation problems with Internet Explorer 11
-ms.assetid: 3ae77745-86ac-40a9-a37d-eebbf37661a3
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 3ae77745-86ac-40a9-a37d-eebbf37661a3
 title: Install problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Install problems with Internet Explorer 11
 Most Internet Explorer 11 installations are straightforward and work the way they should. But it's possible that you might have problems.
 
@@ -19,7 +21,7 @@ If you do, you can:
 
 -   Temporarily turn off your antispyware and antivirus software.
 
--   Try another IE11 installer. For example from [Windows Update](http://go.microsoft.com/fwlink/p/?LinkId=302315) or from the [Download Internet Explorer 11](http://go.microsoft.com/fwlink/p/?linkid=327753) website.
+-   Try another IE11 installer. For example from [Windows Update](https://go.microsoft.com/fwlink/p/?LinkId=302315) or from the [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=327753) website.
 
 -   Review the `IE11_main.log` file in the `\Windows` folder. This log file has information about each installation and is appended for each subsequent installation.
 
@@ -36,16 +38,16 @@ If Internet Explorer doesn't finish installing, it might mean that Windows Updat
 
     2.  After the uninstall finishes, restart your computer.
 
-2.  Run [Windows Update](http://go.microsoft.com/fwlink/p/?LinkId=302315), clicking **Check for updates**.
+2.  Run [Windows Update](https://go.microsoft.com/fwlink/p/?LinkId=302315), clicking **Check for updates**.
 
 3.  Check the list for IE11. If it's included in the list of updates for download, exclude it before you update your computer.<p>
-If you get an error during the Windows Update process, see [Fix the problem with Microsoft Windows Update that is not working](http://go.microsoft.com/fwlink/p/?LinkId=302316).
+If you get an error during the Windows Update process, see [Fix the problem with Microsoft Windows Update that is not working](https://go.microsoft.com/fwlink/p/?LinkId=302316).
 
 4.  Restart your computer, making sure all of your the updates are finished.
 
-5.  Try to reinstall IE11 from either Windows Update (if you saw it in Step 3) or from the [Download Internet Explorer 11](http://go.microsoft.com/fwlink/p/?linkid=327753) website.
+5.  Try to reinstall IE11 from either Windows Update (if you saw it in Step 3) or from the [Download Internet Explorer 11](https://go.microsoft.com/fwlink/p/?linkid=327753) website.
 
-If these steps didn't fix your problem, see [Troubleshooting a failed installation of Internet Explorer 11](http://go.microsoft.com/fwlink/p/?LinkId=304130).
+If these steps didn't fix your problem, see [Troubleshooting a failed installation of Internet Explorer 11](https://go.microsoft.com/fwlink/p/?LinkId=304130).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
index a8d097f152..c51449c0b6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to fix intranet search problems with Internet Explorer 11
-ms.assetid: 3ee71d93-d9d2-48e1-899e-07932c73faa6
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 3ee71d93-d9d2-48e1-899e-07932c73faa6
 title: Fix intranet search problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Fix intranet search problems with Internet Explorer 11
 After upgrading to Internet Explorer 11, you might experience search issues while using your intranet site.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
index 0f2607cf87..8f73d5b3da 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for Internet Explorer.
-ms.assetid: eb3cce62-fc7b-41e3-97b6-2916b85bcf55
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: eb3cce62-fc7b-41e3-97b6-2916b85bcf55
 title: Manage Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Manage Internet Explorer 11
 
 **Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
index 9e9f124417..3964c4c779 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: support
 description: IEM-configured settings have been deprecated for Internet Explorer 10 and newer. Use this topic to learn where to go to fix the affected settings through Group Policy Preferences, Administrative Templates (.admx), or the IEAK.
-ms.assetid: 89084e01-4e3f-46a6-b90e-48ee58d6821c
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: support
-ms.sitesec: library
+ms.assetid: 89084e01-4e3f-46a6-b90e-48ee58d6821c
 title: Missing Internet Explorer Maintenance settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Missing Internet Explorer Maintenance settings for Internet Explorer 11
 
 **Applies to:**
@@ -32,11 +34,11 @@ For more information about all of the new options and Group Policy, see:
 
 -   [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md)
 
--   [Group Policy Settings Reference for Windows and Windows Server](http://go.microsoft.com/fwlink/p/?LinkId=279876)
+-   [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=279876)
 
--   [Group Policy ADMX Syntax Reference Guide](http://go.microsoft.com/fwlink/p/?LinkId=276830)
+-   [Group Policy ADMX Syntax Reference Guide](https://go.microsoft.com/fwlink/p/?LinkId=276830)
 
--   [Enable and Disable Settings in a Preference Item](http://go.microsoft.com/fwlink/p/?LinkId=282671)
+-   [Enable and Disable Settings in a Preference Item](https://go.microsoft.com/fwlink/p/?LinkId=282671)
 
 ## IEM replacements
 The IEM settings have replacements you can use in either Group Policy Preferences or IEAK 11.
@@ -88,4 +90,5 @@ The Advanced IEM settings, including Corporate and Internet settings, were also
 |IEM setting |Description |Replacement tool |
 |------------|------------|-----------------|
 |Corporate settings |Specifies the location of the file with the settings you use to make IE work best in your organization. |On the <b>Additional Settings</b> page of IEAK 11, expand <b>Corporate Settings</b>, and then customize how your organization handles temporary Internet files, code downloads, menu items, and toolbar buttons. |
-|Internet settings |Specifies the location of the file that includes your default IE settings. |In the <b>Internet Settings Group Policy Preferences</b> dialog box, click the <b>Advanced</b> tab, and then update your Internet-related settings, as required<p>-OR-<p>On the <b>Additional Settings</b> page of IEAK 11, expand <b>Internet Settings</b>, and then customize your default values in the <b>Internet Options</b> dialog box. |
\ No newline at end of file
+|Internet settings |Specifies the location of the file that includes your default IE settings. |In the <b>Internet Settings Group Policy Preferences</b> dialog box, click the <b>Advanced</b> tab, and then update your Internet-related settings, as required<p>-OR-<p>On the <b>Additional Settings</b> page of IEAK 11, expand <b>Internet Settings</b>, and then customize your default values in the <b>Internet Options</b> dialog box. |
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
index 5dd33850fe..7bb84e0a16 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-the-compatibility-view-button.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: support
 description: Internet Explorer 11 uses the latest standards mode, which simplifies web page compatibility for users by removing the **Compatibility View** button and reducing the number of compatibility options in the F12 developer tools for developers.
-ms.assetid: 501c96c9-9f03-4913-9f4b-f67bd9edbb61
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: support
-ms.sitesec: library
+ms.assetid: 501c96c9-9f03-4913-9f4b-f67bd9edbb61
 title: Missing the Compatibility View Button (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Missing the Compatibility View Button
 
 **Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
index e495db7d28..b17d3b59ae 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: support
 description: How to turn managed browser hosting controls back on in Internet Explorer 11.
-ms.assetid: b0b7f60f-9099-45ab-84f4-4ac64d7bcb43
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: support
-ms.sitesec: library
+ms.assetid: b0b7f60f-9099-45ab-84f4-4ac64d7bcb43
 title: .NET Framework problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # .NET Framework problems with Internet Explorer 11
 If you’re having problems launching your legacy apps while running Internet Explorer 11, it’s most likely because Internet Explorer no longer starts apps that use managed browser hosting controls, like in .NET Framework 1.1 and 2.0.
 
@@ -17,7 +19,7 @@ If you’re having problems launching your legacy apps while running Internet Ex
 
 2.  **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
 
-For more information, see the [Web Applications](http://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
+For more information, see the [Web Applications](https://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
index 5a056a8d4f..d63465dbe0 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/new-group-policy-settings-for-ie11.md
@@ -1,33 +1,78 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: New group policy settings for Internet Explorer 11
-ms.assetid: 669cc1a6-e2cb-403f-aa31-c1de52a615d1
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: 669cc1a6-e2cb-403f-aa31-c1de52a615d1
 title: New group policy settings for Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # New group policy settings for Internet Explorer 11
 Internet Explorer 11 gives you some new Group Policy settings to help you manage your company's web browser configurations, including:
 
-|Policy                     |Category path                 |Supported on |Explanation                        |
-|---------------------------|------------------------------|-------------|-----------------------------------|
-|Turn off loading websites and content in the background to optimize performance |`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page` |IE11 |This policy setting determines whether Internet Explorer preemptively loads websites and content in the background, speeding up performance such that when the user clicks a hyperlink, the background page seamlessly switches into view.<p>If you enable this policy setting, IE doesn't load any websites or content in the background.<p>If you disable this policy setting, IE preemptively loads websites and content in the background.<p>If you don’t configure this policy setting, users can turn this behavior on or off, using IE settings. This feature is turned on by default. |
-|Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar |`Administrative Templates\Windows Components\Internet Explorer` |IE11 |This policy setting allows IE to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user’s keystrokes are sent to Microsoft through Microsoft services.<p>If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.<p>If you disable this policy setting, users won’t receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.<p>If you don’t configure this policy setting, users can change the **Suggestions** setting on the **Settings** charm. |
-|Turn off phone number detection |`Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing` |IE11 |This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke the default phone application on the system.<p>If you enable this policy setting, phone number detection is turned off. Users won’t be able to modify this setting.<p>If you disable this policy setting, phone number detection is turned on. Users won’t be able to modify this setting.<p>If you don't configure this policy setting, users can turn this behavior on or off, using IE settings. The default is on. |
-|Allow IE to use the HTTP2 network protocol |`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page` |IE11 on Windows 8.1 |This policy setting determines whether IE uses the HTTP2 network protocol. HTTP2 works with HTTP requests to optimize the latency of network requests through compression, multiplexing, and prioritization.<p>If you enable this policy setting, IE uses the HTTP2 network protocol.<p>If you disable this policy setting, IE won't use the HTTP2 network protocol.<p>If you don't configure this policy setting, users can turn this behavior on or off, using IE Advanced Internet Options settings. The default is on. |
-|Don't run antimalware programs against ActiveX controls<br>(Internet, Restricted Zones) |<ul><li>`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone`</li><li>`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone`</li><li>`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone`</li><li>`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone`</li></ul> |IE11 |This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.<p>If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using IE Security settings. |
-|Don't run antimalware programs against ActiveX controls<br>(Intranet, Trusted, Local Machine Zones) |<ul><li>`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone`</li><li>`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone`</li><li>`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone`</li><li>`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone`</li><li>`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone`</li><li>`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone`</li></ul> |IE11 |This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.<p>If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using IE Security settings. |
-|Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows |`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page` |IE11 |This policy setting determines whether IE11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.<p>**Important:**<br> Some ActiveX controls and toolbars may not be available when 64-bit processes are used.<p>If you enable this policy setting, IE11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.<p>If you disable this policy setting, IE11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.<p>If you don't configure this policy setting, users can turn this feature on or off using IE settings. This feature is turned off by default. |
-|Turn off sending UTF-8 query strings for URLs |`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page` |IE11 |This policy setting determines whether IE uses 8-bit Unicode Transformation Format (UTF-8) to encode query strings in URLs before sending them to servers or to proxy servers.<p>If you enable this policy setting, you must specify when to use UTF-8 to encode query strings:<ul><li><b>0.</b> Never encode query strings.</li><li><b>1.</b> Only encode query strings for URLs that aren't in the Intranet zone.</li><li><b>2.</b> Only encode query strings for URLs that are in the Intranet zone.</li><li><b>3.</b> Always encode query strings.</li></ul>If you disable or don't configure this policy setting, users can turn this behavior on or off, using IE Advanced Options settings. The default is to encode all query strings in UTF-8. |
-|Turn off sending URL path as UTF-8 |`User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\URL Encoding` |At least Windows Internet Explorer 7 |This policy setting determines whether to let IE send the path portion of a URL using the UTF-8 standard. This standard defines characters so they're readable in any language and lets you exchange Internet addresses (URLs) with characters included in any language.<p>If you enable this policy setting, UTF-8 is not allowed. Users won't be able to change this setting.<p>If you disable this policy setting, UTF-8 is allowed. Users won't be able to change this setting.<p>If you don't configure this policy setting, users can turn this behavior on or off. |
-|Turn off the flip ahead with page prediction feature |`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page` |At least Internet Explorer 10 on Windows 8 |This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.<p>Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn’t available for Internet Explorer for the desktop.<p>If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn’t loaded into the background.<p>If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background.<p>If you don’t configure this setting, users can turn this behavior on or off, using the **Settings** charm. |
-|Prevent deleting ActiveX Filtering, Tracking Protection and Do Not Track data |`Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History` |At least Windows Internet Explorer 9 |**In Internet Explorer 9 and Internet Explorer 10:**<br>This policy setting prevents users from deleting ActiveX Filtering and Tracking Protection data, which includes the list of websites for which the user has chosen to disable ActiveX Filtering or Tracking Protection. In addition, Tracking Protection data is also collected if users turn on the Personalized Tracking Protection List, which blocks third-party items while the user is browsing.<p>**In IE11:**<br>This policy setting prevents users from deleting ActiveX Filtering, Tracking Protection data, and Do Not Track exceptions stored for visited website.<p>This feature is available in the **Delete Browsing History** dialog box.<p>If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is preserved when the user clicks **Delete**.<p>If you disable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks **Delete**.<p>If you don’t configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking **Delete**. |
-|Always send Do Not Track header |`Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page` |At least Internet Explorer 10 |This policy setting allows you to configure how IE sends the Do Not Track (DNT) header.<p>If you enable this policy setting, IE sends a DNT:1 header with all HTTP and HTTPS requests. The DNT:1 header signals to the servers not to track the user.<p>**In Internet Explorer 9 and 10:**<br>If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.<p>**In at least IE11:**<br>If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.<p>If you don't configure the policy setting, users can select the Always send Do Not Track header option on the Advanced tab of the Internet Options dialog box. By selecting this option, IE sends a DNT:1 header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a DNT:0 header. By default, this option is enabled. |
-|Let users turn on and use Enterprise Mode from the **Tools** menu |`Administrative Templates\Windows Components\Internet Explorer` |IE11 |This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the **Tools** menu.<p>If you turn this setting on, users can see and use the Enterprise Mode option from the **Tools** menu. If you turn this setting on, but don’t specify a report location, Enterprise Mode will still be available to your users, but you won’t get any reports.<p>If you disable or don’t configure this policy setting, the menu option won’t appear and users won’t be able to turn on Enterprise Mode locally. |
-|Use the Enterprise Mode IE website list |`Administrative Templates\Windows Components\Internet Explorer` |IE11 |This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode, instead of Standard mode, because of compatibility issues. Users can’t edit this list.<p>If you enable this policy setting, IE downloads the website list from `HKCU` or `HKLM\Software\policies\Microsoft\Internet Explorer\Main\EnterpriseMode`, opening all included websites using Enterprise Mode. We recommend storing and downloading your list from a secure web server (https://), to help protect against data tampering.<p>If you disable or don’t configure this policy setting, IE opens all websites using Standard mode. |
+|Policy |Category Path |Supported on |Explanation |
+|-------|--------------|-------------|------------|
+|Turn off loading websites and content in the background to optimize performance |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether Internet Explorer preemptively loads websites and content in the background, speeding up performance such that when the user clicks a hyperlink, the background page seamlessly switches into view.<p>If you enable this policy setting, IE doesn't load any websites or content in the background.<p>If you disable this policy setting, IE preemptively loads websites and content in the background.<p>If you don’t configure this policy setting, users can turn this behavior on or off, using IE settings. This feature is turned on by default. |
+|Allow Microsoft services to provide enhanced suggestions as the user types in the Address bar |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10 |This policy setting allows IE to provide enhanced suggestions as the user types in the Address bar. To provide enhanced suggestions, the user’s keystrokes are sent to Microsoft through Microsoft services.<p>If you enable this policy setting, users receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.<p>If you disable this policy setting, users won’t receive enhanced suggestions while typing in the Address bar. In addition, users won’t be able to change the **Suggestions** setting on the **Settings** charm.<p>If you don’t configure this policy setting, users can change the **Suggestions** setting on the **Settings** charm. |
+|Turn off phone number detection |Administrative Templates\Windows Components\Internet Explorer\Internet Settings\Advanced settings\Browsing |IE11 on Windows 10 |This policy setting determines whether phone numbers are recognized and turned into hyperlinks, which can be used to invoke the default phone application on the system.<p>If you enable this policy setting, phone number detection is turned off. Users won’t be able to modify this setting.<p>If you disable this policy setting, phone number detection is turned on. Users won’t be able to modify this setting.<p>If you don't configure this policy setting, users can turn this behavior on or off, using IE settings. The default is on. |
+|Allow IE to use the SPDY/3 network protocol |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether Internet Explorer uses the SPDY/3 network protocol. SPDY/3 works with HTTP requests to optimize the latency of network requests through compression, multiplexing and prioritization.<p>If you enable this policy setting, Internet Explorer uses the SPDY/3 network protocol.<p>If you disable this policy setting, Internet Explorer won't use the SPDY/3 network protocol.<p>If you don't configure this policy setting, users can turn this behavior on or off, on the **Advanced* tab of the **Internet Options** dialog box. The default is on.<p>**Note**<br>We've replaced the SPDY/3 protocol with the HTTP2 protocol in Windows 10. You can configure the HTTP2 protocol by using the **Allow IE to use the HTTP2 network protocol** setting. |
+|Allow IE to use the HTTP2 network protocol |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether IE uses the HTTP2 network protocol. HTTP2 works with HTTP requests to optimize the latency of network requests through compression, multiplexing, and prioritization.<p>If you enable this policy setting, IE uses the HTTP2 network protocol.<p>If you disable this policy setting, IE won't use the HTTP2 network protocol.<p>If you don't configure this policy setting, users can turn this behavior on or off, using the **Internet Explorer Advanced Internet Options** settings. The default is on. |
+|Don't run antimalware programs against ActiveX controls<br>(Internet, Restricted Zones) |<ul><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Internet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Internet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Restricted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Restricted Sites Zone</li></ul> |IE11 on Windows 10 |This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.<p>If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you don't configure this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using the Internet Explorer's **Security** settings. |
+|Don't run antimalware programs against ActiveX controls<br>(Intranet, Trusted, Local Machine Zones) |<ul><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone</li></ul> |IE11 on Windows 10 |This policy setting determines whether IE runs antimalware programs against ActiveX controls, to check if they're safe to load on pages.<p>If you enable this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you disable this policy setting, IE always checks with your antimalware program to see if it's safe to create an instance of the ActiveX control.<p>If you don't configure this policy setting, IE won't check with your antimalware program to see if it's safe to create an instance of the ActiveX control. Users can turn this behavior on or off, using Internet Explorer's **Security** settings. |
+|Turn on 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether IE11 uses 64-bit processes (for greater security) or 32-bit processes (for greater compatibility) when running in Enhanced Protected Mode on 64-bit versions of Windows.<p>If you enable this policy setting, IE11 will use 64-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.<p>If you disable this policy setting, IE11 will use 32-bit tab processes when running in Enhanced Protected Mode on 64-bit versions of Windows.<p>If you don't configure this policy setting, users can turn this feature on or off using IE settings. This feature is turned off by default.<p>**Important**<br>When using 64-bit processes, some ActiveX controls and toolbars might not be available. |
+|Turn off sending UTF-8 query strings for URLs |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |IE11 on Windows 10 |This policy setting determines whether IE uses 8-bit Unicode Transformation Format (UTF-8) to encode query strings in URLs before sending them to servers or to proxy servers.<p>If you enable this policy setting, you must specify when to use UTF-8 to encode query strings:<ul><li>**0.** Never encode query strings.</li><li>**1.** Only encode query strings for URLs that aren't in the Intranet zone.</li><li>**2.** Only encode query strings for URLs that are in the Intranet zone.</li><li>**3.** Always encode query strings.</li></ul><p>If you disable or don't configure this policy setting, users can turn this behavior on or off, using IE Advanced Options settings. The default is to encode all query strings in UTF-8. |
+|Turn off sending URL path as UTF-8 |User Configuration\Administrative Templates\Windows Components\Internet Explorer\Internet Settings\URL Encoding |At least Windows Internet Explorer 7 |This policy setting determines whether to let IE send the path portion of a URL using the UTF-8 standard. This standard defines characters so they're readable in any language and lets you exchange Internet addresses (URLs) with characters included in any language.<p>If you enable this policy setting, UTF-8 is not allowed. Users won't be able to change this setting.<p>If you disable this policy setting, UTF-8 is allowed. Users won't be able to change this setting.<p>If you don't configure this policy setting, users can turn this behavior on or off. |
+|Turn off the flip ahead with page prediction feature |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |At least Internet Explorer 10 on Windows 8 |This policy setting determines whether a user can swipe across a screen or click Forward to go to the next pre-loaded page of a website.<p>If you enable this policy setting, flip ahead with page prediction is turned off and the next webpage isn’t loaded into the background.<p>If you disable this policy setting, flip ahead with page prediction is turned on and the next webpage is loaded into the background.<p>If you don’t configure this setting, users can turn this behavior on or off, using the **Settings** charm.<p>**Note**<br>Microsoft collects your browsing history to improve how flip ahead with page prediction works. This feature isn’t available for Internet Explorer for the desktop. |
+|Prevent deleting ActiveX Filtering, Tracking Protection and Do Not Track data |Administrative Templates\Windows Components\Internet Explorer\Delete Browsing History |At least Windows Internet Explorer 9 |**In Internet Explorer 9 and Internet Explorer 10:**<br>This policy setting prevents users from deleting ActiveX Filtering and Tracking Protection data, which includes the list of websites for which the user has chosen to disable ActiveX Filtering or Tracking Protection. In addition, Tracking Protection data is also collected if users turn on the **Personalized Tracking Protection List**, which blocks third-party items while the user is browsing.<p>**In IE11:**<br>This policy setting prevents users from deleting ActiveX Filtering, Tracking Protection data, and Do Not Track exceptions, stored in the **Delete Browsing History** dialog box, for visited websites.<p>If you enable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is preserved when the user clicks **Delete**.<p>If you disable this policy setting, ActiveX Filtering, Tracking Protection and Do Not Track data is deleted when the user clicks **Delete**.<p>If you don’t configure this policy setting, users can turn this feature on and off, determining whether to delete ActiveX Filtering, Tracking Protection, and Do Not Track data when clicking **Delete**. |
+|Always send Do Not Track header |Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Advanced Page |At least Internet Explorer 10 |This policy setting allows you to configure how IE sends the Do Not Track (DNT) header.<p>If you enable this policy setting, IE sends a `DNT:1` header with all HTTP and HTTPS requests. The `DNT:1` header signals to the servers not to track the user.<p>**In Internet Explorer 9 and 10:**<br>If you disable this policy setting, IE only sends the Do Not Track header if a Tracking Protection List is enabled or inPrivate Browsing mode is used.<p>**In at least IE11:**<br>If you disable this policy setting, IE only sends the Do Not Track header if inPrivate Browsing mode is used.<p>If you don't configure the policy setting, users can select the **Always send Do Not Track header** option on the **Advanced* tab of the **Internet Options** dialog box. By selecting this option, IE sends a `DNT:1` header with all HTTP and HTTPS requests; unless the user grants a site-specific exception, in which case IE sends a `DNT:0` header. By default, this option is enabled. |
+|Turn off the ability to launch report site problems using a menu option |Administrative Templates\Windows Components\Internet Explorer\Browser menus |Internet Explorer 11 |This policy setting allows you to manage whether users can start the **eport Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu.<p>If you enable this policy setting, users won’t be able to start the **Report Site Problems** dialog box from the Internet Explorer settings or the Tools menu.<p>If you disable or don’t configure this policy setting, users will be able to start the **Report Site Problems** dialog box from the **Internet Explorer** settings area or from the **Tools** menu. |
+|Allow only approved domains to use the TDC ActiveX control |<ul><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Intranet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Intranet Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Trusted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Trusted Sites Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Local Machine Zone</li><li>Administrative Templates\Windows Components\Internet Explorer\Internet Control Panel\Security Page\Locked-Down Local Machine Zone</li></ul> |IE11 in Windows 10 |This policy setting determines whether users can run the Tabular Data Control (TDC) ActiveX control, based on security zone. By default, the TDC ActiveX Control is disabled in the **Internet** and **Restricted Sites** security zones.<p>If you enable this policy setting, users won’t be able to run the TDC ActiveX control from all sites in the specified zone.<p>If you disable this policy setting, users can run the TDC Active X control from all sites in the specified zone. |
+|Turn on Site Discovery XML output |Administrative Templates\Windows Components\Internet Explorer |At least Internet Explorer 8 |This policy setting allows you to manage the XML output functionality of the Internet Explorer Site Discovery Toolkit.<p>If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an XML file, stored in your specified location.<p>If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an XML file.<p>**Note:**<br>Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
+|Turn on Site Discovery WMI output |Administrative Templates\Windows Components\Internet Explorer |At least Internet Explorer 8 |This policy setting allows you to manage the WMI output functionality of the Internet Explorer Site Discovery Toolkit.<p>If you enable this policy setting, the Internet Explorer Site Discovery Toolkit will log its collected data to an WMI class, which can be aggregated by using a client-management solution, such as System Center Configuration Manager.<p>If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit won’t log its collected data to an WMI class.<p>**Note:**<br>Enabling or disabling this setting won’t impact any other output methods available to the Internet Explorer Site Discovery Toolkit. |
+|Limit Site Discovery output by Domain |Administrative Templates\Windows Components\Internet Explorer |At least Internet Explorer 8 |This policy setting allows you to control which domains are included in the discovery function of the Internet Explorer Site Discovery Toolkit.<p>If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in your specified domains, configured by adding one domain per line to the included text box.<p>If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all domains.<p>**Note:**<br>You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
+|Limit Site Discovery output by Zone |Administrative Templates\Windows Components\Internet Explorer |At least Internet Explorer 8 |This policy setting allows you to control which zones are included in the discovery function of the Internet Explorer Site Discovery Toolkit.<p>If you enable this policy setting, the Internet Explorer Site Discovery Toolkit collects data from all specified security zones.<p>If you disable or don’t configure this setting, the Internet Explorer Site Discovery Toolkit collects data from all sites in all security zones.<p>To specify which zones can collect data, you must include a binary number that represents your selected zones, based on this order:<ul><li>0 – Restricted Sites zone</li><li>0 – Internet zone</li><li>0 – Trusted Sites zone</li><li>0 – Local Intranet zone</li><li>0 – Local Machine zone</li></ul><br>**Example 1:** Include only the Local Intranet zone (binary representation: 00010), based on:<br><ul><li>0 – Restricted Sites zone</li><li>0 – Internet zone</li><li>0 – Trusted Sites zone</li><li>1 – Local Intranet zone</li><li>0 – Local Machine zone</li></ul><br>**Example 2:** Include only the Restricted Sites, Trusted Sites, and Local Intranet zones (binary representation: 10110), based on:<br><ul><li>1 – Restricted Sites zone</li><li>0 – Internet zone</li><li>1 – Trusted Sites zone</li><li>1 – Local Intranet zone</li><li>1 – Local Machine zone</li></ul><p>**Note:**<br>You can use this setting in conjunction with the other settings that control the Internet Explorer Site Discovery Toolkit. |
+|Allow SSL3 Fallback |Administrative Templates\Windows Components\Internet Explorer\Security Features |Internet Explorer 11 on Windows 10 |This policy setting allows you to stop websites from falling back to using Secure Socket Layer (SSL) 3.0 or lower, if Transport Layer Security (TLS) 1.0 or higher, fails. This setting doesn’t affect which security protocols are enabled.<p>If you enable this policy setting and a website fails while using the TLS 1.0 or higher security protocols, Internet Explorer will try to fallback and use SSL 3.0 or lower security protocols.<p>If you disable or don’t configure this setting, Internet Explorer uses the default system protocols.**Important:**<br>By default, SSL 3.0 is disabled. If you choose to enable SSL 3.0, we recommend that you disable or don't configure this setting to help mitigate potential man-in-the-middle attacks. |
+|Turn off automatic download of the ActiveX VersionList |Administrative Templates\Windows Components\Internet Explorer\Security Features\Add-on Management |At least Windows Internet Explorer 8 |This policy setting allows you to decide whether Internet Explorer automatically downloads updated versions of Microsoft's VersionList.XML file. This file tells Internet Explorer whether to stop specific ActiveX controls from loading.<p>If you enable this policy setting, Internet Explorer stops automatically downloading updated versions of the VersionList.XML file.<p>If you disable or don’t configure this setting, Internet Explorer continues to download updated versions of the VersionList.XML file.<p>**Important:**<br>Stopping this file from updating breaks the out-of-date ActiveX control blocking feature, potentially compromising the security of the device. For more info, see the Out-of-Date ActiveX Control Blocking (https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking) topic. |
+|Let users turn on and use Enterprise Mode from the **Tools** menu |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10 |This policy setting lets you decide whether users can turn on Enterprise Mode for websites with compatibility issues. Optionally, this policy also lets you specify where to get reports (through post messages) about the websites for which users turn on Enterprise Mode using the **Tools** menu.<p>If you enable this policy setting, users can see and use the **Enterprise Mode** option from the **Tools** menu. If you enable this setting, but don’t specify a report location, Enterprise Mode will still be available to your users, but you won’t get any reports.<p>If you disable or don’t configure this policy setting, the menu option won’t appear and users won’t be able to turn on Enterprise Mode locally. |
+|Use the Enterprise Mode IE website list |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10, version 1511 |This policy setting lets you specify where to find the list of websites you want opened using Enterprise Mode, instead of Standard mode, because of compatibility issues. Users can’t edit this list.<p>If you enable this policy setting, Internet Explorer downloads the Enterprise Mode website list from the `HKEY_CURRENT_USER or HKEY_LOCAL_MACHINE`\Software\Policies\Microsoft\Internet Explorer\Main\EnterpriseMode hive, opening all included websites using Enterprise Mode. We recommend storing and downloading your list from a secure web server `(https://)`, to help protect against data tampering.<p>If you disable or don’t configure this policy setting, Internet Explorer opens all websites using **Standard** mode. |
+|Send all sites not included in the Enterprise Mode Site List to Microsoft Edge |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10, version 1607 |This policy setting lets you decide whether to open all sites that aren’t specified to open in IE11 by the Enterprise Mode site list, to open in Microsoft Edge.<p>If you enable this policy setting, you must also enable the Administrative Templates\Windows Components\Internet Explorer\Use the Enterprise Mode IE website list policy setting and you must include at least one site in the Enterprise Mode site list.<p>If you disable or don't configure this policy setting, all sites will open based on the currently active browser.<p>**Note:**<br>If you’ve also enabled the Administrative Templates\Windows Components\Microsoft Edge\Send all intranet sites to Internet Explorer 11 policy setting, then all intranet sites will continue to open in Internet Explorer 11. |
+|Show message when opening sites in Microsoft Edge using Enterprise Mode |Administrative Templates\Windows Components\Internet Explorer |IE11 on Windows 10, version 1607 |This policy setting lets you decide whether employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.<p>If you enable this policy setting, employees see an additional page in Internet Explorer 11, stating that a site has been opened using Microsoft Edge with Enterprise Mode.<p>If you disable or don't configure this policy setting, the default app behavior occurs and no additional page appears. |
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
 
 ## Removed Group Policy settings
 IE11 no longer supports these Group Policy settings:
@@ -45,16 +90,10 @@ IE11 no longer supports these Group Policy settings:
 ## Viewing your policy settings
 After you've finished updating and deploying your Group Policy, you can use the Resultant Set of Policy (RSoP) snap-in to view your settings.
 
- ![](images/wedge.gif) **To use the RSoP snap-in**
+**To use the RSoP snap-in**
 
 1.  Open and run the Resultant Set of Policy (RSoP) wizard, specifying the information you want to see.
 
 2.  Open your wizard results in the Group Policy Management Console (GPMC).<p>
-For complete instructions about how to add, open, and use RSoP, see [Use the RSoP Snap-in](http://go.microsoft.com/fwlink/p/?LinkId=395201)
-
- 
-
- 
-
-
+For complete instructions about how to add, open, and use RSoP, see [Use the RSoP Snap-in](https://go.microsoft.com/fwlink/p/?LinkId=395201)
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
index 95c8543bf5..8baab504ad 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Use out-of-date ActiveX control blocking to help you know when IE prevents a webpage from loading outdated ActiveX controls and to update the outdated control, so that it’s safer to use.
-ms.assetid: e61866bb-1ff1-4a8d-96f2-61d3534e8199
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: e61866bb-1ff1-4a8d-96f2-61d3534e8199
 title: Out-of-date ActiveX control blocking (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Out-of-date ActiveX control blocking
 
 **Applies to:**
@@ -30,7 +32,7 @@ Out-of-date ActiveX control blocking lets you:
 
 -   Update the outdated control, so that it’s up-to-date and safer to use.
 
-The out-of-date ActiveX control blocking feature works with all [Security Zones](http://go.microsoft.com/fwlink/p/?LinkId=403863), except the Local Intranet Zone and the Trusted Sites Zone.
+The out-of-date ActiveX control blocking feature works with all [Security Zones](https://go.microsoft.com/fwlink/p/?LinkId=403863), except the Local Intranet Zone and the Trusted Sites Zone.
 
 It also works with these operating system and IE combinations:
 
@@ -44,7 +46,7 @@ It also works with these operating system and IE combinations:
 |Windows Server 2008 SP2                 |Windows Internet Explorer 9 only |
 |Windows Vista SP2                       |Windows Internet Explorer 9 only |
      
-For more info about this new feature, see the [Internet Explorer begins blocking out-of-date ActiveX controls](http://go.microsoft.com/fwlink/p/?LinkId=507691) blog. To see the complete list of out-of-date Active controls blocked by this feature, see [Blocked out-of-date ActiveX controls](http://go.microsoft.com/fwlink/p/?LinkId=517023).
+For more info about this new feature, see the [Internet Explorer begins blocking out-of-date ActiveX controls](https://go.microsoft.com/fwlink/p/?LinkId=507691) blog. To see the complete list of out-of-date Active controls blocked by this feature, see [Blocked out-of-date ActiveX controls](https://go.microsoft.com/fwlink/p/?LinkId=517023).
 
 ## What does the out-of-date ActiveX control blocking notification look like?
 When IE blocks an outdated ActiveX control, you’ll see a notification bar similar to this, depending on your version of IE:
@@ -87,7 +89,7 @@ IE opens the app’s website.
 IE uses Microsoft’s versionlist.xml or versionlistWin7.xml file to determine whether an ActiveX control should be stopped from loading. These files are updated with newly-discovered out-of-date ActiveX controls, which IE automatically downloads to your local copy of the file.
 
 You can see your copy of the file here `%LOCALAPPDATA%\Microsoft\Internet Explorer\VersionManager\versionlist.xml` or you can view Microsoft’s version, based on your operating system and version of IE, here:
-- [Internet Explorer 11 on Windows 7 SP1 or Windows Server 2008 R2](http://go.microsoft.com/fwlink/p/?LinkId=798230)
+- [Internet Explorer 11 on Windows 7 SP1 or Windows Server 2008 R2](https://go.microsoft.com/fwlink/p/?LinkId=798230)
 - [All other configurations](https://go.microsoft.com/fwlink/p/?LinkId=403864)
 
 **Security Note:**<br>Although we strongly recommend against it, if you don’t want your computer to automatically download the updated version list from Microsoft, run the following command from a command prompt:
@@ -98,7 +100,7 @@ reg add "HKCU\Software\Microsoft\Internet Explorer\VersionManager" /v DownloadVe
 Turning off this automatic download breaks the out-of-date ActiveX control blocking feature by not letting the version list update with newly outdated controls, potentially compromising the security of your computer. Use this configuration option at your own risk.
 
 ## Out-of-date ActiveX control blocking on managed devices
-Out-of-date ActiveX control blocking includes 4 new Group Policy settings that you can use to manage your web browser configuration, based on your domain controller. You can download the administrative templates, including the new settings, from the [Administrative templates (.admx) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=746579) page or the [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](http://go.microsoft.com/fwlink/p/?LinkId=746580) page, depending on your operating system.
+Out-of-date ActiveX control blocking includes 4 new Group Policy settings that you can use to manage your web browser configuration, based on your domain controller. You can download the administrative templates, including the new settings, from the [Administrative templates (.admx) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=746579) page or the [Administrative Templates (.admx) for Windows 8.1 and Windows Server 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=746580) page, depending on your operating system.
 
 ### Group Policy settings
 Here’s a list of the new Group Policy info, including the settings, location, requirements, and Help text strings. All of these settings can be set in either the Computer Configuration or User Configuration scope, but Computer Configuration takes precedence over User Configuration.
@@ -154,7 +156,7 @@ Here’s a detailed example and description of what’s included in the VersionA
 
 -   **Allowed/Blocked** Whether IE blocked the ActiveX control.
  
--   **Enhanced Protected Mode (EPM)-compatible.** Whether the loaded ActiveX control is compatible with [Enhanced Protected Mode](http://go.microsoft.com/fwlink/p/?LinkId=403865).<p>**Note**<br>Enhanced Protected Mode isn’t supported on Internet Explorer 9 or earlier versions of IE. Therefore, if you’re using Internet Explorer 8 or Internet Explorer 9, all ActiveX controls will always be marked as not EPM-compatible.
+-   **Enhanced Protected Mode (EPM)-compatible.** Whether the loaded ActiveX control is compatible with [Enhanced Protected Mode](https://go.microsoft.com/fwlink/p/?LinkId=403865).<p>**Note**<br>Enhanced Protected Mode isn’t supported on Internet Explorer 9 or earlier versions of IE. Therefore, if you’re using Internet Explorer 8 or Internet Explorer 9, all ActiveX controls will always be marked as not EPM-compatible.
 
 -   **Reason.** The ActiveX control can be blocked or allowed for any of these reasons:
 
@@ -174,7 +176,7 @@ Here’s a detailed example and description of what’s included in the VersionA
 For Windows 10 you also have the option to log your inventory info to a local WMI class. Info logged to this class includes all of info you get from the .csv file, plus the CLSID of the loaded ActiveX control or the name of any apps started from an ActiveX control.
 
 #### Before you begin
-Before you can use WMI to inventory your ActiveX controls, you need to [download the configuration package (.zip file)](http://go.microsoft.com/fwlink/p/?LinkId=616971), which includes:
+Before you can use WMI to inventory your ActiveX controls, you need to [download the configuration package (.zip file)](https://go.microsoft.com/fwlink/p/?LinkId=616971), which includes:
 
 -   **ConfigureWMILogging.ps1**. A Windows PowerShell script.
 
@@ -190,8 +192,9 @@ Before running the PowerShell script, you must copy both the .ps1 and .mof file
 ```
 powershell –ExecutionPolicy Bypass .\ConfigureWMILogging.ps1
 ``` 
-For more info, see [about_Execution_Policies](http://go.microsoft.com/fwlink/p/?linkid=517460).
+For more info, see [about_Execution_Policies](https://go.microsoft.com/fwlink/p/?linkid=517460).
 
 3.  **Optional:** Set up your domain firewall for WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
 
-The inventory info appears in the WMI class, `IEAXControlBlockingAuditInfo`, located in the WMI namespace, *root\\cimv2\\IETelemetry*. To collect the inventory info from your client computers, we recommend using System Center 2012 R2 Configuration Manager or any agent that can access the WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
\ No newline at end of file
+The inventory info appears in the WMI class, `IEAXControlBlockingAuditInfo`, located in the WMI namespace, *root\\cimv2\\IETelemetry*. To collect the inventory info from your client computers, we recommend using System Center 2012 R2 Configuration Manager or any agent that can access the WMI data. For more info, see [Collect data using Enterprise Site Discovery](collect-data-using-enterprise-site-discovery.md).
+
diff --git a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
index dfe720a878..544daf207b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/problems-after-installing-ie11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: support
 description: Possible solutions to the problems you might encounter after installing IE11, such as crashing or seeming slow, getting into an unusable state, or problems with adaptive streaming and DRM playback.
-ms.assetid: c4b75ad3-9c4a-4dd2-9fed-69f776f542e6
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: support
-ms.sitesec: library
+ms.assetid: c4b75ad3-9c4a-4dd2-9fed-69f776f542e6
 title: Problems after installing Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Problems after installing Internet Explorer 11
 After you install Internet Explorer 11 in your organization, you might run into the following issues. By following these suggestions, you should be able to fix them.
 
@@ -32,7 +34,7 @@ RIES does not:
 
 -   Affect the applied Administrative Template Group Policy settings.
 
-RIES turns off all custom toolbars, browser extensions, and customizations installed with IE11. If you change your mind, you can turn each of the customizations back on through the **Manage Add-ons** dialog box. For more information about resetting IE settings, see [How to Reset Internet Explorer Settings](http://go.microsoft.com/fwlink/p/?LinkId=214528).
+RIES turns off all custom toolbars, browser extensions, and customizations installed with IE11. If you change your mind, you can turn each of the customizations back on through the **Manage Add-ons** dialog box. For more information about resetting IE settings, see [How to Reset Internet Explorer Settings](https://go.microsoft.com/fwlink/p/?LinkId=214528).
 
 ## IE is crashing or seems slow
 If you notice that CPU usage is running higher than normal, or that IE is frequently crashing or slowing down, you should check your browser add-ons and video card. By default, IE11 uses graphics processing unit (GPU) rendering mode. However, some outdated video cards and video drivers don't support GPU hardware acceleration. If IE11 determines that your current video card or video driver doesn't support GPU hardware acceleration, it'll use Software Rendering mode.
@@ -54,10 +56,10 @@ After you turn each item back on, see if IE crashes or slows down. Doing it this
 1.  Open Internet Explorer for the desktop, click the **Tools** menu, and then click **Internet Options**.
 
 2.  On the **Advanced** tab, go to the **Accelerated graphics** section, and then turn on Software Rendering mode by choosing the **Use software rendering instead of GPU rendering** box.<p>
-If the **Use software rendering instead of GPU rendering** option is greyed out, it means that your current video card or video driver doesn't support GPU hardware acceleration. For more information, see [Windows 10 Support](http://go.microsoft.com/fwlink/?LinkId=746588).
+If the **Use software rendering instead of GPU rendering** option is greyed out, it means that your current video card or video driver doesn't support GPU hardware acceleration. For more information, see [Windows 10 Support](https://go.microsoft.com/fwlink/?LinkId=746588).
 
 ## Adaptive streaming and DRM playback don’t work with Windows Server 2012 R2
-IE11 in Windows Server 2012 R2 doesn’t include media features like adaptive streaming or Digital Rights Management (DRM) playback. To add these features, you’ll need to download and install the Media Feature Pack from the [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=320789), as well as an app that uses PlayReady DRM from the Windows Store, such as the Xbox Music app or Xbox Video app. The app must be installed to specifically turn on DRM features, while all other media features are installed with the Media Feature Pack.
+IE11 in Windows Server 2012 R2 doesn’t include media features like adaptive streaming or Digital Rights Management (DRM) playback. To add these features, you’ll need to download and install the Media Feature Pack from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=320789), as well as an app that uses PlayReady DRM from the Windows Store, such as the Xbox Music app or Xbox Video app. The app must be installed to specifically turn on DRM features, while all other media features are installed with the Media Feature Pack.
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 14a0aa7e47..017f71560c 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
-ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
 title: Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Remove all sites from your Enterprise Mode site list using the Enterprise Mode Site List Manager
 
 **Applies to:**
@@ -31,8 +33,8 @@ This is a permanent removal and erases everything. However, if you determine it
 2.  Click **Yes** in the warning message.<p>Your sites are all cleared from your list.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
index 49b9d38c79..4972cd8ee7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-compatibililty-view-list.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Instructions about how to remove sites from a local compatibility view list.
-ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
 title: Remove sites from a local compatibility view list (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Remove sites from a local compatibility view list
 
 **Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
index caed9d1c1b..1e353200e8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Instructions about how to remove sites from a local Enterprise Mode site list.
-ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
 title: Remove sites from a local Enterprise Mode site list (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Remove sites from a local Enterprise Mode site list
 
 **Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
index c22234e870..98e002f0ea 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
-ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
 title: Save your site list to XML in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Save your site list to XML in the Enterprise Mode Site List Manager
 
 **Applies to:**
@@ -29,8 +31,8 @@ You can save your current Enterprise Mode compatibility site list as an XML file
 The first time a user starts Internet Explorer 11 on a managed device; Internet Explorer will look for a new version of the site list at the specified location. If the browser finds an updated site list, IE downloads the new XML site list and uses it.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 51d34e4165..b45e7b3744 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Search to see if a specific site already appears in your global Enterprise Mode site list.
-ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9 
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
 title: Search your Enterprise Mode site list in the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Search your Enterprise Mode site list in the Enterprise Mode Site List Manager
 
 **Applies to:**
@@ -27,8 +29,8 @@ You can search to see if a specific site already appears in your global Enterpri
 The search query searches all of the text. For example, entering *“micro”* will return results like, www.microsoft.com, microsoft.com, and microsoft.com/images. Wildcard characters aren’t supported.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
index 541477f154..7f11bf5d7f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-the-default-browser-using-group-policy.md
@@ -1,21 +1,23 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Use the Group Policy setting, Set a default associations configuration file, to set the default browser for your company devices running Windows 10.
-ms.assetid: f486c9db-0dc9-4cd6-8a0b-8cb872b1d361
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: f486c9db-0dc9-4cd6-8a0b-8cb872b1d361
 title: Set the default browser using Group Policy (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Set the default browser using Group Policy
 You can use the Group Policy setting, **Set a default associations configuration file**, to set the default browser for your company devices running Windows 10.
 
  ![](images/wedge.gif) **To set the default browser as Internet Explorer 11**
 
 1.  Open your Group Policy editor and go to the **Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file** setting.<p>
-Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( http://go.microsoft.com/fwlink/p/?LinkId=618268).
+Turning this setting on also requires you to create and store a default associations configuration file, locally or on a network share. For more information about creating this file, see [Export or Import Default Application Associations]( https://go.microsoft.com/fwlink/p/?LinkId=618268).
 
     ![set default associations group policy setting](images/setdefaultbrowsergp.png)
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
index 4bbb754737..7a8ec67cc5 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Set up and turn on Enterprise Mode logging and data collection in your organization.
-ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
 title: Set up Enterprise Mode logging and data collection (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Set up Enterprise Mode logging and data collection
 
 **Applies to:**
@@ -34,7 +36,7 @@ When you turn logging on, you need a valid URL that points to a server that can
 
  ![](images/wedge.gif) **To set up an endpoint server**
 
-1.  Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](http://go.microsoft.com/fwlink/p/?LinkId=507609).
+1.  Configure an IIS server to work with your Enterprise Mode data collection process. If you’re unsure how to set up IIS, see the [IIS installation webpage](https://go.microsoft.com/fwlink/p/?LinkId=507609).
 
 2.  Open Internet Information Services (IIS) and turn on the ASP components from the **Add Roles and Features Wizard**, **Server Roles** page.<p>
 This lets you create an ASP form that accepts the incoming POST messages.
@@ -70,7 +72,7 @@ This is what your log files will look like after you set everything up and at le
 
 
 ## Using the GitHub sample to collect your data
-Microsoft has created the [EMIE-Data-Collection_Sample](http://go.microsoft.com/fwlink/p/?LinkId=507401) that shows how to collect your Enterprise Mode reports. This sample only shows how to collect data, it doesn’t show how to aggregate the data into your Enterprise Mode site list.<p>
+Microsoft has created the [EMIE-Data-Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) that shows how to collect your Enterprise Mode reports. This sample only shows how to collect data, it doesn’t show how to aggregate the data into your Enterprise Mode site list.<p>
 This sample starts with you turning on Enterprise Mode and logging (either through Group Policy, or by manually setting the EnterpriseMode registry key) so that your users can use Enterprise Mode locally. For the steps to do this, go to [Turn on local control and logging for Enterprise Mode](turn-on-local-control-and-logging-for-enterprise-mode.md).
 
 **Note**<br>If you decide to manually change the registry key, you can change the **Enable** setting to `[deployment url]/api/records/`, which automatically sends your reports to this page.
@@ -82,7 +84,7 @@ For logging, you’re going to need a valid URL that points to a server that can
 
 1.  Set up a server to collect your Enterprise Mode information from your users.
 
-2.  Go to the Internet Explorer/[EMIE-Data_Collection_Sample](http://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
+2.  Go to the Internet Explorer/[EMIE-Data_Collection_Sample](https://go.microsoft.com/fwlink/p/?LinkId=507401) page on GitHub and tap or click the **Download ZIP** button to download the complete project.
 
 3.  Open Microsoft Visual Studio 2013 with Update 2, and then open the PhoneHomeSample.sln file.
 
@@ -141,8 +143,8 @@ If you have errors while you’re publishing your project, you should try to upd
 You may need to do some additional package cleanup to remove older package versions.
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [What is Enterprise Mode?](what-is-enterprise-mode.md)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
 - [Turn on Enterprise Mode and use a site list](turn-on-enterprise-mode-and-use-a-site-list.md)
diff --git a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
index 464be0d98d..455a3aa91f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: support
+ms.pagetype: appcompat
 description: Reviewing log files to learn more about potential setup problems with Internet Explorer 11.
-ms.assetid: 2cd79988-17d1-4317-bee9-b3ae2dd110a0
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: support
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 2cd79988-17d1-4317-bee9-b3ae2dd110a0
 title: Setup problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Setup problems with Internet Explorer 11
 Installing Internet Explorer creates the following log files, which are stored in the Windows installation folder (typically, the C:\\Windows folder):
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
index f087763a35..752fb6e58a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Lists the minimum system requirements and supported languages for Internet Explorer 11.
-ms.assetid: 27185e3d-c486-4e4a-9c51-5cb317c0006d
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 27185e3d-c486-4e4a-9c51-5cb317c0006d
 title: System requirements and language support for Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # System requirements and language support for Internet Explorer 11 (IE11)
 
 **Applies to:**
@@ -21,7 +23,7 @@ title: System requirements and language support for Internet Explorer 11 (IE11)
 Internet Explorer 11 is available for a number of systems and languages. This topic provides info about the minimum system requirements and language support.
 
 ## Minimum system requirements for IE11
-IE11 is pre-installed on Windows 8.1 and Windows Server 2012 R2 and is listed here for reference. It's also supported on Windows 10, but isn't pre-installed. For more info about IE11 on Windows 10, see [Browser: Microsoft Edge and Internet Explorer 11](https://technet.microsoft.com/en-us/library/mt156988.aspx).
+IE11 is pre-installed on Windows 8.1 and Windows Server 2012 R2 and is listed here for reference. It's also supported on Windows 10, but isn't pre-installed. For more info about IE11 on Windows 10, see [Browser: Microsoft Edge and Internet Explorer 11](https://technet.microsoft.com/library/mt156988.aspx).
 
 **Important**<br> 
 IE11 isn't supported on Windows 8 or Windows Server 2012.
@@ -43,7 +45,7 @@ Some of the components in this table might also need additional system resources
 You might experience start up issues where IE11 fails to launch an application that uses managed browser hosting controls with your legacy apps. This is because, starting with Internet Explorer 10, the browser started blocking legacy apps from using the .NET Framework 1.1 and 2.0. To fix this problem, see [.NET Framework problems with Internet Explorer 11](net-framework-problems-with-ie11.md).
 
 ## Support for multiple languages
-IE11 is available in 108 languages for Windows 8.1 and Windows 10 and in 97 languages for Windows 7 with SP1. For the list of languages and download links, see [Available language packs based on operating system](http://go.microsoft.com/fwlink/p/?LinkId=281818).
+IE11 is available in 108 languages for Windows 8.1 and Windows 10 and in 97 languages for Windows 7 with SP1. For the list of languages and download links, see [Available language packs based on operating system](https://go.microsoft.com/fwlink/p/?LinkId=281818).
 
 Computers running localized versions of Windows should run the same version of IE11. For example, if your employees use the Spanish edition of Windows, you should deploy the Spanish version of IE11. On the other hand, if your employees use multiple localized versions of Windows, like Spanish, French, and Catalan, you should install IE11 in one of the languages, and then install language packs for the others.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
index 74b34e10b8..7dec9d7851 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: support
 description: Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with Internet Explorer.
-ms.assetid: 0361c1a6-3faa-42b2-a588-92439eebeeab
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: support
-ms.sitesec: library
+ms.assetid: 0361c1a6-3faa-42b2-a588-92439eebeeab
 title: Troubleshoot Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Troubleshoot Internet Explorer 11 (IE11)
 
 **Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
index 02aacfd395..25e253872a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-enterprise-mode.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: How to turn Enteprrise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
-ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
 title: Turn off Enterprise Mode (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Turn off Enterprise Mode
 
 **Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
index 7789175f6c..16525df353 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: support
 description: Turn off natural metrics for Internet Explorer 11
-ms.assetid: e31a27d7-662e-4106-a3d2-c6b0531961d5
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: support
-ms.sitesec: library
+ms.assetid: e31a27d7-662e-4106-a3d2-c6b0531961d5
 title: Fix font rendering problems by turning off natural metrics (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Fix font rendering problems by turning off natural metrics
 By default, Internet Explorer 11 uses “natural metrics”. Natural metrics use inter-pixel spacing that creates more accurately rendered and readable text, avoiding many common font rendering problems with Windows Internet Explorer 9 or older sites.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
index b0be90bcc7..abdbbc4db2 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
@@ -1,14 +1,16 @@
 ---
-description: How to turn on Enterprise Mode and specify a site list. 
-ms.assetid: 800e9c5a-57a6-4d61-a38a-4cb972d833e1
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
+description: How to turn on Enterprise Mode and specify a site list.
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 800e9c5a-57a6-4d61-a38a-4cb972d833e1
 title: Turn on Enterprise Mode and use a site list (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Turn on Enterprise Mode and use a site list
 
 **Applies to:**
@@ -52,8 +54,8 @@ Turning this setting on also requires you to create and store a site list. For m
    All of your managed devices must have access to this location if you want them to be able to access and use Enterprise Mode and your site list. For information about how to create and use an Enterprise Mode site list, see [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md).
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.1)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md)
 - [Add multiple sites to the Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2)](add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md)
  
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
index e6f9fb3380..e816e64698 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Turn on local user control and logging for Enterprise Mode.
-ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
 title: Turn on local control and logging for Enterprise Mode (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Turn on local control and logging for Enterprise Mode
 
 **Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
index af3d3cb6a3..af1ea520b4 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/updated-features-and-tools-with-ie11.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: High-level info about some of the new and updated features for Internet Explorer 11.
-ms.assetid: f53c6f04-7c60-40e7-9fc5-312220f08156
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: f53c6f04-7c60-40e7-9fc5-312220f08156
 title: List of updated features and tools - Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # List of updated features and tools - Internet Explorer 11 (IE11)
 
 **Applies to:**
@@ -34,7 +36,7 @@ Internet Explorer 11 includes several new features and tools. This topic includ
 
 -   **IE Administration Kit (IEAK).** Lets you create custom, branded versions of IE11. For more info and to download the tool, see [Internet Explorer Administration Kit 11 (IEAK 11) - Administration Guide for IT Pros](../ie11-ieak/index.md).
 
--   **Unattend Settings.** Lets you update the Unattend.xml file, to customize the home page, favorites, search providers, feeds, Accelerators, Web Slices, and settings for top result searches. For more info, see the [Unattend Settings: Microsoft-Windows-IE-InternetExplorer](http://go.microsoft.com/fwlink/p/?LinkId=263709).
+-   **Unattend Settings.** Lets you update the Unattend.xml file, to customize the home page, favorites, search providers, feeds, Accelerators, Web Slices, and settings for top result searches. For more info, see the [Unattend Settings: Microsoft-Windows-IE-InternetExplorer](https://go.microsoft.com/fwlink/p/?LinkId=263709).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
index 07af66b6be..06a50bf079 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
-ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
 title: Use the Enterprise Mode Site List Manager (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Enterprise Mode Site List Manager
 
 **Applies to:**
@@ -24,7 +26,7 @@ Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, lett
 You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
 
 ## Enterprise Mode Site List Manager versions
-There are currently two versions of the Enterprise Site List Manager, both based on your schema and operating system. Download the [Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378) tool, based on your operating system.
+There are currently two versions of the Enterprise Site List Manager, both based on your schema and operating system. Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378) tool, based on your operating system.
 
 |Operating system |Schema version |Enterprise Site List Manager version |
 |-----------------|---------------|------------------------------------|
@@ -52,8 +54,8 @@ The following topics give you more information about the things that you can do
 ## Related topics
 
 
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md)
 - [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md)
  
diff --git a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
index 2166cdd0e0..5178b33d1f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/user-interface-problems-with-ie11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: support
 description: Info about where features went in the IEAK11, where the Favorites, Command, and Status bars went, and where the search bar went.
-ms.assetid: 7324faff-ccb6-4e14-ad91-af12dbca575e
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: support
-ms.sitesec: library
+ms.assetid: 7324faff-ccb6-4e14-ad91-af12dbca575e
 title: User interface problems with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # User interface problems with Internet Explorer 11
 Some of the features in both Internet Explorer 11 and IEAK 11 have moved around. Here are some of the more common changes.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
index bf9b76e571..2a51d2abad 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-enterprise-mode.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: security
 description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
-ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
 title: Using IE7 Enterprise Mode or IE8 Enterprise Mode (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Using IE7 Enterprise Mode or IE8 Enterprise Mode
 
 **Applies to:**
@@ -43,8 +45,8 @@ For instructions about how to add IE7 Enterprise Mode or IE8 Enterprise Mode to
 For instructions and more info about how to fix your compatibility issues using Enterprise Mode, see [Fix web compatibility issues using document modes and the Enterprise Mode site list](fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md).
 
 ## Related topics
-- [Download the Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853)
-- [Download the Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378)
+- [Download the Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853)
+- [Download the Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378)
 - [Use the Enterprise Mode Site List Manager](use-the-enterprise-mode-site-list-manager.md)
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
index 949cd32611..ba9ab11557 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-ieak11-to-create-install-packages.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use IEAK 11 while planning, customizing, and building the custom installation package.
-ms.assetid: af93742f-f955-44ab-bfa2-7bf0c99045d3
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: af93742f-f955-44ab-bfa2-7bf0c99045d3
 title: Using Internet Explorer Administration Kit 11 (IEAK 11) to create packages (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Using Internet Explorer Administration Kit 11 (IEAK 11) to create packages
 Internet Explorer Administration Kit 11 (IEAK 11) helps you set up, deploy, and maintain Internet Explorer 11.
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
index d8790ddf45..aeeb37ff4b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/using-inf-files-to-create-install-packages.md
@@ -1,15 +1,17 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use Setup Information (.inf) files to create installation packages.
-ms.assetid: 04fa2ba8-8d84-4af6-ab99-77e4f1961b0e
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 04fa2ba8-8d84-4af6-ab99-77e4f1961b0e
 title: Using Setup Information (.inf) files to create packages (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Using Setup Information (.inf) files to create install packages
-IEAK 11 uses Setup information (.inf) files to provide uninstallation instructions. Uninstallation instructions let your employees remove components, like files, registry entries, or shortcuts, through the **Uninstall or change a program** box. For details about .inf files, see [INF File Sections and Directives](http://go.microsoft.com/fwlink/p/?LinkId=327959).
+IEAK 11 uses Setup information (.inf) files to provide uninstallation instructions. Uninstallation instructions let your employees remove components, like files, registry entries, or shortcuts, through the **Uninstall or change a program** box. For details about .inf files, see [INF File Sections and Directives](https://go.microsoft.com/fwlink/p/?LinkId=327959).
 
  ![](images/wedge.gif) **To add uninstallation instructions to the .inf files**
 
@@ -27,9 +29,9 @@ Make sure your script removes the uninstallation registry key, too. Otherwise, t
 
 -   You can't delete directories.
 
--   You can't use **RenFiles** to move a file to a different location, it only lets you rename a file in its existing location. For detailed information, see [INF RenFiles Directive](http://go.microsoft.com/fwlink/p/?LinkId=298508).
+-   You can't use **RenFiles** to move a file to a different location, it only lets you rename a file in its existing location. For detailed information, see [INF RenFiles Directive](https://go.microsoft.com/fwlink/p/?LinkId=298508).
 
--   You can't use **CopyFiles** to copy a file to another place on your hard drive, it can only copy files from the source disk to the destination directory. For information, see [INF CopyFiles Directive](http://go.microsoft.com/fwlink/p/?LinkId=298510).
+-   You can't use **CopyFiles** to copy a file to another place on your hard drive, it can only copy files from the source disk to the destination directory. For information, see [INF CopyFiles Directive](https://go.microsoft.com/fwlink/p/?LinkId=298510).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
index ad843a3a06..bcf1dc7226 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/virtualization-and-compatibility-with-ie11.md
@@ -1,26 +1,28 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: virtualization
 description: Virtualization and compatibility with Internet Explorer 11
-ms.assetid: b0388c04-2584-4b6d-a7a8-4e0476773a80
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: virtualization
+ms.assetid: b0388c04-2584-4b6d-a7a8-4e0476773a80
 title: Virtualization and compatibility with Internet Explorer 11 (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Virtualization and compatibility with Internet Explorer 11
 If your company is considering upgrading to the latest version of Internet Explorer, but is hesitant because of a large number of web apps that need to be tested and moved, we recommend that you consider virtualization. Virtualization lets you set up a virtual environment where you can run earlier versions of IE.
 
 **Important**<br>
-We strongly suggest that while you're using virtualization, you also update your web apps so they run natively in the newer version of IE. For more information about how to update your code, see the [Internet Explorer 11 Compatibility Cookbook (Windows)](http://go.microsoft.com/fwlink/p/?LinkId=279707) to learn about the developer features that have been changed or deprecated since Internet Explorer 10.
+We strongly suggest that while you're using virtualization, you also update your web apps so they run natively in the newer version of IE. For more information about how to update your code, see the [Internet Explorer 11 Compatibility Cookbook (Windows)](https://go.microsoft.com/fwlink/p/?LinkId=279707) to learn about the developer features that have been changed or deprecated since Internet Explorer 10.
 
 The Microsoft-supported options for virtualizing web apps are:
 
--   **Microsoft Enterprise Desktop Virtualization (MED-V).** Uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop. For more information, see [MED-V](http://go.microsoft.com/fwlink/p/?LinkId=271653).
+-   **Microsoft Enterprise Desktop Virtualization (MED-V).** Uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization. With MED-V, you can easily create, deliver, and manage corporate Virtual PC images on any Windows®-based desktop. For more information, see [MED-V](https://go.microsoft.com/fwlink/p/?LinkId=271653).
 
--   **Client Hyper-V.** Uses the same virtualization technology previously available in Windows Server, but now installed for Windows 8.1. For more information, see [Client Hyper-V](http://go.microsoft.com/fwlink/p/?LinkId=271654).<p>
-For more information about virtualization options, see [Microsoft Desktop Virtualization](http://go.microsoft.com/fwlink/p/?LinkId=271662).
+-   **Client Hyper-V.** Uses the same virtualization technology previously available in Windows Server, but now installed for Windows 8.1. For more information, see [Client Hyper-V](https://go.microsoft.com/fwlink/p/?LinkId=271654).<p>
+For more information about virtualization options, see [Microsoft Desktop Virtualization](https://go.microsoft.com/fwlink/p/?LinkId=271662).
 
  
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
index 2e952c7915..44cf261391 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: Info about the features included in Enterprise Mode with Internet Explorer 11.
-ms.assetid: 3c77e9f3-eb21-46d9-b5aa-f9b2341cfefa
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 3c77e9f3-eb21-46d9-b5aa-f9b2341cfefa
 title: What is Enterprise Mode (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # What is Enterprise Mode?
 
 **Applies to:**
@@ -30,7 +32,7 @@ Enterprise Mode includes the following features:
 -   **Improved web app and website compatibility.** Through improved emulation, Enterprise Mode lets many legacy web apps run unmodified on IE11, supporting a number of site patterns that aren’t currently supported by existing document modes.
 
 -   **Tool-based management for website lists.** Use the Enterprise Mode Site List Manager to add website domains and domain paths and to specify whether a site renders using Enterprise Mode. <p>
-Download the [Enterprise Mode Site List Manager (schema v.2)](http://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](http://go.microsoft.com/fwlink/p/?LinkID=394378), based on your operating system and schema.
+Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microsoft.com/fwlink/p/?LinkId=716853) or the [Enterprise Mode Site List Manager (schema v.1)](https://go.microsoft.com/fwlink/p/?LinkID=394378), based on your operating system and schema.
 
 -   **Centralized control.** You can specify the websites or web apps to interpret using Enterprise Mode, through an XML file on a website or stored locally. Domains and paths within those domains can be treated differently, allowing granular control. Use Group Policy to let users turn Enterprise Mode on or off from the **Tools** menu and to decide whether the Enterprise browser profile appears on the **Emulation** tab of the F12 developer tools.<p>**Important**<br>All centrally-made decisions override any locally-made choices. 
 
diff --git a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
index af8996de35..5fb6495a74 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-the-internet-explorer-11-blocker-toolkit.md
@@ -1,14 +1,16 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: support
+ms.pagetype: security
 description: How to download and use the Internet Explorer 11 Blocker Toolkit to turn off the automatic delivery of IE11 through the Automatic Updates feature of Windows Update.
-ms.assetid: fafeaaee-171c-4450-99f7-5cc7f8d7ba91
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: support
-ms.sitesec: library
-ms.pagetype: security
+ms.assetid: fafeaaee-171c-4450-99f7-5cc7f8d7ba91
 title: What is the Internet Explorer 11 Blocker Toolkit? (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # What is the Internet Explorer 11 Blocker Toolkit?
 
 **Applies to:**
@@ -22,11 +24,11 @@ title: What is the Internet Explorer 11 Blocker Toolkit? (Internet Explorer 11 f
 The Internet Explorer 11 Blocker Toolkit lets you turn off the automatic delivery of IE11 through the **Automatic Updates** feature of Windows Update.
 
 **Important**<br>
-The IE11 Blocker Toolkit doesn't stop users from manually installing IE11 from the [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?linkid=327753). Also, even if you've installed previous versions of the toolkit before, like for Internet Explorer 10, you still need to install this version to prevent the installation of IE11.
+The IE11 Blocker Toolkit doesn't stop users from manually installing IE11 from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?linkid=327753). Also, even if you've installed previous versions of the toolkit before, like for Internet Explorer 10, you still need to install this version to prevent the installation of IE11.
 
  ![](images/wedge.gif) **To install the toolkit**
 
-1.  Download the IE11 Blocker Toolkit from [Toolkit to Disable Automatic Delivery of Internet Explorer 11](http://go.microsoft.com/fwlink/p/?LinkId=327745).
+1.  Download the IE11 Blocker Toolkit from [Toolkit to Disable Automatic Delivery of Internet Explorer 11](https://go.microsoft.com/fwlink/p/?LinkId=327745).
 
 2.  Accept the license agreement and store the included 4 files on your local computer.
 
@@ -39,7 +41,7 @@ Wait for the message, **Blocking deployment of IE11 on the local machine. The op
 
 6.  Close the Command Prompt.
 
-For answers to frequently asked questions, see [Internet Explorer 11 Blocker Toolkit: Frequently Asked Questions](http://go.microsoft.com/fwlink/p/?LinkId=314063).
+For answers to frequently asked questions, see [Internet Explorer 11 Blocker Toolkit: Frequently Asked Questions](https://go.microsoft.com/fwlink/p/?LinkId=314063).
 
  
 
diff --git a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
index af8d54f7b2..384f432713 100644
--- a/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
+++ b/browsers/internet-explorer/ie11-faq/faq-for-it-pros-ie11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: explore
 description: Frequently asked questions about Internet Explorer 11 for IT Pros
-ms.assetid: 140e7d33-584a-44da-8c68-6c1d568e1de3
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: explore
-ms.sitesec: library
+ms.assetid: 140e7d33-584a-44da-8c68-6c1d568e1de3
 title: Internet Explorer 11 - FAQ for IT Pros (Internet Explorer 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Internet Explorer 11 - FAQ for IT Pros
 Answering frequently asked questions about Internet Explorer 11 (IE11) features, operating system support, integration with the Windows operating system, Group Policy, and general configuration.
 
@@ -30,7 +32,7 @@ Answering frequently asked questions about Internet Explorer 11 (IE11) features
 IE11 is preinstalled with Windows 8.1 and Windows Server 2012 R2. No additional action is required.
 
 **Q: How do I install IE11 on Windows 7 with SP1 or Windows Server 2008 R2 with SP1?**<br>
-You can install IE11 on computers running either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. To download IE11, see the IE11 [home page](http://go.microsoft.com/fwlink/p/?LinkId=290956).
+You can install IE11 on computers running either Windows 7 with SP1 or Windows Server 2008 R2 with SP1. To download IE11, see the IE11 [home page](https://go.microsoft.com/fwlink/p/?LinkId=290956).
 
 **Q: How does IE11 integrate with Windows 8.1?**<br>
 IE11 is the default handler for the HTTP and HTTPS protocols and the default browser for Windows 8.1. There are two experiences in Windows 8.1: Internet Explorer and Internet Explorer for the desktop. IE is the default browser for touch-first, immersive experiences. Internet Explorer for the desktop provides a more traditional window and tab management experience. The underlying platform of IE11 is fully interoperable across both IE and the familiar Internet Explorer for the desktop, letting developers write the same markup for both experiences.
@@ -56,10 +58,10 @@ Supported web standards include:
 
 -   And mutation observers like DOM4 and 5.3
 
-For more information about specific changes and additions, see the [IE11 guide for developers](http://go.microsoft.com/fwlink/p/?LinkId=313188).
+For more information about specific changes and additions, see the [IE11 guide for developers](https://go.microsoft.com/fwlink/p/?LinkId=313188).
 
 **Q: What test tools exist to test for potential application compatibility issues?**<br>
-The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](http://go.microsoft.com/fwlink/p/?LinkId=313189). In addition, you can use the new [F12 Developer Tools](http://go.microsoft.com/fwlink/p/?LinkId=313190) that are included with IE11, or the [modern.ie](http://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
+The Compat Inspector tool supports Windows Internet Explorer 9 through IE11. For more information, see [Compat Inspector User Guide](https://go.microsoft.com/fwlink/p/?LinkId=313189). In addition, you can use the new [F12 Developer Tools](https://go.microsoft.com/fwlink/p/?LinkId=313190) that are included with IE11, or the [modern.ie](https://go.microsoft.com/fwlink/p/?linkid=308902) website for Microsoft Edge.
 
 **Q: Why am I having problems launching my legacy apps with Internet Explorer 11**?<br>
 It’s most likely because IE no longer starts apps that use managed browser hosting controls, like in the .NET Framework 1.1 and 2.0. You can get IE11 to use managed browser hosting controls again, by:
@@ -68,10 +70,10 @@ It’s most likely because IE no longer starts apps that use managed browser hos
 
 -   **For x64 systems or for 64-bit processes on x64 systems:** Go to the `HKLM\SOFTWARE\Wow6432Node\.NETFramework` registry key and change the **EnableIEHosting** value to **1**.
 
-For more information, see the [Web Applications](http://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
+For more information, see the [Web Applications](https://go.microsoft.com/fwlink/p/?LinkId=308903) section of the Application Compatibility in the .NET Framework 4.5 page.
 
 **Q: Is there a compatibility list for IE?**<br>
-Yes. You can review the XML-based [compatibility version list](http://go.microsoft.com/fwlink/p/?LinkId=403864).
+Yes. You can review the XML-based [compatibility version list](https://go.microsoft.com/fwlink/p/?LinkId=403864).
 
 **Q: What is Enterprise Mode?**<br>
 Enterprise Mode is a compatibility mode designed for Enterprises. This mode lets websites render using a modified browser configuration that’s designed to avoid the common compatibility problems associated with web apps written and tested on older versions of IE, like Windows Internet Explorer 7 or Windows Internet Explorer 8.<p>
@@ -82,7 +84,7 @@ Enterprise Mode Site List Manager tool gives you a way to add websites to your E
 For more information, see all of the topics in [Use the Enterprise Mode Site List Manager](../ie11-deploy-guide/use-the-enterprise-mode-site-list-manager.md).
 
 **Q: Are browser plug-ins supported in IE11?**<br>
-The immersive version of IE11 provides an add-on–free experience, so browser plugins won't load and dependent content won't be displayed. This doesn't apply to Internet Explorer for the desktop. For more information, see [Browsing Without Plug-ins](http://go.microsoft.com/fwlink/p/?LinkId=242587). However, Internet Explorer for the desktop and IE11 on Windows 7 with SP1 do support browser plugins, including ActiveX controls such as Adobe Flash and Microsoft Silverlight.
+The immersive version of IE11 provides an add-on–free experience, so browser plugins won't load and dependent content won't be displayed. This doesn't apply to Internet Explorer for the desktop. For more information, see [Browsing Without Plug-ins](https://go.microsoft.com/fwlink/p/?LinkId=242587). However, Internet Explorer for the desktop and IE11 on Windows 7 with SP1 do support browser plugins, including ActiveX controls such as Adobe Flash and Microsoft Silverlight.
 
 **Q: Is Adobe Flash supported on IE11?**<br>
 Adobe Flash is included as a platform feature and is available out of the box for Windows 8.1, running on both IE and Internet Explorer for the desktop. Users can turn this feature on or off using the **Manage Add-ons** dialog box, while administrators can turn this feature on or off using the Group Policy setting, **Turn off Adobe Flash in IE and prevent applications from using IE technology to instantiate Flash objects**.<p>
@@ -114,15 +116,15 @@ For more information, see [New group policy settings for IE11](../ie11-deploy-gu
 **Q: Is there a version of the Internet Explorer Administration Kit (IEAK) supporting IE11?**<br>
 Yes. The Internet Explorer Administration Kit 11 (IEAK 11) is available for download. IEAK 11 lets you create custom versions of IE11 for use in your organization. For more information, see the following resources:
 
-- [Internet Explorer Administration Kit Information and Downloads](http://go.microsoft.com/fwlink/p/?LinkId=214250) on the Internet Explorer TechCenter.
+- [Internet Explorer Administration Kit Information and Downloads](https://go.microsoft.com/fwlink/p/?LinkId=214250) on the Internet Explorer TechCenter.
 
 - [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
 
 **Q: Where can I get more information about IE11 for IT pros?**<br>
-Visit the [Springboard Series for Microsoft Browsers](http://go.microsoft.com/fwlink/p/?LinkId=313191) webpage on TechNet.
+Visit the [Springboard Series for Microsoft Browsers](https://go.microsoft.com/fwlink/p/?LinkId=313191) webpage on TechNet.
 
 **Q: Is there a version of the Internet Explorer Blocker Toolkit that will prevent automatic installation of IE11?**<br>
-Yes. The IE11 Blocker Toolkit is available for download. For more information, see [Toolkit to Disable Automatic Delivery of IE11](http://go.microsoft.com/fwlink/p/?LinkId=328195) on the Microsoft Download Center.
+Yes. The IE11 Blocker Toolkit is available for download. For more information, see [Toolkit to Disable Automatic Delivery of IE11](https://go.microsoft.com/fwlink/p/?LinkId=328195) on the Microsoft Download Center.
 
 **Q: Can I customize settings for IE on Windows 8.1?**<br>
 Settings can be customized in the following ways:
@@ -143,6 +145,7 @@ Group Policy settings can be set to open either IE or Internet Explorer for the
 |Always in Internet Explorer for the desktop |Links always open in Internet Explorer for the desktop. |
 
 ## Related topics
-- [Microsoft Edge - Deployment Guide for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760643)
+- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
 - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
\ No newline at end of file
+- [Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide](../ie11-ieak/index.md)
+
diff --git a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
index a72ab5e2d6..4e54434a53 100644
--- a/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/accelerators-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Accelerators page in the IEAK 11 Customization Wizard to add accelerators to employee devices.
-ms.assetid: 208305ad-1bcd-42f3-aca3-0ad1dda7048b
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 208305ad-1bcd-42f3-aca3-0ad1dda7048b
 title: Use the Accelerators page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Accelerators page in the IEAK 11 Wizard
 The **Accelerators** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you add accelerators to your employee computers. Accelerators are contextual menu options that can quickly get to a web service from any webpage. For example, an accelerator can look up a highlighted word in the dictionary or a selected location on a map.
 
diff --git a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
index 1c7812e8fc..133e7f4411 100644
--- a/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/add-and-approve-activex-controls-ieak11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use IEAK 11 to add and approve ActiveX controls for your organization.
-ms.assetid: 33040bd1-f0e4-4541-9fbb-16e0c76752ab
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 33040bd1-f0e4-4541-9fbb-16e0c76752ab
 title: Add and approve ActiveX controls using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Add and approve ActiveX controls using IEAK 11
 There are two main approaches to how you can control the use of ActiveX controls in your company. For more info about ActiveX controls, including how to manage the controls using Group Policy, see [Group Policy and ActiveX installation](../ie11-deploy-guide/activex-installation-using-group-policy.md) in the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md).
 
diff --git a/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
index 0a3b15979e..1ed9bf67b0 100644
--- a/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/add-root-certificate-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: We’re sorry. While we continue to recommend that you digitally sign your package, we’ve removed all of the functionality that allowed you to add a root certificate using the Internet Explorer Customization Wizard 11. The wizard page itself will be removed in a future version of the IEAK.
-ms.assetid: 7ae4e747-49d2-4551-8790-46a61b5fe838
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 7ae4e747-49d2-4551-8790-46a61b5fe838
 title: Use the Add a Root Certificate page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Add a Root Certificate page in the IEAK 11 Wizard
 We’re sorry. While we continue to recommend that you digitally sign your package, we’ve removed all of the functionality that allowed you to add a root certificate using the Internet Explorer Customization Wizard 11. The wizard page itself will be removed in a future version of the IEAK.
 
diff --git a/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
index f6aede477d..ef6c2ef932 100644
--- a/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/additional-settings-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Additional Settings page in IEAK 11 Customization Wizard for additional settings that relate to your employee’s desktop, operating system, and security.
-ms.assetid: c90054af-7b7f-4b00-b55b-5e5569f65f25
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: c90054af-7b7f-4b00-b55b-5e5569f65f25
 title: Use the Additional Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Additional Settings page in the IEAK 11 Wizard
 The **Additional Settings** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you pick additional custom, corporate, and Internet settings that relate to your employee’s desktop, operating system, and security. If you don’t change a setting, it’ll be ignored.
 
diff --git a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
index cb2f3af34a..35814166ac 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-config-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Automatic Configuration page in the IEAK 11 Customization Wizard to add URLs to auto-configure IE.
-ms.assetid: de5b1dbf-6e4d-4f86-ae08-932f14e606b0
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: de5b1dbf-6e4d-4f86-ae08-932f14e606b0
 title: Use the Automatic Configuration page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Automatic Configuration page in the IEAK 11 Wizard
 The **Automatic Configuration** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you provide URLs to the files that’ll automatically configure Internet Explorer 11 for a group of employees or devices.
 
diff --git a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
index a33c77cae8..65baf63d4b 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-detection-dhcp-or-dns-servers-ieak11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to set up automatic detection for DHCP or DNS servers using IEAK 11 in your organization.
-ms.assetid: c6bfe7c4-f452-406f-b47e-b7f0d8c44ae1
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: c6bfe7c4-f452-406f-b47e-b7f0d8c44ae1
 title: Set up auto detection for DHCP or DNS servers using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Set up auto detection for DHCP or DNS servers using IEAK 11
 Set up your network to automatically detect and customize Internet Explorer 11 when it’s first started. Automatic detection is supported on both Dynamic Host Configuration Protocol (DHCP) and Domain Name System (DNS), letting your servers detect and set up your employee’s browser settings from a central location, using a configuration URL (.ins file) or a JavaScript proxy configuration file (.js, .jvs, or .pac).
 
@@ -30,12 +32,13 @@ DHCP has a higher priority than DNS for automatic configuration. If DHCP provide
 
 ![](images/wedge.gif) **To set up automatic detection for DHCP servers**
 
--   Open the [DHCP Administrative Tool](http://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](http://go.microsoft.com/fwlink/p/?LinkId=294649).
-<p>**Examples:**<br>
-http://www.microsoft.com/webproxy.pac<br>
-http://marketing/config.ins<br>
-http://123.4.567.8/account.pac<p>
-For more detailed info about how to set up your DHCP server, see your server documentation.
+-   Open the [DHCP Administrative Tool](https://go.microsoft.com/fwlink/p/?LinkId=302212), create a new option type, using the code number 252, and then associate it with the URL to your configuration file. For detailed instructions about how to do this, see [Create an option 252 entry in DHCP](https://go.microsoft.com/fwlink/p/?LinkId=294649).
+
+    **Examples:**<br>
+    `http://www.microsoft.com/webproxy.pac`<br>
+    `http://marketing/config.ins`<br>
+    `http://123.4.567.8/account.pac`<p>
+    For more detailed info about how to set up your DHCP server, see your server documentation.
 
 ![](images/wedge.gif) **To set up automatic detection for DNS servers**
 
@@ -46,9 +49,10 @@ For more detailed info about how to set up your DHCP server, see your server doc
 `mailserver1 IN A 192.55.200.51`
 <p>**-OR-**<p>
 Create a canonical name (CNAME) alias record, named **WPAD**. This record lets you use more than one name to point to a single host, letting you host both an FTP server and a web server on the same computer. It also includes the resolved name (not the IP address) of the server storing your automatic configuration (.pac) file.<p>
-**Note**<br>For more info about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](http://go.microsoft.com/fwlink/p/?LinkId=294651). 
+**Note**<br>For more info about creating a **WPAD** entry, see [Creating a WPAD entry in DNS](https://go.microsoft.com/fwlink/p/?LinkId=294651). 
 
 2.  After the database file propagates to the server, the DNS name, `wpad.<domain>.com` resolves to the server name that includes your automatic configuration file.
 
 **Note**<br>
-IE11 creates a default URL template based on the host name,**wpad**. For example, `http://wpad.<domain>.com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
\ No newline at end of file
+IE11 creates a default URL template based on the host name,**wpad**. For example, `http://wpad.<domain>.com/wpad.dat`. Because of this, you need to set up a file or redirection point in your web server **WPAD** record, named **wpad.dat**. The **wpad.dat** record delivers the contents of your automatic configuration file.
+
diff --git a/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
index 62239b4d46..ee3c61b17f 100644
--- a/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/auto-version-sync-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Automatic Version Synchronization page in the IEAK 11 Customization Wizard to download the IE11 Setup file each time you run the Wizard.
-ms.assetid: bfc7685f-843b-49c3-8b9b-07e69705840c
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: bfc7685f-843b-49c3-8b9b-07e69705840c
 title: Use the Automatic Version Synchronization page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Automatic Version Synchronization page in the IEAK 11 Wizard
 The **Automatic Version Synchronization** page of the Internet Explorer Customization Wizard 11 runs the synchronization process every time you run the wizard, downloading the Internet Explorer 11 Setup file to your computer. The Setup file includes the required full and express packages.
 
diff --git a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md b/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
index ff5b52268c..9c66fd3777 100644
--- a/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/before-you-create-custom-pkgs-ieak11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: plan
 description: A list of steps to follow before you start to create your custom browser installation packages.
-ms.assetid: 6ed182b0-46cb-4865-9563-70825be9a5e4
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: 6ed182b0-46cb-4865-9563-70825be9a5e4
 title: Before you start using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Before you start using IEAK 11
 Go through this list, making sure you’ve answered all of the questions before you run Internet Explorer Administration Kit 11 (IEAK 11) and the Customization Wizard.
 
diff --git a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
index dac3198b66..ecbaa2500e 100644
--- a/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/branding-ins-file-setting.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use the \[Branding\] .INS file setting to set up your custom branding and setup info in your browser install package.
-ms.assetid: cde600c6-29cf-4bd3-afd1-21563d2642df
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: cde600c6-29cf-4bd3-afd1-21563d2642df
 title: Use the Branding .INS file to create custom branding and setup info (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Branding .INS file to create custom branding and setup info
 Info about the custom branding and setup information in your browser package.
 
diff --git a/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
index fa8d449cf1..08004bb0a9 100644
--- a/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/browser-ui-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
-description: How to use the Browser User Interface page in the IEAK 11 Customization Wizard to change the toolbar buttons and the title bar. 
-ms.assetid: c4a18dcd-2e9c-4b5b-bcc5-9b9361a79f0d
+localizationpriority: low
+ms.mktglfcycl: deploy
+description: How to use the Browser User Interface page in the IEAK 11 Customization Wizard to change the toolbar buttons and the title bar.
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: c4a18dcd-2e9c-4b5b-bcc5-9b9361a79f0d
 title: Use the Browser User Interface page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Browser User Interface page in the IEAK 11 Wizard
 The **Browser User Interface** page of the Internet Explorer Customization Wizard 11 lets you change the toolbar buttons and the title bar text in IE.
 
diff --git a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
index dea816e8c3..f11633eec9 100644
--- a/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/browsertoolbars-ins-file-setting.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: plan
 description: Use the \[BrowserToolbars\] .INS file setting to customize your Internet Explorer toolbar and buttons.
-ms.assetid: 83af0558-9df3-4c2e-9350-44f7788efa6d
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: 83af0558-9df3-4c2e-9350-44f7788efa6d
 title: Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar and buttons (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the BrowserToolbars .INS file to customize the Internet Explorer toolbar and buttons
 Info about how to customize the Internet Explorer toolbar.
 
diff --git a/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
index 234b5314b8..f4bab58e1e 100644
--- a/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/browsing-options-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Browsing Options page in the IEAK 11 Customization Wizard to manage items in the Favorites, Favorites Bar, and Feeds section.
-ms.assetid: d6bd71ba-5df3-4b8c-8bb5-dcbc50fd974e
 author: eross-msft
 ms.prod: ie111
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: d6bd71ba-5df3-4b8c-8bb5-dcbc50fd974e
 title: Use the Browsing Options page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Browsing Options page in the IEAK 11 Wizard
 The **Browsing Options** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you decide how you want to manage items in the **Favorites, Favorites Bar, and Feeds** section, including the Microsoft-provided default items.
 
diff --git a/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
index d5d956d65f..1ea07d8c49 100644
--- a/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/cabsigning-ins-file-setting.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use the \[CabSigning\] .INS file setting to customize the digital signature info for your apps.
-ms.assetid: 098707e9-d712-4297-ac68-7d910ca8f43b
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 098707e9-d712-4297-ac68-7d910ca8f43b
 title: Use the CabSigning .INS file to customize the digital signature info for your apps (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the CabSigning .INS file to customize the digital signature info for your apps
 Info about how to customize the digital signature info for your apps.
 
@@ -16,4 +18,5 @@ Info about how to customize the digital signature info for your apps.
 |InfoURL |`<url_for_certificates>` |URL that appears on the **Certificate** dialog box. |
 |Name |`<company_name>` |Company name associated with the certificate. |
 |pvkFile |`<file_path>` |File path to the privacy key file. |
-|spcFile |`<file_path>` |File path to the certificate file.|
\ No newline at end of file
+|spcFile |`<file_path>` |File path to the certificate file.|
+
diff --git a/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
index 623ebff701..26271c2666 100644
--- a/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/compat-view-ieak11-wizard.md
@@ -1,15 +1,18 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
+ms.pagetype: appcompat
 description: We’re sorry. We’ve removed all of the functionality included on the **Compatibility View** page of the Internet Explorer Customization Wizard 11.
-ms.assetid: 51d8f80e-93a5-41e4-9478-b8321458bc30
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: appcompat
+ms.assetid: 51d8f80e-93a5-41e4-9478-b8321458bc30
 title: Use the Compatibility View page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Compatibility View page in the IEAK 11 Wizard
 We’re sorry. We’ve changed the way Compatibility View works in Internet Explorer 11 and have removed all of the functionality included on the **Compatibility View** page of the Internet Explorer Customization Wizard 11. For more info about the changes we’ve made to the Compatibility View functionality, see [Missing the Compatibility View Button](../ie11-deploy-guide/missing-the-compatibility-view-button.md).
 
-Click **Next** to go to the [Programs](programs-ieak11-wizard.md) page or **Back** to go to the [Security and Privacy Settings](security-and-privacy-settings-ieak11-wizard.md) page.
\ No newline at end of file
+Click **Next** to go to the [Programs](programs-ieak11-wizard.md) page or **Back** to go to the [Security and Privacy Settings](security-and-privacy-settings-ieak11-wizard.md) page.
+
diff --git a/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
index ae61348d3f..0775380c68 100644
--- a/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/connection-mgr-ieak11-wizard.md
@@ -1,14 +1,17 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: We’re sorry. We’ve removed all of the functionality included on the **Connection Manager** page of the Internet Explorer Customization Wizard 11.
-ms.assetid: 1edaa7db-cf6b-4f94-b65f-0feff3d4081a
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 1edaa7db-cf6b-4f94-b65f-0feff3d4081a
 title: Use the Connection Manager page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Connection Manager page in the IEAK 11 Wizard
 We're sorry. We've removed all of the functionality included on the Connection Manager page of the Internet Explorer Customization Wizard 11.
 
-Click **Next** to go to the [Connection Settings](connection-settings-ieak11-wizard.md) page or **Back** to go to the [Compatibility View](compat-view-ieak11-wizard.md) page.
\ No newline at end of file
+Click **Next** to go to the [Connection Settings](connection-settings-ieak11-wizard.md) page or **Back** to go to the [Compatibility View](compat-view-ieak11-wizard.md) page.
+
diff --git a/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
index 3ff0ad3e5d..0d7cf5093e 100644
--- a/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/connection-settings-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Connection Settings page in IEAK 11 Customization Wizard to import and preset connection settings on your employee’s computers.
-ms.assetid: dc93ebf7-37dc-47c7-adc3-067d07de8b78
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: dc93ebf7-37dc-47c7-adc3-067d07de8b78
 title: Use the Connection Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Connection Settings page in the IEAK 11 Wizard
 The **Connection Settings** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you import the connection settings from your computer, to preset the connection settings on your employee’s computers.
 
@@ -31,4 +33,5 @@ The **Connection Settings** page of the Internet Explorer Administration Kit (IE
 
 2.  Check the **Delete existing Dial-up Connection Settings** box to clear any existing settings on your employee’s computers.
 
-3.  Click **Next** to go to the [Automatic Configuration](auto-config-ieak11-wizard.md) page or **Back** to go to the [Connection Manager](connection-mgr-ieak11-wizard.md) page.
\ No newline at end of file
+3.  Click **Next** to go to the [Automatic Configuration](auto-config-ieak11-wizard.md) page or **Back** to go to the [Connection Manager](connection-mgr-ieak11-wizard.md) page.
+
diff --git a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
index 63ebc27054..76e9f16992 100644
--- a/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/connectionsettings-ins-file-setting.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: plan
 description: Use the \[ConnectionSettings\] .INS file setting to specify the network connection settings needed to install your custom package.
-ms.assetid: 41410300-6ddd-43b2-b9e2-0108a2221355
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: 41410300-6ddd-43b2-b9e2-0108a2221355
 title: Use the ConnectionSettings .INS file to review the network connections for install (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the ConnectionSettings .INS file to review the network connections for install
 Info about the network connection settings used to install your custom package. This section creates a common configuration on all of your employee’s computers.
 
@@ -16,4 +18,5 @@ Info about the network connection settings used to install your custom package.
 |ConnectName0 |`<connection_name>` |Name for the connection. |
 |ConnectName1 |`<connection_name>` |Secondary name for the connection. |
 |DeleteConnectionSettings |<ul><li>**0.** Don’t remove the connection settings during installation.</li><li>**1.** Remove the connection settings during installation.<p>**Note**<br>This only appears for the **Internal** version of the IEAK 11.</li></ul> |Determines whether to remove the existing connection settings during installation of your custom package. |
-|Option |<ul><li>**0.** Don’t let employees import connection settings.</li><li>**1.** Let employees import connection settings.</li></ul> |Determines whether an employee can import connection settings into the Internet Explorer Customization Wizard. |
\ No newline at end of file
+|Option |<ul><li>**0.** Don’t let employees import connection settings.</li><li>**1.** Let employees import connection settings.</li></ul> |Determines whether an employee can import connection settings into the Internet Explorer Customization Wizard. |
+
diff --git a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
index 6b52865341..7b502d02d9 100644
--- a/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-build-folder-structure-ieak11.md
@@ -1,17 +1,20 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: plan
 description: How to create your folder structure on the computer that you’ll use to build your custom browser package.
-ms.assetid: e0d05a4c-099f-4f79-a069-4aa1c28a1080
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: e0d05a4c-099f-4f79-a069-4aa1c28a1080
 title: Create the build computer folder structure using IEAK 11  (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Create the build computer folder structure using IEAK 11
 Create your build environment on the computer that you’ll use to build your custom browser package. Your license agreement determines your folder structure and which version of Internet Explorer Administration Kit 11 (IEAK 11) you’ll use: **Internal** or **External**.
 
 |Name             |Version               |Description                                              |
 |-----------------|----------------------|---------------------------------------------------------|
 |`\<root_folder>` |Internal and External |The main, placeholder folder used for all files built by IEAK or that you referenced in your custom package.|
-|`\<root_folder>\Dist` |Internal only |Destination directory for your files. You’ll only need this folder if you’re creating your browser package on a network drive. |
\ No newline at end of file
+|`\<root_folder>\Dist` |Internal only |Destination directory for your files. You’ll only need this folder if you’re creating your browser package on a network drive. |
+
diff --git a/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
index 027de7e6c3..db345fee37 100644
--- a/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-manage-deploy-custom-pkgs-ieak11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: plan
 description: Review this list of tasks and references before you create and deploy your Internet Explorer 11 custom install packages.
-ms.assetid: fe71c603-bf07-41e1-a477-ade5b28c9fb3
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: fe71c603-bf07-41e1-a477-ade5b28c9fb3
 title: Tasks and references to consider before creating and deploying custom packages using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Tasks and references to consider before creating and deploying custom packages using IEAK 11
 Review this list of tasks and references to help you use the Internet Explorer Administration Kit 11 (IEAK 11) to set up, deploy, and manage Internet Explorer 11 in your company.
 
@@ -17,4 +19,5 @@ Review this list of tasks and references to help you use the Internet Explorer A
 |Prep your environment and get all of the info you'll need for running IEAK 11 |<ul><li>[Create the build computer folder structure using IEAK 11](create-build-folder-structure-ieak11.md)</li><li>[Customize the Toolbar button and Favorites List icons using IEAK 11](guidelines-toolbar-and-favorites-list-ieak11.md)</li><li>[Before you install your package over your network using IEAK 11](prep-network-install-with-ieak11.md)</li><li>[Set up auto detection for DHCP or DNS servers using IEAK 11](auto-detection-dhcp-or-dns-servers-ieak11.md)</li><li>[Register an uninstall app for custom components using IEAK 11](register-uninstall-app-ieak11.md)</li><li>[Add and approve ActiveX controls using the IEAK 11](add-and-approve-activex-controls-ieak11.md)</li><li>[Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options](ieak11-wizard-custom-options.md)</li><li>[Security features and IEAK 11 ](security-and-ieak11.md)</li></ul> |
 |Run the Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard |<ul><li>[Use the File Locations page in the IEAK 11 Wizard](file-locations-ieak11-wizard.md)</li><li>[Use the Platform Selection page in the IEAK 11 Wizard](platform-selection-ieak11-wizard.md)</li><li>[Use the Language Selection page in the IEAK 11 Wizard](language-selection-ieak11-wizard.md)</li><li>[Use the Package Type Selection page in the IEAK 11 Wizard](pkg-type-selection-ieak11-wizard.md)</li><li>[Use the Feature Selection page in the IEAK 11 Wizard](feature-selection-ieak11-wizard.md)</li><li>[Use the Automatic Version Synchronization page in the IEAK 11 Wizard](auto-version-sync-ieak11-wizard.md)</li><li>[Use the Custom Components page in the IEAK 11 Wizard](custom-components-ieak11-wizard.md)</li><li>[Use the Internal Install page in the IEAK 11 Wizard](internal-install-ieak11-wizard.md)</li><li>[Use the User Experience page in the IEAK 11 Wizard](user-experience-ieak11-wizard.md)</li><li>[Use the Browser User Interface page in the IEAK 11 Wizard](browser-ui-ieak11-wizard.md)</li><li>[Use the Search Providers page in the IEAK 11 Wizard](search-providers-ieak11-wizard.md)</li><li>[Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard](important-urls-home-page-and-support-ieak11-wizard.md)</li><li>[Use the Accelerators page in the IEAK 11 Wizard](accelerators-ieak11-wizard.md)</li><li>[Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard](favorites-favoritesbar-and-feeds-ieak11-wizard.md)</li><li>[Use the Browsing Options page in the IEAK 11 Wizard](browsing-options-ieak11-wizard.md)</li><li>[Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard](first-run-and-welcome-page-ieak11-wizard.md)</li><li>[Use the Compatibility View page in the IEAK 11 Wizard](compat-view-ieak11-wizard.md)</li><li>[Use the Connection Manager page in the IEAK 11 Wizard](connection-mgr-ieak11-wizard.md)</li><li>[Use the Connection Settings page in the IEAK 11 Wizard](connection-settings-ieak11-wizard.md)</li><li>[Use the Automatic Configuration page in the IEAK 11 Wizard](auto-config-ieak11-wizard.md)</li><li>[Use the Proxy Settings page in the IEAK 11 Wizard](proxy-settings-ieak11-wizard.md)</li><li>[Use the Security and Privacy Settings page in the IEAK 11 Wizard](security-and-privacy-settings-ieak11-wizard.md)</li><li>[Use the Add a Root Certificate page in the IEAK 11 Wizard](add-root-certificate-ieak11-wizard.md)</li><li>[Use the Programs page in the IEAK 11 Wizard](programs-ieak11-wizard.md)</li><li>[Use the Additional Settings page in the IEAK 11 Wizard](additional-settings-ieak11-wizard.md)</li><li>[Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard](wizard-complete-ieak11-wizard.md)</li></ul> |
 |Review your policy settings and create multiple versions of your install package. |<ul><li>[Create multiple versions of your custom package using IEAK 11](create-multiple-browser-packages-ieak11.md)</li><li>[Use the RSoP snap-in to review policy settings](rsop-snapin-for-policy-settings-ieak11.md)<p>**Note**<br>For deployment instructions, additional troubleshooting, and post-installation management, see the [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)</li></ul> |
-|Review the general IEAK Customization Wizard 11 information, which applies throughout the process. |<ul><li>[Troubleshoot custom package and IEAK 11 problems](troubleshooting-custom-browser-pkg-ieak11.md)</li><li>[File types used or created by IEAK 11](file-types-ieak11.md)</li><li>[Customize Automatic Search using IEAK 11](customize-automatic-search-for-ie.md)</li><li>[Use the uninstallation .INF files to uninstall custom components](create-uninstall-inf-files-for-custom-components.md)</li><li>[Using Internet Settings (.INS) files with IEAK 11](using-internet-settings-ins-files.md)</li><li>[Use proxy auto-configuration (.pac) files with IEAK 11](proxy-auto-config-examples.md)</li><li>[IExpress Wizard for Windows Server 2008 R2 with SP1](iexpress-wizard-for-win-server.md)</li></ul> |
\ No newline at end of file
+|Review the general IEAK Customization Wizard 11 information, which applies throughout the process. |<ul><li>[Troubleshoot custom package and IEAK 11 problems](troubleshooting-custom-browser-pkg-ieak11.md)</li><li>[File types used or created by IEAK 11](file-types-ieak11.md)</li><li>[Customize Automatic Search using IEAK 11](customize-automatic-search-for-ie.md)</li><li>[Use the uninstallation .INF files to uninstall custom components](create-uninstall-inf-files-for-custom-components.md)</li><li>[Using Internet Settings (.INS) files with IEAK 11](using-internet-settings-ins-files.md)</li><li>[Use proxy auto-configuration (.pac) files with IEAK 11](proxy-auto-config-examples.md)</li><li>[IExpress Wizard for Windows Server 2008 R2 with SP1](iexpress-wizard-for-win-server.md)</li></ul> |
+
diff --git a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
index 6a0431b323..568dfaaa3d 100644
--- a/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/create-multiple-browser-packages-ieak11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Steps to create multiple versions of your custom browser if you support more than 1 version of Windows, more than 1 language, or have different features in each package.
-ms.assetid: 4c5f3503-8c69-4691-ae97-1523091ab333
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 4c5f3503-8c69-4691-ae97-1523091ab333
 title: Create multiple versions of your custom package using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Create multiple versions of your custom package using IEAK 11
 You'll need to create multiple versions of your custom browser package if:
 
@@ -28,4 +30,5 @@ The Internet Explorer Customization Wizard 11 stores your original settings in t
 3.  Run the wizard again, choosing the newly renamed folder as the destination directory for your output files.<p>
 **Important**<br>Except for the **Title bar** text, **Favorites**, **Links bar**, **Home** page, and **Search bar**, we recommend that you keep all of your wizard settings the same for all of your build computers.
 
-4.  Repeat this process until you’ve created a package for each version of your custom installation package.
\ No newline at end of file
+4.  Repeat this process until you’ve created a package for each version of your custom installation package.
+
diff --git a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
index cb69adb1be..bcc88868ed 100644
--- a/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
+++ b/browsers/internet-explorer/ie11-ieak/create-uninstall-inf-files-for-custom-components.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use Setup information (.inf) files to uninstall custom components from your custom browser packages.
-ms.assetid: 8257aa41-58de-4339-81dd-9f2ffcc10a08
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 8257aa41-58de-4339-81dd-9f2ffcc10a08
 title: Use Setup information (.inf) files to uninstall custom components (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use uninstallation .INF files to uninstall custom components
 The Internet Explorer Administration Kit 11 (IEAK 11) uses Setup information (.inf) files to provide installation instructions for your custom browser packages. You can also use this file to uninstall your custom components by removing the files, registry entries, and shortcuts, and adding your custom component to the list of programs that can be uninstalled from **Uninstall or change a program**.
 
@@ -19,4 +21,5 @@ Where *description* is the string that’s shown in the **Uninstall or change a
 2.  Add another new key and value to:<br>`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\app-name,"UninstallString”",,"command-line"`<p>
 Where *command-line* is the command that’s run when the component is picked from the **Uninstall or change a program** box.
 
-Your uninstall script must also remove your key from under the **Uninstall** registry key, so that your component no longer appears in the **Uninstall or change a program** after uninstallation. You can also run just a section of an .inf file by using the Setupx.dll InstallHinfSection entry point. To make this work, your installation script must copy the .inf file to the Windows\Inf folder for your custom component.
\ No newline at end of file
+Your uninstall script must also remove your key from under the **Uninstall** registry key, so that your component no longer appears in the **Uninstall or change a program** after uninstallation. You can also run just a section of an .inf file by using the Setupx.dll InstallHinfSection entry point. To make this work, your installation script must copy the .inf file to the Windows\Inf folder for your custom component.
+
diff --git a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
index 454afe5dde..ca0125b893 100644
--- a/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/custom-components-ieak11-wizard.md
@@ -1,15 +1,17 @@
 ---
-description: How to use the Custom Components page in the IEAK 11 Customization Wizard to add additional components for your employees to install with IE. 
-ms.assetid: 38a2b90f-c324-4dc8-ad30-8cd3e3e901d7
+localizationpriority: low
+ms.mktglfcycl: deploy
+description: How to use the Custom Components page in the IEAK 11 Customization Wizard to add additional components for your employees to install with IE.
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 38a2b90f-c324-4dc8-ad30-8cd3e3e901d7
 title: Use the Custom Components page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Custom Components page in the IEAK 11 Wizard
-The **Custom Components** page of the Internet Explorer Customization Wizard 11 lets you add up to 10 additional components that your employees can install at the same time they install IE. These components can be created by Microsoft or your organization as either compressed cabinet (.cab) or self-extracting executable (.exe) files. If you’re using Microsoft components, make sure you have the latest version and software patches from the [Microsoft Support](http://go.microsoft.com/fwlink/p/?LinkId=258658) site. To include Microsoft Update components, you must bundle the associated files into a custom component.
+The **Custom Components** page of the Internet Explorer Customization Wizard 11 lets you add up to 10 additional components that your employees can install at the same time they install IE. These components can be created by Microsoft or your organization as either compressed cabinet (.cab) or self-extracting executable (.exe) files. If you’re using Microsoft components, make sure you have the latest version and software patches from the [Microsoft Support](https://go.microsoft.com/fwlink/p/?LinkId=258658) site. To include Microsoft Update components, you must bundle the associated files into a custom component.
 
 **Important**<br>You should sign any custom code that’s being downloaded over the Internet. The default settings of Internet Explorer 11 will automatically reject any unsigned code. For more info about digitally signing custom components, see [Security features and IEAK 11](security-and-ieak11.md).
 
diff --git a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
index 223eb8bbfe..78c4f245a3 100644
--- a/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/custombranding-ins-file-setting.md
@@ -1,16 +1,19 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: plan
 description: Use the \[CustomBranding\] .INS file setting to specify the location of your branding cabinet (.cab) file.
-ms.assetid: 9c74e239-65c5-4aa5-812f-e0ed80c5c2b0
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: 9c74e239-65c5-4aa5-812f-e0ed80c5c2b0
 title: Use the CustomBranding .INS file to create custom branding and setup info (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the CustomBranding .INS file to create custom branding and setup info
 Provide the URL to your branding cabinet (.cab) file.
 
 |Name       |Value                           | Description                                                  |
 |-----------|--------------------------------|--------------------------------------------------------------|
-|Branding |`<cab_file_url>` |The location of your branding cabinet (.cab) file. For example, http://www.&lt;your_server&gt;.net/cabs/branding.cab.|
\ No newline at end of file
+|Branding |`<cab_file_url>` |The location of your branding cabinet (.cab) file. For example, http://www.&lt;your_server&gt;.net/cabs/branding.cab.|
+
diff --git a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
index def77f424a..ba2b7e4076 100644
--- a/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
+++ b/browsers/internet-explorer/ie11-ieak/customize-automatic-search-for-ie.md
@@ -1,15 +1,17 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: manage
 description: Customize Automatic Search in Internet Explorer so that your employees can type a single word into the Address box to search for frequently used pages.
-ms.assetid: 694e2f92-5e08-49dc-b83f-677d61fa918a
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: manage
-ms.sitesec: library
+ms.assetid: 694e2f92-5e08-49dc-b83f-677d61fa918a
 title: Customize Automatic Search using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Customize Automatic Search for Internet Explorer using IEAK 11
-Internet Explorer lets websites advertise any search provider that uses the open search standard described at the A9 website ( [OpenSearch 1.1 Draft 5](http://go.microsoft.com/fwlink/p/?LinkId=208582)). When IE detects new search providers, the **Search** box becomes active and adds the new providers to the drop-down list of providers.
+Internet Explorer lets websites advertise any search provider that uses the open search standard described at the A9 website ( [OpenSearch 1.1 Draft 5](https://go.microsoft.com/fwlink/p/?LinkId=208582)). When IE detects new search providers, the **Search** box becomes active and adds the new providers to the drop-down list of providers.
 
 Using the **Administrative Templates** section of Group Policy, you can prevent the search box from appearing, you can add a list of acceptable search providers, or you can restrict your employee’s ability to add or remove search providers.
 
diff --git a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
index 8c39fcada8..ae010258c3 100644
--- a/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/extreginf-ins-file-setting.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use the \[ExtRegInf\] .INS file setting to specify your Setup information (.inf) files and the installation mode for your custom components.
-ms.assetid: 53148422-d784-44dc-811d-ef814b86a4c6
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 53148422-d784-44dc-811d-ef814b86a4c6
 title: Use the ExtRegInf .INS file to specify your installation files and mode (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the ExtRegInf .INS file to specify installation files and mode
 Info about how to specify your Setup information (.inf) files and the instsallation mode for your custom components.
 
@@ -18,4 +20,5 @@ Info about how to specify your Setup information (.inf) files and the instsallat
 |Inetres    |*string* |The name of the .inf file and the install mode for components. For example, *,inetres.inf,DefaultInstall.         |
 |Inetset    |*string* |The name of the .inf file and the install mode for components. For example, *,inetset.inf,DefaultInstall.         |
 |Subs       |*string* |The name of the .inf file and the install mode for components. For example, *,subs.inf,DefaultInstall.            |
-|ConnectionSettings |*string* |The name of the .inf file and the install mode for components. For example, *,connect.inf,DefaultInstall. |
\ No newline at end of file
+|ConnectionSettings |*string* |The name of the .inf file and the install mode for components. For example, *,connect.inf,DefaultInstall. |
+
diff --git a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
index 27fbfbed18..fc1ffdd687 100644
--- a/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/favorites-favoritesbar-and-feeds-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Favorites, Favorites Bar, and Feeds page in IEAK 11 Customization Wizard to add links, web slices, and feeds to your custom browser package.
-ms.assetid: 84afa831-5642-4b8f-b7df-212a53ec8fc7
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 84afa831-5642-4b8f-b7df-212a53ec8fc7
 title: Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Favorites, Favorites Bar, and Feeds page in the IEAK 11 Wizard
 The **Favorites, Favorites Bar, and Feeds** page of the Internet Explorer Administration Kit (IEAK 11) Customization Wizard lets you add:
 
diff --git a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
index b85f2f805e..51042e42b8 100644
--- a/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/favoritesex-ins-file-setting.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use the \[FavoritesEx\] .INS file setting to specify your Favorites icon file, whether Favorites is available offline, and your Favorites URLs.
-ms.assetid: 55de376a-d442-478e-8978-3b064407b631
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 55de376a-d442-478e-8978-3b064407b631
 title: Use the FavoritesEx .INS file for your Favorites icon and URLs (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the FavoritesEx .INS file for your Favorites icon and URLs
 Info about where you store your **Favorites** icon file, whether your **Favorites** are available offline, and the URLs for each **Favorites** site.
 
@@ -16,4 +18,5 @@ Info about where you store your **Favorites** icon file, whether your **Favorite
 |IconFile1       |`<path_and_file_name>` |An icon (.ico file) that represents the **Favorites** item you’re adding. |
 |Offline1        |<ul><li>**0.** Makes the **Favorites** item unavailable for offline browsing.</li><li>**1.** Makes the **Favorites** item available for offline browsing.</li></ul> |Determines if the **Favorites** item is available for offline browsing. |
 |Title1          |`<favorites_title>` |Title for the **Favorites** item. |
-|Url1            |`<favorites_url>`   |URL to the **Favorites** item.    |
\ No newline at end of file
+|Url1            |`<favorites_url>`   |URL to the **Favorites** item.    |
+
diff --git a/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
index 0fea681fea..6c37c85e24 100644
--- a/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/feature-selection-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
-description: How to use the Feature Selection page in the IEAK 11 Customization Wizard to choose which parts of the setup processes and Internet Explorer 11 to change for your company. 
-ms.assetid: 9cb8324e-d73b-41ba-ade9-3acc796e21d8
+localizationpriority: low
+ms.mktglfcycl: deploy
+description: How to use the Feature Selection page in the IEAK 11 Customization Wizard to choose which parts of the setup processes and Internet Explorer 11 to change for your company.
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 9cb8324e-d73b-41ba-ade9-3acc796e21d8
 title: Use the Feature Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Feature Selection page in the IEAK 11 Wizard
 The **Feature Selection** page of the Internet Explorer Customization Wizard 11 lets you choose which parts of the setup processes and Internet Explorer 11 to change for your company, including:
 
diff --git a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
index a04ce46b84..9081a2c20e 100644
--- a/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/file-locations-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
-description: How to use the File Locations page in the IEAK 11 Customization Wizard to change the location of your install package and IE11 folders. 
-ms.assetid: bd0620e1-0e07-4560-95ac-11888c2c389e
+localizationpriority: low
+ms.mktglfcycl: deploy
+description: How to use the File Locations page in the IEAK 11 Customization Wizard to change the location of your install package and IE11 folders.
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: bd0620e1-0e07-4560-95ac-11888c2c389e
 title: Use the File Locations page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the File Locations page in the IEAK 11 Wizard
 The **File Locations** page of the Internet Explorer Customization Wizard 11 lets you change the location of your folders, including:
 
diff --git a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
index 3d717ed9ce..5c4deb0b5d 100644
--- a/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/file-types-ieak11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: plan
 description: Review the file types that are created and used by tools in the Internet Explorer Administration Kit 11 (IEAK 11).
-ms.assetid: e5735074-3e9b-4a00-b1a7-b8fd8baca327
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: e5735074-3e9b-4a00-b1a7-b8fd8baca327
 title: File types used or created by IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # File types used or created by IEAK 11
 A list of the file types used or created by tools in IEAK 11:
 
@@ -27,4 +29,5 @@ A list of the file types used or created by tools in IEAK 11:
 |.js and .jvs |JScript and JavaScript files that let you configure and maintain your advanced proxy settings. For more info, see the [Use the Automatic Configuration page in the IEAK 11 Wizard](auto-config-ieak11-wizard.md) page. |
 |.pvk |A file format used by some certification authorities to store the private key of the digital certificate. The public part of the digital certificate is stored in an SPC file, while the private part is stored in the PVK file. For more info, see the **Understanding certificates** section of the [Security features and IEAK 11](security-and-ieak11.md) page. |
 |.sed |Connection profile files, created by the CMAK tool, including the instructions for building the self-extracting executable (.exe) file for your service profiles.<p>**Important**<br>You must never edit a .sed file. |
-|.spc |The software publishing certificate file, which includes:<ul><li>The name and other identifying information of the owner of the certificate.</li><li>The public key associated with the certificate.</li><li>The serial number.</li><li>The length of time the certificate is valid.</li><li>The digital signature of the certification authority that issued the certificate.</li></ul> |
\ No newline at end of file
+|.spc |The software publishing certificate file, which includes:<ul><li>The name and other identifying information of the owner of the certificate.</li><li>The public key associated with the certificate.</li><li>The serial number.</li><li>The length of time the certificate is valid.</li><li>The digital signature of the certification authority that issued the certificate.</li></ul> |
+
diff --git a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
index 67cc64816d..c3ae5a99f1 100644
--- a/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/first-run-and-welcome-page-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the First Run Wizard and Welcome Page Options page in the IEAK 11 Customization Wizard to set what your employee’s see the first time they log on to IE, based on their operating system.
-ms.assetid: 85f856a6-b707-48a9-ba99-3a6e898276a9
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 85f856a6-b707-48a9-ba99-3a6e898276a9
 title: Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the First Run Wizard and Welcome Page Options page in the IEAK 11 Wizard
 The **First Run Wizard and Welcome Page Options** page of the Internet Explorer Customization Wizard 11 lets you decide what your employee’s see the first time they log on to IE, based on their operating system.
 
diff --git a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
index ccb24ecb0d..ec2a66bc57 100644
--- a/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/guidelines-toolbar-and-favorites-list-ieak11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: plan
 description: Customization guidelines for your Internet Explorer toolbar button and Favorites List icons.
-ms.assetid: bddc8f23-9ac1-449d-ad71-f77f43ae3b5c
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: bddc8f23-9ac1-449d-ad71-f77f43ae3b5c
 title: Customize the toolbar button and Favorites List icons using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Customize the Toolbar button and Favorites List icons using IEAK 11
 Use these customization guidelines to change the browser toolbar button and the **Favorites List** icons, using your own branding and graphics.
 
@@ -18,4 +20,5 @@ Use these customization guidelines to change the browser toolbar button and the
 |Browser toolbar button |2 icon (.ico) files with color images for active and inactive states. | 
 |Favorites List icons   |1 icon (.ico) file for each new URL. |
 
-Your icons must use the .ico file extension, no other image file extension works.
\ No newline at end of file
+Your icons must use the .ico file extension, no other image file extension works.
+
diff --git a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
index 4e453ca996..8d43bef26a 100644
--- a/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/hardware-and-software-reqs-ieak11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: plan
 description: List of supported hardware and software requirements for Internet Explorer 11 and the Internet Explorer Administration Kit 11.
-ms.assetid: c50b86dc-7184-43d1-8daf-e750eb88dabb
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: c50b86dc-7184-43d1-8daf-e750eb88dabb
 title: Hardware and software requirements for Internet Explorer 11 and the IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Hardware and software requirements for Internet Explorer 11 and the IEAK 11
 Before you can use the Internet Explorer Administration Kit 11 and the Internet Explorer Customization Wizard 11, you must first install Internet Explorer 11. For more info about installing IE11, see the [Determine the licensing version and features to use in IEAK 11](licensing-version-and-features-ieak11.md) page.
 
diff --git a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
index 3e42c5a20a..753268c6b2 100644
--- a/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/hidecustom-ins-file-setting.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use the \[HideCustom\] .INS file setting to decide whether to hide the GUID for each custom component.
-ms.assetid: e673f7b1-c3aa-4072-92b0-20c6dc3d9277
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: e673f7b1-c3aa-4072-92b0-20c6dc3d9277
 title: Use the HideCustom .INS file to hide the GUID for each custom component (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the HideCustom .INS file to hide the GUID for each custom component
 Info about whether to hide the globally unique identifier (GUID) for each of your custom components.
 
diff --git a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
index 87f73061b5..9bb18ee1b1 100644
--- a/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
+++ b/browsers/internet-explorer/ie11-ieak/ie-setup-command-line-options-and-return-codes.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Reference about the command-line options and return codes for Internet Explorer Setup.
-ms.assetid: 40c23024-cb5d-4902-ad1b-6e8a189a699f
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 40c23024-cb5d-4902-ad1b-6e8a189a699f
 title: Internet Explorer Setup command-line options and return codes (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Internet Explorer Setup command-line options and return codes
 You can use command-line options along with a tool like IExpress to package your custom version of Internet Explorer and to perform a batch installation across your organization.
 
@@ -59,3 +61,4 @@ Windows Setup needs to tell you whether IE successfully installed. However, beca
 ## Related topics
 - [IExpress Wizard for Windows Server 2008 R2 with SP1](iexpress-wizard-for-win-server.md)
 - [Express Wizard command-line options](iexpress-command-line-options.md)
+
diff --git a/browsers/internet-explorer/ie11-ieak/ieak11-admin-guide-for-it-pros.md b/browsers/internet-explorer/ie11-ieak/ieak11-admin-guide-for-it-pros.md
index d21dc1f28f..b8b5064c08 100644
--- a/browsers/internet-explorer/ie11-ieak/ieak11-admin-guide-for-it-pros.md
+++ b/browsers/internet-explorer/ie11-ieak/ieak11-admin-guide-for-it-pros.md
@@ -1,14 +1,15 @@
 ---
-description: Use this guide to learn about the several options and processes you'll need to consider while using the Internet Explorer Administration Kit 11 (IEAK 11) to customize, deploy, and manage Internet Explorer 11 for your employee's devices.
+localizationpriority: low
+ms.mktglfcycl: plan
 description: IEAK 11 - Internet Explorer Administration Kit 11 Users Guide
-ms.assetid: 847bd7b4-d5dd-4e10-87b5-4d7d3a99bbac
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: 847bd7b4-d5dd-4e10-87b5-4d7d3a99bbac
 title: Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide
 Use this guide to learn about the several options and processes you'll need to consider while you're using the Internet Explorer Administration Kit 11 (IEAK 11) to customize, deploy, and manage Internet Explorer 11 for your employee's devices.
 
@@ -28,4 +29,5 @@ IE11 and IEAK 11 offers differing experiences between Windows 7 and Windows 8.1
 |IE                                        |The immersive browser, or IE, without a specific version.  |
 |Internet Explorer for the desktop         |The desktop browser. This is the only experience available when running IE11 on Windows 7 SP1.  |
 |IE11                                      |The whole browser, which includes both IE and Internet Explorer for the desktop.  |
-|Internet Explorer Customization Wizard 11 |Step-by-step wizard screens that help you create custom IE11 installation packages. |
\ No newline at end of file
+|Internet Explorer Customization Wizard 11 |Step-by-step wizard screens that help you create custom IE11 installation packages. |
+
diff --git a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
index 0073e17a2c..db66d6f706 100644
--- a/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
+++ b/browsers/internet-explorer/ie11-ieak/ieak11-wizard-custom-options.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: plan
 description: Review the options available to help you customize your browser install packages for deployment to your employee's devices.
-ms.assetid: 4b804da3-c3ac-4b60-ab1c-99536ff6e31b
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: 4b804da3-c3ac-4b60-ab1c-99536ff6e31b
 title: Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Internet Explorer Administration Kit 11 (IEAK 11) Customization Wizard options
 Use the Internet Explorer Administration Kit 11 (IEAK 11) and the Internet Explorer Customization Wizard 11 to customize your browser install packages for deployment to your employee's devices.
 
@@ -34,4 +36,5 @@ IEAK 11 lets you customize a lot of Internet Explorer 11, including the IE and
 |[Add a Root Certification](add-root-certificate-ieak11-wizard.md) |No longer supported |This functionality has been removed for IE11. |
 |[Security and Privacy Settings](security-and-privacy-settings-ieak11-wizard.md) |The **Security Zones and Privacy** settings are supported by both experiences. The **Content Ratings** are only supported on Internet Explorer for the desktop. |Decide if you want to:<ul><li>Customize your security zones and privacy settings</li><p>-OR-<p><li>Import your current security zones and privacy settings</li><p>-AND-<p><li>Customize your content ratings settings</li><p>-OR-<p><li>Import your current content ratings settings</li></ul> |
 |[Programs](programs-ieak11-wizard.md) |Internet Explorer for the desktop |Decide your default programs or import your current settings. |
-|[Additional Settings](additional-settings-ieak11-wizard.md) |Both |Decide how to set up multiple IE settings that appear in the **Internet Options** box. |
\ No newline at end of file
+|[Additional Settings](additional-settings-ieak11-wizard.md) |Both |Decide how to set up multiple IE settings that appear in the **Internet Options** box. |
+
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
index 86d40fa16e..13fff054c3 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-command-line-options.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Reference about the command-line options for the IExpress Wizard.
-ms.assetid: aa16d738-1067-403c-88b3-bada12cf9752
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: aa16d738-1067-403c-88b3-bada12cf9752
 title: IExpress Wizard command-line options (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 **Applies to:**
 - Windows Server 2008 R2 with SP1
 
@@ -29,8 +31,9 @@ These command-line options work with IExpress:<br>
 |`/r:a` |Always restarts the computer after installation. |
 |`/r:s` |Restarts the computer after installation without prompting the employee. |
 
-For more information, see [Command-line switches for IExpress software update packages](http://go.microsoft.com/fwlink/p/?LinkId=317973).
+For more information, see [Command-line switches for IExpress software update packages](https://go.microsoft.com/fwlink/p/?LinkId=317973).
 
 ## Related topics
 - [IExpress Wizard for Windows Server 2008 R2 with SP1](iexpress-wizard-for-win-server.md)
 - [Internet Explorer Setup command-line options and return codes](ie-setup-command-line-options-and-return-codes.md)
+
diff --git a/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md b/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
index d6b43635ee..a863e88fd8 100644
--- a/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
+++ b/browsers/internet-explorer/ie11-ieak/iexpress-wizard-for-win-server.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use the IExpress Wizard on Windows Server 2008 R2 with SP1 to create self-extracting files to run your custom Internet Explorer Setup program.
-ms.assetid: 5100886d-ec88-4c1c-8cd7-be00da874c57
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 5100886d-ec88-4c1c-8cd7-be00da874c57
 title: IExpress Wizard for Windows Server 2008 R2 with SP1 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # IExpress Wizard for Windows Server 2008 R2 with SP1
 Use the IExpress Wizard and its associated command-line options to create self-extracting files that automatically run your custom Internet Explorer Setup (.inf or .exe file) program that’s contained inside.
 
diff --git a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
index b58454d722..7d15c80a0e 100644
--- a/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/important-urls-home-page-and-support-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Important URLs - Home Page and Support page in the IEAK 11 Customization Wizard to choose one or more **Home** pages and an online support page for your customized version of IE.
-ms.assetid: 19e34879-ba9d-41bf-806a-3b9b9b752fc1
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 19e34879-ba9d-41bf-806a-3b9b9b752fc1
 title: Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Important URLs - Home Page and Support page in the IEAK 11 Wizard
 The **Important URLS – Home Page and Support** page of the Internet Explorer Customization Wizard 11 lets you choose one or more **Home** pages and an online support page for your customized version of IE.
 
diff --git a/browsers/internet-explorer/ie11-ieak/index.md b/browsers/internet-explorer/ie11-ieak/index.md
index 583bc698fd..b0c1e0c9fe 100644
--- a/browsers/internet-explorer/ie11-ieak/index.md
+++ b/browsers/internet-explorer/ie11-ieak/index.md
@@ -1,14 +1,14 @@
 ---
-description: Use this guide to learn about the several options and processes you'll need to consider while using the Internet Explorer Administration Kit 11 (IEAK 11) to customize, deploy, and manage Internet Explorer 11 for your employee's devices.
+ms.mktglfcycl: plan
 description: IEAK 11 - Internet Explorer Administration Kit 11 Users Guide
-ms.assetid: 847bd7b4-d5dd-4e10-87b5-4d7d3a99bbac
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: 847bd7b4-d5dd-4e10-87b5-4d7d3a99bbac
 title: Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide
 Use this guide to learn about the several options and processes you'll need to consider while you're using the Internet Explorer Administration Kit 11 (IEAK 11) to customize, deploy, and manage Internet Explorer 11 for your employee's devices.
 
@@ -33,4 +33,5 @@ IE11 and IEAK 11 offers differing experiences between Windows 7 and Windows 8.1
 ## Related topics
 - [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)
 - [Internet Explorer 11 (IE11) - Deployment Guide for IT Pros](../ie11-deploy-guide/index.md)
-- [Microsoft Edge - Deployment Guide for IT Pros](http://go.microsoft.com/fwlink/p/?LinkId=760643)
\ No newline at end of file
+- [Microsoft Edge - Deployment Guide for IT Pros](https://go.microsoft.com/fwlink/p/?LinkId=760643)
+
diff --git a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
index 7718f63678..f96568d6ab 100644
--- a/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/internal-install-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Internal Install page in the IEAK 11 Customization Wizard to customize Setup for the default browser and the latest browser updates.
-ms.assetid: 33d078e3-75b8-455b-9126-f0d272ed676f
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 33d078e3-75b8-455b-9126-f0d272ed676f
 title: Use the Internal Install page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Internal Install page in the IEAK 11 Wizard
 The **Internal Install** page of the Internet Explorer Customization Wizard 11 lets you customize Setup for the default browser and the latest browser updates, based on your company’s guidelines.
 
diff --git a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
index 5971510317..01f34bb4f1 100644
--- a/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/isp-security-ins-file-setting.md
@@ -1,16 +1,19 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use the \[ISP_Security\] .INS file setting to add the root certificate for your custom Internet Explorer package.
-ms.assetid: 4eca2de5-7071-45a2-9c99-75115be00d06
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 4eca2de5-7071-45a2-9c99-75115be00d06
 title: Use the ISP_Security .INS file to add your root certificate (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the ISP_Security .INS file to add your root certificate
 Info about where you store the root certificate you’re adding to your custom package.
 
 |Name           |Value                  |Description                                                                               |
 |---------------|-----------------------|------------------------------------------------------------------------------------------|
-|RootCertPath |`<path_and_file_name>` |Location and name of the root certificate you want to add to your custom install package. |
\ No newline at end of file
+|RootCertPath |`<path_and_file_name>` |Location and name of the root certificate you want to add to your custom install package. |
+
diff --git a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
index 7aed4e8eb9..cbd3082236 100644
--- a/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/language-selection-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Language Selection page in the IEAK 11 Customization Wizard to choose the lanaguage for your IEAK 11 custom package.
-ms.assetid: f9d4ab57-9b1d-4cbc-9398-63f4938df1f6
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: f9d4ab57-9b1d-4cbc-9398-63f4938df1f6
 title: Use the Language Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Language Selection page in the IEAK 11 Wizard
 The **Language Selection** page of the Internet Explorer Customization Wizard 11 lets you choose the language for your Internet Explorer Administration Kit 11 (IEAK 11) custom package. You can create custom Internet Explorer 11 packages in any of the languages your operating system version is available in.
 
diff --git a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
index d1a1939d26..87187bf8c3 100644
--- a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: plan
 description: Learn about which version of the IEAK 11 you should run, based on your license agreement.
-ms.assetid: 69d25451-08af-4db0-9daa-44ab272acc15
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: 69d25451-08af-4db0-9daa-44ab272acc15
 title: Determine the licensing version and features to use in IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Determine the licensing version and features to use in IEAK 11
 You must pick a version of IEAK 11 to run during installation, either **External** or **Internal**, based on your license agreement. Your version selection decides the options you can pick from, the steps you’ll have to follow to deploy your Internet Explorer 11 package, and how you’ll manage the browser after deployment.
 
@@ -45,4 +47,5 @@ You must pick a version of IEAK 11 to run during installation, either **Externa
 |Not available                             |Add a root certificate                    |
 |Programs                                  |Programs                                  |
 |Additional settings                       |Not available                             |
-|Wizard complete                           |Wizard complete                           |
\ No newline at end of file
+|Wizard complete                           |Wizard complete                           |
+
diff --git a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
index 4144e944ad..0a11cced95 100644
--- a/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/media-ins-file-setting.md
@@ -1,16 +1,19 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use the \[Media\] .INS file setting to specify the types of media on which your custom install package is available.
-ms.assetid: c57bae60-d520-49a9-a77d-da43f7ebe5b8
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: c57bae60-d520-49a9-a77d-da43f7ebe5b8
 title: Use the Media .INS file to specify your install media (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Media .INS file to specify your install media
 The types of media on which your custom install package is available.
 
 |Name |Value |Description      |
 |-----|------|-----------------|
-|Build_LAN |<ul><li>**0.** Don’t create the LAN-based installation package.</li><li>**1.** Create the LAN-based installation package.</li></ul> |Determines whether you want to create a LAN-based installation package. |
\ No newline at end of file
+|Build_LAN |<ul><li>**0.** Don’t create the LAN-based installation package.</li><li>**1.** Create the LAN-based installation package.</li></ul> |Determines whether you want to create a LAN-based installation package. |
+
diff --git a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
index 02d75e4a77..02429b575c 100644
--- a/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/pkg-type-selection-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Package Type Selection page in the IEAK 11 Customization Wizard to pick the media type you’ll use to distribute your custom package.
-ms.assetid: dd91f788-d05e-4f45-9fd5-d951abf04f2c
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: dd91f788-d05e-4f45-9fd5-d951abf04f2c
 title: Use the Package Type Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Package Type Selection page in the IEAK 11 Wizard
 The **Package Type Selection** page of the Internet Explorer Customization Wizard 11 lets you pick which type of media you’ll use to distribute your custom installation package. You can pick more than one type, if you need it.
 
diff --git a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
index 345e690dd9..f6b5085ea3 100644
--- a/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/platform-selection-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Platform Selection page in the IEAK 11 Customization Wizard to pick the specs for your employee devices that will get the install package.
-ms.assetid: 9cbf5abd-86f7-42b6-9810-0b606bbe8218
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 9cbf5abd-86f7-42b6-9810-0b606bbe8218
 title: Use the Platform Selection page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 #  Use the Platform Selection page in the IEAK 11 Wizard
 The **Platform Selection** page of the Internet Explorer Customization Wizard 11 lets you pick the operating system and architecture (32-bit or 64-bit) for the devices on which you’re going to install the custom installation package.
 
diff --git a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
index ee0f635579..cf4de55861 100644
--- a/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/prep-network-install-with-ieak11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: plan
 description: Learn about what you need to do before you deploy your custom browser package using IEAK 11 over your network.
-ms.assetid: 2c66d22a-4a94-47cc-82ab-7274abe1dfd6
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: 2c66d22a-4a94-47cc-82ab-7274abe1dfd6
 title: Before you install your package over your network using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Before you install your package over your network using IEAK 11
 Employees can install the custom browser package using a network server. However, you must either lower the intranet security level or make the server a trusted site.
 
@@ -25,4 +27,5 @@ Employees can install the custom browser package using a network server. However
 
 2. Type the location of the server with the downloadable custom browser package, and then click **Add**.
 
-3. Repeat this step for every server that will include the custom browser package for download.
\ No newline at end of file
+3. Repeat this step for every server that will include the custom browser package for download.
+
diff --git a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
index b1bd1220ef..947b670ab7 100644
--- a/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/programs-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Programs page in the IEAK 11 Customization Wizard to pick the default programs to use for Internet services.
-ms.assetid: f715668f-a50d-4db0-b578-e6526fbfa1fc
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: f715668f-a50d-4db0-b578-e6526fbfa1fc
 title: Use the Programs page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 #  Use the Programs page in the IEAK 11 Wizard
 The **Programs** page of the Internet Explorer Customization Wizard 11 lets you pick the default programs to use for Internet services, like email, contact lists, and newsgroups, by importing settings from your computer.
 
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
index 931dc09282..78978d8119 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-auto-config-examples.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Learn about how to use a proxy auto-configuration (.pac) file to specify an automatic proxy URL.
-ms.assetid: 6c94708d-71bd-44bd-a445-7e6763b374ae
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 6c94708d-71bd-44bd-a445-7e6763b374ae
 title: Use proxy auto-configuration (.pac) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use proxy auto-configuration (.pac) files with IEAK 11
 These are various ways you can use a proxy auto-configuration (.pac) file to specify an automatic proxy URL. We've included some examples here to help guide you, but you'll need to change the proxy names, port numbers, and IP addresses to match your organization's info.
 
@@ -171,4 +173,5 @@ function FindProxyForURL(url, host)
  else 
  return "DIRECT";
  }
-```
\ No newline at end of file
+```
+
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
index 902b4c3cd9..eb04586dcd 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-ins-file-setting.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use the \[Proxy\] .INS file setting to define whether to use a proxy server.
-ms.assetid: 30b03c2f-e3e5-48d2-9007-e3fd632f3c18
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 30b03c2f-e3e5-48d2-9007-e3fd632f3c18
 title: Use the Proxy .INS file to specify a proxy server (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Proxy .INS file to specify a proxy server
 Info about whether to use a proxy server. If yes, this also includes the host names for the proxy server.
 
@@ -20,4 +22,5 @@ Info about whether to use a proxy server. If yes, this also includes the host na
 |Proxy_Override |`<proxy_name>` |The host name for the proxy server. For example, `<local>`. |
 |Secure_Proxy_Server |`<proxy_name>` |The host name for the secure proxy server. |
 |Socks_Proxy_Server |`<proxy_name>` |The host name for the SOCKS proxy server. |
-|Use_Same_Proxy |<ul><li>**0.** Don’t use the same proxy server for all services.</li><li>**1.** Use the same proxy server for all services.</li></ul> |Determines whether to use a single proxy server for all services. |
\ No newline at end of file
+|Use_Same_Proxy |<ul><li>**0.** Don’t use the same proxy server for all services.</li><li>**1.** Use the same proxy server for all services.</li></ul> |Determines whether to use a single proxy server for all services. |
+
diff --git a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
index 9f9c0ed357..c758d7acbf 100644
--- a/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/proxy-settings-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Proxy Settings page in the IEAK 11 Customization Wizard to pick the proxy servers used to connect to required services.
-ms.assetid: 1fa1eee3-e97d-41fa-a48c-4a6e0dc8b544
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 1fa1eee3-e97d-41fa-a48c-4a6e0dc8b544
 title: Use the Proxy Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Proxy Settings page in the IEAK 11 Wizard
 The **Proxy Settings** page of the Internet Explorer Customization Wizard 11 lets you pick the proxy servers used by your employees to connect for services required by the custom install package.
 
@@ -18,7 +20,7 @@ Using a proxy server lets you limit access to the Internet. You can also use the
 1.  Check the **Enable proxy settings** box if you want to use proxy servers for any of your services.
 
 2.  Type the address of the proxy server you want to use for your services into the **Address of proxy** box. In most cases, a single proxy server is used for all of your services.<p>
-Proxy locations that don’t begin with a protocol (like, http:// or ftp://) are assumed to be a CERN-type HTTP proxy. For example, the entry *proxy* is treated the same as the entry *http://proxy*.
+Proxy locations that don’t begin with a protocol (like, http:// or ftp://) are assumed to be a CERN-type HTTP proxy. For example, the entry *proxy* is treated the same as the entry `http://proxy`.
 
 3.  Type the port for each service. The default value is *80*.
 
diff --git a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
index c047eef68c..1a490542ed 100644
--- a/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/register-uninstall-app-ieak11.md
@@ -1,12 +1,14 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Learn how to register an uninstall app for your custom components, using IEAK 11.
-ms.assetid: 4da1d408-af4a-4c89-a491-d6f005fd5005
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
+ms.assetid: 4da1d408-af4a-4c89-a491-d6f005fd5005
 title: Register an uninstall app for custom components using IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
 ---
 
+
 # Register an uninstall app for custom components using IEAK 11
 Register the uninstall apps for any custom components you’ve included in your Internet Explorer 11 package. Registering these apps lets your employees remove the components later, using **Uninstall or change a program** in the Control Panel.
 
@@ -18,4 +20,5 @@ While you’re running your custom component setup process, your app can add inf
 |Subkey |Data type |Value      |
 |-------|----------|-----------|
 |DisplayName |*string* |Friendly name for your uninstall app. This name must match your **Uninstall Key** in the **Add a Custom Component** page of the Internet Explorer Customization Wizard 11. For more info, see the [Custom Components](custom-components-ieak11-wizard.md) page.  |
-|UninstallString |*string* |Full command-line text, including the path, to uninstall your component. You must not use a batch file or a sub-process. |
\ No newline at end of file
+|UninstallString |*string* |Full command-line text, including the path, to uninstall your component. You must not use a batch file or a sub-process. |
+
diff --git a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
index 789f64a8b7..0760b36184 100644
--- a/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/rsop-snapin-for-policy-settings-ieak11.md
@@ -1,15 +1,17 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: manage
 description: Learn how to use the Resultant Set of Policy (RSoP) snap-in to view your policy settings.
-ms.assetid: 0f21b320-e879-4a06-8589-aae6fc264666
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: manage
-ms.sitesec: library
+ms.assetid: 0f21b320-e879-4a06-8589-aae6fc264666
 title: Use the RSoP snap-in to review policy settings (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Using the Resultant Set of Policy (RSoP) snap-in to review policy settings
-After you’ve deployed your custom Internet Explorer package to your employees, you can use the Resultant Set of Policy (RSoP) snap-in to view your created policy settings. The RSoP snap-in is a two-step process. First, you run the RSoP wizard to determine what information should be viewed. Second, you open the specific items in the console window to view the settings. For complete instructions about how to use RSoP, see [Resultant Set of Policy](http://go.microsoft.com/fwlink/p/?LinkId=259479).
+After you’ve deployed your custom Internet Explorer package to your employees, you can use the Resultant Set of Policy (RSoP) snap-in to view your created policy settings. The RSoP snap-in is a two-step process. First, you run the RSoP wizard to determine what information should be viewed. Second, you open the specific items in the console window to view the settings. For complete instructions about how to use RSoP, see [Resultant Set of Policy](https://go.microsoft.com/fwlink/p/?LinkId=259479).
 
 ![](images/wedge.gif) **To add the RSoP snap-in**
 
diff --git a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
index bd5e4c8c12..d58f446135 100644
--- a/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/search-providers-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Search Providers page in the IEAK 11 Customization Wizard to add additional providers and set the default.
-ms.assetid: 48cfaba5-f4c0-493c-b656-445311b7bc52
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 48cfaba5-f4c0-493c-b656-445311b7bc52
 title: Use the Search Providers page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Search Providers page in the IEAK 11 Wizard
 The **Search Providers** page of the Internet Explorer Customization Wizard 11 lets you add a default search provider (typically, Bing®) and additional providers to your custom version of IE.
 
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
index 5802534823..61e6caf344 100644
--- a/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/security-and-ieak11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: plan
 description: Learn about the security features available in Internet Explorer 11 and IEAK 11.
-ms.assetid: 5b64c9cb-f8da-411a-88e4-fa69dea473e2
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: plan
-ms.sitesec: library
+ms.assetid: 5b64c9cb-f8da-411a-88e4-fa69dea473e2
 title: Security features and IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Security features and IEAK 11
 Use Internet Explorer in conjunction with your new and existing security measures, to make sure the computers in your company aren’t compromised while on the Internet.
 
@@ -28,21 +30,21 @@ Because of this, the custom .cab files created by the Internet Explorer Customiz
 ### Understanding digital certificates
 To sign your package and custom programs digitally, you must first obtain a digital certificate. You can obtain a certificate from a certification authority or a privately-controlled certificate server. For more info about obtaining certificates or setting up a certificate server, see the following:
 
--   Microsoft-trusted certification authorities ([Windows root certificate program requirements](http://go.microsoft.com/fwlink/p/?LinkId=759697)).
+-   Microsoft-trusted certification authorities ([Windows root certificate program requirements](https://go.microsoft.com/fwlink/p/?LinkId=759697)).
 
--   Certificates overview documentation ([Certificates](http://go.microsoft.com/fwlink/p/?LinkId=759698)).
+-   Certificates overview documentation ([Certificates](https://go.microsoft.com/fwlink/p/?LinkId=759698)).
 
--   Microsoft Active Directory Certificate Services ( [Active Directory Certificate Services](http://go.microsoft.com/fwlink/p/?LinkId=259521)).
+-   Microsoft Active Directory Certificate Services ( [Active Directory Certificate Services](https://go.microsoft.com/fwlink/p/?LinkId=259521)).
 
--   Enterprise public key infrastructure (PKI) snap-in documentation ([Enterprise PKI](http://go.microsoft.com/fwlink/p/?LinkId=259526)).
+-   Enterprise public key infrastructure (PKI) snap-in documentation ([Enterprise PKI](https://go.microsoft.com/fwlink/p/?LinkId=259526)).
 
 After you get a certificate, you should note the public and private keys, which are a matched set of keys that are created by the software publisher for encryption and decryption. They are generated on your device at the time the certificate is requested, and your private key is never sent to the certification authority or any other party.
 
 ### Understanding code signing
 Code signing varies, depening on how you plan to distribute your custom install package.
 
--   **If you plan to distribute custom packages over the Internet**, you must sign all custom components and the CMAK profile package (if used). Before you start the Internet Explorer Customization Wizard, make sure that both are signed. Typically, their respective manufacturers will have signed them. Otherwise, you can sign these using the Sign Tool (SignTool.exe) ( [SignTool.exe (Sign Tool)](http://go.microsoft.com/fwlink/p/?LinkId=71298)) or use the File Signing Tool (Signcode.exe) ([Signcode.exe (File Signing Tool)](http://go.microsoft.com/fwlink/p/?LinkId=71299)). You should read the documentation included with these tools for more info about all of the signing options.<p>
-In addition, after you run the Internet Explorer Customization Wizard, we highly recommend that you sign the IEAK package and the branding.cab file (if you are using it separately from the package). You can do this also using the tools mentioned above. For more information, download Code-Signing Best Practices ([Code-Signing Best Practices](http://go.microsoft.com/fwlink/p/?LinkId=71300)).
+-   **If you plan to distribute custom packages over the Internet**, you must sign all custom components and the CMAK profile package (if used). Before you start the Internet Explorer Customization Wizard, make sure that both are signed. Typically, their respective manufacturers will have signed them. Otherwise, you can sign these using the Sign Tool (SignTool.exe) ( [SignTool.exe (Sign Tool)](https://go.microsoft.com/fwlink/p/?LinkId=71298)) or use the File Signing Tool (Signcode.exe) ([Signcode.exe (File Signing Tool)](https://go.microsoft.com/fwlink/p/?LinkId=71299)). You should read the documentation included with these tools for more info about all of the signing options.<p>
+In addition, after you run the Internet Explorer Customization Wizard, we highly recommend that you sign the IEAK package and the branding.cab file (if you are using it separately from the package). You can do this also using the tools mentioned above. For more information, download Code-Signing Best Practices ([Code-Signing Best Practices](https://go.microsoft.com/fwlink/p/?LinkId=71300)).
 
 -   **If you plan to distribute your custom packages over an intranet**, sign the custom files or preconfigure the Local intranet zone with a Low security setting, because the default security setting does not allow users to download unsigned programs or code.
 
@@ -55,4 +57,5 @@ You must keep your private key, private. To do this, we recommend:
 
 -   **Tamper-proof storage.** Save your private keys on secure, tamper-proof hardware devices.
 
--   **Security.** Protect your private keys using physical security measures, such as cameras and card readers.
\ No newline at end of file
+-   **Security.** Protect your private keys using physical security measures, such as cameras and card readers.
+
diff --git a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
index 77a5c40dbf..a59c87f2d8 100644
--- a/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/security-and-privacy-settings-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the Security and Privacy Settings page in the IEAK 11 Customization Wizard to manage your security zones, privacy settings, and content ratings.
-ms.assetid: cb7cd1df-6a79-42f6-b3a1-8ae467053f82
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: cb7cd1df-6a79-42f6-b3a1-8ae467053f82
 title: Use the Security and Privacy Settings page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Security and Privacy Settings page in the IEAK 11 Wizard
 The **Security and Privacy Settings** page of the Internet Explorer Customization Wizard 11 lets you manage your security zones, privacy settings, and content ratings. These settings help restrict the types of content your employees can access from the Internet, including any content that might be considered offensive or otherwise inappropriate in a corporate setting.
 
diff --git a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
index 733b53831c..2c1379c97b 100644
--- a/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/security-imports-ins-file-setting.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use the \[Security Imports\] .INS file setting to decide whether to import security info to your custom package.
-ms.assetid: 19791c44-aaa7-4f37-9faa-85cbdf29f68e
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 19791c44-aaa7-4f37-9faa-85cbdf29f68e
 title: Use the Security Imports .INS file to import security info (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Security Imports .INS file to import security info
 Info about how to import security information from your local device to your custom package.
 
@@ -17,4 +19,5 @@ Info about how to import security information from your local device to your cus
 |ImportRatings |<ul><li>**0.** Don’t import the existing settings.</li><li>**1.** Import the existing settings.</li></ul> |Whether to import the existing Content Ratings settings. |
 |ImportSecZones |<ul><li>**0.** Don’t import the existing settings.</li><li>**1.** Import the existing settings.</li></ul> |Whether to import the existing Security Zone settings. |
 |ImportSiteCert |<ul><li>**0.** Don’t import the existing authorities.</li><li>**1.** Import the existing authorities.</li></ul> |Whether to import the existing site certification authorities. |
-|Win16SiteCerts |<ul><li>**0.** Don’t use the site certificates.</li><li>**1.** Use the site certificates.</li></ul> |Whether to use site certificates for computers running 16-bit versions of Windows. |
\ No newline at end of file
+|Win16SiteCerts |<ul><li>**0.** Don’t use the site certificates.</li><li>**1.** Use the site certificates.</li></ul> |Whether to use site certificates for computers running 16-bit versions of Windows. |
+
diff --git a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
index 6d83d55a3e..b6c2290c54 100644
--- a/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/troubleshooting-custom-browser-pkg-ieak11.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: support
 description: Info about some of the known issues using the Internet Exporer Customization Wizard and a custom Internet Explorer install package.
-ms.assetid: 9e22cc61-6c63-4cab-bfdf-6fe49db945e4
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: support
-ms.sitesec: library
+ms.assetid: 9e22cc61-6c63-4cab-bfdf-6fe49db945e4
 title: Troubleshoot custom package and IEAK 11 problems (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Troubleshoot custom package and IEAK 11 problems
 While the Internet Explorer Customization Wizard has been around for quite a while, there are still some known issues that you might encounter while deploying or managing your custom IE install package.
 
diff --git a/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md b/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
index 853199a71b..d508dffd3a 100644
--- a/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
+++ b/browsers/internet-explorer/ie11-ieak/url-ins-file-setting.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Use the \[URL\] .INS file setting to decide whether to use an auto-configured proxy server.
-ms.assetid: 05b09dfa-cf11-408d-92c2-b4ae434a59a7
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: 05b09dfa-cf11-408d-92c2-b4ae434a59a7
 title: Use the URL .INS file to use an auto-configured proxy server (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the URL .INS file to use an auto-configured proxy server
 Info about whether to use an auto-configured proxy server. If yes, this also includes the URLs to the pages that appear when your employees first connect to that server.
 
@@ -30,4 +32,5 @@ Info about whether to use an auto-configured proxy server. If yes, this also inc
 |Quick_Link_X_Name |`<quick_link_X_name>` |The name of the site associated with another Quick Link. |
 |Quick_Link_X_Offline |<ul><li>**0.** Don’t make the Quick Links available offline.</li><li>**1.** Make the Quick Links available offline.</li></ul> |Determines whether to make the Quick Links available for offline browsing. |
 |Search_Page |`<default_search_url>` |The URL to the default search page. |
-|UseLocalIns |<ul><li>**0.** Don’t use a local .ins file.</li><li>**1.** Use a local .ins file.</li></ul> |Determines whether to use a local Internet Settings (.ins) file |
\ No newline at end of file
+|UseLocalIns |<ul><li>**0.** Don’t use a local .ins file.</li><li>**1.** Use a local .ins file.</li></ul> |Determines whether to use a local Internet Settings (.ins) file |
+
diff --git a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
index 0027d5ce6d..11278110c1 100644
--- a/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/user-experience-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: How to use the User Experience page in the IEAK 11 Customization Wizard to decide user interaction with the Setup process.
-ms.assetid: d3378058-e4f0-4a11-a888-b550af994bfa
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: d3378058-e4f0-4a11-a888-b550af994bfa
 title: Use the User Experience page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the User Experience page in the IEAK 11 Wizard
 The **User Experience** page of the Internet Explorer Customization Wizard 11 lets you decide how much you want your employees to interact with the custom package’s Setup process.
 
diff --git a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
index d08e772fa9..dc16dd86ec 100644
--- a/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
+++ b/browsers/internet-explorer/ie11-ieak/using-internet-settings-ins-files.md
@@ -1,13 +1,15 @@
 ---
+localizationpriority: low
+ms.mktglfcycl: deploy
 description: Info about how to use Internet Settings (.ins) files and the IEAK 11 to configure your custom browser package.
-ms.assetid: a24a7cdb-681e-4f34-a53c-6d8383c5f977
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: a24a7cdb-681e-4f34-a53c-6d8383c5f977
 title: Using Internet Settings (.INS) files with IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Using Internet Settings (.INS) files with IEAK 11
 Use the Internet Settings (.ins) files and the Internet Explorer Administration Kit 11 (IEAK 11) to configure your custom browser and its components. You can create multiple versions of your custom package by customizing copies of this file.
 
@@ -27,4 +29,5 @@ Here's a list of the availble .INS file settings:
 |[Media](media-ins-file-setting.md) |Types of media in which your custom installation package is available. |
 |[Proxy](proxy-ins-file-setting.md) |Whether to use a proxy server. |
 |[Security Imports](security-imports-ins-file-setting.md) |Whether to import security information for your custom package. |
-|[URL](url-ins-file-setting.md) |Whether to use an auto-configured proxy server. |
\ No newline at end of file
+|[URL](url-ins-file-setting.md) |Whether to use an auto-configured proxy server. |
+
diff --git a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
index 9c4b3bea88..2fad3b0d54 100644
--- a/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
+++ b/browsers/internet-explorer/ie11-ieak/wizard-complete-ieak11-wizard.md
@@ -1,13 +1,15 @@
 ---
-description: How to use the Wizard Complete - Next Steps page in the IEAK 11 Customization Wizard to build your custom Internet Explorer install package. 
-ms.assetid: aaaac88a-2022-4d0b-893c-b2404b45cabc
+localizationpriority: low
+ms.mktglfcycl: deploy
+description: How to use the Wizard Complete - Next Steps page in the IEAK 11 Customization Wizard to build your custom Internet Explorer install package.
 author: eross-msft
 ms.prod: ie11
-ms.mktglfcycl: deploy
-ms.sitesec: library
+ms.assetid: aaaac88a-2022-4d0b-893c-b2404b45cabc
 title: Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard (Internet Explorer Administration Kit 11 for IT Pros)
+ms.sitesec: library
 ---
 
+
 # Use the Wizard Complete - Next Steps page in the IEAK 11 Wizard
 The **Wizard Complete – Next Steps** page of the Internet Explorer Customization Wizard 11 lets you build your custom installation package, after you click **Finish**.
 
diff --git a/browsers/internet-explorer/index.md b/browsers/internet-explorer/index.md
index 480d0fb2fc..c9e24043a1 100644
--- a/browsers/internet-explorer/index.md
+++ b/browsers/internet-explorer/index.md
@@ -1,13 +1,14 @@
 ---
+ms.mktglfcycl: deploy
 description: The landing page for IE11 that lets you access the documentation.
-assetid: be3dc32e-80d9-4d9f-a802-c7db6c50dbe0
 author: eross-msft
 ms.prod: IE11
-ms.mktglfcycl: deploy
-ms.sitesec: library
 title: Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
+assetid: be3dc32e-80d9-4d9f-a802-c7db6c50dbe0
+ms.sitesec: library
 ---
 
+
 # Internet Explorer 11 (IE11)
 Find info about Internet Explorer 11 that's important to IT Pros.
 
diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
new file mode 100644
index 0000000000..8b4c888244
--- /dev/null
+++ b/devices/hololens/TOC.md
@@ -0,0 +1 @@
+# [Placeholder](index.md)
\ No newline at end of file
diff --git a/devices/hololens/docfx.json b/devices/hololens/docfx.json
new file mode 100644
index 0000000000..c6dc9e418d
--- /dev/null
+++ b/devices/hololens/docfx.json
@@ -0,0 +1,37 @@
+{
+  "build": {
+    "content": [
+      {
+        "files": [
+          "**/*.md"
+        ],
+        "exclude": [
+          "**/obj/**",
+          "devices/hololens/**",
+          "**/includes/**"
+        ]
+      }
+    ],
+    "resource": [
+      {
+        "files": [
+          "**/*.png",
+          "**/*.jpg"
+        ],
+        "exclude": [
+          "**/obj/**",
+          "devices/hololens/**",
+          "**/includes/**"
+        ]
+      }
+    ],
+    "overwrite": [],
+    "externalReference": [],
+    "globalMetadata": {},
+    "fileMetadata": {},
+    "template": [
+      null
+    ],
+    "dest": "devices/hololens"
+  }
+}
diff --git a/devices/hololens/index.md b/devices/hololens/index.md
new file mode 100644
index 0000000000..4b581a5c10
--- /dev/null
+++ b/devices/hololens/index.md
@@ -0,0 +1,3 @@
+---
+redirect_url: https://developer.microsoft.com/windows/holographic/commercial_features
+---
diff --git a/devices/surface-hub/accessibility-surface-hub.md b/devices/surface-hub/accessibility-surface-hub.md
index 4c4b6a6425..4950e97e51 100644
--- a/devices/surface-hub/accessibility-surface-hub.md
+++ b/devices/surface-hub/accessibility-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.pagetype: surfacehub
 ms.sitesec: library
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Accessibility (Surface Hub)
diff --git a/devices/surface-hub/admin-group-management-for-surface-hub.md b/devices/surface-hub/admin-group-management-for-surface-hub.md
index daab251d41..cf642f2291 100644
--- a/devices/surface-hub/admin-group-management-for-surface-hub.md
+++ b/devices/surface-hub/admin-group-management-for-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub, security
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Admin group management (Surface Hub)
diff --git a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
index 7fd65a2aa4..c82891ed56 100644
--- a/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
+++ b/devices/surface-hub/appendix-a-powershell-scripts-for-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Appendix: PowerShell (Surface Hub)
@@ -34,7 +35,7 @@ You can check online for updated versions at [Surface Hub device account scripts
 What do the scripts do?
 
 -   Create device accounts for setups using pure single-forest on-premises (Microsoft Exchange and Skype 2013 and later only) or online (Microsoft Office 365), that are configured correctly for your Surface Hub.
--   Validate existing device accounts for any setup (on-premises, online, or hybrid using Exchange or Lync 2010 or later) to make sure they're compatible with Surface Hub.
+-   Validate existing device accounts for any setup (on-premises or online) to make sure they're compatible with Surface Hub.
 -   Provide a base template for anyone wanting to create their own device account creation or validation scripts.
 
 What do you need in order to run the scripts?
@@ -611,7 +612,7 @@ catch
 {
     PrintError "Some dependencies are missing"
     PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to http://www.microsoft.com/download/details.aspx?id=39366" 
-    PrintError "Please install the Azure Active Directory module for PowerShell from http://go.microsoft.com/fwlink/p/?linkid=236297"
+    PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
     CleanupAndFail
 }
 
@@ -1118,7 +1119,7 @@ if ($fHasOnline)
     }
     catch 
     {
-        CleanupAndFail "To verify accounts in online tenants you need the Azure Active Directory module for PowerShell from http://go.microsoft.com/fwlink/p/?linkid=236297"
+        CleanupAndFail "To verify accounts in online tenants you need the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
     }
 }
 
@@ -1517,7 +1518,7 @@ if ($online)
     {
         PrintError "Some dependencies are missing"
         PrintError "Please install the Windows PowerShell Module for Lync Online. For more information go to http://www.microsoft.com/download/details.aspx?id=39366" 
-        PrintError "Please install the Azure Active Directory module for PowerShell from http://go.microsoft.com/fwlink/p/?linkid=236297"
+        PrintError "Please install the Azure Active Directory module for PowerShell from https://go.microsoft.com/fwlink/p/?linkid=236297"
         CleanupAndFail
     }
 }
diff --git a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
index 8712782546..f6cad56654 100644
--- a/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
+++ b/devices/surface-hub/apply-activesync-policies-for-surface-hub-device-accounts.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Applying ActiveSync policies to device accounts (Surface Hub)
diff --git a/devices/surface-hub/change-surface-hub-device-account.md b/devices/surface-hub/change-surface-hub-device-account.md
index 0760c66e33..6dc6bf7016 100644
--- a/devices/surface-hub/change-surface-hub-device-account.md
+++ b/devices/surface-hub/change-surface-hub-device-account.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Change the Microsoft Surface Hub device account
diff --git a/devices/surface-hub/connect-and-display-with-surface-hub.md b/devices/surface-hub/connect-and-display-with-surface-hub.md
index e5250193a8..c32f557d19 100644
--- a/devices/surface-hub/connect-and-display-with-surface-hub.md
+++ b/devices/surface-hub/connect-and-display-with-surface-hub.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Connect other devices and display with Surface Hub
@@ -224,7 +225,7 @@ In replacement PC mode, the embedded computer of the Surface Hub is turned off a
 
 ### Software requirements
 
-You can run Surface Hub in replacement PC mode with 64-bit versions of Windows 10 Home, Windows 10 Pro and Windows 10 Enterprise. You can download the  [Surface Hub Replacement PC driver package](https://www.microsoft.com/en-us/download/details.aspx?id=52210) from the Microsoft download center. We recommend that you install these drivers on any computer you plan to use as a replacement PC.
+You can run Surface Hub in replacement PC mode with 64-bit versions of Windows 10 Home, Windows 10 Pro and Windows 10 Enterprise. You can download the  [Surface Hub Replacement PC driver package](https://www.microsoft.com/download/details.aspx?id=52210) from the Microsoft download center. We recommend that you install these drivers on any computer you plan to use as a replacement PC.
 
 ### Hardware requirements
 
@@ -389,7 +390,7 @@ Replacement PC ports on 84" Surface Hub.
 
 **To use replacement PC mode**
 
-1.  Download and install the [Surface Hub Replacement PC driver package](https://www.microsoft.com/en-us/download/details.aspx?id=52210) on the replacement PC.
+1.  Download and install the [Surface Hub Replacement PC driver package](https://www.microsoft.com/download/details.aspx?id=52210) on the replacement PC.
 
     **Note**  We recommend that you set sleep or hibernation on the replacement PC so the Surface Hub will turn off the display when it isn't being used.
 
diff --git a/devices/surface-hub/create-a-device-account-using-office-365.md b/devices/surface-hub/create-a-device-account-using-office-365.md
index 1f4a231d66..a24d50ff5c 100644
--- a/devices/surface-hub/create-a-device-account-using-office-365.md
+++ b/devices/surface-hub/create-a-device-account-using-office-365.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Create a device account using UI (Surface Hub)
@@ -26,7 +27,7 @@ If you prefer to use a graphical user interface, you can create a device account
 
 ### <a href="" id="create-device-acct-o365-admin-ctr"></a>Create the account in the Office 365 Admin Center
 
-1.  Sign in to Office 365 by visiting http://portal.office.com/admin/
+1.  Sign in to Office 365 by visiting http://portal.office.com
 2.  Provide the admin credentials for your Office 365 tenant. This will take you to your Office 365 Admin Center.
 
     ![Office 365 admin center.](images/setupdeviceaccto365-02.png)
@@ -53,7 +54,7 @@ If you prefer to use a graphical user interface, you can create a device account
 
     ![assign license for Skype for Business online.](images/setupdeviceaccto365-07.png)
 
-    From the list, uncheck **Skype for Business Online (plan 2)** (this license may vary depending on your organization), and click **SAVE**.
+    From the list, select **Skype for Business Online (Plan 2)**, and then click **SAVE**. The license may vary depending on your organization (for example, you might have Plan 2, or Plan 3). 
 
 ### <a href="" id="create-device-acct-o365-mbx-policy"></a>Create a mobile device mailbox (ActiveSync) policy from the Exchange Admin Center
 
@@ -99,8 +100,8 @@ From here on, you'll need to finish the account creation process using PowerShel
 
 In order to run cmdlets used by these PowerShell scripts, the following must be installed for the admin PowerShell console:
 
--   [Microsoft Online Services Sign-In Assistant for IT Professionals BETA](http://go.microsoft.com/fwlink/?LinkId=718149)
--   [Windows Azure Active Directory Module for Windows PowerShell](http://go.microsoft.com/fwlink/p/?linkid=236297)
+-   [Microsoft Online Services Sign-In Assistant for IT Professionals BETA](https://go.microsoft.com/fwlink/?LinkId=718149)
+-   [Windows Azure Active Directory Module for Windows PowerShell](https://go.microsoft.com/fwlink/p/?linkid=236297)
 -   [Skype for Business Online, Windows PowerShell Module](http://www.microsoft.com/download/details.aspx?id=39366)
 
 ### Connecting to online services
@@ -132,8 +133,7 @@ In order to run cmdlets used by these PowerShell scripts, the following must be
 5.  Finally, to connect to Exchange Online Services, run:
 
     ``` syntax
-    $exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri
-    "https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication "Basic" –AllowRedirection
+    $exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri"https://outlook.office365.com/powershell-liveid/" -Credential $cred -Authentication "Basic" –AllowRedirection
     ```
 
     ![Image showing PowerShell cmdlet.](images/setupdeviceaccto365-21.png)
diff --git a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
index aeb2e566ac..b1888116aa 100644
--- a/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
+++ b/devices/surface-hub/create-and-test-a-device-account-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Create and test a device account (Surface Hub)
@@ -55,11 +56,11 @@ These properties represent the minimum configuration for a device account to wor
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>Exchange mailbox (Exchange 2010 or later, or Exchange Online)</p></td>
+<td align="left"><p>Exchange mailbox (Exchange 2013 or later, or Exchange Online)</p></td>
 <td align="left"><p>Enabling the account with an Exchange mailbox gives the device account the capability to receive and send both mail and meeting requests, and to display a meetings calendar on the Surface Hub’s welcome screen. The Surface Hub mailbox must be a room mailbox.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>Skype for Business-enabled (Lync/Skype for Business 2010 or later or Skype for Business Online)</p></td>
+<td align="left"><p>Skype for Business-enabled (Lync/Skype for Business 2013 or later or Skype for Business Online)</p></td>
 <td align="left"><p>Skype for Business must be enabled in order to use various conferencing features, like video calls, IM, and screen-sharing.</p></td>
 </tr>
 <tr class="odd">
@@ -116,8 +117,6 @@ You can check online for updated versions at [Surface Hub device account scripts
 
 Your infrastructure will likely fall into one of three configurations. Which configuration you have will affect how you prepare for device setup.
 
-![Image showing deployment options: online, on-premises, or hybrid.](images/deploymentoptions-01.png)
-
 -   [Online deployment (Office 365)](online-deployment-surface-hub-device-accounts.md): Your organization’s environment is deployed entirely on Office 365.
 -   [On-premises deployment](on-premises-deployment-surface-hub-device-accounts.md): Your organization has servers that it controls, where Active Directory, Exchange, and Skype for Business (or Lync) are hosted.
 -   [Hybrid deployment](hybrid-deployment-surface-hub-device-accounts.md): Your organization has a mix of services, with some hosted on-premises and some hosted online through Office 365.
diff --git a/devices/surface-hub/device-reset-suface-hub.md b/devices/surface-hub/device-reset-suface-hub.md
index b90a11ada6..f91cbdd7b9 100644
--- a/devices/surface-hub/device-reset-suface-hub.md
+++ b/devices/surface-hub/device-reset-suface-hub.md
@@ -2,7 +2,7 @@
 title: Device reset (Surface Hub)
 description: You may wish to reset your Microsoft Surface Hub.
 ms.assetid: 44E82EEE-1905-464B-A758-C2A1463909FF
-redirect_url: https://technet.microsoft.com/en-us/itpro/surface-hub/device-reset-surface-hub
+redirect_url: https://technet.microsoft.com/itpro/surface-hub/device-reset-surface-hub
 keywords: reset Surface Hub
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -11,36 +11,6 @@ ms.pagetype: surfacehub
 author: TrudyHa
 ---
 
-# Device reset (Surface Hub)
-
-
-You may wish to reset your Microsoft Surface Hub.
-
-Typical reasons for a reset include:
-
--   The device isn’t running well after installing an update.
--   You’re repurposing the device for a new meeting space and want to reconfigure it.
--   You want to change how you locally manage the device.
-
-Initiating a reset will return the device to the last cumulative Windows update, and remove all local user files and configuration, including:
-
--   The device account
--   MDM enrollment
--   Domain join or Azure AD join information
--   Local admins on the device
--   Configurations from MDM or the Settings app
-
-**Important Note**</br>
-Performing a device reset may take up to 6 hours. Do not interrupt the reset process. Interrupting the process will render the device inoperable, requiring warranty service to return to normal functionality.
-
-After the reset, you'll be taken through the [first run program](first-run-program-surface-hub.md) again.
-
-## Related topics
-
-
-[Manage Microsoft Surface Hub](manage-surface-hub.md)
-
-[Microsoft Surface Hub administrator's guide](surface-hub-administrators-guide.md)
 
  
 
diff --git a/devices/surface-hub/device-reset-surface-hub.md b/devices/surface-hub/device-reset-surface-hub.md
index d2e58dc6fc..fe97b78978 100644
--- a/devices/surface-hub/device-reset-surface-hub.md
+++ b/devices/surface-hub/device-reset-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Device reset (Surface Hub)
diff --git a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md
index f2264e2d63..3e9df023a1 100644
--- a/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md
+++ b/devices/surface-hub/exchange-properties-for-surface-hub-device-accounts.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Microsoft Exchange properties (Surface Hub)
diff --git a/devices/surface-hub/first-run-program-surface-hub.md b/devices/surface-hub/first-run-program-surface-hub.md
index 449c447e5c..b34943faf8 100644
--- a/devices/surface-hub/first-run-program-surface-hub.md
+++ b/devices/surface-hub/first-run-program-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # First-run program (Surface Hub)
@@ -153,7 +154,7 @@ This screen is purely informational, and shows which recommended settings have b
 
 ### Details
 
-You should read this screen and note which services have been enabled by default. All of them can be changed using the Settings app if need be, but you should be careful about the effects of doing so. For example, Cortana depends on some of these settings, and may not work if you disable them. See [Intro to Surface Hub](intro-to-surface-hub.md) for details.
+You should read this screen and note which services have been enabled by default. All of them can be changed using the Settings app if need be, but you should be careful about the effects of doing so. See [Intro to Surface Hub](intro-to-surface-hub.md) for details.
 
 Once you're done reviewing the settings, click **Next** to go on.
 
@@ -184,9 +185,8 @@ Click **Skip setting up a device account** to skip setting up a device account.
 
 -   See a meeting calendar on the Welcome screen
 -   Start a meeting from the Welcome screen
--   Start a meeting using Cortana
 -   Email whiteboards from OneNote
--   Use Skype for Business for meetings.
+-   Use Skype for Business for meetings
 
 If you skip setting it up now, you can add a device account later by using the Settings app.
 
@@ -221,7 +221,6 @@ Click **Skip setting up Exchange services** to skip this step. If you do, people
 
 -   See a meeting calendar on the welcome screen.
 -   Start a meeting from the welcome screen.
--   Start a meeting using Cortana.
 -   Email whiteboards from OneNote.
 
 See [Intro to Surface Hub](intro-to-surface-hub.md) for details on setup dependencies.
diff --git a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
index 7d9bfa37be..4fd03e659e 100644
--- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Hybrid deployment (Surface Hub)
@@ -40,7 +41,7 @@ Use this procedure if you use Exchange on-prem.
     Open your on-prem Exchange Management Shell with administrator permissions, and run this cmdlet.
 
     ```ps1
-    Enable-Mailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room
+    Enable-RemoteMailbox 'HUB01@contoso.com' -RemoteRoutingAddress 'HUB01@contoso.com' -Room
     ```
     
 4.  Connect to Microsoft Exchange Online and set some properties for the account in Office 365.
diff --git a/devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md b/devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md
index db6e9ddd5f..3f17756233 100644
--- a/devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md
+++ b/devices/surface-hub/i-am-done-finishing-your-surface-hub-meeting.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # End a Surface Hub meeting with I'm Done
@@ -61,7 +62,6 @@ User interface (UI) settings are returned to their default values when **I'm Don
 - Reset Quick Actions to default state
 - Clear Toast notifications
 - Reset volume levels
-- Reset Cortana relaunch count
 - Reset sidebar width
 - Reset tablet mode layout
 
diff --git a/devices/surface-hub/images/setupdeviceaccto365-07.png b/devices/surface-hub/images/setupdeviceaccto365-07.png
index 4b4bebff94..ce0eb99af2 100644
Binary files a/devices/surface-hub/images/setupdeviceaccto365-07.png and b/devices/surface-hub/images/setupdeviceaccto365-07.png differ
diff --git a/devices/surface-hub/index.md b/devices/surface-hub/index.md
index f526e77791..03268e3bb2 100644
--- a/devices/surface-hub/index.md
+++ b/devices/surface-hub/index.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Microsoft Surface Hub
diff --git a/devices/surface-hub/install-apps-on-surface-hub.md b/devices/surface-hub/install-apps-on-surface-hub.md
index 2056f2a6f7..76cf98911f 100644
--- a/devices/surface-hub/install-apps-on-surface-hub.md
+++ b/devices/surface-hub/install-apps-on-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: surfacehub, store
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Install apps on your Microsoft Surface Hub
diff --git a/devices/surface-hub/intro-to-surface-hub.md b/devices/surface-hub/intro-to-surface-hub.md
index f8903f20cd..ec1712c7a0 100644
--- a/devices/surface-hub/intro-to-surface-hub.md
+++ b/devices/surface-hub/intro-to-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Intro to Microsoft Surface Hub
@@ -33,7 +34,7 @@ The capabilities of your Surface Hub will depend on what other Microsoft product
 <tbody>
 <tr class="odd">
 <td align="left"><p>One-touch meeting join, meetings calendar, and email (for example, sending whiteboards)</p></td>
-<td align="left"><p>Device account with Microsoft Exchange 2010 or later, or Exchange Online and a network connection to where the account is hosted.</p></td>
+<td align="left"><p>Device account with Microsoft Exchange 2013 or later, or Exchange Online and a network connection to where the account is hosted.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Meetings using Skype for Business</p></td>
@@ -43,10 +44,6 @@ The capabilities of your Surface Hub will depend on what other Microsoft product
 <td align="left"><p>Web browsing through Microsoft Edge</p></td>
 <td align="left"><p>Internet connectivity.</p></td>
 </tr>
-<tr class="even">
-<td align="left"><p>Cortana meeting room assistant (voice commands, search)</p></td>
-<td align="left"><p>Internet connectivity needed to process questions and do searches.</p></td>
-</tr>
 <tr class="odd">
 <td align="left"><p>Remote and multi-device management</p></td>
 <td align="left"><p>Supported mobile device management (MDM) solutions (Microsoft Intune, System Center 2012 R2 Configuration Manager, or supported third-party solution).</p></td>
diff --git a/devices/surface-hub/manage-settings-with-local-admin-account-surface-hub.md b/devices/surface-hub/manage-settings-with-local-admin-account-surface-hub.md
index 59a5eb9898..05b356e461 100644
--- a/devices/surface-hub/manage-settings-with-local-admin-account-surface-hub.md
+++ b/devices/surface-hub/manage-settings-with-local-admin-account-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Manage settings with a local admin account (Surface Hub)
diff --git a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
index 5fe5d1931c..1db4d6fbe1 100644
--- a/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
+++ b/devices/surface-hub/manage-settings-with-mdm-for-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub, mobility
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Manage settings with an MDM provider (Surface Hub)
@@ -34,7 +35,7 @@ Alternatively, the device can be enrolled like any other Windows device by going
 
 ### Manage a device through MDM
 
-The following table lists the device settings that can be managed remotely using MDM, including the OMA URI paths that 3rd party MDM providers need to create policies. Intune and SCCM have special templates to help create policies to manage these settings.
+The following table lists the device settings that can be managed remotely using MDM, including the OMA URI paths that 3rd party MDM providers need to create policies. Intune and System Center Configuration Manager have special templates to help create policies to manage these settings.
 
 <table>
 <colgroup>
diff --git a/devices/surface-hub/manage-surface-hub.md b/devices/surface-hub/manage-surface-hub.md
index 7baf06e0be..f1ea0e3ebc 100644
--- a/devices/surface-hub/manage-surface-hub.md
+++ b/devices/surface-hub/manage-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Manage Microsoft Surface Hub
diff --git a/devices/surface-hub/manage-windows-updates-for-surface-hub.md b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
index fdf19039e5..c4d7d2f8d9 100644
--- a/devices/surface-hub/manage-windows-updates-for-surface-hub.md
+++ b/devices/surface-hub/manage-windows-updates-for-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Windows updates (Surface Hub)
diff --git a/devices/surface-hub/monitor-surface-hub.md b/devices/surface-hub/monitor-surface-hub.md
index 2055b8369d..b28e3e7208 100644
--- a/devices/surface-hub/monitor-surface-hub.md
+++ b/devices/surface-hub/monitor-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Monitor your Microsoft Surface Hub
@@ -15,18 +16,18 @@ author: TrudyHa
 
 Monitoring for Microsoft Surface Hub devices is enabled through Microsoft Operations Management Suite (OMS).
 
-The [Operations Management Suite (OMS)](http://go.microsoft.com/fwlink/?LinkId=718138) is Microsoft's IT management solution that helps you manage and protect your entire IT infrastructure, including your Surface Hubs. You can use OMS to help you track the health of your Surface Hubs as well as understand how they are being used. Log files are read on the devices and sent to the OMS service. Issues like servers being offline, the calendar not syncing, or the device account being unable to log into Skype are shown in OMS in the Surface Hub dashboard. By using the data in the dashboard, you can identify devices that are not running, or that are having other problems, and potentially apply fixes for the detected issues.
+The [Operations Management Suite (OMS)](https://go.microsoft.com/fwlink/?LinkId=718138) is Microsoft's IT management solution that helps you manage and protect your entire IT infrastructure, including your Surface Hubs. You can use OMS to help you track the health of your Surface Hubs as well as understand how they are being used. Log files are read on the devices and sent to the OMS service. Issues like servers being offline, the calendar not syncing, or the device account being unable to log into Skype are shown in OMS in the Surface Hub dashboard. By using the data in the dashboard, you can identify devices that are not running, or that are having other problems, and potentially apply fixes for the detected issues.
 
 ### OMS requirements
 
 In order to manage your Surface Hubs from the Microsoft Operations Management Suite (OMS), you'll need the following:
 
 -   A valid [subscription to OMS](http://www.microsoft.com/server-cloud/operations-management-suite/overview.aspx).
--   [Subscription level](http://go.microsoft.com/fwlink/?LinkId=718139) in line with the number of devices. OMS pricing varies depending on how many devices are enrolled, and how much data it processes. You'll want to take this into consideration when planning your Surface Hub rollout.
+-   [Subscription level](https://go.microsoft.com/fwlink/?LinkId=718139) in line with the number of devices. OMS pricing varies depending on how many devices are enrolled, and how much data it processes. You'll want to take this into consideration when planning your Surface Hub rollout.
 
-Next, you will either add an OMS subscription to your existing Microsoft Azure subscription or create a new workspace directly through the OMS portal. Detailed instructions for setting up the account can be found at: [Onboard in minutes](http://go.microsoft.com/fwlink/?LinkId=718141). Once the OMS subscription is set up, there are two ways to enroll your Surface Hub devices:
+Next, you will either add an OMS subscription to your existing Microsoft Azure subscription or create a new workspace directly through the OMS portal. Detailed instructions for setting up the account can be found at: [Onboard in minutes](https://go.microsoft.com/fwlink/?LinkId=718141). Once the OMS subscription is set up, there are two ways to enroll your Surface Hub devices:
 
-1.  Automatically through [InTune](http://go.microsoft.com/fwlink/?LinkId=718150), or
+1.  Automatically through [InTune](https://go.microsoft.com/fwlink/?LinkId=718150), or
 2.  Manually through Settings.
 
 ### Setting up monitoring
diff --git a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
index 678465138b..e948c327bb 100644
--- a/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/on-premises-deployment-surface-hub-device-accounts.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # On-premises deployment (Surface Hub)
@@ -15,7 +16,7 @@ author: TrudyHa
 
 This topic explains how you add a device account for your Microsoft Surface Hub when you have a single-forest, on-premises deployment.
 
-If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If you’re using a multi-forest deployment, or are using Exchange 2010 or Lync 2010, you can use equivalent cmdlets that will produce the same results. Those cmdlets are described in this section.
+If you have a single-forest on-premises deployment with Microsoft Exchange 2013 or later and Skype for Business 2013 or later, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-on-premise-ps-scripts) to create device accounts. If you’re using a multi-forest deployment, you can use equivalent cmdlets that will produce the same results. Those cmdlets are described in this section.
 
 1.  Start a remote PowerShell session from a PC and connect to Exchange.
 
diff --git a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
index 87f72ef2f2..a7304bb73f 100644
--- a/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/online-deployment-surface-hub-device-accounts.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Online deployment with Office 365 (Surface Hub)
@@ -15,7 +16,7 @@ author: TrudyHa
 
 This topic has instructions for adding a device account for your Microsoft Surface Hub when you have a pure, online deployment.
 
-If you have a pure, online (O365) deployment, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-os356-ps-scripts) to create device accounts. If you’re using Microsoft Exchange 2010 or Lync 2010, you can use equivalent cmdlets that will produce the same results. Those cmdlets are described in this section.
+If you have a pure, online (O365) deployment, then you can [use the provided PowerShell scripts](appendix-a-powershell-scripts-for-surface-hub.md#create-os356-ps-scripts) to create device accounts. 
 
 1.  Start a remote PowerShell session on a PC and connect to Exchange.
 
diff --git a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md b/devices/surface-hub/password-management-for-surface-hub-device-accounts.md
index 58fc3a9004..9ebb5d145d 100644
--- a/devices/surface-hub/password-management-for-surface-hub-device-accounts.md
+++ b/devices/surface-hub/password-management-for-surface-hub-device-accounts.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub, security
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Password management (Surface Hub)
diff --git a/devices/surface-hub/physically-install-your-surface-hub-device.md b/devices/surface-hub/physically-install-your-surface-hub-device.md
index 2a95ec05e4..489e6a03a3 100644
--- a/devices/surface-hub/physically-install-your-surface-hub-device.md
+++ b/devices/surface-hub/physically-install-your-surface-hub-device.md
@@ -8,17 +8,18 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub, readiness
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Physically install Microsoft Surface Hub
 
 
-The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55" and 84" devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box.
+The Microsoft Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55" and 84" devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box.
 
 You may also want to check out the Unpacking Guide. It will show you how to unpack the devices efficiently and safely. There are two guides, one for the 55" and one for the 84". A printed version of the Unpacking Guide is attached to the outside front of each unit's shipping crate.
 
--   Download the 55" Unpacking Guide from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718145).
--   Download the 84" version from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718146).
+-   Download the 55" Unpacking Guide from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718145).
+-   Download the 84" version from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718146).
 
  
 
diff --git a/devices/surface-hub/prepare-your-environment-for-surface-hub.md b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
index d4af065b4b..17ad527a67 100644
--- a/devices/surface-hub/prepare-your-environment-for-surface-hub.md
+++ b/devices/surface-hub/prepare-your-environment-for-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Prepare your environment for Microsoft Surface Hub
diff --git a/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md b/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md
index bcfb61fa07..cdf4201a41 100644
--- a/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md
+++ b/devices/surface-hub/provisioning-packages-for-certificates-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Create provisioning packages (Surface Hub)
@@ -36,7 +37,6 @@ To create and apply a provisioning package to a Surface Hub, you'll need the fol
 
 You'll create the provisioning package on a PC runing Windows 10, save the package to a USB drive, and then deploy it to your Surface Hub. 
 
-
 ## Supported items for Surface Hub provisioning packages
 
 Currently, you can add these items to provisioning packages for Surface Hub:
diff --git a/devices/surface-hub/save-bitlocker-key-surface-hub.md b/devices/surface-hub/save-bitlocker-key-surface-hub.md
index 869f0a540b..1658d8de1a 100644
--- a/devices/surface-hub/save-bitlocker-key-surface-hub.md
+++ b/devices/surface-hub/save-bitlocker-key-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub, security
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Save your BitLocker key (Surface Hub)
diff --git a/devices/surface-hub/set-up-your-surface-hub.md b/devices/surface-hub/set-up-your-surface-hub.md
index 1323fc0f77..95b7c2c92f 100644
--- a/devices/surface-hub/set-up-your-surface-hub.md
+++ b/devices/surface-hub/set-up-your-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Set up Microsoft Surface Hub
diff --git a/devices/surface-hub/setup-worksheet-surface-hub.md b/devices/surface-hub/setup-worksheet-surface-hub.md
index 9f23b06daa..49b0f51d45 100644
--- a/devices/surface-hub/setup-worksheet-surface-hub.md
+++ b/devices/surface-hub/setup-worksheet-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Setup worksheet (Surface Hub)
@@ -29,12 +30,12 @@ You should fill out one list for each Surface Hub you need to configure, althoug
 <p>Proxy information</p>
 </td>
 <td>
-<p>If your network uses a proxy to for network and/or Internet access, you must provide a script or server/port information.</p>
+<p>If your network uses a proxy for network and/or Internet access, you must provide a script or server/port information.</p>
 </td>
 <td>
-<p>http://contoso/proxy.pa (proxy script)
-OR
-10.10.10.100, port 8080 (server, port)
+<p>Proxy script: http://contoso/proxy.pa </br>
+- OR - </br>
+Server and port info: 10.10.10.100, port 80
 </p>
 </td>
 <td>
@@ -63,7 +64,9 @@ OR
 <p>This is the User Principal Name (UPN) or the domain\username, and the password of the device account. Mail, calendar, and Skype for Business depend on a compatible device account.</p>
 </td>
 <td>
-<p>ConfRoom15@contoso.com, #Passw0rd1 (for UPN) OR CONTOSO\ConfRoom15, #Passw0rd1 (for Domain\username)</p>
+<p> UPN: ConfRoom15@contoso.com, #Passw0rd1 </br>
+- OR - <br> 
+Domain and username: CONTOSO\ConfRoom15, #Passw0rd1</p>
 </td>
 <td>
 <p></p>
@@ -95,7 +98,7 @@ Mail, calendar, and Skype for Business depend on a compatible device account.
 For Skype for Business to work, the device account must have a valid SIP address. The device will try to find this automatically.</p>
 </td>
 <td>
-<p>sip:ConfRoom15@contoso.com</p>
+<p>sip: ConfRoom15@contoso.com</p>
 </td>
 <td>
 <p></p>
diff --git a/devices/surface-hub/surface-hub-administrators-guide.md b/devices/surface-hub/surface-hub-administrators-guide.md
index 8a1a636282..275dd6a33b 100644
--- a/devices/surface-hub/surface-hub-administrators-guide.md
+++ b/devices/surface-hub/surface-hub-administrators-guide.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Microsoft Surface Hub administrator's guide
@@ -38,7 +39,7 @@ Before you power on Microsoft Surface Hub for the first time, make sure you've [
 </tr>
 <tr class="even">
 <td align="left"><p>[Physically install Microsoft Surface Hub](physically-install-your-surface-hub-device.md)</p></td>
-<td align="left"><p>The Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55&quot; and 84&quot; devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box.</p></td>
+<td align="left"><p>The Surface Hub Readiness Guide will help make sure that your site is ready for the installation. You can download the Guide from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=718144). It includes planning information for both the 55&quot; and 84&quot; devices, as well as info on moving the Surface Hub from receiving to the installation location, mounting options, and a list of what's in the box.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>[Prepare your environment for Microsoft Surface Hub](prepare-your-environment-for-surface-hub.md)</p></td>
diff --git a/devices/surface-hub/troubleshoot-surface-hub.md b/devices/surface-hub/troubleshoot-surface-hub.md
index f5c70dacc3..cc3bd57b95 100644
--- a/devices/surface-hub/troubleshoot-surface-hub.md
+++ b/devices/surface-hub/troubleshoot-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: support
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Troubleshoot Microsoft Surface Hub
diff --git a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
index 258a618516..e948577807 100644
--- a/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
+++ b/devices/surface-hub/use-fully-qualified-domain-name-surface-hub.md
@@ -4,6 +4,7 @@ description: Troubleshoot common problems, including setup issues, Exchange Acti
 ms.assetid: CF58F74D-8077-48C3-981E-FCFDCA34B34A
 keywords: ["Troubleshoot common problems", "setup issues", "Exchange ActiveSync errors"]
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # When to use a fully qualified domain name with Surface Hub
diff --git a/devices/surface-hub/use-room-control-system-with-surface-hub.md b/devices/surface-hub/use-room-control-system-with-surface-hub.md
index 79edc9e9a3..71051b3d27 100644
--- a/devices/surface-hub/use-room-control-system-with-surface-hub.md
+++ b/devices/surface-hub/use-room-control-system-with-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Using a room control system (Surface Hub)
diff --git a/devices/surface-hub/wireless-network-management-for-surface-hub.md b/devices/surface-hub/wireless-network-management-for-surface-hub.md
index a84ca0aa97..8593840926 100644
--- a/devices/surface-hub/wireless-network-management-for-surface-hub.md
+++ b/devices/surface-hub/wireless-network-management-for-surface-hub.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: surfacehub, networking
 author: TrudyHa
+localizationpriority: medium
 ---
 
 # Wireless network management (Surface Hub)
diff --git a/devices/surface/TOC.md b/devices/surface/TOC.md
index 07d07e34a6..c06979382a 100644
--- a/devices/surface/TOC.md
+++ b/devices/surface/TOC.md
@@ -12,6 +12,7 @@
 ## [Surface Data Eraser](microsoft-surface-data-eraser.md)
 ## [Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md)
 ### [Step by step: Surface Deployment Accelerator](step-by-step-surface-deployment-accelerator.md)
+### [Using the Surface Deployment Accelerator deployment share](using-the-sda-deployment-share.md)
 ## [Surface Diagnostic Toolkit](surface-diagnostic-toolkit.md)
 ## [Surface Dock Updater](surface-dock-updater.md)
 ## [Surface Enterprise Management Mode](surface-enterprise-management-mode.md)
diff --git a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
index c90f8d9b3a..7b231f3562 100644
--- a/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
+++ b/devices/surface/advanced-uefi-security-features-for-surface-pro-3.md
@@ -3,6 +3,7 @@ title: Advanced UEFI security features for Surface Pro 3 (Surface)
 description: This article describes how to install and configure the v3.11.760.0 UEFI update to enable additional security options for Surface Pro 3 devices.
 ms.assetid: 90F790C0-E5FC-4482-AD71-60589E3C9C93
 keywords: security, features, configure, hardware, device, custom, script, update
+localizationpriority: high
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices, security
@@ -20,9 +21,9 @@ To address more granular control over the security of Surface devices, the v3.11
 ## Manually install the UEFI update
 
 
-Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically by using Windows Update, see [How to configure and use Automatic Updates in Windows]( http://go.microsoft.com/fwlink/p/?LinkID=618030).
+Before you can configure the advanced security features of your Surface device, you must first install the v3.11.760.0 UEFI update. This update is installed automatically if you receive your updates from Windows Update. For more information about how to configure Windows to update automatically by using Windows Update, see [How to configure and use Automatic Updates in Windows]( https://go.microsoft.com/fwlink/p/?LinkID=618030).
 
-To update the UEFI on Surface Pro 3, you can download and install the Surface UEFI updates as part of the Surface Pro 3 Firmware and Driver Pack. These firmware and driver packs are available from the [Surface Pro 3 page](https://www.microsoft.com/en-us/download/details.aspx?id=38826) on the Microsoft Download Center. You can find out more about the firmware and driver packs at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/en-us/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). The firmware and driver packs are available as both self-contained Windows Installer (.msi) and archive (.zip) formats. You can find out more about these two formats and how you can use them to update your drivers at [Manage Surface driver and firmware updates](https://technet.microsoft.com/en-us/itpro/surface/manage-surface-pro-3-firmware-updates).
+To update the UEFI on Surface Pro 3, you can download and install the Surface UEFI updates as part of the Surface Pro 3 Firmware and Driver Pack. These firmware and driver packs are available from the [Surface Pro 3 page](https://www.microsoft.com/download/details.aspx?id=38826) on the Microsoft Download Center. You can find out more about the firmware and driver packs at [Download the latest firmware and drivers for Surface devices](https://technet.microsoft.com/itpro/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices). The firmware and driver packs are available as both self-contained Windows Installer (.msi) and archive (.zip) formats. You can find out more about these two formats and how you can use them to update your drivers at [Manage Surface driver and firmware updates](https://technet.microsoft.com/itpro/surface/manage-surface-pro-3-firmware-updates).
 
 ## Manually configure additional security settings
 
@@ -48,13 +49,13 @@ After the v3.11.760.0 UEFI update is installed on a Surface device, an additiona
 ## Automate additional security settings
 
 
-As an IT professional with administrative privileges, you can automate the configuration of UEFI settings by leveraging [Surface Pro 3 Firmware Tools (476 KB)](http://go.microsoft.com/fwlink/p/?LinkID=618038) available from the Microsoft Download Center. These tools install a .NET assembly that can be called from any custom application or script.
+As an IT professional with administrative privileges, you can automate the configuration of UEFI settings by leveraging [Surface Pro 3 Firmware Tools (476 KB)](https://go.microsoft.com/fwlink/p/?LinkID=618038) available from the Microsoft Download Center. These tools install a .NET assembly that can be called from any custom application or script.
 
 **Prerequisites**
 
 -   The sample scripts below leverage the previously mentioned extension and therefore assume that the tool has been installed on the device being managed.
 -   The scripts must be run with administrative privilege.
--   The Windows PowerShell command [**Set-ExecutionPolicy Unrestricted**](http://go.microsoft.com/fwlink/p/?LinkID=618039) must be called prior to running sample scripts if they are not digitally signed.
+-   The Windows PowerShell command [**Set-ExecutionPolicy Unrestricted**](https://go.microsoft.com/fwlink/p/?LinkID=618039) must be called prior to running sample scripts if they are not digitally signed.
 
 **Sample scripts**
 
diff --git a/devices/surface/customize-the-oobe-for-surface-deployments.md b/devices/surface/customize-the-oobe-for-surface-deployments.md
index 3c18712be2..8532617b50 100644
--- a/devices/surface/customize-the-oobe-for-surface-deployments.md
+++ b/devices/surface/customize-the-oobe-for-surface-deployments.md
@@ -3,6 +3,7 @@ title: Customize the OOBE for Surface deployments (Surface)
 description: This article will walk you through the process of customizing the Surface out-of-box experience for end users in your organization.
 ms.assetid: F6910315-9FA9-4297-8FA8-2C284A4B1D87
 keywords: deploy, customize, automate, network, Pen, pair, boot
+localizationpriority: high
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
@@ -21,12 +22,12 @@ It is common practice in a Windows deployment to customize the user experience f
 
 In some scenarios, you may want to provide complete automation to ensure that at the end of a deployment, computers are ready for use without any interaction from the user. In other scenarios, you may want to leave key elements of the experience for users to perform necessary actions or select between important choices. For administrators deploying to Surface devices, each of these scenarios presents a unique challenge to overcome.
 
-This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](http://go.microsoft.com/fwlink/p/?LinkID=618042).
+This article provides a summary of the scenarios where a deployment might require additional steps. It also provides the required information to ensure that the desired experience is achieved on any newly deployed Surface device. This article is intended for administrators who are familiar with the deployment process, as well as concepts such as answer files and [reference images](https://go.microsoft.com/fwlink/p/?LinkID=618042).
 
->**Note:**&nbsp;&nbsp;Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=618117) or System Center Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:<br/>
-- [Deploy Windows 10 with the Microsoft Deployment Toolkit](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit)
+>**Note:**&nbsp;&nbsp;Although the OOBE phase of setup is still run during a deployment with an automated deployment solution such as the [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=618117) or System Center Configuration Manager Operating System Deployment (OSD), it is automated by the settings supplied in the Deployment Wizard and task sequence. For more information see:<br/>
+- [Deploy Windows 10 with the Microsoft Deployment Toolkit](http://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit)
 <br/>
-- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager)
+- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](http://technet.microsoft.com/itpro/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager)
 
  
 
@@ -35,7 +36,7 @@ This article provides a summary of the scenarios where a deployment might requir
 
 When a wireless network adapter is present during OOBE, the **Join a wireless network** page is displayed, which prompts a user to connect to a wireless network. This page is not automatically hidden by deployment technologies, including MDT 2013, and therefore will be displayed even when a deployment is configured for complete automation.
 
-To ensure that an automated deployment is not stopped by this page, the page must be hidden by configuring an additional setting in the answer file, **HideWirelessSetupInOOBE**. You can find additional information about the **HideWirelessSetupInOOBE** setting in [Unattended Windows Setup Reference](http://go.microsoft.com/fwlink/p/?LinkID=618044).
+To ensure that an automated deployment is not stopped by this page, the page must be hidden by configuring an additional setting in the answer file, **HideWirelessSetupInOOBE**. You can find additional information about the **HideWirelessSetupInOOBE** setting in [Unattended Windows Setup Reference](https://go.microsoft.com/fwlink/p/?LinkID=618044).
 
 ## Scenario 2: Surface Pen pairing in OOBE
 
@@ -53,7 +54,7 @@ To provide the factory Surface Pen pairing experience in OOBE, you must copy fou
 
  
 
-The step-by-step process for adding these required files to an image is described in [Deploying Surface Pro 3 Pen and OneNote Tips](http://go.microsoft.com/fwlink/p/?LinkID=618045). This blog post also includes tips to ensure that the necessary updates for the Surface Pen Quick Note-Taking Experience are installed, which allows users to send notes to OneNote with a single click.
+The step-by-step process for adding these required files to an image is described in [Deploying Surface Pro 3 Pen and OneNote Tips](https://go.microsoft.com/fwlink/p/?LinkID=618045). This blog post also includes tips to ensure that the necessary updates for the Surface Pen Quick Note-Taking Experience are installed, which allows users to send notes to OneNote with a single click.
 
  
 
diff --git a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
index b2a06e1583..2df6fdcd7f 100644
--- a/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
+++ b/devices/surface/deploy-the-latest-firmware-and-drivers-for-surface-devices.md
@@ -3,6 +3,7 @@ title: Download the latest firmware and drivers for Surface devices (Surface)
 description: This article provides a list of the available downloads for Surface devices and links to download the drivers and firmware for your device.
 ms.assetid: 7662BF68-8BF7-43F7-81F5-3580A770294A
 keywords: update Surface, newest, latest, download, firmware, driver, tablet, hardware, device
+localizationpriority: high
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
@@ -32,14 +33,14 @@ Installation files for administrative tools, drivers for accessories, and update
 
 Recent additions to the downloads for Surface devices provide you with options to install Windows 10 on your Surface devices and update LTE devices with the latest Windows 10 drivers and firmware.
 
->**Note:**&nbsp;&nbsp;A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](http://go.microsoft.com/fwlink/p/?LinkId=618106) for more information.
+>**Note:**&nbsp;&nbsp;A battery charge of 40% or greater is required before you install firmware to a Surface device. See [Microsoft Support article KB2909710](https://go.microsoft.com/fwlink/p/?LinkId=618106) for more information.
 
  
 
 ## Surface Book
 
 
-Download the following updates [for Surface Book from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=691691).
+Download the following updates [for Surface Book from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=691691).
 
 -   SurfaceBook\_Win10\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
@@ -48,7 +49,7 @@ Download the following updates [for Surface Book from the Microsoft Download Cen
 ## Surface Pro 4
 
 
-Download the following updates for [Surface Pro 4 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=691692).
+Download the following updates for [Surface Pro 4 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=691692).
 
 -   SurfacePro4\_Win10\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
@@ -57,7 +58,7 @@ Download the following updates for [Surface Pro 4 from the Microsoft Download Ce
 ## <a href="" id="surface-pro-3-"></a>Surface Pro 3
 
 
-Download the following updates [for Surface Pro 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690288).
+Download the following updates [for Surface Pro 3 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690288).
 
 -   SurfacePro3\_Win10\_xxxxxx.msi – Cumulative firmware and driver update package for Windows 10
 
@@ -84,7 +85,7 @@ Download the following updates [for Surface Pro 3 from the Microsoft Download Ce
 ## Surface 3
 
 
-Download the following updates [for Surface 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690289).
+Download the following updates [for Surface 3 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690289).
 
 -   Surface3\_Win10\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 10
 
@@ -101,7 +102,7 @@ Download the following updates [for Surface 3 from the Microsoft Download Center
 ## Surface 3 LTE
 
 
-Download the following updates [for AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690290).
+Download the following updates [for AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690290).
 
 -   Surface3\_US1\_Win10\_xxxxxx.msi – Surface 3 LTE AT&T - Cumulative firmware and driver update for locked carrier dependent AT&T devices in the US, running Windows 10
 
@@ -117,7 +118,7 @@ Download the following updates [for AT&T 4G LTE versions of Surface 3 from the M
 
 -   Wintab-xxxxx-64-bit.zip – Tablet driver update for all supported x64-based versions of Windows 8.1
 
-Download the following updates [for non-AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690291).
+Download the following updates [for non-AT&T 4G LTE versions of Surface 3 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690291).
 
 -   Surface3\_NAG\_Win10\_xxxxxx.msi – Surface 3 LTE North America - Cumulative firmware and driver update for unlocked carrier independent devices in the US, running Windows 10
 
@@ -133,7 +134,7 @@ Download the following updates [for non-AT&T 4G LTE versions of Surface 3 from t
 
 -   Wintab-xxxxx-64-bit.zip – Tablet driver update for all supported x64-based versions of Windows 8.1
 
-Download the following updates [for 4G LTE Surface 3 versions for regions outside North America from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690292).
+Download the following updates [for 4G LTE Surface 3 versions for regions outside North America from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690292).
 
 -   Surface3\_ROW\_Win10\_xxxxxx.msi – Surface 3 LTE rest of the world cumulative - Cumulative firmware and driver update for carrier independent devices outside of the US, as well as for Japan, running Windows 10
 
@@ -152,7 +153,7 @@ Download the following updates [for 4G LTE Surface 3 versions for regions outsid
 ## Surface Pro 2
 
 
-Download the following updates [for Surface Pro 2 from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690293).
+Download the following updates [for Surface Pro 2 from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690293).
 
 -   SurfacePro2\_Win10\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 10
 
@@ -167,7 +168,7 @@ Download the following updates [for Surface Pro 2 from the Microsoft Download Ce
 ## Surface Pro
 
 
-Download the following updates [for Surface Pro from the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=690294).
+Download the following updates [for Surface Pro from the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=690294).
 
 -   SurfacePro\_Win10\_xxxxxx.zip – Cumulative firmware and driver update package for Windows 10
 
@@ -184,7 +185,7 @@ Download the following updates [for Surface Pro from the Microsoft Download Cent
 
 There are no downloadable firmware or driver updates available for Surface RT. Updates can only be applied using Windows Update.
 
-If you have additional questions on the driver pack and updates, please contact [Microsoft Surface support for business](http://go.microsoft.com/fwlink/p/?LinkId=618107).
+If you have additional questions on the driver pack and updates, please contact [Microsoft Surface support for business](https://go.microsoft.com/fwlink/p/?LinkId=618107).
 
  
 
diff --git a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
index e562f5599b..dfda75ad0f 100644
--- a/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
+++ b/devices/surface/enable-peap-eap-fast-and-cisco-leap-on-surface-devices.md
@@ -3,6 +3,7 @@ title: Enable PEAP, EAP-FAST, and Cisco LEAP on Surface devices (Surface)
 description: Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.
 ms.assetid: A281EFA3-1552-467D-8A21-EB151E58856D
 keywords: network, wireless, device, deploy, authentication, protocol
+localizationpriority: high
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
@@ -15,14 +16,14 @@ author: miladCA
 
 Find out how to enable support for PEAP, EAP-FAST, or Cisco LEAP protocols on your Surface device.
 
-If you use PEAP, EAP-FAST, or Cisco LEAP in your enterprise network, you probably already know that these three wireless authentication protocols are not supported by Surface devices out of the box. Some users may discover this when they attempt to connect to your wireless network; others may discover it when they are unable to gain access to resources inside the network, like file shares and internal sites. For more information, see [Extensible Authentication Protocol](http://go.microsoft.com/fwlink/p/?LinkId=716899).
+If you use PEAP, EAP-FAST, or Cisco LEAP in your enterprise network, you probably already know that these three wireless authentication protocols are not supported by Surface devices out of the box. Some users may discover this when they attempt to connect to your wireless network; others may discover it when they are unable to gain access to resources inside the network, like file shares and internal sites. For more information, see [Extensible Authentication Protocol](https://go.microsoft.com/fwlink/p/?LinkId=716899).
 
 You can add support for each protocol by executing a small MSI package from a USB stick or from a file share. For organizations that want to enable EAP support on their Surface devices, the MSI package format supports deployment with many management and deployment tools, like the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager.
 
 ## <a href="" id="download-peap--eap-fast--or-cisco-leap-installation-files--"></a>Download PEAP, EAP-FAST, or Cisco LEAP installation files
 
 
-You can download the MSI installation files for PEAP, EAP-FAST, or Cisco LEAP in a single zip archive file from the Microsoft Download Center. To download this file, go to the [Surface Tools for IT](http://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center, click **Download**, and then select the **Cisco EAP-Supplicant Installer.zip** file.
+You can download the MSI installation files for PEAP, EAP-FAST, or Cisco LEAP in a single zip archive file from the Microsoft Download Center. To download this file, go to the [Surface Tools for IT](https://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center, click **Download**, and then select the **Cisco EAP-Supplicant Installer.zip** file.
 
 ## Deploy PEAP, EAP-FAST, or Cisco LEAP with MDT
 
@@ -78,7 +79,7 @@ To specify the protocol(s) explicitly, follow these steps:
 
 For organizations that manage Surface devices with Configuration Manager, it is even easier to deploy PEAP, EAP-FAST, or Cisco LEAP support to Surface devices. Simply import each MSI file as an application from the Software Library and configure a deployment to your Surface device collection.
 
-For more information on how to deploy applications with Configuration Manager see [How to Create Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=761079) and [How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=761080).
+For more information on how to deploy applications with Configuration Manager see [How to Create Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=761079) and [How to Deploy Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=761080).
 
  
 
diff --git a/devices/surface/ethernet-adapters-and-surface-device-deployment.md b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
index 0addf8e26a..1babe7d7c6 100644
--- a/devices/surface/ethernet-adapters-and-surface-device-deployment.md
+++ b/devices/surface/ethernet-adapters-and-surface-device-deployment.md
@@ -3,6 +3,7 @@ title: Ethernet adapters and Surface deployment (Surface)
 description: This article provides guidance and answers to help you perform a network deployment to Surface devices.
 ms.assetid: 5273C59E-6039-4E50-96B3-426BB38A64C0
 keywords: ethernet, deploy, removable, network, connectivity, boot, firmware, device, adapter, PXE boot, USB
+localizationpriority: high
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.pagetype: surface, devices
@@ -24,7 +25,7 @@ Before you can address the concerns of how you will boot to your deployment envi
 
 The primary concern when selecting an Ethernet adapter is how that adapter will boot your Surface device from the network. If you are pre-staging clients with Windows Deployment Services (WDS) or if you are using System Center Configuration Manager, you may also want to consider whether the removable Ethernet adapters will be dedicated to a specific Surface device or shared among multiple devices. See the [Manage MAC addresses with removable Ethernet adapters](#manage-mac-addresses) section of this article for more information on potential conflicts with shared adapters.
 
-Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](http://go.microsoft.com/fwlink/p/?LinkId=722364) use a chipset that is compatible with the Surface firmware.
+Booting from the network (PXE boot) is only supported when you use an Ethernet adapter or docking station from Microsoft. To boot from the network, the chipset in the Ethernet adapter or dock must be detected and configured as a boot device in the firmware of the Surface device. Microsoft Ethernet adapters, such as the Surface Ethernet Adapter and the [Surface Dock](https://go.microsoft.com/fwlink/p/?LinkId=722364) use a chipset that is compatible with the Surface firmware.
 
 The following Ethernet devices are supported for network boot with Surface devices:
 
@@ -57,8 +58,7 @@ To boot a Surface device from an alternative boot device, follow these steps:
 >**Note:**&nbsp;&nbsp;In addition to an Ethernet adapter, a keyboard must also be connected to the Surface device to enter the preinstallation environment and navigate the deployment wizard.
 
  
-
-To support booting from the network in a Windows Preinstallation Environment (WinPE), such as is used in the Microsoft Deployment Toolkit and Configuration Manager, you must add drivers for the Ethernet adapter to WinPE. You can download the drivers for Surface Ethernet adapters from the Microsoft Download Center page for your specific device. For a list of the available downloads for Surface devices, see [Download the latest firmware and drivers for Surface devices](deploy-the-latest-firmware-and-drivers-for-surface-devices.md).
+For Windows 10, version 1511 and later – including the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10, version 1511 – the drivers for Microsoft Surface Ethernet Adapters are present by default. If you are using a deployment solution that uses Windows Preinstallation Environment (WinPE), like the Microsoft Deployment Toolkit, and booting from the network with PXE, ensure that your deployment solution is using the latest version of the Windows ADK.
 
 ## <a href="" id="manage-mac-addresses"></a>Manage MAC addresses with removable Ethernet adapters
 
@@ -67,7 +67,7 @@ Another consideration for administrators performing Windows deployment over the
 
 The simplest solution to avoid MAC address conflicts is to provide a dedicated removable Ethernet adapter for each Surface device. This can make sense in many scenarios where the Ethernet adapter or the additional functionality of the docking station will be used regularly. However, not all scenarios call for the additional connectivity of a docking station or support for wired networks.
 
-Another potential solution to avoid conflict when adapters are shared is to use the [Microsoft Deployment Toolkit (MDT)](http://go.microsoft.com/fwlink/p/?LinkId=618117) to perform deployment to Surface devices. MDT does not use the MAC address to identify individual computers and thus is not subject to this limitation. However, MDT does use Windows Deployment Services to provide PXE boot functionality, and is subject to the limitations regarding pre-staged clients which is covered later in this section.
+Another potential solution to avoid conflict when adapters are shared is to use the [Microsoft Deployment Toolkit (MDT)](https://go.microsoft.com/fwlink/p/?LinkId=618117) to perform deployment to Surface devices. MDT does not use the MAC address to identify individual computers and thus is not subject to this limitation. However, MDT does use Windows Deployment Services to provide PXE boot functionality, and is subject to the limitations regarding pre-staged clients which is covered later in this section.
 
 When you use a shared adapter for deployment, the solution for affected deployment technologies is to use another means to identify unique systems. For Configuration Manager and WDS, both of which can be affected by this issue, the solution is to use the System Universal Unique Identifier (System UUID) that is embedded in the computer firmware by the computer manufacturer. For Surface devices, you can see this entry in the computer firmware under **Device Information**.
 
@@ -78,9 +78,9 @@ To access the firmware of a Surface device, follow these steps:
 3.  Press and release the **Power** button.
 4.  After the device begins to boot, release the **Volume Up** button.
 
-When deploying with WDS, the MAC address is only used to identify a computer when the deployment server is configured to respond only to known, pre-staged clients. When pre-staging a client, an administrator creates a computer account in Active Directory and defines that computer by the MAC address or the System UUID. To avoid the identity conflicts caused by shared Ethernet adapters, you should use [System UUID to define pre-staged clients](http://go.microsoft.com/fwlink/p/?LinkId=618118). Alternatively, you can configure WDS to respond to unknown clients that do not require definition by either MAC address or System UUID by selecting the **Respond to all client computers (known and unknown)** option on the [**PXE Response** tab](http://go.microsoft.com/fwlink/p/?LinkId=618119) in **Windows Deployment Server Properties**.
+When deploying with WDS, the MAC address is only used to identify a computer when the deployment server is configured to respond only to known, pre-staged clients. When pre-staging a client, an administrator creates a computer account in Active Directory and defines that computer by the MAC address or the System UUID. To avoid the identity conflicts caused by shared Ethernet adapters, you should use [System UUID to define pre-staged clients](https://go.microsoft.com/fwlink/p/?LinkId=618118). Alternatively, you can configure WDS to respond to unknown clients that do not require definition by either MAC address or System UUID by selecting the **Respond to all client computers (known and unknown)** option on the [**PXE Response** tab](https://go.microsoft.com/fwlink/p/?LinkId=618119) in **Windows Deployment Server Properties**.
 
-The potential for conflicts with shared Ethernet adapters is much higher with Configuration Manager. Where WDS only uses MAC addresses to define individual systems when configured to do so, Configuration Manager uses the MAC address to define individual systems whenever performing a deployment to new or unknown computers. This can result in improperly configured devices or even the inability to deploy more than one system with a shared Ethernet adapter. There are several potential solutions for this situation that are described in detail in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](http://go.microsoft.com/fwlink/p/?LinkId=618120) blog post on the Ask Premier Field Engineering (PFE) Platforms TechNet blog.
+The potential for conflicts with shared Ethernet adapters is much higher with Configuration Manager. Where WDS only uses MAC addresses to define individual systems when configured to do so, Configuration Manager uses the MAC address to define individual systems whenever performing a deployment to new or unknown computers. This can result in improperly configured devices or even the inability to deploy more than one system with a shared Ethernet adapter. There are several potential solutions for this situation that are described in detail in the [How to Use The Same External Ethernet Adapter For Multiple SCCM OSD](https://go.microsoft.com/fwlink/p/?LinkId=618120) blog post on the Ask Premier Field Engineering (PFE) Platforms TechNet blog.
 
  
 
diff --git a/devices/surface/images/using-sda-driverfiles-fig1.png b/devices/surface/images/using-sda-driverfiles-fig1.png
new file mode 100644
index 0000000000..51244bfe16
Binary files /dev/null and b/devices/surface/images/using-sda-driverfiles-fig1.png differ
diff --git a/devices/surface/images/using-sda-installcommand-fig2.png b/devices/surface/images/using-sda-installcommand-fig2.png
new file mode 100644
index 0000000000..61a4fbd1f2
Binary files /dev/null and b/devices/surface/images/using-sda-installcommand-fig2.png differ
diff --git a/devices/surface/images/using-sda-newinstall-fig3.png b/devices/surface/images/using-sda-newinstall-fig3.png
new file mode 100644
index 0000000000..ff18b67e3e
Binary files /dev/null and b/devices/surface/images/using-sda-newinstall-fig3.png differ
diff --git a/devices/surface/manage-surface-dock-firmware-updates.md b/devices/surface/manage-surface-dock-firmware-updates.md
index f11c5fefe8..f2d71be1b0 100644
--- a/devices/surface/manage-surface-dock-firmware-updates.md
+++ b/devices/surface/manage-surface-dock-firmware-updates.md
@@ -2,6 +2,7 @@
 title: Manage Surface Dock firmware updates (Surface)
 description: Read about the different methods you can use to manage the process of Surface Dock firmware updates.
 ms.assetid: 86DFC0C0-C842-4CD1-A2D7-4425471FFE3F
+localizationpriority: high
 keywords: firmware, update, install, drivers
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -15,13 +16,13 @@ author: jobotto
 
 Read about the different methods you can use to manage the process of Surface Dock firmware updates.
 
-The Surface Dock provides external connectivity to Surface devices through a single cable connection that includes Power, Ethernet, Audio, USB 3.0, and DisplayPort. The numerous connections provided by the Surface Dock are enabled by a smart chipset within the Surface Dock device. Like a Surface device’s chipset, the chipset that is built into the Surface Dock is controlled by firmware. For more information about the Surface Dock, see the [Surface Dock demonstration](https://technet.microsoft.com/en-us/mt697552) video.
+The Surface Dock provides external connectivity to Surface devices through a single cable connection that includes Power, Ethernet, Audio, USB 3.0, and DisplayPort. The numerous connections provided by the Surface Dock are enabled by a smart chipset within the Surface Dock device. Like a Surface device’s chipset, the chipset that is built into the Surface Dock is controlled by firmware. For more information about the Surface Dock, see the [Surface Dock demonstration](https://technet.microsoft.com/mt697552) video.
 
 Like the firmware for Surface devices, firmware for Surface Dock is also contained within a downloaded driver that is visible in Device Manager. This driver stages the firmware update files on the Surface device. When a Surface Dock is connected and the driver is loaded, the newer version of the firmware staged by the driver is detected and firmware files are copied to the Surface Dock. The Surface Dock then begins a two-phase process to apply the firmware internally. Each phase requires the Surface Dock to be disconnected from the Surface device before the firmware is applied. The driver copies the firmware into the dock, but only applies it when the user disconnects the Surface device from the Surface Dock. This ensures that there are no disruptions because the firmware is only applied when the user leaves their desk with the device.
 
 >**Note:**&nbsp;&nbsp;You can learn more about the firmware update process for Surface devices and how firmware is updated through driver installation at the following links:<br/>
-- [How to manage and update Surface drivers and firmware](https://technet.microsoft.com/en-us/mt697551) from Microsoft Mechanics
-- [Windows Update Makes Surface Better](http://go.microsoft.com/fwlink/p/?LinkId=785354) on the Microsoft Devices Blog
+- [How to manage and update Surface drivers and firmware](https://technet.microsoft.com/mt697551) from Microsoft Mechanics
+- [Windows Update Makes Surface Better](https://go.microsoft.com/fwlink/p/?LinkId=785354) on the Microsoft Devices Blog
 
  
 
@@ -78,7 +79,7 @@ Windows Update is the method that most users will use. The drivers for the Surfa
 
 This method is used mostly in environments where Surface device drivers and firmware are managed separately from Windows Update. See [Manage Surface driver and firmware updates](manage-surface-pro-3-firmware-updates.md) for more information about the different methods to manage Surface device driver and firmware updates. Updating the Surface Dock firmware through this method involves downloading and deploying an MSI package to the Surface device that contains the updated Surface Dock drivers and firmware. This is the same method recommended for updating all other Surface drivers and firmware. The two-phase firmware update process occurs in the background each time the Surface Dock is disconnected, just like it does with the Windows Update method.
 
-For more information about how to deploy MSI packages see [Create and deploy an application with System Center Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=785355).
+For more information about how to deploy MSI packages see [Create and deploy an application with System Center Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=785355).
 
 >**Note:**&nbsp;&nbsp;When drivers are installed through Windows Update or the MSI package, registry keys are added that indicate the version of firmware installed on the Surface Dock and contained within the Surface Dock driver. These registry keys can be found in:<br/><br/>
   **HLKM\\Software\\Microsoft\\Windows NT\\CurrentVersion\\WUDF\\Services\\SurfaceDockFwUpdate\\Parameters**
@@ -102,7 +103,7 @@ Firmware status is displayed for both the main chipset (displayed as **Component
 
 The manual method using the Microsoft Surface Dock Updater tool to update the Surface Dock is used mostly in environments where IT prepares Surface Docks prior to delivery to the end user, or for troubleshooting of a Surface Dock. Microsoft Surface Dock Updater is a tool that you can run from any Surface device that is compatible with the Surface Dock, and will walk you through the process of performing the Surface Dock firmware update in the least possible amount of time. You can also use this tool to verify the firmware status of a connected Surface Dock.
 
-For more information about how to use the Microsoft Surface Dock Updater tool, please see [Microsoft Surface Dock Updater](surface-dock-updater.md). You can download the Microsoft Surface Dock Updater tool from the [Surface Tools for IT page](http://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center.
+For more information about how to use the Microsoft Surface Dock Updater tool, please see [Microsoft Surface Dock Updater](surface-dock-updater.md). You can download the Microsoft Surface Dock Updater tool from the [Surface Tools for IT page](https://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center.
 
  
 
diff --git a/devices/surface/manage-surface-pro-3-firmware-updates.md b/devices/surface/manage-surface-pro-3-firmware-updates.md
index 3bc069e706..521f6e38a2 100644
--- a/devices/surface/manage-surface-pro-3-firmware-updates.md
+++ b/devices/surface/manage-surface-pro-3-firmware-updates.md
@@ -3,6 +3,7 @@ title: Manage Surface driver and firmware updates (Surface)
 description: This article describes the available options to manage firmware and driver updates for Surface devices.
 ms.assetid: CD1219BA-8EDE-4BC8-BEEF-99B50C211D73
 keywords: Surface, Surface Pro 3, firmware, update, device, manage, deploy, driver, USB
+localizationpriority: high
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
@@ -30,26 +31,26 @@ The simplest solution to ensure that firmware on Surface devices in your organiz
 
 Although this solution ensures that firmware will be updated as new releases are made available to Windows Update, it does present potential drawbacks. Each Surface device that receives Windows Updates directly will separately download each update rather than accessing a central location, which increases demand on Internet connectivity and bandwidth. Updates are also provided automatically to devices, without being subjected to testing or review by administrators.
 
-For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 5: Configure Group Policy Settings for Automatic Updates](http://go.microsoft.com/fwlink/p/?LinkId=618172).
+For details about Group Policy for client configuration of WSUS or Windows Update, see [Step 5: Configure Group Policy Settings for Automatic Updates](https://go.microsoft.com/fwlink/p/?LinkId=618172).
 
 **Windows Installer Package**
 
-The firmware and driver downloads for Surface devices now include Windows Installer files for firmware and driver updates. These Windows Installer packages can be deployed with utilities that support application deployment, including the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. This solution allows for centralized deployment and for administrators to test and review firmware updates before they are deployed. For more information about the Windows Installer package delivery method for firmware and driver updates, including details on what drivers are updated by the package and why certain drivers and firmware are not updated by the Windows Installer package, see the [Surface Pro 3 MSI Now Available](http://go.microsoft.com/fwlink/p/?LinkId=618173) blog post.
+The firmware and driver downloads for Surface devices now include Windows Installer files for firmware and driver updates. These Windows Installer packages can be deployed with utilities that support application deployment, including the Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager. This solution allows for centralized deployment and for administrators to test and review firmware updates before they are deployed. For more information about the Windows Installer package delivery method for firmware and driver updates, including details on what drivers are updated by the package and why certain drivers and firmware are not updated by the Windows Installer package, see the [Surface Pro 3 MSI Now Available](https://go.microsoft.com/fwlink/p/?LinkId=618173) blog post.
 
-For instructions on how to deploy with System Center Configuration Manager, refer to [How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=618175). For deployment of applications with MDT, see [Step 4: Add an application in the Deploy a Windows 8.1 Image Using MDT 2013](http://go.microsoft.com/fwlink/p/?LinkId=618176). Note that you can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.
+For instructions on how to deploy with System Center Configuration Manager, refer to [How to Deploy Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=618175). For deployment of applications with MDT, see [Step 4: Add an application in the Deploy a Windows 8.1 Image Using MDT 2013](https://go.microsoft.com/fwlink/p/?LinkId=618176). Note that you can deploy applications separately from an operating system deployment through MDT by using a Post OS Installation task sequence.
 
 **Provisioning packages**
 
-New in Windows 10, provisioning packages (PPKG files) provide a simple method to apply a configuration to a destination device. You can find out more about provisioning packages, including instructions for how to create your own, in [Provisioning packages](http://go.microsoft.com/fwlink/p/?LinkId=761075). For easy application of a complete set of drivers and firmware to devices running Windows 10, a provisioning package is supplied for Surface Pro 3 devices. This file contains all of the instructions and required assets to update a Surface Pro 3 device with Windows 10 to the latest drivers and firmware.
+New in Windows 10, provisioning packages (PPKG files) provide a simple method to apply a configuration to a destination device. You can find out more about provisioning packages, including instructions for how to create your own, in [Provisioning packages](https://go.microsoft.com/fwlink/p/?LinkId=761075). For easy application of a complete set of drivers and firmware to devices running Windows 10, a provisioning package is supplied for Surface Pro 3 devices. This file contains all of the instructions and required assets to update a Surface Pro 3 device with Windows 10 to the latest drivers and firmware.
 
 **Windows PowerShell**
 
-Another method you can use to update the firmware when Windows Updates are managed in the organization is to install the firmware from the firmware and driver pack by using PowerShell. This method allows for a similar deployment experience to the Windows Installer package and can similarly be deployed as a package by using System Center Configuration Manager. You can find the PowerShell script and details on how to perform the firmware deployment in the [Deploying Drivers and Firmware to Surface Pro](http://go.microsoft.com/fwlink/p/?LinkId=618177) blog post.
+Another method you can use to update the firmware when Windows Updates are managed in the organization is to install the firmware from the firmware and driver pack by using PowerShell. This method allows for a similar deployment experience to the Windows Installer package and can similarly be deployed as a package by using System Center Configuration Manager. You can find the PowerShell script and details on how to perform the firmware deployment in the [Deploying Drivers and Firmware to Surface Pro](https://go.microsoft.com/fwlink/p/?LinkId=618177) blog post.
 
 ## Operating system deployment considerations
 
 
-The deployment of firmware updates during an operating system deployment is a straightforward process. The firmware and driver pack can be imported into either System Center Configuration Manager or MDT, and are used to deploy a fully updated environment, complete with firmware, to a target Surface device. For a complete step-by-step guide for deployment to Surface Pro 3 using either Configuration Manager or MDT, download the [Deployment and Administration Guide for Surface Pro 3](http://go.microsoft.com/fwlink/p/?LinkId=618178) from the Microsoft Download Center.
+The deployment of firmware updates during an operating system deployment is a straightforward process. The firmware and driver pack can be imported into either System Center Configuration Manager or MDT, and are used to deploy a fully updated environment, complete with firmware, to a target Surface device. For a complete step-by-step guide for deployment to Surface Pro 3 using either Configuration Manager or MDT, download the [Deployment and Administration Guide for Surface Pro 3](https://go.microsoft.com/fwlink/p/?LinkId=618178) from the Microsoft Download Center.
 
 The individual driver files are also made available in the Microsoft Download Center if you are using deployment tools. The driver files are available in the ZIP archive file in the list of available downloads for your device.
 
@@ -59,7 +60,7 @@ A best practice for deployment with any solution that uses the Windows Preinstal
 
 **Update Surface Pro 3 firmware offline through USB**
 
-In some early versions of Surface Pro 3 firmware, PXE boot performance can be quite slow. This has been resolved with updated firmware, but for organizations where firmware will be updated through operating system deployment, this issue is encountered before the updates can be deployed to the device. In this scenario, you can deploy updated firmware through a USB drive to ensure that when the operating system deployment is initiated, the network boot is quick, and deployment can complete in a timely fashion. To create a USB drive to update Surface Pro 3 firmware, see [How to Update the Surface Pro 3 Firmware Offline using a USB Drive](http://go.microsoft.com/fwlink/p/?LinkId=618189) on the Ask Premier Field Engineering (PFE) Platforms TechNet Blog.
+In some early versions of Surface Pro 3 firmware, PXE boot performance can be quite slow. This has been resolved with updated firmware, but for organizations where firmware will be updated through operating system deployment, this issue is encountered before the updates can be deployed to the device. In this scenario, you can deploy updated firmware through a USB drive to ensure that when the operating system deployment is initiated, the network boot is quick, and deployment can complete in a timely fashion. To create a USB drive to update Surface Pro 3 firmware, see [How to Update the Surface Pro 3 Firmware Offline using a USB Drive](https://go.microsoft.com/fwlink/p/?LinkId=618189) on the Ask Premier Field Engineering (PFE) Platforms TechNet Blog.
 
  
 
diff --git a/devices/surface/manage-surface-uefi-settings.md b/devices/surface/manage-surface-uefi-settings.md
index e36486bfa4..246334a4d4 100644
--- a/devices/surface/manage-surface-uefi-settings.md
+++ b/devices/surface/manage-surface-uefi-settings.md
@@ -2,6 +2,7 @@
 title: Manage Surface UEFI settings (Surface)
 description: Use Surface UEFI settings to enable or disable devices or components, configure security settings, and adjust Surface device boot settings. 
 keywords: firmware, security, features, configure, hardware
+localizationpriority: high
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -25,7 +26,7 @@ On the **PC information** page, detailed information about your Surface device i
 - **UUID** – This Universally Unique Identification number is specific to your device and is used to identify the device during deployment or management. 
 
 - **Serial Number** – This number is used to identify this specific Surface device for asset tagging and support scenarios.
-- **Asset Tag** – The asset tag is assigned to the Surface device with the [Asset Tag Tool](https://www.microsoft.com/en-us/download/details.aspx?id=44076). 
+- **Asset Tag** – The asset tag is assigned to the Surface device with the [Asset Tag Tool](https://www.microsoft.com/download/details.aspx?id=44076). 
 
 You will also find detailed information about the firmware of your Surface device. Surface devices have several internal components that each run different versions of firmware. The firmware version of each of the following devices is displayed on the **PC information** page (as shown in Figure 1): 
 
@@ -43,7 +44,7 @@ You will also find detailed information about the firmware of your Surface devic
 
 *Figure 1. System information and firmware version information*
 
-You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/en-us/support/install-update-activate/surface-update-history) for your device. 
+You can find up-to-date information about the latest firmware version for your Surface device in the [Surface Update History](https://www.microsoft.com/surface/support/install-update-activate/surface-update-history) for your device. 
 
 ##Security 
 
@@ -69,7 +70,7 @@ On the **Security** page you can also change the configuration of Secure Boot on
 
 *Figure 3. Configure Secure Boot*
 
-You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library. 
+You can also enable or disable the Trusted Platform Module (TPM) device on the **Security** page, as shown in Figure 4. The TPM is used to authenticate encryption for your device’s data with BitLocker. Read more about [BitLocker](https://technet.microsoft.com/itpro/windows/keep-secure/bitlocker-overview) in the TechNet Library. 
 
 ![Configure Surface UEFI security settings](images/manage-surface-uefi-fig4.png "Configure Surface UEFI security settings")
 
diff --git a/devices/surface/microsoft-surface-data-eraser.md b/devices/surface/microsoft-surface-data-eraser.md
index 1fde46555c..d885af5dd9 100644
--- a/devices/surface/microsoft-surface-data-eraser.md
+++ b/devices/surface/microsoft-surface-data-eraser.md
@@ -2,6 +2,7 @@
 title: Microsoft Surface Data Eraser (Surface)
 description: Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.
 ms.assetid: 8DD3F9FE-5458-4467-BE26-E9200341CF10
+localizationpriority: high
 keywords: tool, USB, data, erase
 ms.prod: w10
 ms.mktglfcycl: manage
@@ -15,7 +16,7 @@ author: miladCA
 
 Find out how the Microsoft Surface Data Eraser tool can help you securely wipe data from your Surface devices.
 
-[Microsoft Surface Data Eraser](http://go.microsoft.com/fwlink/p/?LinkId=691148) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB tool is easy to create by using the provided wizard, the Microsoft Surface Data Eraser Wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](http://go.microsoft.com/fwlink/p/?LinkId=691222).
+[Microsoft Surface Data Eraser](https://go.microsoft.com/fwlink/p/?LinkId=691148) is a tool that boots from a USB stick and allows you to perform a secure wipe of all data from a compatible Surface device. A Microsoft Surface Data Eraser USB stick requires only the ability to boot from USB. The USB tool is easy to create by using the provided wizard, the Microsoft Surface Data Eraser Wrapper, and is easy to use with a simple graphic interface, no command line needed. To learn more about the data wiping capabilities and practices Microsoft uses during the service process for Surface, see [Protecting your data if you send your Surface in for service](https://go.microsoft.com/fwlink/p/?LinkId=691222).
 
 Compatible Surface devices include:
 
diff --git a/devices/surface/microsoft-surface-deployment-accelerator.md b/devices/surface/microsoft-surface-deployment-accelerator.md
index 3a37d4c81c..169358ad9a 100644
--- a/devices/surface/microsoft-surface-deployment-accelerator.md
+++ b/devices/surface/microsoft-surface-deployment-accelerator.md
@@ -2,6 +2,7 @@
 title: Microsoft Surface Deployment Accelerator (Surface)
 description: Microsoft Surface Deployment Accelerator provides a quick and simple deployment mechanism for organizations to reimage Surface devices.
 ms.assetid: E7991E90-4AAE-44B6-8822-58BFDE3EADE4
+localizationpriority: high
 keywords: deploy, install, tool
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -19,13 +20,13 @@ SDA includes a wizard that automates the creation and configuration of a Microso
 
 SDA is built on the powerful suite of deployment tools available from Microsoft including the Windows Assessment and Deployment Kit (ADK), the Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS). The resulting deployment share encompasses the recommended best practices for managing drivers during deployment and automating image creation and can serve as a starting point upon which you build your own customized deployment solution.
 
-You can find more information about how to deploy to Surface devices, including step-by-step walkthroughs of customized deployment solution implementation, on the Deploy page of the [Surface TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=691693).
+You can find more information about how to deploy to Surface devices, including step-by-step walkthroughs of customized deployment solution implementation, on the Deploy page of the [Surface TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=691693).
 
 **Download Microsoft Surface Deployment Accelerator**
 
 You can download the installation files for SDA from the Microsoft Download Center. To download the installation files:
 
-1.  Go to the [Surface Tools for IT](http://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center.
+1.  Go to the [Surface Tools for IT](https://go.microsoft.com/fwlink/p/?LinkId=618121) page on the Microsoft Download Center.
 
 2.  Click the **Download** button, select the **Surface\_Deployment\_Accelerator\_xxxx.msi** file, and then click **Next**.
 
@@ -59,7 +60,7 @@ As you progress through the SDA wizard, you will be asked some basic questions a
 
 When the SDA completes, you can use the deployment share to deploy over the network immediately. Simply boot your Surface device from the network using a Surface Ethernet Adapter and select the Surface deployment share you created with the SDA wizard. Select the **1- Deploy Microsoft Surface** task sequence and the wizard will walk you through an automated deployment of Windows to your Surface device.
 
-You can modify the task sequence in the MDT Deployment Workbench to [include your own apps](http://go.microsoft.com/fwlink/p/?linkid=691700), or to [pause the automated installation routine](http://go.microsoft.com/fwlink/p/?linkid=691701). While the installation is paused, you can make changes to customize your reference image. After the image is captured, you can configure a deployment task sequence and distribute this custom configuration by using the same network boot capabilities as before.
+You can modify the task sequence in the MDT Deployment Workbench to [include your own apps](https://go.microsoft.com/fwlink/p/?linkid=691700), or to [pause the automated installation routine](https://go.microsoft.com/fwlink/p/?linkid=691701). While the installation is paused, you can make changes to customize your reference image. After the image is captured, you can configure a deployment task sequence and distribute this custom configuration by using the same network boot capabilities as before.
 
 >**Note:**&nbsp;&nbsp;With SDA v1.9.0258, Surface Pro 3, Surface Pro 4, and Surface Book are supported for Windows 10 deployment, and Surface Pro 3 is supported for Windows 8.1 deployment.
 
@@ -82,7 +83,7 @@ You can find a full list of available driver downloads at [Download the latest f
 
 ## Changes and updates
 
-SDA is periodically updated by Microsoft. For instructions on how these features are used, see [Step-by-Step: Microsoft Surface Deployment Accelerator](https://technet.microsoft.com/en-us/itpro/surface/step-by-step-surface-deployment-accelerator).
+SDA is periodically updated by Microsoft. For instructions on how these features are used, see [Step-by-Step: Microsoft Surface Deployment Accelerator](https://technet.microsoft.com/itpro/surface/step-by-step-surface-deployment-accelerator).
 
 >**Note:**&nbsp;&nbsp;To install a newer version of SDA on a server with a previous version of SDA installed, you only need to run the installation file for the new version of SDA. The installer will handle the upgrade process automatically. If you used SDA to create a deployment share prior to the upgrade and want to use new features of the new version of SDA, you will need to create a new deployment share. SDA does not support upgrades of an existing deployment share.
  
diff --git a/devices/surface/step-by-step-surface-deployment-accelerator.md b/devices/surface/step-by-step-surface-deployment-accelerator.md
index 016c7ddfbd..2024ee1ca9 100644
--- a/devices/surface/step-by-step-surface-deployment-accelerator.md
+++ b/devices/surface/step-by-step-surface-deployment-accelerator.md
@@ -2,6 +2,7 @@
 title: Step by step Surface Deployment Accelerator (Surface)
 description: This article shows you how to install Microsoft Surface Deployment Accelerator (SDA), configure a deployment share for the deployment of Windows to Surface devices, and perform a deployment to Surface devices.
 ms.assetid: A944FB9C-4D81-4868-AFF6-B9D1F5CF1032
+localizationpriority: high
 keywords: deploy, configure
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -20,7 +21,7 @@ This article shows you how to install Microsoft Surface Deployment Accelerator (
 
 For information about prerequisites and instructions for how to download and install SDA, see [Microsoft Surface Deployment Accelerator](microsoft-surface-deployment-accelerator.md).
 
-1.  Download SDA, which is included in [Surface Tools for IT](http://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center.
+1.  Download SDA, which is included in [Surface Tools for IT](https://go.microsoft.com/fwlink/p/?LinkId=618121) on the Microsoft Download Center.
 
 2.  Run the SDA installation file, named **Surface\_Deployment\_Accelerator\_*xxxx*.msi**, where *xxxx* is the current version number.
 
@@ -76,7 +77,7 @@ The following steps show you how to create a deployment share for Windows 10 th
 
     -   **Windows 10 Deployment Services**
 
-        -   Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](http://go.microsoft.com/fwlink/p/?LinkId=761072) for more information about how to configure Windows Deployment Services for PXE boot.
+        -   Select the **Import boot media into the local Windows Deployment Service** check box if you would like to boot your Surface devices from the network to perform the Windows deployment. Windows Deployment Services must be installed and configured to respond to PXE boot requests. See [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://go.microsoft.com/fwlink/p/?LinkId=761072) for more information about how to configure Windows Deployment Services for PXE boot.
 
     -   **Windows 10 Source Files**
 
@@ -146,7 +147,7 @@ You can use USB media to perform an SDA deployment if your Surface device is una
 
  
 
-Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](http://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
+Before you can create bootable media files within the MDT Deployment Workbench or copy those files to a USB drive, you must first configure that USB drive to be bootable. Using [DiskPart](https://go.microsoft.com/fwlink/p/?LinkId=761073), create a partition, format the partition as FAT32, and set the partition to be active. To run DiskPart, open an administrative PowerShell or Command Prompt window, and then run the following sequence of commands, as shown in Figure 7:
 
 1.  **diskpart** – Opens DiskPart to manage disks and partitions.
 
@@ -299,7 +300,7 @@ The **2 – Create Windows Reference Image** task sequence is used to perform a
 
 Like the **1 – Deploy Microsoft Surface** task sequence, the **2 – Create Windows Reference Image** task sequence performs a deployment of the unaltered Windows image directly from the installation media. Creation of a reference image should always be performed on a virtual machine. Using a virtual machine as your reference system helps to ensure that the resulting image is compatible with different hardware configurations.
 
->**Note:**&nbsp;&nbsp;Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](http://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).
+>**Note:**&nbsp;&nbsp;Using a virtual machine when you create a reference image for Windows deployment is a recommended practice for performing Windows deployments with Microsoft deployment tools including the Microsoft Deployment Toolkit and System Center Configuration Manager. These Microsoft deployment technologies use the hardware agnostic images produced from a virtual machine and a collection of managed drivers to deploy to different configurations of hardware. For more information, see [Deploy a Windows 10 image using MDT 2013 Update 2](http://technet.microsoft.com/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt).
 
  
 
diff --git a/devices/surface/surface-diagnostic-toolkit.md b/devices/surface/surface-diagnostic-toolkit.md
index 0dc868613b..fcf3eb8f6b 100644
--- a/devices/surface/surface-diagnostic-toolkit.md
+++ b/devices/surface/surface-diagnostic-toolkit.md
@@ -3,6 +3,7 @@ title: Microsoft Surface Diagnostic Toolkit (Surface)
 description: Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.
 ms.assetid: FC4C3E76-3613-4A84-A384-85FE8809BEF1
 keywords: hardware, device, tool, test, component
+localizationpriority: high
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
@@ -15,7 +16,7 @@ author: miladCA
 
 Find out how you can use the Microsoft Surface Diagnostic Toolkit to test the hardware of your Surface device.
 
-The [Microsoft Surface Diagnostic Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=618121) is a small, portable diagnostic tool that runs through a suite of tests to diagnose the hardware of Surface devices. The Microsoft Surface Diagnostic Toolkit executable file is less than 3 MB, which allows it to be distributed through email. It does not require installation, so it can be run directly from a USB stick or over the network. The Microsoft Surface Diagnostic Toolkit walks you through several tests of individual components including the touchscreen, cameras, and sensors.
+The [Microsoft Surface Diagnostic Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=618121) is a small, portable diagnostic tool that runs through a suite of tests to diagnose the hardware of Surface devices. The Microsoft Surface Diagnostic Toolkit executable file is less than 3 MB, which allows it to be distributed through email. It does not require installation, so it can be run directly from a USB stick or over the network. The Microsoft Surface Diagnostic Toolkit walks you through several tests of individual components including the touchscreen, cameras, and sensors.
 
 >**Note:**&nbsp;&nbsp;A Surface device must boot into Windows to run the Microsoft Surface Diagnostic Toolkit. The Microsoft Surface Diagnostic Toolkit will run only on the following Surface devices:
 
@@ -122,7 +123,7 @@ This test checks for any outstanding Windows updates and will prompt you to inst
 
 #### Device information
 
-This test reads the Device ID and serial number in addition to basic system information such as device model, operating system version, processor, memory, and storage. The Device ID is recorded in the name of the log file and can be used to identify a log file for a specific device. Several system log files are also collected, including update and rollback logs, and output from several Windows built-in tools, such as [DirectX Diagnostics](http://go.microsoft.com/fwlink/p/?LinkId=746476) and [System Information](http://go.microsoft.com/fwlink/p/?LinkId=746477), power configuration, disk health, and event logs. See the following list for a full set of collected log files:
+This test reads the Device ID and serial number in addition to basic system information such as device model, operating system version, processor, memory, and storage. The Device ID is recorded in the name of the log file and can be used to identify a log file for a specific device. Several system log files are also collected, including update and rollback logs, and output from several Windows built-in tools, such as [DirectX Diagnostics](https://go.microsoft.com/fwlink/p/?LinkId=746476) and [System Information](https://go.microsoft.com/fwlink/p/?LinkId=746477), power configuration, disk health, and event logs. See the following list for a full set of collected log files:
 
 - Output of **Get-WindowsUpdateLog** if the operating system is Windows 10
 
@@ -338,7 +339,7 @@ The device orientation sensor determines what the angle of the Surface device is
 This test cycles the screen through brightness levels from 0 percent to 100 percent, and then a message is displayed to confirm if the brightness level changed accordingly. You are then prompted to test for brightness reaction. To test the reaction of brightness when running on battery, disconnect the power adapter. The screen should automatically dim when power is disconnected.
 
 #### Surface Dock test
-The Microsoft Surface Diagnostic Toolkit uses this test only if a Surface Dock is connected to the device. If a Surface Dock is detected, this test verifies that the Surface Dock driver firmware is updated. For more detailed analysis of Surface Dock firmware status and how to manually initiate the firmware update process, see the [Microsoft Surface Dock Updater](https://technet.microsoft.com/en-us/itpro/surface/surface-dock-updater) article.
+The Microsoft Surface Diagnostic Toolkit uses this test only if a Surface Dock is connected to the device. If a Surface Dock is detected, this test verifies that the Surface Dock driver firmware is updated. For more detailed analysis of Surface Dock firmware status and how to manually initiate the firmware update process, see the [Microsoft Surface Dock Updater](https://technet.microsoft.com/itpro/surface/surface-dock-updater) article.
 
 
 #### System assessment
@@ -349,11 +350,11 @@ The Windows System Assessment Tool (WinSAT) runs a series of benchmarks against
 
 #### Performance Monitor test
 
-Performance and diagnostic trace logs are recorded from Performance Monitor for 30 seconds and collected in the .zip file output of the Microsoft Surface Diagnostic Toolkit by this test. You can analyze these trace logs with the [Windows Performance Analyzer](http://go.microsoft.com/fwlink/p/?LinkId=746486) to identify causes of application crashes, performance issues, or other undesirable behavior in Windows.
+Performance and diagnostic trace logs are recorded from Performance Monitor for 30 seconds and collected in the .zip file output of the Microsoft Surface Diagnostic Toolkit by this test. You can analyze these trace logs with the [Windows Performance Analyzer](https://go.microsoft.com/fwlink/p/?LinkId=746486) to identify causes of application crashes, performance issues, or other undesirable behavior in Windows.
 
 #### Crash dump collection
 
-If your Surface device has encountered an error that caused the device to fail or produce a blue screen error, this stage of the Microsoft Surface Diagnostic Toolkit records the information from the automatically recorded crash dump files in the diagnostic log. You can use these crash dump files to identify a faulty driver, hardware component, or application through analysis. Use the [Windows Debugging Tool](http://go.microsoft.com/fwlink/p/?LinkId=746488) to analyze these files. If you are not familiar with the analysis of crash dump files, you can describe your issue and post a link to your crash dump files (uploaded to OneDrive or another file sharing service) in the [Windows TechNet Forums](http://go.microsoft.com/fwlink/p/?LinkId=746489).
+If your Surface device has encountered an error that caused the device to fail or produce a blue screen error, this stage of the Microsoft Surface Diagnostic Toolkit records the information from the automatically recorded crash dump files in the diagnostic log. You can use these crash dump files to identify a faulty driver, hardware component, or application through analysis. Use the [Windows Debugging Tool](https://go.microsoft.com/fwlink/p/?LinkId=746488) to analyze these files. If you are not familiar with the analysis of crash dump files, you can describe your issue and post a link to your crash dump files (uploaded to OneDrive or another file sharing service) in the [Windows TechNet Forums](https://go.microsoft.com/fwlink/p/?LinkId=746489).
 
 #### Connected standby text
 
diff --git a/devices/surface/surface-dock-updater.md b/devices/surface/surface-dock-updater.md
index 4020a499aa..91d4411699 100644
--- a/devices/surface/surface-dock-updater.md
+++ b/devices/surface/surface-dock-updater.md
@@ -3,6 +3,7 @@ title: Microsoft Surface Dock Updater (Surface)
 description: This article provides a detailed walkthrough of Microsoft Surface Dock Updater.
 ms.assetid: 1FEFF277-F7D1-4CB4-8898-FDFE8CBE1D5C
 keywords: install, update, firmware
+localizationpriority: high
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.pagetype: surface, devices
@@ -15,7 +16,7 @@ author: jobotto
 
 This article provides a detailed walkthrough of Microsoft Surface Dock Updater.
 
-The [Microsoft Surface Dock Updater](http://go.microsoft.com/fwlink/p/?LinkId=618121) tool allows you to check the firmware status of a Surface Dock and to manually update the firmware of Surface Dock devices. It is most often used to update Surface Docks prior to deployment of those Surface Docks to end users or as a troubleshooting tool. Microsoft Surface Dock Updater walks you through the process of updating the firmware on one or more Surface Docks, including the required connect and disconnect steps to perform the complete firmware installation.
+The [Microsoft Surface Dock Updater](https://go.microsoft.com/fwlink/p/?LinkId=618121) tool allows you to check the firmware status of a Surface Dock and to manually update the firmware of Surface Dock devices. It is most often used to update Surface Docks prior to deployment of those Surface Docks to end users or as a troubleshooting tool. Microsoft Surface Dock Updater walks you through the process of updating the firmware on one or more Surface Docks, including the required connect and disconnect steps to perform the complete firmware installation.
 
 When you run the Microsoft Surface Dock Updater installer you will be prompted to accept an End User License Agreement (EULA).
 
@@ -24,7 +25,7 @@ When you run the Microsoft Surface Dock Updater installer you will be prompted t
 ## Update a Surface Dock with Microsoft Surface Dock Updater
 
 
-After you install the [Microsoft Surface Dock Updater](http://go.microsoft.com/fwlink/p/?LinkId=618121) tool, you can find Microsoft Surface Dock Updater under **All Apps** in your Start menu. Click **Microsoft Surface Dock Updater** to start the application.
+After you install the [Microsoft Surface Dock Updater](https://go.microsoft.com/fwlink/p/?LinkId=618121) tool, you can find Microsoft Surface Dock Updater under **All Apps** in your Start menu. Click **Microsoft Surface Dock Updater** to start the application.
 
 To update a Surface Dock with Microsoft Surface Dock Updater, follow these steps:
 
diff --git a/devices/surface/using-the-sda-deployment-share.md b/devices/surface/using-the-sda-deployment-share.md
new file mode 100644
index 0000000000..043150076c
--- /dev/null
+++ b/devices/surface/using-the-sda-deployment-share.md
@@ -0,0 +1,163 @@
+---
+title: Using the Microsoft Surface Deployment Accelerator deployment share (Surface)
+description: Explore the scenarios where you can use SDA to meet the deployment needs of your organization including Proof of Concept, pilot deployment, as well as import additional drivers and applications.
+keywords: deploy, install, automate, deployment solution
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: surface, devices
+ms.sitesec: library
+author: Scottmca
+---
+
+# Using the Microsoft Surface Deployment Accelerator deployment share
+
+With Microsoft Surface Deployment Accelerator (SDA), you can quickly and easily set up a deployment solution that is ready to deploy Windows to Surface devices. The prepared environment is built on powerful deployment technologies available from Microsoft, such as the [Microsoft Deployment Toolkit (MDT)](https://technet.microsoft.com/en-us/windows/dn475741), and is capable of immediately performing a deployment after configuration. See [Step-by-Step: Surface Deployment Accelerator](https://technet.microsoft.com/en-us/itpro/surface/step-by-step-surface-deployment-accelerator) for a comprehensive walkthrough of using the SDA wizard to set up a deployment share and perform a deployment.
+
+For more information about SDA and information on how to download SDA, see [Microsoft Surface Deployment Accelerator (SDA)](https://technet.microsoft.com/en-us/itpro/surface/microsoft-surface-deployment-accelerator).
+
+Using SDA provides these primary benefits:
+
+* With SDA, you can create a ready-to-deploy environment that can deploy to target devices as fast as your download speeds allow. The wizard experience enables you to check a few boxes and then the automated process builds your deployment environment for you.
+
+* With SDA, you prepare a deployment environment built on the industry leading deployment solution of MDT. With MDT you can scale from a relatively basic deployment of a few Surface devices to a solution capable of deploying to thousands of devices including all of the different makes and models in your organization and all of the applications required by each device and user.
+
+This article explores four scenarios where you can use SDA to meet the needs of your organization. See [Deploy Windows 10](https://technet.microsoft.com/en-us/itpro/windows/deploy/index) to explore the capabilities of MDT and the Windows deployment technologies available from Microsoft in greater detail. 
+
+## Perform a Proof of Concept deployment
+
+One of the primary scenarios for use of SDA is as a Proof of Concept. A *Proof of Concept* (PoC) enables you to test or evaluate the capabilities of a solution or technology. A PoC is often used to illustrate the benefits of the solution or technology to decision makers. For example, if you want to recommend Surface devices as a replacement of older point of sale (POS) systems, you could perform a PoC to demonstrate how Surface devices provide superior computing power, flexibility, and connectivity when compared to alternate options.
+
+Using SDA to prepare a PoC of Surface devices enables you to very quickly prepare a demonstration of Surface device or devices, which gives you more time for customization or preparation. The flexibility of SDA even lets you import resources, like applications and drivers, from existing MDT deployment infrastructure. See the [Work with existing deployment shares](#work-with-existing-deployment-shares) section later in this article for more information.
+
+SDA is also an excellent PoC of the capabilities of MDT. SDA demonstrates just how quickly an MDT deployment environment can be prepared and made ready for deployment to devices. It also shows just how flexible and customizable the MDT solution can be, with support for Windows 10 and Windows 8.1, for Windows Store and desktop applications, and several models of Surface devices.
+
+Some recommendations for a successful PoC with SDA are:
+
+* Keep your SDA deployment environment separate from your production network. This ensures optimal performance and reduces potential for conflicts during your PoC deployment.
+
+* Use a fresh and updated instance of Windows Server to house your SDA deployment share to maintain the simplicity and performance of the demonstration environment.
+
+* Test the deployment process before you demonstrate your PoC. This reduces the potential for unexpected situations and keeps the demonstration focused on the deployment process and Surface devices.
+
+* Use offline files with SDA to further reduce installation times.
+
+* For help with your PoC, contact [Surface Support](https://www.microsoft.com/surface/en-us/support/contact-us-business).
+
+## Perform a pilot deployment
+
+A pilot deployment differs from a PoC. Where a PoC is usually a closed demonstration that is performed prior to the deployment process in order to get approval for the use of certain technologies or solutions, a *pilot deployment* is performed during the deployment process as a limited scope deployment for testing and validation. The focus of a pilot deployment can be as narrow as only a handful of devices, or wide enough to include a significant portion of your organization.
+
+>[!NOTE]
+>A pilot deployment should not replace the testing process that should be performed regularly in the lab as the deployment environment is built and developed. A deployment solution should be tested in virtual and physical environments as new applications and drivers are added and when task sequences are modified and before a pilot deployment is performed. 
+
+For example, you are tasked with deploying Surface devices to mobile workers and you want to test the organization’s MDT deployment process by providing a small number of devices to executives. You can use SDA to create an isolated Surface deployment environment and then copy the task sequence, applications, and drivers needed from the production deployment share. This not only enables you to quickly create a Surface deployment, but it also minimizes the risk to the production deployment process used for other types of devices.
+
+For small organizations, the pilot deployment environment of SDA may suffice as a complete deployment solution. Even if you do not have an existing deployment environment, you can import drivers and applications (covered later in this article) to provide a complete deployment solution based on MDT. Even without previous knowledge of MDT or Windows deployment, you can follow the [Step-by-Step: Surface Deployment Accelerator](https://technet.microsoft.com/en-us/itpro/surface/step-by-step-surface-deployment-accelerator) article to get started with a deployment to Surface devices.
+
+## Import additional drivers
+
+The SDA deployment share includes all of the drivers needed for Surface devices. This includes the drivers for the components inside the Surface device, such as the wireless network adapter and the main chipset, as well as drivers for Surface accessories, such as the Surface Dock or Surface USB Ethernet adapters. The SDA deployment share does not, however, include drivers for third-party devices or peripherals.
+
+For example, you may intend to use your Surface device with a thermal printer, credit card reader, and barcode scanner as a POS terminal. In this scenario, the thermal printer, credit card reader, and barcode scanner will very likely require installation of drivers to operate properly. You could potentially download and install these drivers from Windows Update when each peripheral is connected, or you could install the driver package from the manufacturer manually on each Surface device, but the ideal solution is to have these drivers already present in Windows so that when the peripheral is connected, it will just work.
+
+Because SDA is built on MDT, adding the drivers to the SDA deployment share is easy and simple. 
+
+>[!NOTE]
+>The drivers must be in the Setup Information File (.inf) format. If the drivers for your device come as an executable file (.exe), they may need to be extracted or installed to procure the .inf file. Some device drivers come packaged with applications, for example an all-in-one printer bundled with scan software. These applications will need to be installed separately from the drivers.
+
+To import drivers for a peripheral device:
+
+1. Download the drivers for your device from the manufacturer web site.
+
+2. Open the MDT Deployment Workbench.
+
+3. Expand the **Deployment Shares** node and expand the SDA deployment share.
+
+4. Expand the **Out-of-Box Drivers** folder.
+
+5. Select the folder of the Surface model for which you would like to include this driver.
+
+6. Click **Import Drivers** to start the Import Drivers Wizard, as shown in Figure 1.
+
+  ![Provide the location of your driver files](images\using-sda-driverfiles-fig1.png "Provide the location of your driver files")
+  
+  *Figure 1. Provide the location of your driver files*
+
+7. The Import Drivers Wizard presents a series of steps:
+
+  - **Specify Directory** – Click **Browse** and navigate to the folder where you stored the drivers in Step 1.
+  - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+  - **Progress** – While the drivers are imported, a progress bar is displayed on this page.
+  - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the Import Drivers Wizard.
+
+8. Repeat Steps 5-7 for each Surface model on which you would like to include this driver.
+
+9. Close the Deployment Workbench.
+
+After the drivers are imported for the Surface model, the deployment task sequence will automatically select the drivers during the deployment process and include them in the Windows environment. When you connect your device, such as the barcode scanner in the example, Windows should automatically detect the device and you should be able to use it immediately.
+
+>[!NOTE]
+>You can even import drivers for other computer makes and models to support other devices. See **Step 5: Prepare the drivers repository** in [Deploy a Windows 10 image using MDT 2013 Update 2](https://technet.microsoft.com/en-us/itpro/windows/deploy/deploy-a-windows-10-image-using-mdt) for more information about how to import drivers for other makes and models.
+
+## Import additional applications
+
+As with drivers, the SDA deployment share can be pre-configured with apps like the Surface App and Microsoft Office 365. You can also add applications to the SDA deployment share and configure them to be installed on your Surface devices during deployment of Windows. In the ideal scenario, your Surface devices deployed with the SDA deployment share will include all of the applications needed to be ready for your end users.
+
+In the previous example for including drivers for a POS system, you would also need to include POS software for processing transactions and recording the input from the barcode scanner and credit card reader. To import an application and prepare it for installation on your Surface devices during Windows deployment:
+
+1.	Download the application installation files or locate the installation media for your application.
+
+2.	Determine the command line instruction for silent installation, usually provided by the developer of the application. For Windows Installer files (.msi), see [Standard Installer Command-Line Options](https://msdn.microsoft.com/library/windows/desktop/aa372024) in the Windows Dev Center.
+
+3.	Open the MDT Deployment Workbench.
+
+4.	Expand the **Deployment Shares** node and expand the SDA deployment share.
+
+5.	Expand the **Applications** folder.
+
+6.	Click **New Application** to start the New Application Wizard, as shown in Figure 2.
+
+  ![Provide the command to install your application](images\using-sda-installcommand-fig2.png "Provide the command to install your application")
+  
+  *Figure 2: Provide the command to install your application*
+
+7.	Follow the steps of the New Application Wizard:
+
+  - **Application Type** – Click **Application with Source Files**, and then click **Next**.
+  - **Details** – Enter a name for the application in the **Application Name** field. Enter publisher, version, and language information in the **Publisher**, **Version**, and **Language** fields if desired. Click **Next**.
+  - **Source** – Click **Browse** to navigate to and select the folder with the application installation files procured in Step 1, and then click **Next**.
+  - **Destination** – Enter a name for the folder where the application files will be stored in the **Specify the Name of the Directory that Should Be Created** field or click **Next** to accept the default name.
+  - **Command Details** – Enter the silent command-line instruction, for example `setup.msi /quiet /norestart`
+  - **Summary** – Review the specified configuration on this page before you click **Next** to begin the import process.
+  - **Progress** – While the installation files are imported, a progress bar is displayed on this page.
+  - **Confirmation** – When the import process completes, the success of the process is displayed on this page. Click **Finish** to complete the New Application Wizard.
+
+8.	Click the **Task Sequences** folder, right-click **1 - Deploy Microsoft Surface**, and then click **Properties**.
+
+9.	Click the **Task Sequence** tab to view the steps that are included in the new task sequence.
+
+10.	Select the **Windows Update (Pre-Application Installation)** step, and then click **Add**.
+
+11.	Hover the mouse over **General** under the **Add** menu, and then click **Install Application**. This will add a new step after the selected step for the installation of a specific application as shown in Figure 3.
+
+  ![A new Install Application step for Sample POS App](images\using-sda-newinstall-fig3.png "A new Install Application step for Sample POS App")
+  
+  *Figure 3. A new Install Application step for Sample POS App*
+
+12.	On the **Properties** tab of the new **Install Application** step, enter **Install - Sample POS App** in the **Name** field, where *Sample POS App* is the name of your app.
+
+13.	Click **Install a Single Application**, and then click **Browse** to view available applications that have been imported into the deployment share.
+
+14.	Select your app from the list of applications, and then click **OK**.
+
+15.	Click **OK** to close the task sequence properties.
+
+16.	Close the Deployment Workbench.
+
+## Work with existing deployment shares
+
+One of the many benefits of an MDT deployment share is the simplicity of how deployment resources are stored. The MDT deployment share is, at its core, just a standard network file share. All deployment resources, such as Windows images, application installation files, and drivers, are stored in a share that can be browsed with File Explorer, copied and pasted, and moved just like any other file share, provided that you have the necessary permissions. This makes working with deployment resources extremely easy. MDT even allows you to make it easier by allowing you to open multiple deployment shares from the Deployment Workbench and to transfer or copy resources between them.
+
+This ability gives SDA some extra capabilities when used in an environment with an existing MDT infrastructure. For example, if you install SDA on an isolated server to prepare a PoC and then log on to your production MDT deployment share from the Deployment Workbench on your SDA server, you can copy applications, drivers, task sequences, and other components into the SDA deployment share that is prepared with Surface apps and drivers. With this process, in a very short amount time, you can have a deployment environment ready to deploy your organization’s precise requirements to Surface devices.
+
+You can also use this capability in reverse. For example, you can copy the Surface drivers, deployment task sequences, and apps directly into a lab or testing environment following a successful PoC. Using these resources, you can immediately begin to integrate Surface deployment into your existing deployment infrastructure.
diff --git a/education/TOC.md b/education/TOC.md
new file mode 100644
index 0000000000..06913f7aef
--- /dev/null
+++ b/education/TOC.md
@@ -0,0 +1 @@
+# [Index](index.md)
\ No newline at end of file
diff --git a/education/index.md b/education/index.md
new file mode 100644
index 0000000000..f468605351
--- /dev/null
+++ b/education/index.md
@@ -0,0 +1,3 @@
+---
+redirect_url: https://technet.microsoft.com/edu/windows/
+---
diff --git a/education/windows/TOC.md b/education/windows/TOC.md
index 90e12b9f08..2e31b14786 100644
--- a/education/windows/TOC.md
+++ b/education/windows/TOC.md
@@ -1,5 +1,5 @@
-# [Windows 10 for education](index.md)
-## [Change history for Windows 10 for Education](change-history-edu.md)
+# [Windows 10 for Education](index.md)
+## [Windows 10 editions for education customers](windows-editions-for-education-customers.md)
 ## [Setup options for Windows 10](set-up-windows-10.md)
 ### [Use the Set up School PCs app ](use-set-up-school-pcs-app.md)
 ### [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md)
@@ -9,8 +9,12 @@
 ### [For teachers: get Minecraft Education Edition](teacher-get-minecraft.md)
 ### [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md)
 ## [Take tests in Windows 10 ](take-tests-in-windows-10.md)
-### [Set up Take a Test on a single PC ](take-a-test-single-pc.md)
-### [Set up Take a Test on multiple PCs ](take-a-test-multiple-pcs.md)
-### [Take a Test app technical reference ](take-a-test-app-technical.md) 
+### [Set up Take a Test on a single PC](take-a-test-single-pc.md)
+### [Set up Take a Test on multiple PCs](take-a-test-multiple-pcs.md)
+### [Create tests using Microsoft Forms](create-tests-using-microsoft-forms.md)
+### [Take a Test app technical reference](take-a-test-app-technical.md)
+## [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
 ## [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
-## [Chromebook migration guide](chromebook-migration-guide.md)
\ No newline at end of file
+## [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)
+## [Chromebook migration guide](chromebook-migration-guide.md)
+## [Change history for Windows 10 for Education](change-history-edu.md)
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
index ebd6451278..f03105f10d 100644
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@@ -12,27 +12,39 @@ author: jdeckerMS
 
 This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
 
-## RELEASE: Windows 10, version 1607
+## September 2016
 
-The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: 
+| New or changed topic | Description|
+| --- | --- |
+| [Create tests using Microsoft Forms](create-tests-using-microsoft-forms.md)  | New. Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while completing a test.  |
+
+## RELEASE: Windows 10, version 1607
+The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added:
 
 - [Set up Windows 10](set-up-windows-10.md)
 - [Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md)
 - [Provision student PCs with apps](set-up-students-pcs-with-apps.md)
+- [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
 
+## July 2016
+
+| New or changed topic | Description|
+| --- | --- |
+| [Windows 10 editions for education customers](windows-editions-for-education-customers.md)  | New. Learn about the two editions in Windows 10, version 1607 that's designed for the needs of K-12 institutions. |
+|[Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md)|New. Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, AD DS, and Microsoft Azure AD, use SCCM, Intune, and Group Policy to manage devices. |
 
 ## June 2016
 
 | New or changed topic | Description |
 |----------------------|-------------|
-| [Get Minecraft Education Edition](get-minecraft-for-education.md) </br> [For teachers: get Minecraft Education Edition](teacher-get-minecraft.md) </br> [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md) | New |
+| [Get Minecraft Education Edition](get-minecraft-for-education.md) </br> [For teachers: get Minecraft Education Edition](teacher-get-minecraft.md) </br> [For IT administrators: get Minecraft Education Edition](school-get-minecraft.md) | New. Learn how to get and distribute Minecraft: Education Edition. |
 
 ## May 2016
 
 | New or changed topic | Description |
 |----------------------|-------------|
-| [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | New  |
-| [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md) | New  |
-| [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md) </br> [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md) </br> [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md) </br> [Take a Test app technical reference (Preview)](take-a-test-app-technical.md) | New |
+| [Use the Set up School PCs app (Preview)](use-set-up-school-pcs-app.md) | New. Learn how the Set up School PCs app works and how to use it.  |
+| [Set up School PCs app technical reference (Preview)](set-up-school-pcs-technical.md) | New. Describes the changes that the Set up School PCs app makes to a PC.  |
+| [Take tests in Windows 10 (Preview)](take-tests-in-windows-10.md) </br> [Set up Take a Test on a single PC (Preview)](take-a-test-single-pc.md) </br> [Set up Take a Test on multiple PCs (Preview)](take-a-test-multiple-pcs.md) </br> [Take a Test app technical reference (Preview)](take-a-test-app-technical.md) | New. Learn how to set up and use the Take a Test app. |
 | [Chromebook migration guide](chromebook-migration-guide.md)  | Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in November 2015 |
-| [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)  |  Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in May 2016 |
\ No newline at end of file
+| [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)  |  Moved from [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/en-us/itpro/windows/plan/index) library, originally published in May 2016 |
diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md
index 428efd3e77..81002929b2 100644
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@@ -260,7 +260,7 @@ Assign the setting-migration priority based on how critical the setting is to th
 
 Many of your users may be using Google Apps Gmail to manage their email, calendars, and contacts. You need to create the list of users you will migrate and the best time to perform the migration.
 
-Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information, see [Migrate Google Apps mailboxes to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690252).
+Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information, see [Migrate Google Apps mailboxes to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690252).
 
 **Identify the list of user mailboxes to migrate**
 
@@ -268,7 +268,7 @@ In regards to creating the list of users you will migrate, it might seem that th
 
 Also, when you perform a migration it is a great time to verify that all user mailboxes are active. In many environments there are a significant number of mailboxes that were provisioned for users that are no longer a part of the institution (such as interns or student assistants). You can eliminate these users from your list of user mailboxes to migrate.
 
-Create your list of user mailboxes to migrate in Excel 2016 based on the format described in step 7 in [Create a list of Gmail mailboxes to migrate](http://go.microsoft.com/fwlink/p/?LinkId=690253). If you follow this format, you can use the Microsoft Excel spreadsheet to perform the actual migration later in the process.
+Create your list of user mailboxes to migrate in Excel 2016 based on the format described in step 7 in [Create a list of Gmail mailboxes to migrate](https://go.microsoft.com/fwlink/p/?LinkId=690253). If you follow this format, you can use the Microsoft Excel spreadsheet to perform the actual migration later in the process.
 
 **Identify companion devices that access Google Apps Gmail**
 
@@ -276,7 +276,7 @@ In addition to Chromebook devices, users may have companion devices (smartphones
 
 After you have identified each companion device, verify the settings for the device that are used to access Office 365. You only need to test one type of each companion device. For example, if users use Android phones to access Google Apps Gmail mailboxes, configure the device to access Office 365 and then record those settings. You can publish those settings on a website or to your helpdesk staff so that users will know how to access their Office 365 mailbox.
 
-In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify this on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690254).
+In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify this on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690254).
 
 **Identify the optimal timing for the migration**
 
@@ -630,11 +630,11 @@ Examine each of the following network infrastructure technologies and services a
 
     For more information that compares Internet bandwidth consumption for Chromebook and Windows devices, see the following resources:
 
-    -   [Chromebook vs. Windows Notebook Network Traffic Analysis](http://go.microsoft.com/fwlink/p/?LinkId=690255)
+    -   [Chromebook vs. Windows Notebook Network Traffic Analysis](https://go.microsoft.com/fwlink/p/?LinkId=690255)
 
-    -   [Hidden Cost of Chromebook Deployments](http://go.microsoft.com/fwlink/p/?LinkId=690256)
+    -   [Hidden Cost of Chromebook Deployments](https://go.microsoft.com/fwlink/p/?LinkId=690256)
 
-    -   [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](http://go.microsoft.com/fwlink/p/?LinkId=690257)
+    -   [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](https://go.microsoft.com/fwlink/p/?LinkId=690257)
 
 -   **Power.** Although not specifically a network infrastructure, you need to ensure your classrooms have adequate power. Chromebook and Windows devices should consume similar amounts of power. This means that your existing power outlets should support the same number of Windows devices.
 
@@ -675,15 +675,15 @@ Table 7. Network infrastructure products and technologies and deployment resourc
 <tr class="odd">
 <td align="left">DHCP</td>
 <td align="left"><ul>
-<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
-<li><p>[DHCP Deployment Guide](http://go.microsoft.com/fwlink/p/?LinkId=734021)</p></li>
+<li><p>[Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[DHCP Deployment Guide](https://go.microsoft.com/fwlink/p/?LinkId=734021)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">DNS</td>
 <td align="left"><ul>
-<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
-<li><p>[Deploying Domain Name System (DNS)](http://go.microsoft.com/fwlink/p/?LinkId=734022)</p></li>
+<li><p>[Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[Deploying Domain Name System (DNS)](https://go.microsoft.com/fwlink/p/?LinkId=734022)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -717,16 +717,16 @@ Table 8. AD DS, Azure AD and deployment resources
 <tr class="odd">
 <td align="left">AD DS</td>
 <td align="left"><ul>
-<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
-<li><p>[Active Directory Domain Services Overview](http://go.microsoft.com/fwlink/p/?LinkId=733909)</p></li>
+<li><p>[Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[Active Directory Domain Services Overview](https://go.microsoft.com/fwlink/p/?LinkId=733909)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Azure AD</td>
 <td align="left"><ul>
-<li><p>[Azure Active Directory documentation](http://go.microsoft.com/fwlink/p/?LinkId=690258)</p></li>
-<li><p>[Manage and support Azure Active Directory Premium](http://go.microsoft.com/fwlink/p/?LinkId=690259)</p></li>
-<li><p>[Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](http://go.microsoft.com/fwlink/p/?LinkId=690260)</p></li>
+<li><p>[Azure Active Directory documentation](https://go.microsoft.com/fwlink/p/?LinkId=690258)</p></li>
+<li><p>[Manage and support Azure Active Directory Premium](https://go.microsoft.com/fwlink/p/?LinkId=690259)</p></li>
+<li><p>[Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](https://go.microsoft.com/fwlink/p/?LinkId=690260)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -760,38 +760,38 @@ Table 9. Management systems and deployment resources
 <tr class="odd">
 <td align="left">Windows provisioning packages</td>
 <td align="left"><ul>
-<li><p>[Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=733918)</p></li>
-<li><p>[Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911)</p></li>
-<li><p>[Step-By-Step: Building Windows 10 Provisioning Packages](http://go.microsoft.com/fwlink/p/?LinkId=690261)</p></li>
+<li><p>[Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkId=733918)</p></li>
+<li><p>[Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=733911)</p></li>
+<li><p>[Step-By-Step: Building Windows 10 Provisioning Packages](https://go.microsoft.com/fwlink/p/?LinkId=690261)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Group Policy</td>
 <td align="left"><ul>
-<li><p>[Core Network Companion Guide: Group Policy Deployment](http://go.microsoft.com/fwlink/p/?LinkId=733915)</p></li>
-<li><p>[Deploying Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=734024)</p></li>
+<li><p>[Core Network Companion Guide: Group Policy Deployment](https://go.microsoft.com/fwlink/p/?LinkId=733915)</p></li>
+<li><p>[Deploying Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=734024)</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left">Configuration Manager</td>
 <td align="left"><ul>
-<li><p>[Site Administration for System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733914)</p></li>
-<li><p>[Deploying Clients for System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733919)</p></li>
+<li><p>[Site Administration for System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733914)</p></li>
+<li><p>[Deploying Clients for System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733919)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Intune</td>
 <td align="left"><ul>
-<li><p>[Set up and manage devices with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=690262)</p></li>
-<li><p>[Smoother Management Of Office 365 Deployments with Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=690263)</p></li>
-<li><p>[System Center 2012 R2 Configuration Manager &amp; Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=690264)</p></li>
+<li><p>[Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262)</p></li>
+<li><p>[Smoother Management Of Office 365 Deployments with Windows Intune](https://go.microsoft.com/fwlink/p/?LinkId=690263)</p></li>
+<li><p>[System Center 2012 R2 Configuration Manager &amp; Windows Intune](https://go.microsoft.com/fwlink/p/?LinkId=690264)</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left">MDT</td>
 <td align="left"><ul>
-<li><p>[MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=690324)</p></li>
-<li><p>[Step-By-Step: Installing Windows 8.1 From A USB Key](http://go.microsoft.com/fwlink/p/?LinkId=690265)</p></li>
+<li><p>[MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=690324)</p></li>
+<li><p>[Step-By-Step: Installing Windows 8.1 From A USB Key](https://go.microsoft.com/fwlink/p/?LinkId=690265)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -825,23 +825,23 @@ Table 10. Management systems and app deployment resources
 <tr class="odd">
 <td align="left">Group Policy</td>
 <td align="left"><ul>
-<li><p>[Editing an AppLocker Policy](http://go.microsoft.com/fwlink/p/?LinkId=734025)</p></li>
-<li><p>[Group Policy Software Deployment Background](http://go.microsoft.com/fwlink/p/?LinkId=734026)</p></li>
-<li><p>[Assigning and Publishing Software](http://go.microsoft.com/fwlink/p/?LinkId=734027)</p></li>
+<li><p>[Editing an AppLocker Policy](https://go.microsoft.com/fwlink/p/?LinkId=734025)</p></li>
+<li><p>[Group Policy Software Deployment Background](https://go.microsoft.com/fwlink/p/?LinkId=734026)</p></li>
+<li><p>[Assigning and Publishing Software](https://go.microsoft.com/fwlink/p/?LinkId=734027)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Configuration Manager</td>
 <td align="left"><ul>
-<li><p>[How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733917)</p></li>
-<li><p>[Application Management in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733907)</p></li>
+<li><p>[How to Deploy Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733917)</p></li>
+<li><p>[Application Management in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733907)</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left">Intune</td>
 <td align="left"><ul>
-<li><p>[Deploy apps to mobile devices in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733913)</p></li>
-<li><p>[Manage apps with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733910)</p></li>
+<li><p>[Deploy apps to mobile devices in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733913)</p></li>
+<li><p>[Manage apps with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733910)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -873,17 +873,17 @@ If you do no want to migrate any user or device settings from the Chromebook dev
 
 In the [Plan for email migration](#plan-email-migrate) section, you identified the user mailboxes to migrate, identified the companion devices that access Google Apps Gmail, and identified the optimal timing for migration. You can perform this migration before or after you deploy the Windows devices.
 
-Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information on how to automate the migration from Google Apps Gmail to Office 365, see [Migrate Google Apps mailboxes to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690252).
+Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information on how to automate the migration from Google Apps Gmail to Office 365, see [Migrate Google Apps mailboxes to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690252).
 
 Alternatively, if you want to migrate to Office 365 from:
 
 -   **On-premises Microsoft Exchange Server.** Use the following resources to migrate to Office 365 from an on-premises Microsoft Exchange Server:
 
-    -   [Cutover Exchange Migration and Single Sign-On](http://go.microsoft.com/fwlink/p/?LinkId=690266)
+    -   [Cutover Exchange Migration and Single Sign-On](https://go.microsoft.com/fwlink/p/?LinkId=690266)
 
-    -   [Step-By-Step: Migration of Exchange 2003 Server to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690267)
+    -   [Step-By-Step: Migration of Exchange 2003 Server to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690267)
 
-    -   [Step-By-Step: Migrating from Exchange 2007 to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690268)
+    -   [Step-By-Step: Migrating from Exchange 2007 to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690268)
 
 -   **Another on-premises or cloud-based email service.** Follow the guidance from that vendor.
 
@@ -924,15 +924,15 @@ For example, if you selected to deploy Windows devices by each classroom, start
 
 In some instances, you may receive the devices with Windows 10 already deployed, and want to use provisioning packages. In other cases, you may have a custom Windows 10 image that you want to deploy to the devices by using Configuration Manager and/or MDT. For information on how to deploy Windows 10 images to the devices, see the following resources:
 
--   [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911)
+-   [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=733911)
 
--   [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=733918)
+-   [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkId=733918)
 
--   [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=690324)
+-   [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=690324)
 
--   [Step-By-Step: Installing Windows 8.1 From A USB Key](http://go.microsoft.com/fwlink/p/?LinkId=690265)
+-   [Step-By-Step: Installing Windows 8.1 From A USB Key](https://go.microsoft.com/fwlink/p/?LinkId=690265)
 
--   [Operating System Deployment in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733916)
+-   [Operating System Deployment in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733916)
 
 In addition to the Windows 10 image deployment, you may need to perform the following tasks as a part of device deployment:
 
@@ -949,9 +949,9 @@ After you complete these steps, your management system should take over the day-
 ## Related topics
 
 
-[Try it out: Windows 10 deployment (for education)](http://go.microsoft.com/fwlink/p/?LinkId=623254)
+[Try it out: Windows 10 deployment (for education)](https://go.microsoft.com/fwlink/p/?LinkId=623254)
 
-[Try it out: Windows 10 in the classroom](http://go.microsoft.com/fwlink/p/?LinkId=623255)
+[Try it out: Windows 10 in the classroom](https://go.microsoft.com/fwlink/p/?LinkId=623255)
 
  
 
diff --git a/education/windows/create-tests-using-microsoft-forms.md b/education/windows/create-tests-using-microsoft-forms.md
new file mode 100644
index 0000000000..64a6208970
--- /dev/null
+++ b/education/windows/create-tests-using-microsoft-forms.md
@@ -0,0 +1,29 @@
+---
+title: Create tests using Microsoft Forms
+description: Learn how to use Microsoft Forms with the Take a Test app to prevent access to other computers or online resources while completing a test.
+keywords: school, Take a Test, Microsoft Forms
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.sitesec: library
+ms.pagetype: edu
+author: CelesteDG
+---
+
+# Create tests using Microsoft Forms
+**Applies to:**
+
+-   Windows 10   
+
+
+For schools that have an Office 365 Education subscription, teachers can use [Microsoft Forms](https://support.office.com/article/What-is-Microsoft-Forms-6b391205-523c-45d2-b53a-fc10b22017c8) to create a test and then require that students use the Take a Test app to block access to other computers or online resources while completing the test created through Microsoft Forms.
+
+To do this, teachers can select a check box to make it a secure test. Microsoft Forms will generate a link that you can use to embed into your OneNote or class website. When students are ready to take a test, they can click on the link to start the test.
+
+Microsoft Forms will perform checks to ensure students are taking the test in a locked down Take a Test session. If not, students are not permitted access to the assessment.
+
+[Learn how to block Internet access while students complete your form](https://support.office.com/article/6bd7e31d-5be0-47c9-a0dc-c0a74fc48959)
+
+
+## Related topics
+
+[Take tests in Windows 10](take-tests-in-windows-10.md)
diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md
new file mode 100644
index 0000000000..dcfe03beba
--- /dev/null
+++ b/education/windows/deploy-windows-10-in-a-school-district.md
@@ -0,0 +1,1854 @@
+---
+title: Deploy Windows 10 in a school district (Windows 10)
+description: Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD), use System Center Configuration Manager, Intune, and Group Policy to manage devices.
+keywords: configure, tools, device, school
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.pagetype: edu
+ms.sitesec: library
+author: craigash
+---
+
+# Deploy Windows 10 in a school district
+
+**Applies to**
+
+- Windows 10
+
+
+This guide shows you how to deploy the Windows 10 operating system in a school district. You learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. This guide also describes how to use Microsoft System Center Configuration Manager, Microsoft Intune, and Group Policy to manage devices. Finally, the guide discusses common, ongoing maintenance tasks that you will perform after initial deployment as well as the automated tools and built-in features of the operating system.
+
+## Prepare for district deployment
+
+Proper preparation is essential for a successful district deployment. To avoid common mistakes, your first step is to plan a typical district configuration. Just as with building a house, you need a blueprint for what your district and individual schools should look like when it’s finished. The second step in preparation is to learn how you will manage the users, apps, and devices in your district. Just as a builder needs to have the right tools to build a house, you need the right set of tools to deploy your district.
+
+>**Note**&nbsp;&nbsp;This guide focuses on Windows 10 deployment and management in a district. For management of other devices and operating systems in education environments, see [Manage BYOD and corporate-owned devices with MDM solutions](https://www.microsoft.com/en-us/cloud-platform/mobile-device-management).
+
+### Plan a typical district configuration
+
+As part of preparing for your district deployment, you need to plan your district configuration — the focus of this guide. Figure 1 illustrates a typical finished district configuration that you can use as a model (the blueprint in our builder analogy) for the finished state.
+
+![Typical district configuration for this guide](images/edu-districtdeploy-fig1.png "Typical district configuration for this guide")
+
+*Figure 1. Typical district configuration for this guide*
+
+A *district* consists of multiple schools, typically at different physical locations. Figure 2 illustrates a typical school configuration within the district that this guide uses.
+
+![Typical school configuration for this guide](images/edu-districtdeploy-fig2.png "Typical school configuration for this guide")
+
+*Figure 2. Typical school configuration for this guide*
+
+Finally, each school consists of multiple classrooms. Figure 3 shows the classroom configuration this guide uses.
+
+![Typical classroom configuration in a school](images/edu-districtdeploy-fig3.png "Typical classroom configuration in a school")
+
+*Figure 3. Typical classroom configuration in a school*
+
+This district configuration has the following characteristics:
+
+* It contains one or more admin devices.
+* It contains two or more schools.
+* Each school contains two or more classrooms.
+* Each classroom contains one teacher device.
+* The classrooms connect to each other through multiple subnets.
+* All devices in each classroom connect to a single subnet.
+* All devices have high-speed, persistent connections to each other and to the Internet.
+* All teachers and students have access to Windows Store or Windows Store for Business.
+* You install a 64-bit version of Windows 10 on the admin device.
+* You install the Windows Assessment and Deployment Kit (Windows ADK) on the admin device.
+* You install the 64-bit version of the Microsoft Deployment Toolkit (MDT) 2013 Update 2 on the admin device.
+  >**Note**&nbsp;&nbsp;In this guide, all references to MDT refer to the 64-bit version of MDT 2013 Update 2.
+* The devices use Azure AD in Office 365 Education for identity management.
+* If you have on-premises AD DS, you can [integrate Azure AD with on-premises AD DS](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/).
+* Use [Intune](https://docs.microsoft.com/en-us/intune/), [Mobile Device Management for Office 365](https://support.office.com/en-us/article/Set-up-Mobile-Device-Management-MDM-in-Office-365-dd892318-bc44-4eb1-af00-9db5430be3cd?ui=en-US&rs=en-US&ad=US), or [Group Policy in AD DS](https://technet.microsoft.com/en-us/library/cc725828.aspx) to manage devices.
+* Each device supports a one-student-per-device or multiple-students-per-device scenario.
+* The devices can be a mixture of different make, model, and processor architecture (32-bit or 64-bit) or be identical.
+* To initiate Windows 10 deployment, use a USB flash drive, DVD-ROM or CD-ROM, or Pre-Boot Execution Environment (PXE) boot.
+* The devices can be a mixture of different Windows 10 editions, such as Windows 10 Pro, Windows 10 Enterprise, or Windows 10 Education.
+
+Use these characteristics at a minimum as you deploy your schools. If your district deployment is less complex, you may want to review the guidance in [Deploy Windows 10 in a school](https://technet.microsoft.com/edu/windows/deploy-windows-10-in-a-school).
+
+>**Note**&nbsp;&nbsp;This guide focuses on Intune as the mobile device management (MDM) solution. If you want to use an MDM solution other than Intune, ignore the Intune-specific content in this guide. For each section, contact your MDM provider to determine the features and management capabilities for your institution.
+
+Office 365 Education allows:
+
+* Students and faculty to use Microsoft Office Online to create and edit Microsoft Word, OneNote, PowerPoint, and Excel documents in a browser.
+* Teachers to use the [OneNote Class Notebook app](https://www.onenote.com/classnotebook) to share content and collaborate with students.
+* Faculty to use the [OneNote Staff Notebooks app](https://www.onenote.com/staffnotebookedu) to collaborate with other teachers, the administration, and faculty.
+* Teachers to employ Sway to create interactive educational digital storytelling.
+* Students and faculty to use email and calendars, with mailboxes up to 50 GB per user.
+* Faculty to use advanced email features like email archiving and legal hold capabilities.
+* Faculty to help prevent unauthorized users from accessing documents and email by using Microsoft Azure Rights Management.
+* Faculty to use advanced compliance tools on the unified eDiscovery pages in the Office 365 Compliance Center.
+* Faculty to host online classes, parent–teacher conferences, and other collaboration in Skype for Business.
+* Students and faculty to access up to 1 TB of personal cloud storage that users inside and outside the educational institution can share through OneDrive for Business.
+* Teachers to provide collaboration in the classroom through Microsoft SharePoint Online team sites.
+* Students and faculty to use Office 365 Video to manage videos.
+* Students and faculty to use Yammer to collaborate through private social networking.
+* Students and faculty to access classroom resources from anywhere on any device (including Windows 10 Mobile, iOS, and Android devices).
+
+For more information about Office 365 Education features and an FAQ, go to [Office 365 Education plans and pricing](https://products.office.com/en-us/academic).
+
+### How to configure a district
+
+Now that you have the plan (blueprint) for your district and individual schools and classrooms, you’re ready to learn about the tools you will use to deploy it. There are many tools you could use to accomplish the task, but this guide focuses on using those tools that require the least infrastructure and technical knowledge.
+
+The primary tool you will use to deploy Windows 10 in your school is MDT, which uses Windows ADK components to make deployment easier. You could just use the Windows ADK to perform your deployment, but MDT simplifies the process by providing an intuitive, wizard-driven user interface (UI).
+
+You can use MDT as a stand-alone tool or integrate it with System Center Configuration Manager. As a stand-alone tool, MDT performs Lite Touch Installation (LTI) deployments—deployments that require minimal infrastructure and allow you to control the level of automation. When integrated with System Center Configuration Manager, MDT performs Zero Touch Installation (ZTI) deployments, which require more infrastructure (such as System Center Configuration Manager) but result in fully automated deployments.
+
+This guide focuses on LTI deployments to deploy the reference device. You can use ZTI deployments with System Center Configuration Manager or LTI deployments to deploy the reference images to your faculty and student devices. If you want to only use MDT, see [Deploy Windows 10 in a school](https://technet.microsoft.com/edu/windows/deploy-windows-10-in-a-school).
+
+MDT includes the Deployment Workbench, a console from which you can manage the deployment of Windows 10 and your apps. You configure the deployment process in the Deployment Workbench, including the management of operating systems, device drivers, apps, and migration of user settings on existing devices.
+
+LTI performs deployment from a *deployment share* — a network-shared folder on the device on which you installed MDT. You can perform over-the-network deployments from the deployment share or perform deployments from a local copy of the deployment share on a USB drive or DVD. You will learn more about MDT in the [Prepare the admin device](#prepare-the-admin-device) section.
+
+The focus of MDT is deployment, so you also need tools that help you manage your Windows 10 devices and apps. You can manage Windows 10 devices and apps with Intune, the Compliance Management feature in Office 365, or Group Policy in AD DS. You can use any combination of these tools based on your school requirements.
+
+ZTI performs fully automated deployments using System Center Configuration Manager and MDT. Although you could use System Center Configuration Manager by itself, using System Center Configuration Manager with MDT provides an easier process for deploying operating systems. MDT works with the operating system deployment feature in System Center Configuration Manager.
+
+The configuration process requires the following devices:
+
+* **Admin device.** This is the device you use for your day-to-day job functions. It’s also the one you use to create and manage the Windows 10 and app deployment process. You install the Windows ADK, MDT, and the System Center Configuration Manager Console on this device.
+* **Reference devices.** These are the devices that you will use as a template for the faculty and student devices. You install Windows 10 and Windows desktop apps on these devices, and then capture an image (.wim file) of the devices.
+  You will have a reference device for each type of device in your district. For example, if your district has Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you would have a reference device for each model. For more information about approved Windows 10 devices, see [Explore devices](https://www.microsoft.com/en-us/windows/view-all).
+* **Faculty and staff devices.** These are the devices that the teachers, faculty, and staff use for their day-to-day job functions. You use the admin device to deploy (or upgrade) Windows 10 and apps to these devices.
+* **Student devices.** The students will use these devices. You will use the admin device deploy (or upgrade) Windows 10 and apps to them.
+
+The high-level process for deploying and configuring devices within individual classrooms, individual schools, and the district as a whole is as follows and illustrated in Figure 4:
+
+1. Prepare the admin device for use, which includes installing the Windows ADK, MDT, and the Configuration Manager console.
+
+2. On the admin device, create and configure the Office 365 Education subscription that you will use for the district’s classrooms.
+
+3. On the admin device, configure integration between on-premises AD DS and Azure AD (if you have an on premises AD DS configuration).
+
+4. On the admin device, create and configure a Windows Store for Business portal.
+
+5. On the admin device, prepare for management of the Windows 10 devices after deployment.
+
+6. On the reference devices, deploy Windows 10 and the Windows desktop apps on the device, and then capture the reference image from the devices.
+
+7. Import the captured reference images into MDT or System Center Configuration Manager.
+
+8. On the student and faculty devices, deploy Windows 10 to new or existing devices, or upgrade eligible devices to Windows 10.
+
+9. On the admin device, manage the Windows 10 devices and apps, the Office 365 subscription, and the AD DS–Azure AD integration.
+
+![How district configuration works](images/edu-districtdeploy-fig4.png "How district configuration works")
+
+*Figure 4. How district configuration works*
+
+Each step illustrated in Figure 4 directly corresponds to the remaining high-level sections in this guide.
+
+#### Summary
+
+In this district, you looked at the final configuration of your individual classrooms, individual schools, and the district as a whole upon completion of this guide. You also learned the high-level steps for deploying the faculty and student devices in your district.
+
+## Select deployment and management methods
+
+Now that you know what a typical district looks like and how to configure the devices in your district, you need to make a few decisions. You must select the methods you’ll use to deploy Windows 10 to the faculty and student devices in your district. Next, you must select the method you’ll use to manage configuration settings for your users and devices. Finally, you must select the method you’ll use to manage Windows desktop apps, Windows Store apps, and software updates.
+
+### Typical deployment and management scenarios
+
+Before you select the deployment and management methods, you need to review the typical deployment and management scenarios (the cloud-centric scenario and the on-premises and cloud scenario). Table 1 lists the scenario feature and the corresponding products and technologies for that feature in each scenario.
+
+|Scenario feature |Cloud-centric|On-premises and cloud|
+|---|---|---|
+|Identity management | Azure AD (stand-alone or integrated with on-premises AD DS)  |  AD DS integrated with Azure AD |
+|Windows 10 deployment   | MDT only  |  System Center Configuration Manager with MDT |
+|Configuration setting management  | Intune  |  Group Policy<br/><br/>Intune|
+|App and update management |  Intune |System Center Configuration Manager<br/><br/>Intune|
+
+*Table 1. Deployment and management scenarios*
+
+These scenarios assume the need to support:
+
+* Institution-owned and personal devices.
+* AD DS domain-joined and nondomain-joined devices.
+
+Some constraints exist in these scenarios. As you select the deployment and management methods for your device, keep the following constraints in mind:
+
+* You can use Group Policy or Intune to manage configuration settings on a device but not both.
+* You can use System Center Configuration Manager or Intune to manage apps and updates on a device but not both.
+* You cannot manage multiple users on a device with Intune if the device is AD DS domain joined.
+
+Use the cloud-centric scenario and on-premises and cloud scenario as a guide for your district. You may need to customize these scenarios, however, based on your district. As you go through the [Select the deployment methods](#select-the-deployment-methods), [Select the configuration setting management methods](#select-the-configuration-setting-management-methods), and the [Select the app and update management products](#select-the-app-and-update-management-products) sections, remember these scenarios and use them as the basis for your district.
+
+### Select the deployment methods
+
+To deploy Windows 10 and your apps, you can use MDT by itself or System Center Configuration Manager and MDT together. For a district, there are a few ways to deploy Windows 10 to devices. Table 2 lists the methods that this guide describes and recommends. Use this information to determine which combination of deployment methods is right for your institution.
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Method</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+
+<tr>
+<td valign="top">MDT</td>
+<td><p>MDT is an on-premises solution that supports initial operating system deployment and upgrade. You can use MDT to deploy and upgrade Windows 10. In addition, you can initially deploy Windows desktop and Windows Store apps and software updates.<br/><br/>
+Select this method when you:</p>
+<ul>
+<li>Want to deploy Windows 10 to institution-owned and personal devices. (Devices need not be domain joined.)</li>
+<li>Don’t have an existing AD DS infrastructure.</li>
+<li>Need to manage devices regardless of where they are (on or off premises).</li>
+</ul>
+
+<p>The advantages of this method are that:</p>
+<ul>
+<li>You can deploy Windows 10 operating systems.</li>
+<li>You can manage device drivers during initial deployment.</li>
+<li>You can deploy Windows desktop apps (during initial deployment)</li>
+<li>It doesn’t require an AD DS infrastructure.</li>
+<li>It doesn’t have additional infrastructure requirements.</li>
+<li>MDT doesn’t incur additional cost: it’s a free tool.</li>
+<li>You can deploy Windows 10 operating systems to institution-owned and personal devices.</li>
+</ul>
+
+<p>The disadvantages of this method are that it:</p>
+
+<ul>
+<li>Can’t manage applications throughout entire application life cycle (by itself).</li>
+<li>Can’t manage software updates for Windows 10 and apps (by itself).</li>
+<li>Doesn’t provide antivirus and malware protection (by itself).</li>
+<li>Has limited scaling to large numbers of users and devices.</li>
+</ul>
+
+</td>
+</tr>
+
+<tr>
+<td valign="top">System Center Configuration Manager</td>
+<td><p>System Center Configuration Manager is an on-premises solution that supports operating system management throughout the entire operating system life cycle. You can use System Center Configuration Manager to deploy and upgrade Windows 10. In addition, you can manage Windows desktop and Windows Store apps and software updates as well as provide antivirus and antimalware protection.<br/><br/>
+Select this method when you:</p>
+<ul>
+<li>Want to deploy Windows 10 to institution-owned devices that are domain joined (personal devices are typically not domain joined).</li>
+<li>Have an existing AD DS infrastructure (or plan to deploy an AD DS infrastructure).</li>
+<li>Typically deploy Windows 10 to on-premises devices.</li>
+</ul>
+
+<p>The advantages of this method are that:</p>
+<ul>
+<li>You can deploy Windows 10 operating systems.</li>
+<li>You can manage (deploy) Windows desktop and Windows Store apps throughout entire application life cycle.</li>
+<li>You can manage software updates for Windows 10 and apps.</li>
+<li>You can manage antivirus and malware protection.</li>
+<li>It scales to large number of users and devices.</li>
+</ul>
+<p>The disadvantages of this method are that it:</p>
+<ul>
+<li>Carries an additional cost for System Center Configuration Manager server licenses (if the institution does not have System Center Configuration Manager already).</li>
+<li>Can deploy Windows 10 only to domain-joined (institution-owned devices).</li>
+<li>Requires an AD DS infrastructure (if the institution does not have AD DS already).</li>
+</ul>
+</td>
+</tr>
+</tbody>
+</table>
+
+*Table 2. Deployment methods*
+
+Record the deployment methods you selected in Table 3.
+
+|Selection | Deployment method|
+|--------- | -----------------|
+|   |MDT by itself |
+|   |System Center Configuration Manager and MDT|
+
+*Table 3. Deployment methods selected*
+
+### Select the configuration setting management methods
+
+If you have only one device to configure, manually configuring that one device is tedious but possible. When you have multiple classrooms of devices to configure, however, manually configuring each device becomes overwhelming. In addition, maintaining an identical configuration on every device will become virtually impossible as the number of devices in the district increases.
+
+For a district, there are many ways to manage the configuration setting for users and devices. Table 4 lists the methods that this guide describes and recommends. Use this information to determine which combination of configuration setting management methods is right for your institution.
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Method</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+
+<tr>
+<td valign="top">Group Policy</td>
+<td><p>Group Policy is an integral part of AD DS and allows you to specify configuration settings for Windows 10 and previous versions of Windows.<br/><br/>
+Select this method when you:</p>
+
+<ul>
+<li>Want to manage institution-owned devices that are domain joined (personal devices are typically not domain joined).</li>
+<li>Want more granular control of device and user settings.</li>
+<li>Have an existing AD DS infrastructure.</li>
+<li>Typically manage on-premises devices.</li>
+<li>Can manage a required setting only by using Group Policy.</li>
+</ul>
+
+<p>The advantages of this method include:</p>
+<ul>
+<li>No cost beyond the AD DS infrastructure.</li>
+<li>A larger number of settings (compared to Intune).</li>
+</ul>
+
+<p>The disadvantages of this method are that it:</p>
+<ul>
+<li>Can only manage domain-joined (institution-owned devices).</li>
+<li>Requires an AD DS infrastructure (if the institution does not have AD DS already).</li>
+<li>Typically manages on-premises devices (unless devices use a virtual private network [VPN] or Microsoft DirectAccess to connect).</li>
+<li>Has rudimentary app management capabilities.</li>
+<li>Cannot deploy Windows 10 operating systems.</li>
+</ul>
+</td>
+</tr>
+<tr>
+<td valign="top">Intune</td>
+<td><p>Intune is a cloud-based management system that allows you to specify configuration settings for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.<br/><br/>
+Intune is the cloud-based management system described in this guide, but you can use other MDM providers. If you use an MDM provider other than Intune, integration with System Center Configuration Manager is unavailable.<br/><br/>
+Select this method when you:</p>
+
+<ul>
+<li>Want to manage institution-owned and personal devices (does not require that the device be domain joined).</li>
+<li>Don’t need granular control over device and user settings (compared to Group Policy).</li>
+<li>Don’t have an existing AD DS infrastructure.</li>
+<li>Need to manage devices regardless of where they are (on or off premises).</li>
+<li>Want to provide application management for the entire application life cycle.</li>
+<li>Can manage a required setting only by using Intune.</li>
+</ul>
+
+<p>The advantages of this method are that:</p>
+<ul>
+<li>You can manage institution-owned and personal devices.</li>
+<li>It doesn’t require that devices be domain joined.</li>
+<li>It doesn’t require any on-premises infrastructure.</li>
+<li>It can manage devices regardless of their location (on or off premises).</li>
+</ul>
+<p>The disadvantages of this method are that it:</p>
+<ul>
+<li>Carries an additional cost for Intune subscription licenses.</li>
+<li>Doesn’t offer granular control over device and user settings (compared to Group Policy).</li>
+<li>Cannot deploy Windows 10 operating systems.</li>
+</ul>
+</td>
+</tr>
+
+</tbody>
+</table>
+
+*Table 4. Configuration setting management methods*
+
+Record the configuration setting management methods you selected in Table 5. Although you can use both Group Policy and Intune to manage devices, to manage a device, you must choose either Group Policy or Intune (but not both).
+
+|Selection |Configuration setting management method |
+|----------|--------------|
+|   |Group Policy  |
+|   |Intune   |
+
+*Table 5. Configuration setting management methods selected*
+
+#### Select the app and update management products
+
+For a district, there are many ways to manage apps and software updates. Table 6 lists the products that this guide describes and recommends. Although you could manage updates by using [Windows Updates or Windows Server Update Services (WSUS)](https://technet.microsoft.com/en-us/windowsserver/bb332157.aspx), you still need to use System Center Configuration Manager or Intune to manage apps. Therefore, it only makes sense to use one or both of these tools for update management.
+
+Use the information in Table 6 to determine which combination of app and update management products is right for your district.
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Selection</th>
+<th align="left">Management method</th>
+</tr>
+</thead>
+<tbody>
+
+<tr>
+<td valign="top">System Center Configuration Manager</td>
+<td><p>System Center Configuration Manager is an on-premises solution that allows you to specify configuration settings for Windows 10; previous versions of Windows; and other operating systems, such as iOS or Android, through integration with Intune.<br/><br/>System Center Configuration Manager supports application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using System Center Configuration Manager. You can also manage Windows desktop and Windows Store applications.<br/><br/>Select this method when you:</p>
+<ul>
+<li>Selected System Center Configuration Manager to deploy Windows 10.</li>
+<li>Want to manage institution-owned devices that are domain joined (personally owned devices are typically not domain joined).</li>
+<li>Want to manage AD DS domain-joined devices.</li>
+<li>Have an existing AD DS infrastructure.</li>
+<li>Typically manage on-premises devices.</li>
+<li>Want to deploy operating systems.</li>
+<li>Want to provide application management for the entire application life cycle.</li>
+</ul>
+
+<p>The advantages of this method are that:</p>
+<ul>
+<li>You can deploy Windows 10 operating systems.</li>
+<li>You can manage applications throughout the entire application life cycle.</li>
+<li>You can manage software updates for Windows 10 and apps.</li>
+<li>You can manage antivirus and malware protection.</li>
+<li>It scales to large numbers of users and devices.</li>
+</ul>
+<p>The disadvantages of this method are that it:</p>
+<ul>
+<li>Carries an additional cost for System Center Configuration Manager server licenses (if the institution does not have System Center Configuration Manager already).</li>
+<li>Carries an additional cost for Windows Server licenses and the corresponding server hardware.</li>
+<li>Can only manage domain-joined (institution-owned devices).</li>
+<li>Requires an AD DS infrastructure (if the institution does not have AD DS already).</li>
+<li>Typically manages on-premises devices (unless devices through VPN or DirectAccess).</li>
+</ul>
+</td>
+</tr>
+
+<tr>
+<td valign="top">Intune</td>
+<td><p>Intune is a cloud-based solution that allows you to manage apps and software updates for Windows 10, previous versions of Windows, and other operating systems (such as iOS or Android). Intune is a subscription-based cloud service that integrates with Office 365 and Azure AD.<br/><br/>
+Select this method when you:</p>
+<ul>
+<li>Selected MDT only to deploy Windows 10.</li>
+<li>Want to manage institution-owned and personal devices that are not domain joined.</li>
+<li>Want to manage Azure AD domain-joined devices.</li>
+<li>Need to manage devices regardless of where they are (on or off premises).</li>
+<li>Want to provide application management for the entire application life cycle.</li>
+</ul>
+<p>The advantages of this method are that:</p>
+<ul>
+<li>You can manage institution-owned and personal devices.</li>
+<li>It doesn’t require that devices be domain joined.</li>
+<li>It doesn’t require on-premises infrastructure.</li>
+<li>It can manage devices regardless of their location (on or off premises).</li>
+<li>You can deploy keys to perform in-place Windows 10 upgrades (such as upgrading from Windows 10 Pro to Windows 10 Education edition).</li>
+</ul>
+<p>The disadvantages of this method are that it:</p>
+<ul>
+<li>Carries an additional cost for Intune subscription licenses.</li>
+<li>Cannot deploy Windows 10 operating systems.</li>
+</ul>
+</td>
+</tr>
+
+<tr>
+<td valign="top">System Center Configuration Manager and Intune (hybrid)</td>
+<td><p>System Center Configuration Manager and Intune together extend System Center Configuration Manager from an on-premises management system for domain-joined devices to a solution that can manage devices regardless of their location and connectivity options. This hybrid option provides the benefits of both System Center Configuration Manager and Intune.<br/><br/>
+System Center Configuration Manager and Intune in the hybrid configuration allow you to support application management throughout the entire application life cycle. You can deploy, upgrade, manage multiple versions, and retire applications by using System Center Configuration Manager, and you can manage Windows desktop and Windows Store applications for both institution-owned and personal devices.<br/><br/>
+Select this method when you:</p>
+<ul>
+<li>Selected System Center Configuration Manager to deploy Windows 10.</li>
+<li>Want to manage institution-owned and personal devices (does not require that the device be domain joined).</li>
+<li>Want to manage domain-joined devices.</li>
+<li>Want to manage Azure AD domain-joined devices.</li>
+<li>Have an existing AD DS infrastructure.</li>
+<li>Want to manage devices regardless of their connectivity.</li>
+<li>Want to deploy operating systems.</li>
+<li>Want to provide application management for the entire application life cycle.</li>
+</ul>
+<p>The advantages of this method are that:</p>
+<ul>
+<li>You can deploy operating systems.</li>
+<li>You can manage applications throughout the entire application life cycle.</li>
+<li>You can scale to large numbers of users and devices.</li>
+<li>You can support institution-owned and personal devices.</li>
+<li>It doesn’t require that devices be domain joined.</li>
+<li>It can manage devices regardless of their location (on or off premises).</li>
+</ul>
+<p>The disadvantages of this method are that it:</p>
+<ul>
+<li>Carries an additional cost for System Center Configuration Manager server licenses (if the institution does not have System Center Configuration Manager already).</li>
+<li>Carries an additional cost for Windows Server licenses and the corresponding server hardware.</li>
+<li>Carries an additional cost for Intune subscription licenses.</li>
+<li>Requires an AD DS infrastructure (if the institution does not have AD DS already).</li>
+</ul>
+</td>
+</tr>
+
+</tbody>
+</table>
+
+*Table 6. App and update management products*
+
+Record the app and update management methods that you selected in Table 7.
+
+|Selection | Management method|
+|----------|------------------|
+|   |System Center Configuration Manager by itself|
+|   |Intune by itself|
+|   |System Center Configuration Manager and Intune (hybrid mode)|
+
+*Table 7. App and update management methods selected*
+
+#### Summary
+In this section, you selected the methods that you will use to deploy Windows 10 to the faculty and student devices in your district. You selected the methods that you will use to manage configuration settings. Finally, you selected the methods that you will use to manage Windows desktop apps, Windows Store apps, and software updates.
+
+## Prepare the admin device
+
+Now, you’re ready to prepare the admin device for use in the district. This process includes installing the Windows ADK, installing MDT, creating the MDT deployment share, installing the Configuration Manager console, and configuring Configuration Manager console integration.
+
+### Install the Windows ADK
+
+The first step in preparing the admin device is to install the Windows ADK. The Windows ADK contains the deployment tools that MDT uses, including the Windows Preinstallation Environment (Windows PE), the Windows User State Migration Tool (USMT), and Deployment Image Servicing and Management.
+
+When you install the Windows ADK on the admin device, select the following features:
+* Deployment Tools
+* Windows PE
+* USMT
+
+For more information about installing the Windows ADK, see [Step 2-2: Install Windows ADK](https://technet.microsoft.com/en-us/library/dn781086.aspx#InstallWindowsADK).
+
+### Install MDT
+
+Next, install MDT. MDT uses the Windows ADK to help you manage and perform Windows 10 and app deployment. It is a free tool available directly from Microsoft.
+You can use MDT to deploy 32-bit or 64-bit versions of Windows 10. Install the 64-bit version of MDT to support deployment of 32-bit and 64-bit operating systems.
+
+>**Note**&nbsp;&nbsp;If you install the 32-bit version of MDT, you can install only 32-bit versions of Windows 10. Ensure that you download and install the 64-bit version of MDT so that you can install 64-bit and 32-bit versions of the operating system.
+
+For more information about installing MDT on the admin device, see [Installing a New Instance of MDT](https://technet.microsoft.com/en-us/library/dn759415.aspx#InstallingaNewInstanceofMDT).
+
+Now, you’re ready to create the MDT deployment share and populate it with the operating system, apps, and device drivers you want to deploy to your devices.
+
+### Create a deployment share
+
+MDT includes the Deployment Workbench, a graphical UI that you can use to manage MDT deployment shares. A *deployment share* is a shared folder that contains all the MDT deployment content. The LTI Deployment Wizard accesses the deployment content over the network or from a local copy of the deployment share (known as MDT *deployment media*).
+
+For more information about how to create a deployment share, see [Step 3-1: Create an MDT Deployment Share](https://technet.microsoft.com/en-us/library/dn781086.aspx#CreateMDTDeployShare).
+
+### Install the Configuration Manager console
+
+>**Note**&nbsp;&nbsp;If you selected System Center Configuration Manager to deploy Windows 10 or manage your devices (in the [Select the deployment methods](#select-the-deployment-methods) and [Select the configuration setting management methods](#select-the-configuration-setting-management-methods) sections, respectively), perform the steps in this section. Otherwise, skip this section and continue to the next.
+
+You can use System Center Configuration Manager to manage Windows 10 deployments, Windows desktop apps, Windows Store apps, and software updates. To manage System Center Configuration Manager, you use the Configuration Manager console. You must install the Configuration Manager console on every device you use to manage System Center Configuration Manager (specifically, the admin device). The Configuration Manager console is automatically installed when you install System Center Configuration Manager primary site servers.
+
+For more information about how to install the Configuration Manager console, see [Install System Center Configuration Manager consoles](https://technet.microsoft.com/en-us/library/mt590197.aspx#bkmk_InstallConsole).
+
+### Configure MDT integration with the Configuration Manager console
+
+>**Note**&nbsp;&nbsp;If you selected MDT only to deploy Windows 10 and your apps (and not System Center Configuration Manager) in the [Select the deployment methods](#select-the-deployment-methods) section, then skip this section and continue to the next.
+
+You can use MDT with System Center Configuration Manager to make ZTI operating system deployment easier. To configure MDT integration with System Center Configuration Manager, run the Configure ConfigMgr Integration Wizard. This wizard is installed when you install MDT.
+
+In addition to the admin device, run the Configure ConfigMgr Integration Wizard on each device that runs the Configuration Manager console to ensure that all Configuration Manager console installation can use the power of MDT–System Center Configuration Manager integration.
+
+For more information, see [Enable Configuration Manager Console Integration for Configuration Manager](https://technet.microsoft.com/en-us/library/dn759415.aspx#EnableConfigurationManagerConsoleIntegrationforConfigurationManager).
+
+#### Summary
+
+In this section, you installed the Windows ADK and MDT on the admin device. You also created the MDT deployment share that you will configure and use later to capture a reference image. You can also use the MDT deployment share to deploy Windows 10 and your apps to faculty and students (if that’s the method you selected in the [Select the deployment methods](#select-the-deployment-methods) section). Finally, you installed the Configuration Manager console and configured MDT integration with the Configuration Manager console.
+
+## Create and configure Office 365
+
+Office 365 is one of the core components of your classroom environment. You create and manage student identities in Office 365, and students and teachers use the suite as their email, contacts, and calendar system. They also use Office 365 collaboration features such as SharePoint, OneNote, and OneDrive for Business.
+
+As a first step in deploying your classroom, create an Office 365 Education subscription, and then configure Office 365 for the classroom. For more information about Office 365 Education deployment, see [School deployment of Office 365 Education](https://www.microsoft.com/en-us/education/products/office-365-deployment-resources/default.aspx).
+
+### Select the appropriate Office 365 Education license plan
+
+Complete the following steps to select the appropriate Office 365 Education license plan for your school:
+
+1. Determine the number of faculty members and students who will use the classroom. Office 365 Education licensing plans are available specifically for faculty and students. You must assign faculty and students the correct licensing plan.</li>
+
+2. Determine the faculty members and students who need to install Microsoft Office applications on devices (if any). Faculty and students can use Office applications online (standard plans) or run them locally (Office 365 ProPlus plans). Table 8 lists the advantages and disadvantages of standard and Office 365 ProPlus plans.
+
+    |Plan  |Advantages  |Disadvantages |
+    |----- |----------- |------------- |
+    |Office 365 Education |<ul><li>Less expensive than Office 365 ProPlus</li><li>Can be run from any device</li><li>No installation necessary</li></ul> | <ul><li>Must have an Internet connection to use it</li><li>Does not support all the features found in Office 365 ProPlus</li></ul> |
+    |Office 365 ProPlus |<ul><li>Only requires an Internet connection every 30 days (for activation)</li><li>Supports the full set of Office features</li><li>Can be installed on five devices per user (there is no limit to the number of devices on which you can run Office apps online)</li></ul> |<ul><li>Requires installation</li><li>More expensive than Office 365 Education</li></ul>|
+
+    *Table 8. Comparison of standard and Office 365 ProPlus plans*
+
+    The best user experience is to run Office 365 ProPlus or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device.
+
+3. Determine whether students or faculty need Azure Rights Management.
+
+    You can use Azure Rights Management to protect classroom information against unauthorized access. Azure Rights Management protects your information inside or outside the classroom through encryption, identity, and authorization policies, securing your files and email. You can retain control of the information, even when it’s shared with people outside the classroom or your educational institution. Azure Rights Management is free to use with all Office 365 Education license plans. For more information, see [Azure Rights Management Documentation](https://docs.microsoft.com/en-us/rights-management/).
+
+4. Record the Office 365 Education license plans needed for the classroom in Table 9.
+
+    |Quantity |Plan |
+    |---------|-----|
+    |   |Office 365 Education for students|
+    |   |Office 365 Education for faculty|
+    |   |Azure Rights Management for students|
+    |   |Azure Rights Management for faculty|
+
+    *Table 9. Office 365 Education license plans needed for the classroom*
+
+You will use the Office 365 Education license plan information you record in Table 9 in [Create user accounts in Office 365](#create-user-accounts-in-office-365) later in this guide.
+
+### Create a new Office 365 Education subscription
+
+To create a new Office 365 Education subscription for use in the classroom, use your educational institution’s email account. There are no costs to you or to students for signing up for Office 365 Education subscriptions.
+
+>**Note**&nbsp;&nbsp;If you already have an Office 365 Education subscription, you can use that subscription and continue to the next section, [Create user accounts in Office 365](#create-user-accounts-in-office-365).
+
+#### To create a new Office 365 subscription
+
+1. In Microsoft Edge or Internet Explorer, type `https://portal.office.com/start?sku=faculty` in the address bar.
+   >**Note**&nbsp;&nbsp;If you have already used your current sign-in account to create a new Office 365 subscription, you will be prompted to sign in. If you want to create a new Office 365 subscription, start an In-Private Window by using one of the following methods:
+      <ul><li>In Microsoft Edge, open the Microsoft Edge app (press Ctrl+Shift+P, or click or tap **More actions**), and then click or tap **New InPrivate window**.<li>In Internet Explorer 11, open Internet Explorer 11 (press Ctrl+Shift+P, or click or tap **Settings**), click or tap **Safety**, and then click or tap **InPrivate Browsing**.</li></ul>
+
+
+2. On the **Get started** page, in **Enter your school email address**, type your school email address, and then click **Sign up**.
+
+   You will receive an email in your school email account. 
+3. Click the hyperlink in the email in your school email account.
+
+4. On the **One last thing** page, complete your user information, and then click **Start**.
+
+
+The wizard creates your new Office 365 Education subscription, and you’re automatically signed in as the administrative user you specified when you created the subscription.
+
+### Add domains and subdomains
+
+Now that you have created your new Office 365 Education subscription, add the domains and subdomains that your institution uses. For example, if your institution has contoso.edu as the primary domain name but you have subdomains for students or faculty (such as students.contoso.edu and faculty.contoso.edu), then you need to add the subdomains.
+
+#### To add additional domains and subdomains
+
+1. In the Office 365 admin center, in the list view, click **DOMAINS**.
+
+2. In the details pane, above the list of domains, on the menu bar, click **Add domain**.
+
+3. In the Add a New Domain in Office 365 Wizard, on the **Verify domain** wizard page, click **Let’s get started**.
+
+4. On the **Verify domain** wizard page, in **Enter a domain you already own**, type your domain name, and then click **Next**.
+
+5. Sign in to your domain name management provider (for example, Network Solutions or GoDaddy), and then complete the steps for your provider.
+
+6. Repeat these steps for each domain and subdomain you want faculty and students to use for your institution.
+
+### Configure automatic tenant join
+
+To make it easier for faculty and students to join your Office 365 Education subscription (or *tenant*), allow them to automatically sign up to your tenant (*automatic tenant join*). In automatic tenant join, when a faculty member or student signs up for Office 365, Office 365 automatically adds (joins) the user to your Office 365 tenant.
+
+>**Note**&nbsp;&nbsp;By default, automatic tenant join is enabled in Office 365 Education, with the exception of certain areas in Europe, the Middle East, and Africa. These countries require opt-in steps to add new users to existing Office 365 tenants. Check your country requirements to determine the automatic tenant join default configuration. Also, if you use Azure AD Connect, then automatic tenant join is disabled. For more information, see [Office 365 Education Self-Sign up: Technical FAQ](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US&WT.mc_id=eml_CXM__33537_MOD_EDU_Student_Advantage_Rush).
+
+Office 365 uses the domain portion of the user’s email address to know which Office 365 tenant to join. For example, if a faculty member or student provides an email address of user@contoso.edu, then Office 365 automatically performs one of the following tasks:
+
+* If an Office 365 tenant with that domain name (contoso.edu) exists, Office 365 automatically adds the user to that tenant.
+* If an Office 365 tenant with that domain name (contoso.edu) does not exists, Office 365 automatically creates a new Office 365 tenant with that domain name and adds the user to it.
+
+You will always want faculty and students to join the Office 365 tenant that you created. Ensure that you perform the steps in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) and [Add domains and subdomains](#add-domains-and-subdomains) sections before you allow other faculty and students to join Office 365.
+
+>**Note**&nbsp;&nbsp;You cannot merge multiple tenants, so any faculty or students who create their own tenant will need to abandon their existing tenant and join yours.
+
+By default, all new Office 365 Education subscriptions have automatic tenant join enabled, but you can enable or disable automatic tenant join by using the Windows PowerShell commands in Table 10. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US#BKMK_PreventJoins).
+
+|Action |Windows PowerShell command|
+|-------|--------------------------|
+|Enable   |`Set-MsolCompanySettings -AllowEmailVerifiedUsers $true` |
+|Disable |`Set-MsolCompanySettings -AllowEmailVerifiedUsers $false`  |
+
+*Table 10. Windows PowerShell commands to enable or disable automatic tenant join*
+
+>**Note**&nbsp;&nbsp;If your institution has AD DS, then disable automatic tenant join. Instead, use Azure AD integration with AD DS to add users to your Office 365 tenant.
+
+### Disable automatic licensing
+
+To reduce your administrative effort, automatically assign Office 365 Education or Office 365 Education Plus licenses to faculty and students when they sign up (automatic licensing). Automatic licensing also enables Office 365 Education or Office 365 Education Plus features that do not require administrative approval.
+
+>**Note**&nbsp;&nbsp;By default, automatic licensing is enabled in Office 365 Education. If you want to use automatic licensing, then skip this section and go to the next section.
+
+Although all new Office 365 Education subscriptions have automatic licensing enabled by default, you can enable or disable it for your Office 365 tenant by using the Windows PowerShell commands in Table 11. For more information about how to run these commands, see [How can I prevent students from joining my existing Office 365 tenant](https://support.office.com/en-us/article/Office-365-Education-Self-Sign-up-Technical-FAQ-7fb1b2f9-94c2-4cbb-b01e-a6eca34261d6?ui=en-US&rs=en-US&ad=US#BKMK_PreventJoins).
+
+|Action |Windows PowerShell command|
+|-------|--------------------------|
+|Enable |`Set-MsolCompanySettings -AllowAdHocSubscriptions $true` |
+|Disable|`Set-MsolCompanySettings -AllowAdHocSubscriptions $false`|
+
+*Table 11. Windows PowerShell commands to enable or disable automatic licensing*
+
+### Enable Azure AD Premium
+
+When you create your Office 365 subscription, you create an Office 365 tenant that includes an Azure AD directory, the centralized repository for all your student and faculty accounts in Office 365, Intune, and other Azure AD-integrated apps. Azure AD is available in Free, Basic, and Premium editions. Azure AD Free, which is included in Office 365 Education, has fewer features than Azure AD Basic, which in turn has fewer features than Azure AD Premium.
+
+Educational institutions can obtain Azure AD Basic edition licenses at no cost if they have a volume license agreement. After your institution obtains its licenses, activate your Azure AD access by completing the steps in [Step 3: Activate your Azure Active Directory access](https://azure.microsoft.com/en-us/documentation/articles/active-directory-get-started-premium/#step-3-activate-your-azure-active-directory-access).
+
+The following Azure AD Premium features are not in Azure AD Basic:
+
+* Allow designated users to manage group membership
+* Dynamic group membership based on user metadata
+* Azure multifactor authentication (MFA; see [What is Azure Multi-Factor Authentication](https://azure.microsoft.com/en-us/documentation/articles/multi-factor-authentication/))
+* Identify cloud apps that your users run
+* Self-service recovery of BitLocker
+* Add local administrator accounts to Windows 10 devices
+* Azure AD Connect health monitoring
+* Extended reporting capabilities
+
+You can assign Azure AD Premium licenses to the users who need these features. For example, you may want the users who have access to confidential student information to use MFA. In this example, you could assign Azure AD Premium to only those users.
+
+You can sign up for Azure AD Premium, and then assign licenses to users. In this section, you sign up for Azure AD Premium. You will assign Azure AD Premium licenses to users later in the deployment process.
+
+For more information about:
+
+* Azure AD editions and the features in each, see [Azure Active Directory editions](https://azure.microsoft.com/en-us/documentation/articles/active-directory-editions/).
+* How to enable Azure AD premium, see [Associate an Azure AD directory with a new Azure subscription](https://msdn.microsoft.com/en-us/library/azure/jj573650.aspx#create_tenant3).
+
+#### Summary
+
+You provision and initially configure Office 365 Education as part of initial configuration. With the subscription in place, automatic tenant join configured, automatic licensing established, and Azure AD Premium enabled (if required), you’re ready to select the method you will use to create user accounts in Office 365.
+
+## Select an Office 365 user account–creation method
+
+Now that you have an Office 365 subscription, you must determine how you’ll create your Office 365 user accounts. Use one of the following methods to make your decision:
+
+* Method 1: Automatically synchronize your on-premises AD DS domain with Azure AD. Select this method if you have an on-premises AD DS domain.
+* Method 2: Bulk-import the user accounts from a .csv file (based on information from other sources) into Azure AD. Select this method if you don’t have an on-premises AD DS domain.
+
+### Method 1: Automatic synchronization between AD DS and Azure AD
+
+In this method, you have an on-premises AD DS domain. As shown in Figure 5, the Azure AD Connector tool automatically synchronizes AD DS with Azure AD. When you add or change any user accounts in AD DS, the Azure AD Connector tool automatically updates Azure AD.
+
+>**Note**&nbsp;&nbsp;Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](https://technet.microsoft.com/en-us/library/dn510997.aspx).
+
+![Automatic synchronization between AD DS and Azure AD](images/edu-districtdeploy-fig5.png "Automatic synchronization between AD DS and Azure AD")
+
+*Figure 5. Automatic synchronization between AD DS and Azure AD*
+
+For more information about how to perform this step, see the [Integrate on-premises AD DS with Azure AD](#integrate-on-premises-ad-ds-with-azure-ad) section later in this guide.
+
+### Method 2: Bulk import into Azure AD from a .csv file
+
+In this method, you have no on-premises AD DS domain. As shown in Figure 6, you manually prepare a .csv file with the student information from your source, and then manually import the information directly into Azure AD. The .csv file must be in the format that Office 365 specifies.
+
+![Bulk import into Azure AD from other sources](images/edu-districtdeploy-fig6.png "Bulk import into Azure AD from other sources")
+
+*Figure 6. Bulk import into Azure AD from other sources*
+
+To implement this method, perform the following steps:
+
+1. Export the student information from the source.
+
+   Put the student information in the format the bulk-import feature requires.
+2. Bulk-import the student information into Azure AD.
+
+   For more information about how to perform this step, see the [Bulk-import user and group accounts in Office 365](#bulk-import-user-and-group-accounts-in-office-365) section.
+
+#### Summary
+
+In this section, you selected the method for creating user accounts in your Office 365 subscription. Ultimately, these user accounts are in Azure AD (which is the identity management system for Office 365). Now, you’re ready to create your Office 365 accounts.
+
+## Integrate on-premises AD DS with Azure AD
+
+You can integrate your on-premises AD DS domain with Azure AD to provide identity management for your Office 365 tenant. With this integration, you can synchronize the users, security groups, and distribution lists in your AD DS domain with Azure AD with the Azure AD Connect tool. Users will be able to sign in to Office 365 automatically by using their email account and the same password they use to sign in to AD DS.
+
+>**Note**&nbsp;&nbsp;If your institution does not have an on-premises AD DS domain, you can skip this section.
+
+### Select a synchronization model
+
+Before you deploy AD DS and Azure AD synchronization, determine where you want to deploy the server that runs Azure AD Connect.
+
+You can deploy the Azure AD Connect tool:
+
+- **On premises.** As shown in Figure 7, Azure AD Connect runs on premises, which has the advantage of not requiring a VPN connection to Azure. It does, however, require a virtual machine (VM) or physical server.
+
+  ![Azure AD Connect on premises](images/edu-districtdeploy-fig7.png "Azure AD Connect on premises")
+
+  *Figure 7. Azure AD Connect on premises*
+
+- **In Azure.** As shown in Figure 8, Azure AD Connect runs on a VM in Azure AD, which has the advantages of being faster to provision (than a physical, on-premises server), offers better site availability, and helps reduce the number of on-premises servers. The disadvantage is that you need to deploy a VPN gateway on premises.
+
+  ![Azure AD Connect in Azure](images/edu-districtdeploy-fig8.png "Azure AD Connect in Azure")
+
+  *Figure 8. Azure AD Connect in Azure*
+
+This guide describes how to run Azure AD Connect on premises. For information about running Azure AD Connect in Azure, see [Deploy Office 365 Directory Synchronization (DirSync) in Microsoft Azure](https://technet.microsoft.com/en-us/library/dn635310.aspx).
+
+### Deploy Azure AD Connect on premises
+
+In this synchronization model (illustrated in Figure 7), you run Azure AD Connect on premises on a physical device or in a VM. Azure AD Connect synchronizes AD DS user and group accounts with Azure AD and includes a wizard that helps you configure Azure AD Connect for your AD DS domain and Office 365 subscription. First, you install Azure AD Connect; then, you run the wizard to configure it for your institution.
+
+#### To deploy AD DS and Azure AD synchronization
+
+1. Configure your environment to meet the prerequisites for installing Azure AD Connect by performing the steps in [Prerequisites for Azure AD Connect](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect-prerequisites/).
+
+2. In the VM or on the physical device that will run Azure AD Connect, sign in with a domain administrator account.
+
+3. Install Azure AD Connect by performing the steps in [Install Azure AD Connect](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/#install-azure-ad-connect).
+
+4. Configure Azure AD Connect features based on your institution’s requirements by performing the steps in [Configure sync features](https://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/#configure-sync-features).
+
+Now that you have used on premises Azure AD Connect to deploy AD DS and Azure AD synchronization, you’re ready to verify that Azure AD Connect is synchronizing AD DS user and group accounts with Azure AD.
+
+### Verify synchronization
+
+Azure AD Connect should start synchronization immediately. Depending on the number of users in your AD DS domain, the synchronization process can take some time. To monitor the process, view the number of AD DS users and groups the tool has synchronized with Azure AD in the Office 365 admin console.
+
+#### To verify AD DS and Azure AD synchronization
+
+1. Open https://portal.office.com in your web browser.
+
+2. Using the administrative account that you created in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) section, sign in to Office 365.
+
+3. In the list view, expand USERS, and then click **Active Users**.
+
+4. In the details pane, view the list of users.
+
+   The list of users should mirror the users in AD DS.
+5. In the list view, click **GROUPS**.
+
+6. In the details pane, view the list of security groups.
+
+   The list of users should mirror the security groups in AD DS.
+7. In the details pane, double-click one of the security groups.
+
+   The list of security group members should mirror the group membership for the corresponding security group in AD DS.
+8. Close the browser.
+
+Now that you have verified Azure AD Connect synchronization, you’re ready to assign user licenses for Azure AD Premium.
+
+#### Summary
+
+In this section, you selected your synchronization model, deployed Azure AD Connect, and verified that Azure AD is synchronizing properly.
+
+## Bulk-import user and group accounts into AD DS
+
+You can bulk-import user and group accounts into your on-premises AD DS domain. Bulk-importing accounts helps reduce the time and effort needed to create users compared to creating the accounts manually in the Office 365 Admin portal. First, you select the appropriate method for bulk-importing user accounts into AD DS. Next, you create the .csv file that contains the user accounts. Finally, you use the selected method to import the .csv file into AD DS.
+
+>**Note**&nbsp;&nbsp;If your institution doesn’t have an on-premises AD DS domain, you can skip this section.
+
+### Select the bulk import method
+
+Several methods are available to bulk-import user accounts into AD DS domains. Table 12 lists the methods that the Windows Server operating system supports natively. In addition, you can use partner solutions to bulk-import user and group accounts into AD DS.
+
+|Method |Description and reason to select this method |
+|-------|---------------------------------------------|
+|Ldifde.exe|This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).|
+|VBScript|This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx) and [ADSI Scriptomatic](https://technet.microsoft.com/en-us/scriptcenter/dd939958.aspx).|
+|Windows PowerShell|This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Window PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](http://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).|
+
+*Table 12. AD DS bulk-import account methods*
+
+### Create a source file that contains the user and group accounts
+
+After you have selected your user and group account bulk import method, you’re ready to create the source file that contains the user and group account. You’ll use the source file as the input to the import process. The source file format depends on the method you selected. Table 13 lists the source file format for the bulk import methods.
+
+|Method |Source file format |
+|-------|-------------------|
+|Ldifde.exe |Ldifde.exe requires a specific format for the source file. Use Ldifde.exe to export existing user and group accounts so that you can see the format. For examples of the format that Ldifde.exe requires, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).|
+|VBScript |VBScript can use any .csv file format to create a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in comma-separated values (CSV) format, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx).|
+|Windows PowerShell |Windows PowerShell can use any .csv file format you want to create as a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in CSV format, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](http://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx). |
+
+*Table 13. Source file format for each bulk import method*
+
+### Import the user accounts into AD DS
+
+With the bulk-import source file finished, you’re ready to import the user and group accounts into AD DS. The steps for importing the file are slightly different for each method.
+
+>**Note**&nbsp;&nbsp;Bulk-import your group accounts first, and then import your user accounts. Importing in this order allows you to specify group membership when you import your user accounts. 
+
+For more information about how to import user accounts into AD DS by using:
+
+* Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).
+* VBScript, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx).
+* Windows PowerShell, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](http://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).
+
+#### Summary
+
+In this section, you selected the bulk-import method, created the source file that contains the user and group accounts, and imported the user and group accounts into AD DS. If you have Azure AD Connect, it automatically synchronizes the new AD DS user and group accounts to Azure AD. Now, you’re ready to assign user licenses for Azure AD Premium in the [Assign user licenses for Azure AD Premium](#assign-user-licenses-for-azure-ad-premium) section later in this guide.
+
+## Bulk-import user and group accounts into Office 365
+
+You can bulk-import user and group accounts directly into Office 365, reducing the time and effort required to create users. First, you bulk-import the user accounts into Office 365. Then, you create the security groups for your institution. Finally, you create the email distribution groups your institution requires.
+
+### Create user accounts in Office 365
+
+Now that you have created your new Office 365 Education subscription, you need to create user accounts. You can add user accounts for the teachers, other faculty, and students who will use the classroom.
+
+>**Note**&nbsp;&nbsp;If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
+
+You can use the Office 365 admin center to add individual Office 365 accounts manually—a reasonable process when you’re adding only a few users. If you have many users, however, you can automate the process by creating a list of those users, and then use that list to create user accounts (that is, bulk-add users).
+
+The bulk-add process assigns the same Office 365 Education license plan to all users on the list. Therefore, you must create a separate list for each license plan you recorded in Table 9. Depending on the number of faculty members who need to use the classroom, you may want to add the faculty Office 365 accounts manually; however, use the bulk-add process to add student accounts.
+
+For more information about how to bulk-add users to Office 365, see [Add several users at the same time to Office 365 - Admin help](https://support.office.com/en-us/article/Add-several-users-at-the-same-time-to-Office-365-Admin-Help-1f5767ed-e717-4f24-969c-6ea9d412ca88?ui=en-US&rs=en-US&ad=US).
+
+>**Note**&nbsp;&nbsp;If you encountered errors during bulk add, resolve them before you continue the bulk-add process. You can view the log file to see which users caused the errors, and then modify the .csv file to correct the problems. Click **Back** to retry the verification process.
+
+The email accounts are assigned temporary passwords on creation. You must communicate these temporary passwords to your users before they can sign in to Office 365.
+
+### Create Office 365 security groups
+
+Assign SharePoint Online resource permissions to Office 365 security groups, not individual user accounts. For example, create one security group for faculty members and another for students. Then, you can assign unique SharePoint Online resource permissions to faculty members and a different set of permissions to students. Add or remove users from the security groups to grant or revoke access to SharePoint Online resources.
+
+>**Note**&nbsp;&nbsp;If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
+
+For information about creating security groups, see [Create an Office 365 Group in the admin center](https://support.office.com/en-us/article/Create-an-Office-365-Group-in-the-admin-center-74a1ef8b-3844-4d08-9980-9f8f7a36000f?ui=en-US&rs=en-001&ad=US).
+
+You can add and remove users from security groups at any time.
+
+>**Note**&nbsp;&nbsp;Office 365 evaluates group membership when users sign in. If you change group membership for a user, that user may have to sign out, and then sign in again for the change to take effect.
+
+### Create email distribution groups
+
+Microsoft Exchange Online uses an email distribution group as a single email recipient for multiple users. For example, you could create an email distribution group that contains all students. Then, you could send a message to the email distribution group instead of individually addressing the message to each student.
+
+You can create email distribution groups based on job role (such as teacher, administration, or student) or specific interests (such as robotics, drama club, or soccer team). You can create any number of distribution groups, and users can be members of more than one group.
+
+>**Note**&nbsp;&nbsp;Office 365 can take some time to complete the Exchange Online creation process. You will have to wait until the creation process ends before you can perform the following steps. 
+
+
+For information about creating email distribution groups, see [Create an Office 365 Group in the admin center](https://support.office.com/en-us/article/Create-an-Office-365-Group-in-the-admin-center-74a1ef8b-3844-4d08-9980-9f8f7a36000f?ui=en-US&rs=en-001&ad=US).
+
+#### Summary
+
+You have bulk-imported the user accounts into Office 365. First, you selected the bulk-import method. Next, you created the Office 365 security groups in Office 365. Finally, you created the Office 365 email distribution groups. Now, you’re ready to assign user licenses for Azure AD Premium.
+
+## Assign user licenses for Azure AD Premium
+
+If you enabled Azure AD Premium in the [Enable Azure AD Premium](#enable-azure-ad-premium) section, you must now assign Azure AD Premium licenses to the users who need the features this edition offers. For example, you may want the users who have access to confidential student information to use MFA. In this example, you could assign Azure AD Premium only to those users.
+
+For more information about assigning user licenses for Azure AD Premium, see [How to assign EMS/Azure AD Premium licenses to user accounts](https://channel9.msdn.com/Series/Azure-Active-Directory-Videos-Demos/How-to-assign-Azure-AD-Premium-Licenses-to-user-accounts).
+
+## Create and configure a Windows Store for Business portal
+
+Windows Store for Business allows you to create your own private portal to manage Windows Store apps in your institution. With Windows Store for Business, you can:
+
+* Find and acquire Windows Store apps.
+* Manage apps, app licenses, and updates.
+* Distribute apps to your users.
+
+
+For more information about Windows Store for Business, see [Windows Store for Business overview](https://technet.microsoft.com/itpro/windows/whats-new/windows-store-for-business-overview).
+
+This section shows you how to create a Windows Store for Business portal and configure it for your school.
+
+### Create and configure your Windows Store for Business portal
+
+To create and configure your Windows Store for Business portal, simply use the administrative account for your Office 365 subscription to sign in to Windows Store for Business. Windows Store for Business automatically creates a portal for your institution and uses your account as its administrator.
+
+#### To create and configure a Windows Store for Business portal
+
+1. In Microsoft Edge or Internet Explorer, type `http://microsoft.com/business-store` in the address bar.
+
+2. On the **Windows Store for Business** page, click **Sign in with an organizational account**.
+
+3. On the Windows Store for Business sign-in page, use the administrative account for the Office 365 subscription you created in the [Create a new Office 365 Education subscription](#create-a-new-office-365-education-subscription) section to sign in.
+
+4. On the **Windows Store for Business Services Agreement** page, review the agreement, select the **I accept this agreement and certify that I have the authority to bind my organization to its terms** check box, and then click **Accept**.
+
+5. In the **Welcome to the Windows Store for Business** dialog box, click **OK**.
+
+After you create the Windows Store for Business portal, configure it by using the commands in the **Settings** menu listed in Table 14. Depending on your institution, you may (or may not) need to change these settings to further customize your portal. 
+
+|Menu selection|What can you do in this menu|
+|--------------|----------------------------|
+|Account information |Displays information about your Windows Store for Business account (no settings can be changed). You make changes to this information in Office 365 or the Azure Management Portal. For more information, see [Update Windows Store for Business account settings](https://technet.microsoft.com/itpro/windows/manage/update-windows-store-for-business-account-settings).|
+|Device Guard signing |Allows you to upload and sign Device Guard catalog and policy files. For more information about Device Guard, see [Device Guard deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide).|
+|LOB publishers |Allows you to add line-of-business (LOB) publishers that can then publish apps to your private store. LOB publishers are usually internal developers or software vendors that are working with your institution. For more information, see [Working with line-of-business apps](https://technet.microsoft.com/itpro/windows/manage/working-with-line-of-business-apps).|
+|Management tools |Allows you to add tools that you can use to distribute (deploy) apps in your private store. For more information, see [Distribute apps with a management tool](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-with-management-tool).|
+|Offline licensing|Allows you to show (or not show) offline licensed apps to people shopping in your private store. For more information, see the “Licensing model: online and offline licenses” section in [Apps in Windows Store for Business](https://technet.microsoft.com/itpro/windows/manage/apps-in-windows-store-for-business#licensing-model).|
+|Permissions |Allows you to grant other users in your organization the ability to buy, manage, and administer your Windows Store for Business portal. You can also remove permissions you have previously granted. For more information, see [Roles and permissions in Windows Store for Business](https://technet.microsoft.com/itpro/windows/manage/roles-and-permissions-windows-store-for-business).|
+|Private store |Allows you to change the organization name used in your Windows Store for Business portal. When you create your portal, the private store uses the organization name that you used to create your Office 365 subscription. For more information, see [Distribute apps using your private store](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-from-your-private-store).|
+
+*Table 14. Menu selections to configure Windows Store for Business settings*
+
+### Find, acquire, and distribute apps in the portal
+
+Now that you have created your Windows Store for Business portal, you’re ready to find, acquire, and distribute apps that you will add to your portal. You do this from the **Inventory** page in Windows Store for Business.
+
+>**Note**&nbsp;&nbsp;Your educational institution can now use a credit card or purchase order to pay for apps in Windows Store for Business.
+
+You can deploy apps to individual users or make apps available to users through your private store. Deploying apps to individual users restricts the app to those specified users. Making apps available through your private store allows all your users to install the apps.
+
+For more information about how to find, acquire, and distribute apps in the portal, see [App inventory management for Windows Store for Business](https://technet.microsoft.com/itpro/windows/manage/app-inventory-managemement-windows-store-for-business).
+
+#### Summary
+
+At the end of this section, you should have a properly configured Windows Store for Business portal. You have also found and acquired your apps from Windows Store. Finally, you should have deployed all your Windows Store apps to your users. Now, you’re ready to deploy Windows Store apps to your users.
+
+## Plan for deployment
+
+You will use the LTI deployment process in MDT to deploy Windows 10 to devices or to upgrade devices to Windows 10. Prior to preparing for deployment, you must make some deployment planning decisions, including selecting the operating systems you will use, the approach you will use to create your Windows 10 images, and the method you will use to initiate the LTI deployment process.
+
+### Select the operating systems
+
+Later in the process, you will import the versions of Windows 10 you want to deploy. You can deploy the operating system to new devices, refresh existing devices, or upgrade existing devices. In the case of:
+
+* New devices or refreshing existing devices, you will completely replace the existing operating system on a device with Windows 10.
+* Upgrading existing devices, you will upgrade the existing operating system (the Windows 8.1 or Windows 7 operating system) to Windows 10.
+
+
+Depending on your school’s requirements, you may need any combination of the following Windows 10 editions:
+
+- **Windows 10 Pro.** Use this operating system to:
+  * Upgrade existing eligible institution-owned and personal devices running Windows 8.1 Pro or Windows 7 Professional to Windows 10 Pro.
+  * Deploy new instances of Windows 10 Pro to devices so that new devices have a known configuration.
+
+- **Windows 10 Education.** Use this operating system to:
+  * Upgrade institution-owned devices to Windows 10 Education.
+  * Deploy new instances of Windows 10 Education so that new devices have a known configuration.
+
+>**Note**&nbsp;&nbsp;Although you can use Windows 10 Home on institution-owned devices, Microsoft recommends that you use Windows 10 Pro or Windows 10 Education, instead. Windows 10 Pro and Windows 10 Education provide support for MDM, policy-based management, and Windows Store for Business—features not available in Windows 10 Home. For more information about how to upgrade Windows 10 Home to Windows 10 Pro or Windows 10 Education, see [Windows 10 edition upgrade](https://technet.microsoft.com/itpro/windows/deploy/windows-10-edition-upgrades).
+
+For more information about the Windows 10 editions, see [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
+One other consideration is the mix of processor architectures you will support. If you can, support only 64-bit versions of Windows 10. If you have devices that can run only 32-bit versions of Windows 10, you will need to import both 64-bit and 32-bit versions of the Windows 10 editions listed above.
+
+>**Note**&nbsp;&nbsp;On devices that have minimal system resources (such as devices with only 2 GB of memory or 32 GB of storage), use 32-bit versions of Windows 10 because 64-bit versions of Windows 10 place more stress on device system resources.
+
+Finally, as a best practice, minimize the number of operating systems that you deploy and manage. If possible, standardize institution-owned devices on one Windows 10 edition (such as a 64-bit version of Windows 10 Education or Windows 10 Pro). Of course, you cannot standardize personal devices on a specific operating system version or processor architecture.
+
+### Select an image approach
+
+A key operating system image decision is whether to use a thin or thick image. *Thin images* contain only the operating system, and MDT installs the necessary device drivers and apps after the operating system has been installed. *Thick images* contain the operating system, “core” apps (such as Office), and device drivers. With thick images, MDT installs any device drivers and apps not included in the thick image after the operating system has been installed.
+
+The advantage to a thin image is that the final deployment configuration is dynamic: you can easily change the configuration without having to capture another image. The disadvantage of a thin image is that it takes longer to complete the deployment.
+
+The advantage of a thick image is that the deployment takes less time than it would for a thin image. The disadvantage of a thick image is that you need to capture a new image each time you want to make a change to the operating system, apps, or other software in the image.
+
+This guide discusses thick image deployment. For information about thin image deployments, see [Deploy Windows 10 in a school](https://technet.microsoft.com/edu/windows/deploy-windows-10-in-a-school).
+
+### Select a method to initiate deployment
+The LTI deployment process is highly automated: it requires minimal information to deploy or upgrade Windows 10. The ZTI deployment process is fully automated, but you must manually initiate it. To do so, use the method listed in Table 15 that best meets the needs of your institution.
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Method</th>
+<th align="left">Description and reason to select this method</th>
+
+</tr>
+</thead>
+<tbody>
+
+<tr>
+<td valign="top">Windows Deployment Services</td>
+<td><p>This method:</p>
+<ul>
+<li>Uses diskless booting to initiate LTI and ZTI deployments.</li>
+<li>Works only with devices that support PXE boot.</li>
+<li>Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.</li>
+<li>Deploys images more slowly than when you use local media.</li>
+<li>Requires that you deploy a Windows Deployment Services server.</li>
+</ul>
+<br/>Select this method when you want to deploy Windows over-the-network and perform diskless booting. The advantage of this method is that the diskless media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployments from local media, and you must deploy a Windows Deployment Services server.
+</td>
+</tr>
+
+<tr>
+<td valign="top">Bootable media</td>
+<td><p>This method:</p>
+<ul>
+<li>Initiates LTI or ZTI deployment by booting from local media, including from USB drives, DVD, or CD.</li>
+<li>Deploys Windows 10 over the network, which consumes more network bandwidth than deployment from local media.</li>
+<li>Deploys images more slowly than when using local media.</li>
+<li>Requires no additional infrastructure.</li>
+</ul>
+<br/>Select this method when you want to deploy Windows over the network and are willing to boot the target device from local media. The advantage of this method is that the media are generic and typically don’t require updates after you create them (LTI and ZTI access the centrally located deployment content over the network). The disadvantage of this method is that over-the-network deployments are slower than deployment from local media.
+</td>
+</tr>
+
+<tr>
+<td valign="top">Deployment media</td>
+<td><p>This method:</p>
+<ul>
+<li>Initiates LTI or ZTI deployment by booting from a local USB hard disk.</li>
+<li>Deploys Windows 10 from local media, which consumes less network bandwidth than over-the-network methods.</li>
+<li>Deploys images more quickly than network-based methods do.</li>
+<li>Requires a USB hard disk because of the deployment share’s storage requirements (up to 100 GB).</li>
+</ul>
+<br/>Select this method when you want to perform local deployments and are willing to boot the target device from a local USB hard disk. The advantage of this method is that local deployments are faster than over-the-network deployments. The disadvantage of this method is that each time you change the deployment share or distribution point content, you must regenerate the deployment media and update the USB hard disk.
+</td>
+</tr>
+
+</tbody>
+</table>
+
+*Table 15. Methods to initiate LTI and ZTI deployments*
+
+#### Summary
+At the end of this section, you should know the Windows 10 editions and processor architecture that you want to deploy (and will import later in the process). You also determined whether you want to use thin or thick images. Finally, you selected the method for initiating your LTI or ZTI deployment. Now, you can prepare for Windows 10 deployment.
+
+## Prepare for deployment
+
+Before you can deploy Windows 10 and your apps to devices, you need to prepare your MDT environment, Windows Deployment Services, and System Center Configuration Manager (if you selected it to do operating system deployment in the [Select the deployment methods](#select-the-deployment-methods) section). In this section, you ensure that the deployment methods you selected in the [Select the deployment methods](#select-the-deployment-methods) section have the necessary Windows 10 editions and versions, Windows desktop apps, Windows Store apps, and device drivers.
+
+### Configure the MDT deployment share
+
+The first step in preparing for Windows 10 deployment is to configure—that is, *populate*—the MDT deployment share. Table 16 lists the MDT deployment share configuration tasks that you must perform. Perform the tasks in the order represented in Table 16.
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task</th>
+<th align="left">Description</th>
+
+</tr>
+</thead>
+<tbody>
+
+
+<tr>
+<td valign="top">1. Import operating systems</td>
+<td>Import the operating systems that you selected in the [Select the operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import an Operating System into the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#ImportanOperatingSystemintotheDeploymentWorkbench).</td>
+</tr>
+
+<tr>
+<td valign="top">2. Import device drivers</td>
+<td>Device drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device cannot play sounds; without the proper camera driver, the device cannot take photos or use video chat.<br/><br/>
+Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#ImportDeviceDriversintotheDeploymentWorkbench).
+</td>
+</tr>
+
+<tr>
+<td valign="top">3. Create MDT applications for Windows Store apps</td>
+<td>Create an MDT application for each Windows Store app you want to deploy. You can deploy Windows Store apps by using <i>sideloading</i>, which allows you to use the **Add-AppxPackage** Windows PowerShell cmdlet to deploy the .appx files associated with the app (called *provisioned apps*). Use this method to deploy up to 24 apps to Windows 10.<br/><br/>
+<p>Prior to sideloading the .appx files, obtain the Windows Store .appx files that you will use to deploy (sideload) the apps in your provisioning package. For apps in Windows Store, you will need to obtain the .appx files by performing one of the following tasks:</p>
+<ul>
+<li>For offline-licensed apps, download the .appx files from the Windows Store for Business.</li>
+<li>For apps that are not offline licensed, obtain the .appx files from the app software vendor directly.</li>
+</ul>
+<br/>If you are unable to obtain the .appx files from the app software vendor, then you or the students will need to install the apps on the student devices directly from Windows Store or Windows Store for Business.<br/><br/>
+If you have Intune or System Center Configuration Manager, you can deploy Windows Store apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) and [Deploy and manage apps by using System Center Configuration Manager](#deploy-and-manage-apps-by-using-system-center-configuration-manager) sections. This method provides granular deployment of Windows Store apps, and you can use it for ongoing management of Windows Store apps. This is the preferred method of deploying and managing Windows Store apps.<br/><br/>
+In addition, you must prepare your environment for sideloading Windows Store apps. For more information about how to:<br/><br/>
+<ul>
+<li>Prepare your environment for sideloading, see [Try it out: sideload Windows Store apps](https://technet.microsoft.com/en-us/windows/jj874388.aspx).</li>
+<li>Create an MDT application, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench).</li>
+</ul>
+
+</td>
+</tr>
+
+<tr>
+<td valign="top">4. Create MDT applications for Windows desktop apps</td>
+<td>You need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you have sufficient licenses for them.<br/><br/>
+To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in [Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](https://technet.microsoft.com/en-us/library/jj219423.aspx).<br/><br/>
+If you have Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This is the preferred method for deploying and managing Windows desktop apps.
+<br/><br/>
+**Note**&nbsp;&nbsp;You can also deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune) section.
+
+For more information about how to create an MDT application for Window desktop apps, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx).
+
+</td>
+</tr>
+
+<tr>
+<td valign="top">5. Create task sequences</td>
+<td><p>You must create separate task sequences for each Windows 10 edition, processor architecture, operating system upgrade process, and new operating system deployment process. Minimally, create a task sequence for each Windows 10 operating system you imported in step 1—for example, (1) if you want to deploy Windows 10 Education to new devices or refresh existing devices with a new deployment of Windows 10 Education, (2) if you want to upgrade existing devices running Windows 8.1 or Windows 7 to Windows 10 Education, or (3) if you want to run deployments and upgrades for both 32-bit and 64-bit versions of Windows 10. To do so, you must create task sequences that will:</p>
+<ul>
+<li>Deploy 64-bit Windows 10 Education to devices.</li>
+<li>Deploy 32-bit Windows 10 Education to devices.</li>
+<li>Upgrade existing devices to 64-bit Windows 10 Education.</li>
+<li>Upgrade existing devices to 32-bit Windows 10 Education.</li>
+</ul>
+<br/>Again, you will create the task sequences based on the operating systems that you imported in step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench).
+
+</td>
+</tr>
+
+<tr>
+<td valign="top">6. Update the deployment share</td>
+<td>Updating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32-bit and 64-bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.<br/><br/>
+For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#UpdateaDeploymentShareintheDeploymentWorkbench).
+
+</td>
+</tr>
+
+
+</tbody>
+</table>
+
+*Table 16. Tasks to configure the MDT deployment share*
+
+### Configure System Center Configuration Manager
+
+>**Note**&nbsp;&nbsp;If you have already configured your System Center Configuration Manager infrastructure to support the operating system deployment feature or if you selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next section.
+
+Before you can use System Center Configuration Manager to deploy Windows 10 and manage your apps and devices, you must configure System Center Configuration Manager to support the operating system deployment feature. If you don’t have an existing System Center Configuration Manager infrastructure, you will need to deploy a new infrastructure. 
+
+Deploying a new System Center Configuration Manager infrastructure is beyond the scope of this guide, but the following resources can help you deploy a new System Center Configuration Manager infrastructure:
+
+* [Get ready for System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt608540.aspx)
+* [Start using System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt608544.aspx)
+
+
+#### To configure an existing System Center Configuration Manager infrastructure for operating system deployment
+
+1. Perform any necessary infrastructure remediation.
+
+    Ensure that your existing infrastructure can support the operating system deployment feature. For more information, see [Infrastructure requirements for operating system deployment in System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627936.aspx).
+2. Add the Windows PE boot images, Windows 10 operating systems, and other content.
+
+    You need to add the Windows PE boot images, Windows 10 operating system images, and other deployment content that you will use to deploy Windows 10 with ZTI. To add this content, use the Create MDT Task Sequence Wizard.
+
+    You can add this content by using System Center Configuration Manager only (without MDT), but the Create MDT Task Sequence Wizard is the preferred method because the wizard prompts you for all the deployment content you need for a task sequence and provides a much more intuitive user experience. For more information, see [Create ZTI Task Sequences Using the Create MDT Task Sequence Wizard in Configuration Manager](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateZTITaskSequencesUsingtheCreateMDTTaskSequenceWizardinConfigurationManager).
+3. Add device drivers.
+
+    You must add device drivers for the different device types in your district. For example, if you have a mixture of Surface, HP Stream, Dell Inspiron, and Lenovo Yoga devices, then you must have the device drivers for each device.
+
+    Create a System Center Configuration Manager driver package for each device type in your district. For more information, see [Manage drivers in System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627934.aspx).
+4. Add Windows apps.
+
+    Install the Windows apps (Windows desktop and Windows Store apps) that you want to deploy after the task sequence deploys your customized image (a thick, reference image that include Windows 10 and your core Windows desktop apps). These apps are in addition to the apps included in your reference image. You can only deploy Windows Store apps after you deploy Windows 10 because you cannot capture Windows Store apps in a reference image. Windows Store apps target users, not devices.
+
+    Create a System Center Configuration Manager application for each Windows desktop or Windows Store app that you want to deploy after you apply the reference image to a device. For more information, see [Deploy and manage applications with System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627959.aspx).
+
+### Configure Window Deployment Services for MDT
+
+You can use Windows Deployment Services in conjunction with MDT to automatically initiate boot images on target devices. These boot images can be Windows PE images (which you generated in step 6 in Table 16) or custom images that can deploy operating systems directly to the target devices.
+
+#### To configure Windows Deployment Services for MDT
+
+1. Set up and configure Windows Deployment Services.
+
+    Windows Deployment Services is a server role available in all Windows Server editions. You can enable the Windows Deployment Services server role on a new server or on any server running Windows Server in your institution.
+
+    For more information about how to perform this step, see the following resources:
+
+    * [Windows Deployment Services Overview](https://technet.microsoft.com/library/hh831764.aspx)
+    * The Windows Deployment Services Help file, included in Windows Deployment Services
+    * [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/en-us/library/jj648426.aspx)
+
+2. Add LTI boot images (Windows PE images) to Windows Deployment Services.
+    
+    The LTI boot images (.wim files) that you will add to Windows Deployment Services are in the MDT deployment share. Locate the .wim files in the deployment share’s Boot subfolder.
+    
+    For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](https://technet.microsoft.com/en-us/library/dn759415.aspx#AddLTIBootImagestoWindowsDeploymentServices).
+
+### Configure Window Deployment Services for System Center Configuration Manager
+
+>**Note**&nbsp;&nbsp;If you have already configured your System Center Configuration Manager infrastructure to support PXE boot or selected to deploy Windows 10 by using MDT only, then skip this section and continue to the next.
+
+You can use Windows Deployment Services in conjunction with System Center Configuration to automatically initiate boot images on target devices. These boot images are Windows PE images that you use to boot the target devices, and then initiate Windows 10, app, and device driver deployment.
+
+#### To configure Windows Deployment Services for System Center Configuration Manager
+
+1. Set up and configure Windows Deployment Services.
+    
+    Windows Deployment Services is a server role available in all Windows Server editions. You can enable the Windows Deployment Services server role on a new server or on any server running Windows Server in your institution.
+    
+    For more information about how to perform this step, see the following resources:
+    * [Windows Deployment Services Overview](https://technet.microsoft.com/library/hh831764.aspx)
+    * The Windows Deployment Services Help file, included in Windows Deployment Services
+    * [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/en-us/library/jj648426.aspx)
+
+2. Configure a distribution point to accept PXE requests in System Center Configuration Manager.
+
+    To support PXE boot requests, you install the PXE service point site system role. Then, you must configure one or more distribution points to respond to PXE boot request.
+    For more information about how to perform this step, see [Install site system roles for System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt704036.aspx), [Use PXE to deploy Windows over the network with System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627940.aspx), and [Configuring distribution points to accept PXE requests](https://technet.microsoft.com/en-us/library/mt627944.aspx#BKMK_PXEDistributionPoint).
+3.	Configure the appropriate boot images (Windows PE images) to deploy from the PXE-enabled distribution point.
+    
+    Before a device can start a boot image from a PXE-enabled distribution point, you must change the properties of the boot image to enable PXE booting. Typically, you create this boot image when you created your MDT task sequence in the Configuration Manager console.
+    
+    For more information about how to perform this step, see [Configure a boot image to deploy from a PXE-enabled distribution point](https://technet.microsoft.com/en-us/library/mt627946.aspx#BKMK_BootImagePXE) and [Manage boot images with System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627946.aspx).
+
+#### Summary
+
+Your MDT deployment share and System Center Configuration Manager are now ready for deployment. Windows Deployment Services is ready to initiate the LTI or ZTI deployment process. You have set up and configured Windows Deployment Services for MDT and for System Center Configuration Manager. You have also ensured that your boot images are available to Windows Deployment Services (for LTI) or the distribution points (for ZTI and System Center Configuration Manager). Now, you’re ready to capture the reference images for the different devices you have in your district.
+
+## Capture the reference image
+
+The reference device is a device that you use as the template for all the other devices in your district. On this device, you install any Windows desktop apps the classroom needs. For example, install the Windows desktop apps for Office 365 ProPlus if you selected that student license plan.
+
+After you deploy Windows 10 and the desktop apps to the reference device, you capture an image of the device (the reference image). You import the reference image to an MDT deployment share or into System Center Configuration Manager. Finally, you create a task sequence to deploy the reference image to faculty and student devices.
+
+You will capture multiple reference images, one for each type of device that you have in your organization. You perform the steps in this section for each image (device) that you have in your district. Use LTI in MDT to automate the deployment and capture of the reference image.
+
+>**Note**&nbsp;&nbsp;You can use LTI in MDT or System Center Configuration Manager to automate the deployment and capture of the reference image, but this guide only discusses how to use LTI in MDT to capture the reference image.
+
+### Customize the MDT deployment share
+
+You initially configured the MDT deployment share in the [Configure the MDT deployment share](#configure-the-mdt-deployment-share) section earlier in this guide. In that section, you configured the deployment share for generic use. Now, you need to customize the deployment share to deploy the appropriate Windows 10 edition, desktop apps, and device drivers to each reference device.
+
+#### To customize the MDT deployment share
+
+1. Create a task sequence to deploy the appropriate Windows 10 edition.
+
+    A task sequence can deploy only one Windows 10 edition or version, which means that you must create a task sequence for each Windows 10 edition and version you selected in the [Select the operating systems](#select-the-operating-systems) section earlier in this guide. To create task sequences, use the New Task Sequence Wizard. 
+    
+    For more information, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench).
+2. Create an MDT application for each desktop app you want to include in your reference image.
+
+    You create MDT applications by using the New Application Wizard in the Deployment Workbench. As part of creating the MDT application, specify the command-line parameters used to install the app without user intervention (unattended installation). For more information, see [Create a New Application in the Deployment Workbench](http://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench).
+3. Customize the task sequence to install the MDT applications that you created in step 2.
+
+    You can add an **Install Application** task sequence step to your task sequence. Then, you can customize the **Install Application** task sequence step to install a specific app, which automatically installs the app with no user interaction required when your run the task sequence.
+    
+    You need to add an **Install Application** task sequence step for each app you want to include in your reference image. For more information, see [Customize Application Installation in Task Sequences](http://technet.microsoft.com/en-us/library/dn759415.aspx#CustomizeApplicationInstallationinTaskSequences).
+4. Create a selection profile that contains the drivers for the device.
+
+    A *selection profile* lets you select specific device drivers. For example, if you want to deploy the device drivers for a Surface Pro 4 device, you can create a selection profile that contains only the Surface Pro 4 device drivers.
+    
+    First, in the Out-of-Box Drivers node in the Deployment Workbench, create a folder that will contain your device drivers. Next, import the device drivers into the folder you just created. Finally, create the selection profile and specify the folder that contains the device drivers. For more information, see the following resources:
+
+    * [Create Folders to Organize Device Drivers for LTI Deployments](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateFolderstoOrganizeDeviceDriversforLTIDeployments)
+    * [Create Selection Profiles to Select the Device Drivers for LTI Deployments](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateSelectionProfilestoSelecttheDeviceDriversforLTIDeployments)
+
+5. Customize the task sequence to use the selection profile that you created in step 4.
+
+    You can customize the **Inject Driver** task sequence step in the **Preinstall** task sequence group in your task sequence to deploy only the device drivers in the selection profile. For more information, see [Configure Task Sequences to Deploy Device Drivers in Selection Profiles for LTI Deployments](https://technet.microsoft.com/en-us/library/dn759415.aspx#ConfigureTaskSequencestoDeployDeviceDriversinSelectionProfilesforLTIDeployments).
+
+### Capture reference image
+
+To capture the reference image, run the LTI task sequence that you created in the previous section. The LTI task sequence will allow you to specify a storage location and file name for the .wim file, which contains the captured image.
+
+Use the Deployment Wizard to deploy Windows 10, your apps, and device drivers to the device, and then capture the .wim file. The LTI deployment process is almost fully automated: you provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated.
+
+>**Note**&nbsp;&nbsp;To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section of [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com/en-us/library/dn781089.aspx#Anchor_6).
+
+In most instances, deployments occur without incident. Only in rare occasions do deployments experience problems.
+
+#### To deploy Windows 10
+
+1. **Initiate the LTI deployment process.** Initiate the LTI deployment process booting over the network (PXE boot) or from local media. You selected the method for initiating the LTI deployment process in the [Select method to initiate deployment](#select-a-method-to-initiate-deployment) section earlier in this guide.
+
+2. **Complete the Deployment Wizard.** For more information about how to complete the Deployment Wizard, see the “Running the Deployment Wizard” section in [Using the Microsoft Deployment Toolkit](https://technet.microsoft.com/en-us/library/dn759415.aspx#Anchor_5).
+
+### Import reference image
+
+After you have captured the reference image (.wim file), import the image into the MDT deployment share or into System Center Configuration Manager (depending on which method you selected to perform Windows 10 deployments). You will deploy the reference image to the student and faculty devices in your district.
+
+Both the Deployment Workbench and the Configuration Manager console have wizards that help you import the reference image. After you import the reference image, you need to create a task sequence that will deploy the reference image.
+
+For more information about how to import the reference image into:
+
+* An MDT deployment share, see [Import a Previously Captured Image of a Reference Computer](https://technet.microsoft.com/en-us/library/dn759415.aspx#ImportaPreviouslyCapturedImageofaReferenceComputer).
+* System Center Configuration Manager, see [Manage operating system images with System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627939.aspx) and [Customize operating system images with System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627938.aspx).
+
+### Create a task sequence to deploy the reference image
+
+You created an LTI task sequence in the Deployment Workbench earlier in this process to deploy Windows 10 and your desktop apps to the reference device. Now that you have captured and imported your reference image, you need to create a tasks sequence to deploy it.
+
+As you might expect, both the Deployment Workbench and the Configuration Manager console have wizards that help you create a starting task sequence. After you create your task sequence, in most instances you will need to customize it to deploy additional apps, device drivers, and other software.
+
+For more information about how to create a task sequence in the:
+
+* Deployment Workbench for a deployment share, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench).
+* Configuration Manager console, see [Create a task sequence to install an operating system in System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627927.aspx).
+
+####Summary
+In this section, you customized the MDT deployment share to deploy Windows 10 and desktop apps to one or more reference devices by creating and customizing MDT applications, device drivers, and applications. Next, you ran the task sequence, which deploys Windows 10, deploys your apps, deploys the appropriate device drivers, and captures an image of the reference device. Then, you imported the captured reference image into a deployment share or System Center Configuration Manager. Finally, you created a task sequence to deploy your captured reference image to faculty and student devices. At this point in the process, you’re ready to deploy Windows 10 and your apps to your devices. 
+
+## Prepare for device management
+
+Before you deploy Windows 10 in your district, you must prepare for device management. You will deploy Windows 10 in a configuration that complies with your requirements, but you want to help ensure that your deployments remain compliant.
+
+You also want to deploy apps and software updates after you deploy Windows 10. You need to manage apps and updates by using System Center Configuration Manager, Intune, or a combination of both (hybrid model).
+
+### Select Microsoft-recommended settings
+
+Microsoft has several recommended settings for educational institutions. Table 17 lists them, provides a brief description of why you need to configure them, and recommends methods for configuring the settings. Review the settings in Table 17 and evaluate their relevancy to your institution.
+
+>**Note**&nbsp;&nbsp;The settings for Intune in Table 17 also apply to the System Center Configuration Manager and Intune management (hybrid) method.
+
+Use the information in Table 17 to help you determine whether you need to configure the setting and which method you will use to do so. At the end, you will have a list of settings that you want to apply to the Windows 10 devices and know which management method you will use to configure the settings.
+
+<table>
+<colgroup>
+<col width="75%" />
+<col width="25%" />
+
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Recommendation</th>
+<th align="left">Description</th>
+
+</tr>
+</thead>
+<tbody>
+
+<tr>
+<td valign="top">Use of Microsoft accounts</td>
+<td>You want faculty and students to use only Azure AD accounts for institution-owned devices. For these devices, do not use Microsoft accounts or associate a Microsoft account with the Azure AD accounts.<br/><br/>
+
+**Note**&nbsp;&nbsp;Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Azure AD account on these devices.<br/><br/>
+**Group Policy.** Configure the [Accounts: Block Microsoft accounts](https://technet.microsoft.com/en-us/library/jj966262.aspx) Group Policy setting to use the **Users can’t add Microsoft accounts** setting option.<br/><br/>
+**Intune.** To enable or disable the use of Microsoft accounts, use the **Allow Microsoft account**, **Allow adding non-Microsoft accounts manually**, and **Allow settings synchronization for Microsoft accounts** policy settings under the **Accounts and Synchronization** section of a **Windows 10 General Configuration** policy.
+
+</td>
+</tr>
+
+<tr>
+<td valign="top">Restrict the local administrator accounts on the devices</td>
+<td>Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.<br/><br/>
+**Group Policy.** Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the Delete all member users and Delete all member groups check boxes to remove any existing members. For more information about how to configure Local Group preferences, see Configure a Local Group Item.<br/><br/>
+**Intune.** Not available.
+
+</td>
+</tr>
+
+<tr>
+<td valign="top">Manage the built-in administrator account created during device deployment</td>
+<td>When you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and (optionally) disable it.<br/><br/>
+**Group Policy.** To rename the built-in Administrator account, use the **Accounts: Rename administrator account** Group Policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc747484.aspx). You specify the new name for the Administrator account. To disable the built-in Administrator account, use the **Accounts: Administrator account status** Group Policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](https://technet.microsoft.com/en-us/library/jj852165.aspx).<br/><br/>
+**Intune.** Not available.
+
+</td>
+</tr>
+
+<tr>
+<td valign="top">Control Windows Store access</td>
+<td>You can control access to Windows Store and whether existing Windows Store apps receive updates. You can only disable the Windows Store app in Windows 10 Education and Windows 10 Enterprise.<br/><br/>
+**Group Policy.** To disable the Windows Store app, use the **Turn off the Store Application** group policy setting. To prevent Windows Store apps from receiving updates, use the **Turn off Automatic Download and Install of updates** Group Policy setting. For more information about configuring these settings, see [Can I use Group Policy to control the Windows Store in my enterprise environment?](https://technet.microsoft.com/en-us/library/hh832040.aspx#BKMK_UseGP).<br/><br/>
+**Intune.** To enable or disable Windows Store access, use the **Allow application store** policy setting in the **Apps** section of a **Windows 10 General Configuration policy**.
+
+</td>
+</tr>
+
+<tr>
+<td valign="top">Use of Remote Desktop connections to devices</td>
+<td>Remote Desktop connections could allow unauthorized access to the device. Depending on your institution’s policies, you may want to disable Remote Desktop connections on your devices.<br/><br/>
+**Group Policy.** To enable or disable Remote Desktop connections to devices, use the **Allow Users to connect remotely using Remote Desktop** setting in Computer Configuration\Policies\Administrative Templates\Windows Components\Remote Desktop Services\Remote Desktop Session Host\Connections.<br/><br/>
+**Intune.** Not available.
+
+</td>
+</tr>
+
+
+<tr>
+<td valign="top">Use of camera</td>
+<td>A device’s camera can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the camera on your devices.<br/><br/>
+**Group Policy.** Not available.<br/><br/>
+**Intune.** To enable or disable the camera, use the **Allow camera** policy setting in the **Hardware** section of a **Windows 10 General Configuration** policy.
+
+</td>
+</tr>
+
+<tr>
+<td valign="top">Use of audio recording</td>
+<td>Audio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.<br/><br/>
+**Group Policy.** To disable the Sound Recorder app, use the **Do not allow Sound Recorder to run** Group Policy setting. You can disable other audio recording apps by using AppLocker policies. To create AppLocker policies, use the information in [Editing an AppLocker Policy](https://technet.microsoft.com/en-us/library/ee791894.aspx) and [Create Your AppLocker Policies](https://technet.microsoft.com/en-us/library/ee791899.aspx).<br/><br/>
+**Intune.** To enable or disable audio recording, use the **Allow voice recording** policy setting in the **Features** section of a **Windows 10 General Configuration** policy.
+
+</td>
+</tr>
+
+<tr>
+<td valign="top">Use of screen capture</td>
+<td>Screen captures can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the ability to perform screen captures on your devices.<br/><br/>
+**Group Policy.** Not available.<br/><br/>
+**Intune.** To enable or disable screen capture, use the **Allow screen capture** policy setting in the **System** section of a **Windows 10 General Configuration** policy.
+
+</td>
+</tr>
+
+<tr>
+<td valign="top">Use of location services</td>
+<td>Providing a device’s location can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the location service on your devices.<br/><br/>
+**Group Policy.** To enable or disable location services, use the **Turn off location** group policy setting in User Configuration\Windows Components\Location and Sensors.<br/><br/>
+**Intune.** To enable or disable location services, use the **Allow geolocation** policy setting in the **Hardware** section of a **Windows 10 General Configuration** policy.
+
+</td>
+</tr>
+
+<tr>
+<td valign="top">Changing wallpaper</td>
+<td>Custom wallpapers can be a source of disclosure or privacy issues in an education environment (if the wallpaper displays information about the user or device). Depending on your institution’s policies, you may want to prevent users from changing the wallpaper on institution-owned devices.<br/><br/>
+**Group Policy.** To configure the wallpaper, use the **Desktop WallPaper** setting in User Configuration\Administrative Templates\Desktop\Desktop.<br/><br/>
+**Intune.** Not available.
+
+</td>
+</tr>
+
+</tbody>
+</table>
+<br/>
+*Table 17. Recommended settings for educational institutions*
+
+### Configure settings by using Group Policy
+
+Now, you’re ready to use Group Policy to configure settings. The steps in this section assume that you have an AD DS infrastructure. Here, you configure the Group Policy settings you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
+
+For more information about Group Policy, see [Group Policy Planning and Deployment Guide](https://technet.microsoft.com/en-us/library/cc754948.aspx).
+
+#### To configure Group Policy settings
+
+1. Create a Group Policy object (GPO) to contain your Group Policy settings by completing the steps in [Create a new Group Policy object](https://technet.microsoft.com/en-us/library/cc738830.aspx).
+
+2. Configure the settings in the GPO by completing the steps in [Edit a Group Policy object](https://technet.microsoft.com/en-us/library/cc739902.aspx).
+
+3. Link the GPO to the appropriate AD DS site, domain, or organizational unit by completing the steps in [Link a Group Policy object to a site, domain, or organizational unit](https://technet.microsoft.com/en-us/library/cc738954.aspx).
+
+### Configure settings by using Intune
+
+Now, you’re ready to use Intune to configure settings. The steps in this section assume that you have an Office 365 subscription. Here, you configure the Intune settings that you selected in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
+
+For more information about Intune, see [Microsoft Intune Documentation](https://docs.microsoft.com/en-us/intune/).
+
+#### To configure Intune settings
+
+1. Add Intune to your Office 365 subscription by completing the steps in [Manage Intune licenses](https://docs.microsoft.com/en-us/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune-step-4).
+
+2. Enroll devices with Intune by completing the steps in [Get ready to enroll devices in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/get-ready-to-enroll-devices-in-microsoft-intune).
+
+3. Configure the settings in Intune Windows 10 policies by completing the steps in [Manage settings and features on your devices with Microsoft Intune policies](https://docs.microsoft.com/en-us/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies).
+
+4. Manage Windows 10 devices by completing the steps in [Manage Windows PCs with Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/manage-windows-pcs-with-microsoft-intune).
+
+### Deploy and manage apps by using Intune
+
+If you selected to deploy and manage apps by using System Center Configuration Manager and Intune in a hybrid configuration, then skip this section and continue to the [Deploy and manage apps by using System Center Configuration Manager](#deploy-and-manage-apps-by-using-system-center-configuration-manager) section.
+
+You can use Intune to deploy Windows Store and Windows desktop apps. Intune provides improved control over which users receive specific apps. In addition, Intune allows you to deploy apps to companion devices (such as Windows 10 Mobile, iOS, or Android devices). Finally, Intune helps you manage app security and features, such as mobile application management policies that let you manage apps on devices that are not enrolled in Intune or that another solution manages.
+
+For more information about how to configure Intune to manage your apps, see the following resources:
+
+- [Add apps with Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/add-apps)
+- [Deploy apps with Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/deploy-apps)
+- [Update apps using Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/update-apps-using-microsoft-intune)
+- [Protect apps and data with Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/protect-apps-and-data-with-microsoft-intune)
+- [Help protect your data with full or selective wipe using Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/use-remote-wipe-to-help-protect-data-using-microsoft-intune)
+
+### Deploy and manage apps by using System Center Configuration Manager
+
+You can use System Center Configuration Manager to deploy Windows Store and Windows desktop apps. System Center Configuration Manager allows you to create a System Center Configuration Manager application that you can use to deploy apps to different devices (such as Windows 10 desktop, Windows 10 Mobile, iOS, or Android devices) by using *deployment types*. You can think of a System Center Configuration Manager application as a box. You can think of deployment types as one or more sets of installation files and installation instructions within that box.
+
+For example, you could create a Skype application that contains a deployment type for Windows 10 desktop, Windows 10 Mobile, iOS, and Android. You can deploy the one application to multiple device types.
+
+>**Note**&nbsp;&nbsp;When you configure System Center Configuration Manager and Intune in a hybrid model, you deploy apps by using System Center Configuration manager as described in this section.
+
+System Center Configuration Manager helps you manage apps by monitoring app installation. You can determine how many of your devices have a specific app installed. Finally, you can allow users to install apps at their discretion or make apps mandatory.
+
+For more information about how to configure System Center Configuration Manager to deploy and manage your apps, see [Deploy and manage applications with System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627959.aspx).
+
+### Manage updates by using Intune
+
+If you selected to manage updates by using System Center Configuration Manager and Intune in a hybrid configuration, then skip this section and continue to the [Manage updates by using System Center Configuration Manager](#manage-updates-by-using-system-center-configuration-manager) section.
+
+To help ensure that your users have the most current features and security protection, keep Windows 10 and your apps current with updates. To configure Windows 10 and app updates, use the **Updates** workspace in Intune.
+
+>**Note**&nbsp;&nbsp;You can only manage updates (including antivirus and antimalware updates) for Windows 10 desktop operating systems (not Windows 10 Mobile, iOS, or Android).
+
+For more information about how to configure Intune to manage updates and malware protection, see the following resources:
+
+- [Keep Windows PCs up to date with software updates in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/keep-windows-pcs-up-to-date-with-software-updates-in-microsoft-intune)
+- [Help secure Windows PCs with Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)
+
+### Manage updates by using System Center Configuration Manager
+
+To ensure that your users have the most current features and security protection, use the software updates feature in System Center Configuration Manager to manage updates. The software updates feature works in conjunction with WSUS to manage updates for Windows 10 devices.
+
+You configure the software updates feature to manage updates for specific versions of Windows and apps. Then, the software updates feature obtains the updates from Windows Updates by using the WSUS server in your environment. This integration provides greater granularity of control over updates and more specific targeting of updates to users and devices (compared to WSUS alone or Intune alone), which allows you to ensure that the right user or device gets the right updates.
+
+>**Note**&nbsp;&nbsp;When you configure System Center Configuration Manager and Intune in a hybrid model, you  use System Center Configuration manager to manage updates as described in this section.
+
+For more information about how to configure System Center Configuration Manager to manage Windows 10 and app updates, see [Deploy and manage software updates in System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt634340.aspx).
+
+#### Summary
+
+In this section, you prepared your institution for device management. You identified the configuration settings that you want to use to manage your users and devices. You configured Group Policy or Intune to manage these configuration settings. You configured Intune or System Center Configuration Manager to manage your apps. Finally, you configured Intune or System Center Configuration Manager to manage software updates for Windows 10 and your apps.
+
+## Deploy Windows 10 to devices
+
+You’re ready to deploy Windows 10 to faculty and student devices. You must complete the steps in this section for each student device in the classrooms as well as for any new student devices you add in the future. You can also perform these actions for any device that’s eligible for a Windows 10 upgrade. This section discusses deploying Windows 10 to new devices, refreshing Windows 10 on existing devices, and upgrading existing devices that are running eligible versions of Windows 8.1 or Windows 7 to Windows 10. 
+
+### Prepare for deployment
+
+Prior to deployment of Windows 10, complete the tasks in Table 18. Most of these tasks are already complete, but use this step to make sure.
+
+|Task|   |
+|----|----|
+|1. |Ensure that the target devices have sufficient system resources to run Windows 10.|
+|2. |Identify the necessary devices drivers, and then import them into the MDT deployment share or System Center Configuration Manager.|
+|3. |For each Windows Store and Windows desktop app, create an MDT application or System Center Configuration Manager application.|
+|4. |Notify the students and faculty about the deployment.|
+
+*Table 18. Deployment preparation checklist*
+
+### Perform the deployment
+
+Use the Deployment Wizard to deploy Windows 10. With the LTI deployment process, you provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated.
+
+>**Note**&nbsp;&nbsp;To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section in the [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com/en-us/library/dn781089.aspx#Anchor_6).
+
+
+In most instances, deployments occur without incident. Only in rare occasions do deployments experience problems.
+
+#### To use LTI to deploy Windows 10
+
+1. **Initiate the LTI deployment process.** Initiate the LTI deployment process by booting over the network (PXE boot) or from local media. You selected the method for initiating the LTI deployment process in the [Select a method to initiate deployment](#select-a-method-to-initiate-deployment) section earlier in this guide.
+
+2. **Complete the Deployment Wizard.** For more information about how to complete the Deployment Wizard, see the “Running the Deployment Wizard” section of [Using the Microsoft Deployment Toolkit](https://technet.microsoft.com/en-us/library/dn759415.aspx#Anchor_5).
+
+#### To use ZTI to deploy Windows 10
+
+1.	**Initiate the ZTI deployment process.** Initiate the ZTI deployment process by booting over the network (PXE boot) or from local media. You selected the method for initiating the ZTI deployment process in the [Select a method to initiate deployment](#select-a-method-to-initiate-deployment) section earlier in this guide.
+
+### Set up printers
+
+After you have deployed Windows 10, the devices are almost ready for use. First, you must set up the printers that each classroom will use. Typically, you connect the printers to the same network as the devices in the same classroom. If you don’t have printers in your classrooms, skip this section and proceed to [Verify deployment](#verify-deployment).
+
+>**Note**&nbsp;&nbsp;If you’re performing an upgrade instead of a new deployment, the printers remain configured as they were in the previous version of Windows. As a result, you can skip this section and proceed to [Verify deployment](#verify-deployment).
+
+#### To set up printers
+
+1. Review the printer manufacturer’s instructions for installing the printer drivers.
+
+2. On the admin device, download the printer drivers.
+
+3. Copy the printer drivers to a USB drive.
+
+4. On a device, use the same account you used to set up Windows 10 in the [Prepare for deployment](#prepare-for-deployment) section to log on to the device.
+
+5. Plug the USB drive into the device.
+
+6. Follow the printer manufacturer’s instructions to install the printer drivers from the USB drive.
+
+7. Verify that the printer drivers were installed correctly by printing a test page.
+
+8. Complete steps 1–8 for each printer.
+
+### Verify deployment
+
+As a final quality control step, verify the device configuration to ensure that all apps run. Microsoft recommends that you perform all the tasks that the user would perform. Specifically, verify that:
+
+* The device can connect to the Internet and view the appropriate web content in Microsoft Edge.
+* Windows Update is active and current with software updates.
+* Windows Defender is active and current with malware signatures.
+* The SmartScreen Filter is active.
+* All Windows Store apps are properly installed and updated.
+* All Windows desktop apps are properly installed and updated.
+* Printers are properly configured.
+
+When you have verified that the first device is properly configured, you can move to the next device and perform the same steps.
+
+#### Summary
+
+You prepared the devices for deployment by verifying that they have adequate system resources and that the resources in the devices have corresponding Windows 10 device drivers. You performed device deployment over the network or by using local MDT media. Next, you configured the appropriate printers on the devices. Finally, you verified that the devices are properly configured and ready for use.
+
+## Maintain Windows devices and Office 365
+
+After the initial deployment, you need to perform certain tasks to maintain the Windows 10 devices and your Office 365 Education subscription. You should perform these tasks on the following schedule:
+
+- **Monthly.** These tasks help ensure that the devices are current with software updates and properly protected against viruses and malware.
+- **New semester or academic year.** Perform these tasks prior to the start of a new curriculum—for example, at the start of a new academic year or semester. These tasks help ensure that the classroom environments are ready for the next group of students.
+- **As required (ad hoc).** Perform these tasks as necessary in a classroom. For example, a new version of an app may be available, or a student may inadvertently corrupt a device so that you must restore it to the default configuration.
+
+Table 19 lists the school and individual classroom maintenance tasks, the resources for performing the tasks, and the schedule (or frequency) on which you should perform the tasks.
+
+<table>
+<colgroup>
+<col width="10%" />
+<col width="10%" />
+<col width="10%" />
+<col width="70%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task and resources</th>
+<th align="left">Monthly</th>
+<th align="left">New semester or academic year</th>
+<th align="left">As required</th>
+</tr>
+</thead>
+<tbody>
+<tr>
+<td>Verify that Windows Update is active and current with operating system and software updates.<br/><br/>
+For more information about completing this task when you have:
+<ul>
+<li>Intune, see [Keep Windows PCs up to date with software updates in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/keep-windows-pcs-up-to-date-with-software-updates-in-microsoft-intune).</li>
+<li>Group Policy, see [Windows Update for Business](https://technet.microsoft.com/itpro/windows/plan/windows-update-for-business).</li>
+<li>WSUS, see [Windows Server Update Services](https://msdn.microsoft.com/en-us/library/bb332157.aspx).</li>
+<li>Neither Intune, Group Policy, nor WSUS, see “Install, upgrade, & activate” in [Windows 10 help](https://support.microsoft.com/en-us/products/windows?os=windows-10).</li>
+</ul>
+</td>
+<td>x</td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+<tr>
+<td>Verify that Windows Defender is active and current with malware signatures.<br/><br/>
+For more information about completing this task, see [Turn Windows Defender on or off](https://support.microsoft.com/en-us/instantanswers/742778f2-6aad-4a8d-8f5d-db59cebc4f24/how-to-protect-your-windows-10-pc#v1h=tab02) and [Updating Windows Defender](https://support.microsoft.com/en-us/instantanswers/742778f2-6aad-4a8d-8f5d-db59cebc4f24/how-to-protect-your-windows-10-pc#v1h=tab03).
+</td>
+<td>x</td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+<tr>
+<td>Verify that Windows Defender has run a scan in the past week and that no viruses or malware were found.<br/><br/>
+For more information about completing this task, see the “How do I find and remove a virus?” topic in [Protect my PC from viruses](https://support.microsoft.com/en-us/help/17228/windows-protect-my-pc-from-viruses).
+</td>
+<td>x</td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+<tr>
+<td>Download and approve updates for Windows 10, apps, device driver, and other software.<br/><br/>
+For more information, see:
+<ul>
+<li>[Manage updates by using Intune](#manage-updates-by-using-intune)</li>
+<li>[Manage updates by using System Center Configuration Manager](#manage-updates-by-using-system-center-configuration-manager)</li>
+</ul>
+</td>
+<td>x</td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+<tr>
+<td>Verify that you’re using the appropriate Windows 10 servicing options for updates and upgrades (such as selecting whether you want to use Current Branch or Current Branch for Business).<br/><br/>
+For more information about Windows 10 servicing options for updates and upgrades, see [Windows 10 servicing options](https://technet.microsoft.com/itpro/windows/manage/introduction-to-windows-10-servicing).
+</td>
+<td></td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+<tr>
+<td>Refresh the operating system and apps on devices.<br/><br/>
+For more information about completing this task, see the following resources:
+<ul>
+<li>[Prepare for deployment](#prepare-for-deployment)</li>
+<li>[Capture the reference image](#capture-the-reference-image)</li>
+<li>[Deploy Windows 10 to devices](#deploy-windows-10-to-devices)</li>
+</ul>
+</td>
+<td></td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+<tr>
+<td>Install any new Windows desktop apps, or update any Windows desktop apps used in the curriculum.<br/><br/>
+For more information, see:
+<ul>
+<li>[Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune)</li>
+<li>[Deploy and manage apps by using System Center Configuration Manager](#deploy-and-manage-apps-by-using-system-center-configuration-manager)</li>
+</ul>
+</td>
+<td></td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+<tr>
+<td>Install new or update existing Windows Store apps used in the curriculum.<br/><br/>
+Windows Store apps are automatically updated from Windows Store. The menu bar in the Windows Store app shows whether any Windows Store app updates are available for download.<br/><br/>
+You can also deploy Windows Store apps directly to devices by using Intune, System Center Configuration Manager, or both in a hybrid configuration. For more information, see:
+<ul>
+<li>[Deploy and manage apps by using Intune](#deploy-and-manage-apps-by-using-intune)</li>
+<li>[Deploy and manage apps by using System Center Configuration Manager](#deploy-and-manage-apps-by-using-system-center-configuration-manager)</li>
+</ul>
+</td>
+<td></td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+<tr>
+<td>Remove unnecessary user accounts (and corresponding licenses) from AD DS and Office 365 (if you have an on-premises AD DS infrastructure).<br/><br/>
+For more information about how to:
+<ul>
+<li>Remove unnecessary user accounts, see [Active Directory Administrative Center](https://technet.microsoft.com/windows-server-docs/identity/ad-ds/get-started/adac/active-directory-administrative-center).</li>
+<li>Remove licenses, see [Assign or remove licenses for Office 365 for business](https://support.office.com/en-us/article/Assign-or-remove-licenses-for-Office-365-for-business-997596b5-4173-4627-b915-36abac6786dc?ui=en-US&rs=en-US&ad=US).</li>
+</ul>
+</td>
+<td></td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+
+<tr>
+<td>Add new accounts (and corresponding licenses) to AD DS (if you have an on-premises AD DS infrastructure).<br/><br/>
+For more information about how to:
+<ul>
+<li>Add user accounts, see [Bulk-import user and group accounts into AD DS](#bulk-import-user-and-group-accounts-into-ad-ds).</li>
+<li>Assign licenses, see [Assign or remove licenses for Office 365 for business](https://support.office.com/en-us/article/Assign-or-remove-licenses-for-Office-365-for-business-997596b5-4173-4627-b915-36abac6786dc?ui=en-US&rs=en-US&ad=US).</li>
+</ul>
+</td>
+<td></td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+<tr>
+<td>Remove unnecessary user accounts (and corresponding licenses) from Office 365 (if you do not have an on-premises AD DS infrastructure).<br/><br/>
+For more information about how to:
+<ul>
+<li>Remove unnecessary user accounts, see [Delete or restore users](https://support.office.com/en-us/article/Delete-or-restore-users-d5155593-3bac-4d8d-9d8b-f4513a81479e).</li>
+<li>Remove licenses, see [Assign or remove licenses for Office 365 for business](https://support.office.com/en-us/article/Assign-or-remove-licenses-for-Office-365-for-business-997596b5-4173-4627-b915-36abac6786dc?ui=en-US&rs=en-US&ad=US).</li>
+</ul>
+</td>
+<td></td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+<tr>
+<td>Add new accounts (and corresponding licenses) to Office 365 (if you don’t have an on-premises AD DS infrastructure).<br/><br/>
+For more information about how to:
+<ul>
+<li>Add user accounts, see [Add users to Office 365 for business](https://support.office.com/en-us/article/Add-users-to-Office-365-for-business-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc) and [Add users individually or in bulk to Office 365](https://www.youtube.com/watch?v=zDs3VltTJps).</li>
+<li>Assign licenses, see [Assign or remove licenses for Office 365 for business](https://support.office.com/en-us/article/Assign-or-remove-licenses-for-Office-365-for-business-997596b5-4173-4627-b915-36abac6786dc?ui=en-US&rs=en-US&ad=US).</li>
+</ul>
+</td>
+<td></td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+<tr>
+<td>Create or modify security groups, and manage group membership in Office 365.<br/><br/>
+For more information about how to:
+<ul>
+<li>Create or modify security groups, see [Create an Office 365 Group in the admin center](https://support.office.com/en-us/article/Create-an-Office-365-Group-in-the-admin-center-74a1ef8b-3844-4d08-9980-9f8f7a36000f?ui=en-US&rs=en-001&ad=US).</li>
+<li>Manage group membership, see [Manage Group membership in the Office 365 admin center](https://support.office.com/en-us/article/Manage-Group-membership-in-the-Office-365-admin-center-e186d224-a324-4afa-8300-0e4fc0c3000a).</li>
+</ul>
+</td>
+<td></td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+<tr>
+<td>Create or modify Exchange Online or Microsoft Exchange Server distribution lists in Office 365.<br/><br/>
+For more information about how to create or modify Exchange Online or Exchange Server distribution lists in Office 365, see [Create and manage distribution groups](https://technet.microsoft.com/library/bb124513.aspx) and [Create, edit, or delete a security group](https://support.office.com/en-us/article/Create-edit-or-delete-a-security-group-55C96B32-E086-4C9E-948B-A018B44510CB).
+</td>
+<td></td>
+<td>x</td>
+<td>x</td>
+</tr>
+
+<tr>
+<td>Install new student devices.<br/><br/>
+Follow the same steps you followed in the [Deploy Windows 10 to devices](#deploy-windows-10-to-devices) section.
+</td>
+<td></td>
+<td></td>
+<td>x</td>
+</tr>
+
+</tbody>
+</table>
+<br/>
+
+*Table 19. School and individual classroom maintenance tasks, with resources and the schedule for performing them*
+
+#### Summary
+
+You have now identified the tasks you need to perform monthly, at the end of an academic year or semester, and as required. Your district and individual school configuration should match the typical school configuration you saw in the [Plan a typical district configuration](#plan-a-typical-district-configuration) section. By performing these maintenance tasks, you help ensure that your district as a whole stays secure and is configured as you specified. 
+
+## Related topics
+
+* [Try it out: Windows 10 deployment (for educational institutions)](https://technet.microsoft.com/en-us/windows/mt574244.aspx)
+* [Try it out: Windows 10 in the classroom](https://technet.microsoft.com/en-us/windows/mt574243.aspx)
+* [Chromebook migration guide](https://technet.microsoft.com/edu/windows/chromebook-migration-guide)
+* [Deploy Windows 10 in a school](https://technet.microsoft.com/edu/windows/deploy-windows-10-in-a-school)
+* [Automate common Windows 10 deployment and configuration tasks for a school environment (video)](https://technet.microsoft.com/en-us/windows/mt723345)
+* [Deploy a custom Windows 10 Start menu layout for a school (video)](https://technet.microsoft.com/en-us/windows/mt723346)
+* [Manage Windows 10 updates and upgrades in a school environment (video)](https://technet.microsoft.com/en-us/windows/mt723347)
+* [Reprovision devices at the end of the school year (video)](https://technet.microsoft.com/en-us/windows/mt723344)
+* [Use MDT to deploy Windows 10 in a school (video)](https://technet.microsoft.com/en-us/windows/mt723343)
+* [Use Windows Store for Business in a school environment (video)](https://technet.microsoft.com/en-us/windows/mt723348)
\ No newline at end of file
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index 53a866f3b8..b819adf9a0 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -1257,8 +1257,8 @@ Now, you have identified the tasks you need to perform monthly, at the end of an
 
 ##Related resources
 <ul>
-<li>[Try it out: Windows 10 deployment (for educational institutions)](http://go.microsoft.com/fwlink/p/?LinkId=623254)</li>
-<li>[Try it out: Windows 10 in the classroom](http://go.microsoft.com/fwlink/p/?LinkId=623255)</li>
-<li>[Chromebook migration guide](http://go.microsoft.com/fwlink/p/?LinkId=623249)</li>
+<li>[Try it out: Windows 10 deployment (for educational institutions)](https://go.microsoft.com/fwlink/p/?LinkId=623254)</li>
+<li>[Try it out: Windows 10 in the classroom](https://go.microsoft.com/fwlink/p/?LinkId=623255)</li>
+<li>[Chromebook migration guide](https://go.microsoft.com/fwlink/p/?LinkId=623249)</li>
 </ul>
 
diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md
new file mode 100644
index 0000000000..20539db158
--- /dev/null
+++ b/education/windows/edu-deployment-recommendations.md
@@ -0,0 +1,127 @@
+---
+title: Deployment recommendations for school IT administrators
+description: Provides guidance on ways to customize the OS privacy settings, as well as some of the apps, for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
+keywords: ["Windows 10 deployment", "recommendations", "privacy settings", "school"]
+ms.mktglfcycl: plan
+ms.sitesec: library
+author: CelesteDG
+---
+
+# Deployment recommendations for school IT administrators
+**Applies to:**
+
+-   Windows 10
+
+
+Your privacy is important to us, so we want to provide you with ways to customize the OS privacy settings, as well as some of the apps, so that you can choose what information is shared with Microsoft. To learn more about Microsoft’s commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305).
+
+Here are some best practices and specific privacy settings we’d like you to be aware of.
+
+## Deployment best practices
+
+Keep these best practices in mind when deploying any edition of Windows 10 in schools or districts:
+* A Microsoft account is only intended for consumer services. Enterprises and educational institutions should use enterprise versions where possible, such as Skype for Business, OneDrive for Business, and so on. For schools, consider using mobile device management (MDM) or Group Policy to block students from adding a Microsoft account as a secondary account.
+
+* If schools allow the use of personal accounts by their students to access personal services, schools should be aware that these accounts belong to individuals, not the school.
+* IT administrators, school officials, and teachers should also consider ratings when picking apps from the Windows Store.
+
+## Windows 10 Contacts privacy settings
+
+If you’re an IT administrator who deploys Windows 10 in a school or district, we recommend that you review these deployment resources to make informed decisions about how you can configure telemetry for your school or district:
+* [Configure Windows telemetry in your organization](https://go.microsoft.com/fwlink/?LinkId=817241) - Describes the types of telemetry we gather and the ways you can manage this data.
+* [Manage connections from Windows operating system components to Microsoft services](https://go.microsoft.com/fwlink/?LinkId=817240) - Learn about network connections that Windows components make to Microsoft and also the privacy settings (such as location, camera, messaging, and more) that affect data that is shared with either Microsoft or apps and how you can manage this data.
+
+In particular, the **Contacts** area in the **Settings** > **Privacy** section lets you choose which apps can access a student’s contacts list. By default, this setting is turned on.
+
+To change the setting, you can:
+* [Turn off access to contacts for all apps](#turn-off-access-to-contacts-for-all-apps)
+* [Choose the apps that you want to allow access to contacts](#choose-the-apps-that-you-want-to-allow-access-to-contacts)
+
+### Turn off access to contacts for all apps
+To turn off access to contacts for all apps on individual Windows devices:
+1. On the computer, go to **Settings** and select **Privacy**.
+
+   ![Privacy settings](images/settings-privacy-marked.png)
+
+2. Under the list of **Privacy** areas, select **Contacts**.
+
+   ![Contacts privacy settings](images/privacy-contacts-marked.png)
+
+3. Turn off **Let apps access my contacts**.
+
+For IT-managed Windows devices, you can use a Group Policy to turn off the setting. To do this:
+1. Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access contacts**.
+2. Set the **Select a setting** box to **Force Deny**.
+
+### Choose the apps that you want to allow access to contacts
+If you want to allow only certain apps to have access to contacts, you can use the switch for each app to specify which ones you want on or off.
+
+![Choose apps with access to contacts](images/settings-contacts-app-marked.png)
+
+The list of apps on the Windows-based device may vary from the above example. The list depends on what apps you have installed and which of these apps access contacts.
+
+To allow only certain apps to have access to contacts, you can:
+* Configure each app individually using the **Settings** > **Contacts** option in the Windows UI
+* Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access contacts** and then specify the default for each app by adding the app's Package Family Name under the default behavior you want to enforce.
+
+   ![App privacy Group Policy](images/app-privacy-group-policy.png)
+
+## Skype and Xbox settings
+
+Skype Preview (a Universal Windows Platform [UWP] preview app) and Xbox are preinstalled as part of Windows 10.
+
+The Skype app replaces the integration of Skype features into Skype video and Messaging apps on Windows PCs and large tablets. The Skype app provides all these features in one place and lets users have a single place to manage both their chat and voice conversations so they can take better advantage of their screen. For information about the new Skype UWP app preview, see this [FAQ](https://go.microsoft.com/fwlink/?LinkId=821441).
+
+With the Xbox app, students can use their Xbox profiles to play and make progress on their games using their Windows-based device. They can also unlock achievements and show off to their friends with game clips and screenshots. The Xbox app requires a Microsoft account, which is a personal account.
+
+Both Skype and Xbox include searchable directories that let students find other people to connect to. The online privacy and security settings for Skype and Xbox are not manageable through Group Policy so we recommend that school IT administrators and school officials let parents and students know about these searchable directories.
+
+If the school allows the use of personal or Microsoft account in addition to organization accounts, we also recommend that IT administrators inform parents and students that they can optionally remove any identifying information from the directories by:
+* [Managing the user profile](#managing-the-user-profile)
+* [Deleting the account if the user name is part of the identifying information](#delete-an-account-if-username-is-identifying)
+
+### Managing the user profile
+#### Skype
+Skype uses the user’s contact details to deliver important information about the account and it also lets friends find each other on Skype.
+
+To manage and edit your profile in the Skype UWP app, follow these steps:
+1.	In the Skype UWP app, select the user profile icon  ![Skype profile icon](images/skype-profile-icon.png)  to go to the user’s profile page.
+2.	In the **Accounts** section, select **Manage** for the Skype account that you want to change. This will take you to the online Skype portal.
+3.	In the online Skype portal, scroll down to the Account details section. In Settings and preferences, select Edit profile.
+The profile page includes these sections:
+	 * Profile completeness
+   * Personal information
+   * Contact details
+4. Review the information in each section and click **Edit** to change the information being shared.
+5.	If you do not wish your name to be included, replace the fields with **XXX**.
+6.	To change your profile picture, simply click on the current profile picture or avatar. The **Manage Profile Picture** window pops up.
+
+   ![Skype profile icon](images/skype-manage-profile-pic.png)
+
+   * To take a new picture, click the camera icon in the pop up window. To upload a new picture, click the three dots (**...**).
+   * You can also change the visibility of your profile picture between public (everyone) or your contacts only. To change the profile picture visibility, select the dropdown under **Profile picture** and choose between **Show to everyone** or **Show to contacts only**.
+
+#### Xbox
+A user’s Xbox friends and their friends’ friends can see their real name and profile. By default, the Xbox privacy settings enforce that no personal identifying information of a minor is shared on the Xbox Live network, although adults in the child’s family can change these default settings to allow it to be more permissive.
+
+To learn more about how families can manage security and privacy settings on Xbox, see this [Xbox article on security](https://go.microsoft.com/fwlink/?LinkId=821445).
+
+
+### Delete an account if username is identifying
+If you want to delete either (or both) the Skype and the Xbox accounts, here’s how to do it.
+
+#### Skype
+To delete a Skype account, you can follow the instructions here: [How do I close my Skype account?](https://go.microsoft.com/fwlink/?LinkId=816515)
+
+If you need help deleting the account, you can contact Skype customer service by going to the [Skype support request page](https://go.microsoft.com/fwlink/?LinkId=816519). You may need to sign in and specify a Skype account. Once you’ve signed in, you can:
+1.	Select a help topic (**Account and Password**)
+2.	Select a related problem (**Deleting an account**)
+3.	Click **Next**.
+4.	Select a contact method to get answers to your questions.
+
+
+#### Xbox
+To delete an Xbox account, you can follow the instructions here: [How to delete your Microsoft account and personal information associated with it](https://go.microsoft.com/fwlink/?LinkId=816521).
+
+## Related topics
+[Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
diff --git a/education/windows/images/app-privacy-group-policy.png b/education/windows/images/app-privacy-group-policy.png
new file mode 100644
index 0000000000..96a5f0380a
Binary files /dev/null and b/education/windows/images/app-privacy-group-policy.png differ
diff --git a/education/windows/images/edu-districtdeploy-fig1.png b/education/windows/images/edu-districtdeploy-fig1.png
new file mode 100644
index 0000000000..a9ed962f95
Binary files /dev/null and b/education/windows/images/edu-districtdeploy-fig1.png differ
diff --git a/education/windows/images/edu-districtdeploy-fig2.png b/education/windows/images/edu-districtdeploy-fig2.png
new file mode 100644
index 0000000000..3838c18153
Binary files /dev/null and b/education/windows/images/edu-districtdeploy-fig2.png differ
diff --git a/education/windows/images/edu-districtdeploy-fig3.png b/education/windows/images/edu-districtdeploy-fig3.png
new file mode 100644
index 0000000000..0227f8dbaa
Binary files /dev/null and b/education/windows/images/edu-districtdeploy-fig3.png differ
diff --git a/education/windows/images/edu-districtdeploy-fig4.png b/education/windows/images/edu-districtdeploy-fig4.png
new file mode 100644
index 0000000000..c55ee20d47
Binary files /dev/null and b/education/windows/images/edu-districtdeploy-fig4.png differ
diff --git a/education/windows/images/edu-districtdeploy-fig5.png b/education/windows/images/edu-districtdeploy-fig5.png
new file mode 100644
index 0000000000..09552a448a
Binary files /dev/null and b/education/windows/images/edu-districtdeploy-fig5.png differ
diff --git a/education/windows/images/edu-districtdeploy-fig6.png b/education/windows/images/edu-districtdeploy-fig6.png
new file mode 100644
index 0000000000..550386f1ce
Binary files /dev/null and b/education/windows/images/edu-districtdeploy-fig6.png differ
diff --git a/education/windows/images/edu-districtdeploy-fig7.png b/education/windows/images/edu-districtdeploy-fig7.png
new file mode 100644
index 0000000000..09552a448a
Binary files /dev/null and b/education/windows/images/edu-districtdeploy-fig7.png differ
diff --git a/education/windows/images/edu-districtdeploy-fig8.png b/education/windows/images/edu-districtdeploy-fig8.png
new file mode 100644
index 0000000000..8e7581007a
Binary files /dev/null and b/education/windows/images/edu-districtdeploy-fig8.png differ
diff --git a/education/windows/images/privacy-contacts-marked.png b/education/windows/images/privacy-contacts-marked.png
new file mode 100644
index 0000000000..54a3116408
Binary files /dev/null and b/education/windows/images/privacy-contacts-marked.png differ
diff --git a/education/windows/images/settings-contacts-app-marked.png b/education/windows/images/settings-contacts-app-marked.png
new file mode 100644
index 0000000000..94523f1b36
Binary files /dev/null and b/education/windows/images/settings-contacts-app-marked.png differ
diff --git a/education/windows/images/settings-privacy-marked.png b/education/windows/images/settings-privacy-marked.png
new file mode 100644
index 0000000000..513e9b1afc
Binary files /dev/null and b/education/windows/images/settings-privacy-marked.png differ
diff --git a/education/windows/images/skype-manage-profile-pic.png b/education/windows/images/skype-manage-profile-pic.png
new file mode 100644
index 0000000000..4133ac9c60
Binary files /dev/null and b/education/windows/images/skype-manage-profile-pic.png differ
diff --git a/education/windows/images/skype-profile-icon.png b/education/windows/images/skype-profile-icon.png
new file mode 100644
index 0000000000..7ccaaea693
Binary files /dev/null and b/education/windows/images/skype-profile-icon.png differ
diff --git a/education/windows/images/wsfb-minecraft-vl.png b/education/windows/images/wsfb-minecraft-vl.png
new file mode 100644
index 0000000000..e3fe6de6d7
Binary files /dev/null and b/education/windows/images/wsfb-minecraft-vl.png differ
diff --git a/education/windows/index.md b/education/windows/index.md
index ad2cc941ff..f8d54749bf 100644
--- a/education/windows/index.md
+++ b/education/windows/index.md
@@ -9,22 +9,26 @@ author: jdeckerMS
 ---
 
 # Windows 10 for Education
-[Windows 10 Education](https://www.microsoft.com/en-us/education/products/windows/default.aspx) empowers staff, administrators, teachers and students to do great things.
+[Windows 10 Education and Windows 10 Pro Education](https://www.microsoft.com/en-us/education/products/windows/default.aspx) empowers staff, administrators, teachers and students to do great things.
 
-[Find out how to get Windows 10 Education for your school.](https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)
+[Find out how to get Windows 10 Education or Windows 10 Pro Education for your school](https://www.microsoft.com/en-us/education/buy-license/overview-of-how-to-buy/default.aspx?tabshow=schools)
+
+[Learn more about what features and functionality are supported in each Windows edition](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
 
 ## In this section
 
 |Topic |Description |
 |------|------------|
-| [Use the Set up School PCs app ](use-set-up-school-pcs-app.md) | Learn how the Set up School PCs app works and how to use it.  |
-| [Technical reference for the Set up School PCs app (Preview)](set-up-school-pcs-technical.md) | See the changes that the Set up School PCs app makes to a PC.  |
+| [Windows 10 editions for education customers](windows-editions-for-education-customers.md) | Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: Windows 10 Pro Education and Windows 10 Education.  |
+| [Provisioning options for Windows 10](set-up-windows-10.md) | Learn about your options for setting up Windows 10.  |
 | [Get Minecraft Education Edition](get-minecraft-for-education.md) | Learn how to get early access to **Minecraft Education Edition**. |
 | [Take tests in Windows 10](take-tests-in-windows-10.md) | Learn how to configure and use the **Take a Test** app in Windows 10 |
-| [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) | Learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. |
+| [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md) | Learn how to customize the OS privacy settings, Skype, and Xbox for Windows-based devices used in schools so that you can choose what information is shared with Microsoft. |
+| [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md) | Learn how to deploy Windows 10 in a school. |
+| [Deploy Windows 10 in a school district](deploy-windows-10-in-a-school-district.md) |Learn how to deploy Windows 10 in a school district.|
 | [Chromebook migration guide](chromebook-migration-guide.md) | Learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. |
 
 ## Related topics
 
-- [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/index)
 - [Try it out: virtual labs and how-to videos for Windows 10 Education](https://technet.microsoft.com/en-us/windows/dn610356)
+- [Windows 10 and Windows 10 Mobile](https://technet.microsoft.com/itpro/windows/index)
diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md
index 5c18b9e201..e1d8f75c0d 100644
--- a/education/windows/school-get-minecraft.md
+++ b/education/windows/school-get-minecraft.md
@@ -20,6 +20,12 @@ When you sign up for early access to [Minecraft Education Edition](http://educat
 
 ## Add Minecraft to your Windows Store for Business 
 
+You can start with the Minecraft: Education Edition trial to get individual copies of the app. For more information, see [Minecraft: Education Edition - individual copies](#individual-copies). 
+
+If you’ve been approved and are part of the Enrollment for Education Solutions program, you can purchase a volume license for Minecraft: Education Edition. For more information, see [Minecraft: Education Edition - volume license](#volume-license)
+
+### <a href="" id="individual-copies"></a>Minecraft: Education Edition - individual copies
+
 1. Go to [http://education.minecraft.net/](http://education.minecraft.net/) and select **Get the app**.
 
     ![Click Get the app](images/it-get-app.png) 
@@ -42,15 +48,33 @@ When you sign up for early access to [Minecraft Education Edition](http://educat
 
     ![Get Minecraft app in Store](images/minecraft-get-the-app.png)
 
-## Distribute Minecraft
+Now that the app is in your Store for Business inventory, you can choose how to distribute Minecraft. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft).
+
+### <a href="" id="volume-license"></a>Minecraft: Education Edition - volume license
+
+Qualified education institutions can purchase Minecraft: Education Edition volume licenses through their Microsoft channel partner. Schools need to be part of the Enrollment for Education Solutions program. Educational institutions should work with their channel partner to determine which Minecraft: Education Edition licensing offer is best for their institution. The process looks like this: 
+
+- Your channel partner will submit and process your volume license order, your licenses will be shown on [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx), and the copies will be available in [Windows Store for Business](https://www.microsoft.com/business-store) inventory. 
+- You’ll receive an email with a link to Windows Store for Business. 
+- Sign in to [Windows Store for Business](https://www.microsoft.com/business-store) to distribute and manage the Minecraft: Education Edition licenses. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft)
+
+## <a href="" id="distribute-minecraft"></a>Distribute Minecraft
 
 After Minecraft Education Edition is added to your Windows Store for Business, you have three options:
 
 - You can install the app on your PC.
-- You can assign the app to others.  
-- You can download the app to distribute. 
+- You can assign the app to others. 
+- You can download the app to distribute.
 
-![App distribution options](images/mc-install-for-me-admin.png)
+Admins can also add Minecraft: Education Edition to the private store. This allows people in your organization to install the app from the private store. For more information, see [Distribute apps using your private store](https://technet.microsoft.com/itpro/windows/manage/distribute-apps-from-your-private-store). 
+
+Here's the page you'll see for individual copies of **Minecraft: Education Edition**. 
+
+![App distribution options - individual copies](images/mc-install-for-me-admin.png)
+
+Here's the page you'll see for volume licensed copies of of **Minecraft: Education Edition**.
+
+![App distribution options - individual copies](images/wsfb-minecraft-vl.png)
 
 ### Install for me
 You can install the app on your PC. This gives you a chance to test the app and know how you might help others in your organization use the app.   
@@ -81,22 +105,22 @@ Enter email addresses for your students, and each student will get an email with
 
 **To finish Minecraft install (for students)**
 
-Students will receive an email with a link that will install the app on their PC.
+1. Students will receive an email with a link that will install the app on their PC.</br>
 
-![Email with Get the app link](images/minecraft-student-install-email.png)
+    ![Email with Get the app link](images/minecraft-student-install-email.png)
 
-1. Click **Get the app** to start the app install in Windows Store app. 
-2. In Windows Store app, click **Install**. 
+2. Click **Get the app** to start the app install in Windows Store app. 
+3. In Windows Store app, click **Install**. 
 
-     ![Windows Store app with Minecraft page](images/minecraft-in-windows-store-app.png)
+    ![Windows Store app with Minecraft page](images/minecraft-in-windows-store-app.png)
 
-After installing the app, students can find Minecraft: Education Edition in Windows Store app under **My Library**.
+    After installing the app, students can find Minecraft: Education Edition in Windows Store app under **My Library**.
 
-![Windows Store app showing access to My Library](images/minecraft-private-store.png) 
+    ![Windows Store app showing access to My Library](images/minecraft-private-store.png) 
 
-When students click **My Libarary** they'll find apps assigned to them.
+    When students click **My Libarary** they'll find apps assigned to them.
 
-![My Library for example student](images/minecraft-my-library.png) 
+    ![My Library for example student](images/minecraft-my-library.png) 
 
 ### Download for others
 Download for others allows teachers or IT admins to download a packages that they can install on student PCs. This will install Minecraft: Education Edition on the PC, and allows anyone with a Windows account to use the app on that PC. This option is best for younger students, and for shared computers. Choose this option when:
@@ -157,7 +181,7 @@ Minecraft: Education Edition adds a new role for teachers: **Basic Purchaser**.
 - Acquire and manage the app
 - Info on Support page (including links to documentation and access to support through customer service)
 
-![assign roles to manage Minecraft permissions](images/minecraft-perms.png)
+    ![assign roles to manage Minecraft permissions](images/minecraft-perms.png)
 
 **To assign Basic Purchaser role**
 
@@ -178,7 +202,7 @@ Minecraft: Education Edition adds a new role for teachers: **Basic Purchaser**.
     
     ![Permission page for Windows Store for Business](images/minecraft-assign-roles-2.png)
 
-## Private store
+## <a href="" id="private-store"></a>Private store
 
 When you create you Windows Store for Business account, you'll have a set of apps included for free in your private store. Apps in your private store are available for all people in your organization to install and use. 
 
@@ -191,7 +215,12 @@ These apps will automatically be in your private store:
 - Fresh Paint
 - Minecraft: Education Edition
 
-As an admin, you can remove any of these apps from the private store if you'd prefer to control how apps are distributed. 
+As an admin, you can remove any of these apps from the private store if you'd prefer to control how apps are distributed.  
+
+## Need more copies of Minecraft: Education Edition?
+You can purchase more licenses by working with your channel partner. Licenses are available at a lower rate than the price for individual copies that are available through Windows Store for Business. Individual copies are also available through Windows Store for Business. 
+
+If you’ve purchased a volume license, be sure to let other basic purchasers in your organization know about the volume license. That should help prevent unnecessary purchases of individual copies.
 
 ## Learn more
 
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index abf4fc1bd3..6fdf7e3da3 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -90,7 +90,6 @@ The **Set up School PCs** app produces a specialized provisioning package that m
 
 - Saving content locally to the PC is disabled. This prevents data loss by forcing students to save to the cloud.
 - A custom Start layout and sign in background image are set.
-- Prohibits Microsoft Accounts (MSAs) from being created.
 - Prohibits unlocking the PC to developer mode.
 - Prohibits untrusted Windows Store apps from being installed.
 - Prohibits students from removing MDM.
@@ -242,7 +241,7 @@ The **Set up School PCs** app produces a specialized provisioning package that m
 </tr> 
 <tr> <td colspan="2"> <p> <strong>Windows Settings</strong> > <strong>Security Settings</strong> > <strong>Local Policies</strong> > <strong>Security Options</strong></p> </td> 
 </tr> 
-<tr><td><p>Accounts: Block Microsoft accounts</p></td><td><p>Enabled</p></td></tr>
+<tr><td><p>Accounts: Block Microsoft accounts</p><p>**Note** Microsoft accounts can still be used in apps.</p></td><td><p>Enabled</p></td></tr>
 <tr> <td> <p> Interactive logon: Do not display last user name </p> </td> <td> <p> Enabled</p> </td>
 </tr> 
 <tr> <td> <p> Interactive logon: Sign-in last interactive user automatically after a system-initiated restart</p> </td> <td> <p> Disabled</p> </td> 
diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md
index 86a2cf7148..90829321ad 100644
--- a/education/windows/set-up-students-pcs-to-join-domain.md
+++ b/education/windows/set-up-students-pcs-to-join-domain.md
@@ -13,7 +13,7 @@ author: jdeckerMS
 
 -   Windows 10  
 
-If your school uses Active Directory, use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a runtime provisioning package that will configure a PC for student use that is joined to the Active Directory domain. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+If your school uses Active Directory, use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a runtime provisioning package that will configure a PC for student use that is joined to the Active Directory domain. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) 
 
 ## Create the provisioning package
 
@@ -71,7 +71,7 @@ If your school uses Active Directory, use the Windows Imaging and Configuration
 
     ![The first screen to set up a new PC](images/oobe.jpg)
 
-2. Insert the USB drive and press the Windows key five times. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
+2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
 
     ![Set up device?](images/setupmsg.jpg)
 
@@ -87,23 +87,7 @@ If your school uses Active Directory, use the Windows Imaging and Configuration
 
     ![Do you trust this package?](images/trust-package.png)
     
-6. Read and accept the Microsoft Software License Terms.  
-
-    ![Sign in](images/license-terms.png)
-    
-7. Select **Use Express settings**.
-
-    ![Get going fast](images/express-settings.png)
-
-8. If the PC doesn't use a volume license, you'll see the **Who owns this PC?** screen. Select **My work or school owns it** and tap **Next**.
-
-    ![Who owns this PC?](images/who-owns-pc.png)
-
-9. On the **Choose how you'll connect** screen, select **Join a domain** and tap **Next**.
-
-    ![Connect to Azure AD](images/connect-ad.png)
-
-10. Sign in with  your domain account and password. When you see the progress ring, you can remove the USB drive.
+When you see the progress ring, you can remove the USB drive.
 
     
 
diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md
index aaac89a4fb..04e110de10 100644
--- a/education/windows/set-up-students-pcs-with-apps.md
+++ b/education/windows/set-up-students-pcs-with-apps.md
@@ -37,7 +37,7 @@ If you want to [provision a school PC to join a domain](set-up-students-pcs-to-j
 
 ## Create a provisioning package to add apps after initial setup
 
-Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit)
 
 1. Open Windows ICD (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).
 
@@ -73,7 +73,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 
 ## Add a universal app to your package
 
-Universal apps that you can distribute in the provisioning package can be line-of-business (LOB) apps developed by your organization, Windows Store for Business apps that you acquire with [offline licensing](https://technet.microsoft.com/en-us/itpro/windows/manage/acquire-apps-windows-store-for-business), or third-party apps. This procedure will assume you are distributing apps from the Windows Store for Business. For other apps, obtain the necessary information (such as the package family name) from the app developer. 
+Universal apps that you can distribute in the provisioning package can be line-of-business (LOB) apps developed by your organization, Windows Store for Business apps that you acquire with [offline licensing](https://technet.microsoft.com/itpro/windows/manage/acquire-apps-windows-store-for-business), or third-party apps. This procedure will assume you are distributing apps from the Windows Store for Business. For other apps, obtain the necessary information (such as the package family name) from the app developer. 
 
 1. In the **Available customizations** pane, go to **Runtime settings** > **UniversalAppInstall**. 
 
@@ -91,7 +91,7 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
     ![generate license for offline app](images/uwp-license.png)
 
-[Learn more about distributing offline apps from the Windows Store for Business.](https://technet.microsoft.com/en-us/itpro/windows/manage/distribute-offline-apps)
+[Learn more about distributing offline apps from the Windows Store for Business.](https://technet.microsoft.com/itpro/windows/manage/distribute-offline-apps)
 
 > **Note:** Removing a provisioning package will not remove any apps installed by device context in that provisioning package.
 
@@ -159,7 +159,7 @@ If your build is successful, the name of the provisioning package, output direct
 
     ![The first screen to set up a new PC](images/oobe.jpg)
 
-2. Insert the USB drive and press the Windows key five times. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
+2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
 
     ![Set up device?](images/setupmsg.jpg)
 
@@ -206,12 +206,12 @@ On a desktop computer, navigate to **Settings** &gt; **Accounts** &gt; **Work ac
 
 ## Learn more
 
--  [Develop Universal Windows Education apps](https://msdn.microsoft.com/en-us/windows/uwp/apps-for-education/index)
+-  [Develop Universal Windows Education apps](https://msdn.microsoft.com/windows/uwp/apps-for-education/index)
 
--   [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=629651)
+-   [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=629651)
 
--   Watch the video: [Provisioning Windows 10 Devices with New Tools](http://go.microsoft.com/fwlink/p/?LinkId=615921)
+-   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](http://go.microsoft.com/fwlink/p/?LinkId=615922)
+-   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
  
 
diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md
index 0823171b3e..7e3ed9ca0b 100644
--- a/education/windows/take-a-test-app-technical.md
+++ b/education/windows/take-a-test-app-technical.md
@@ -31,7 +31,9 @@ When running above the lock screen:
 
 - The hardware print screen button is disabled 
 
-- Content within the app will show up as black in screen capturing/sharing software Copy/paste is disabled 
+- Content within the app will show up as black in screen capturing/sharing software 
+
+- System clipboard is cleared 
 
 - Web apps can query the processes currently running in the user’s device
 
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
index 0110e7d52c..7d5f5d6c0e 100644
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@@ -131,7 +131,7 @@ On the **File** menu, select **Save.**
 
     After you allow the package to be installed, the settings will be applied to the device
 
-[Learn how to apply a provisioning package in audit mode or OOBE.](http://go.microsoft.com/fwlink/p/?LinkID=692012)
+[Learn how to apply a provisioning package in audit mode or OOBE.](https://go.microsoft.com/fwlink/p/?LinkID=692012)
 
 ### Set up test account in Group Policy
 
diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md
index 6bf51bf7b2..40850cf578 100644
--- a/education/windows/take-tests-in-windows-10.md
+++ b/education/windows/take-tests-in-windows-10.md
@@ -9,7 +9,7 @@ ms.pagetype: edu
 author: jdeckerMS
 ---
 
-# Take tests in Windows 10 
+# Take tests in Windows 10
 **Applies to:**
 
 -   Windows 10   
@@ -42,7 +42,6 @@ Many schools use online testing for formative and summative assessments. It's cr
 
 ## Related topics
 
+[Create tests using Microsoft Forms](create-tests-using-microsoft-forms.md)
+
 [Take a Test app technical reference](take-a-test-app-technical.md)
-
-
-
diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md
index c9c386545b..7c7eda6f8e 100644
--- a/education/windows/teacher-get-minecraft.md
+++ b/education/windows/teacher-get-minecraft.md
@@ -148,7 +148,7 @@ If you ran **InstallMinecraftEducationEdition.bat** and Minecraft: Education Edi
 | App isn't available for other users. | No restart after install. If you don't restart the PC, and just switch users the app will not be available.| Restart PC. </br> Run **InstallMinecraftEducationEdition.bat** again. </br> If a restart doesn't work, contact your IT Admin.  | 
 
 
-If you are still having trouble installing the app, you can get more help on our [Support page](http://go.microsoft.com/fwlink/?LinkID=799757). 
+If you are still having trouble installing the app, you can get more help on our [Support page](https://go.microsoft.com/fwlink/?LinkID=799757). 
 
 ## Related topics
 
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
new file mode 100644
index 0000000000..ed22802caa
--- /dev/null
+++ b/education/windows/windows-editions-for-education-customers.md
@@ -0,0 +1,54 @@
+---
+title: Windows 10 editions for education customers
+description: Provides an overview of the two editions in Windows 10, version 1607 that's designed for the needs of K-12 institutions.
+keywords: Windows 10 Pro Education, Windows 10 Education, Windows 10 editions, education customers
+ms.prod: w10
+ms.mktglfcycl: plan
+ms.sitesec: library
+ms.pagetype: edu
+author: CelesteDG
+---
+
+# Windows 10 editions for education customers
+**Applies to:**
+
+-   Windows 10
+
+Windows 10 Anniversary Update (Windows 10, version 1607) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](https://go.microsoft.com/fwlink/?LinkId=822619) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620).
+
+Windows 10, version 1607 offers a variety of new features and functionality, such as simplified provisioning with the [Set up School PCs app](https://go.microsoft.com/fwlink/?LinkID=821951) or [Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/?LinkId=822623), easier delivery of digital assessments with [Take a Test](https://go.microsoft.com/fwlink/?LinkID=821956), and faster log in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information about Windows 10, version 1607 on [windows.com](http://www.windows.com/).
+
+Windows 10, version 1607 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
+
+## Windows 10 Pro Education
+
+Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is effectively a variant of Windows 10 Pro that provides education-specific default settings, including the removal of Cortana<sup>1</sup>. These default settings disable tips, tricks and suggestions & Windows Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
+
+Windows 10 Pro Education is available on new devices pre-installed with Windows 10, version 1607 that are purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future).
+
+Existing devices running Windows 10 Pro, currently activated with the original OEM digital product key and purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future), will upgrade automatically to Windows 10 Pro Education as part of the Windows 10, version 1607 installation.
+
+Customers with Academic Volume Licensing agreements with rights for Windows can get Windows 10 Pro Education through the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx), available at a later date.
+
+Customers that deploy Windows 10 Pro are able to configure the product to have similar feature settings to Windows 10 Pro Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627). We recommend that K-12 customers using commercial Windows 10 Pro read the [document](https://go.microsoft.com/fwlink/?LinkId=822627) and apply desired settings for your environment.
+
+## Windows 10 Education
+
+Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise-grade manageability and security desired by many schools. Windows 10 Education is effectively a variant of Windows 10 Enterprise that provides education-specific default settings, including the removal of Cortana<sup>1</sup>. These default settings disable tips, tricks and suggestions & Windows Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627).
+
+Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you do not have access to Windows 10 Education, contact your Microsoft representative or see more information [here](https://go.microsoft.com/fwlink/?LinkId=822628).
+
+Customers that deploy Windows 10 Enterprise are able to configure the product to have similar feature settings to Windows 10 Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Windows Store tips, tricks and suggestions](https://go.microsoft.com/fwlink/?LinkId=822627). We recommend that K-12 customers using commercial Windows 10 Enterprise read the [document](https://go.microsoft.com/fwlink/?LinkId=822627) and apply desired settings for your environment.
+
+For any other questions, contact [Microsoft Customer Service and Support](https://support.microsoft.com/en-us).
+
+## Related topics
+* [Windows deployment for education](http://aka.ms/edudeploy)
+* [Windows 10 upgrade paths](https://go.microsoft.com/fwlink/?LinkId=822787)
+* [Volume Activation for Windows 10](https://go.microsoft.com/fwlink/?LinkId=822788)
+* [Plan for volume activation](https://go.microsoft.com/fwlink/?LinkId=822789)
+
+
+
+
+<sup>1</sup> <small>Cortana available in select markets; experience may vary by region and device.  Cortana is disabled in the Windows 10 Pro Education and Windows 10 Education editions.</small>
diff --git a/images/compare-changes.png b/images/compare-changes.png
new file mode 100644
index 0000000000..0d86db70f5
Binary files /dev/null and b/images/compare-changes.png differ
diff --git a/images/contribute-link.png b/images/contribute-link.png
new file mode 100644
index 0000000000..6b17e6dd56
Binary files /dev/null and b/images/contribute-link.png differ
diff --git a/images/pencil-icon.png b/images/pencil-icon.png
new file mode 100644
index 0000000000..82fe7852dd
Binary files /dev/null and b/images/pencil-icon.png differ
diff --git a/images/preview-changes.png b/images/preview-changes.png
new file mode 100644
index 0000000000..f98b2c6443
Binary files /dev/null and b/images/preview-changes.png differ
diff --git a/images/propose-file-change.png b/images/propose-file-change.png
new file mode 100644
index 0000000000..aedbc07b16
Binary files /dev/null and b/images/propose-file-change.png differ
diff --git a/license.md b/license.md
new file mode 100644
index 0000000000..0e5cb57b99
--- /dev/null
+++ b/license.md
@@ -0,0 +1,7 @@
+Copyright (c) Microsoft Corporation.  Distributed under the following terms:
+
+1. Microsoft and any contributors to this project each grants you a license, under its respective copyrights, to the documentation under the [Creative Commons Attribution 3.0 United States License](http://creativecommons.org/licenses/by/3.0/us/legalcode).  In addition, with respect to any sample code contained in the documentation, Microsoft and any such contributors grants you an additional license, under its respective intellectual property rights, to use the code to develop or design your software for Microsoft Windows.
+
+2.  Microsoft, Windows, and/or other Microsoft products and services referenced in the documentation may be either trademarks or registered trademarks of Microsoft in the United States and/or other countries. This license does not grant you rights to use any names, logos, or trademarks. For Microsoft’s general trademark guidelines, go to [https://go.microsoft.com/fwlink/?LinkID=254653](https://go.microsoft.com/fwlink/?LinkID=254653).
+
+3.  Microsoft and any contributors reserves all others rights, whether under copyrights, patents, or trademarks, or by implication, estoppel or otherwise.
diff --git a/mdop/agpm/choosing-which-version-of-agpm-to-install.md b/mdop/agpm/choosing-which-version-of-agpm-to-install.md
index 0c96e2b93c..e047f05e63 100644
--- a/mdop/agpm/choosing-which-version-of-agpm-to-install.md
+++ b/mdop/agpm/choosing-which-version-of-agpm-to-install.md
@@ -19,7 +19,7 @@ We recommend that you install the AGPM Server on the most recent version of the
 
 All versions of AGPM can manage only the policy settings that were introduced in the same version or an earlier version of the operating system on which AGPM is running. For example, if you install AGPM 4.0 SP2 on Windows Server 2012, you can manage policy settings that were introduced in Windows Server 2012 or earlier, but you cannot manage policy settings that were introduced later, in Windows 8.1 or Windows Server 2012 R2.
 
-If the version of the GPMC on your AGPM Server is older than the version on the computers that administrators use to manage Group Policy, the AGPM Server will be unable to store any policy settings that are not available in the older version of the GPMC. For information about which policy settings are available with which operating systems, see the [Group Policy Settings Reference for Windows and Windows Server](http://go.microsoft.com/fwlink/?LinkId=157345).
+If the version of the GPMC on your AGPM Server is older than the version on the computers that administrators use to manage Group Policy, the AGPM Server will be unable to store any policy settings that are not available in the older version of the GPMC. For a spreadsheet of Group Policy settings included in Windows, see [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=613627).
 
 ## AGPM 4.0 SP3
 
@@ -282,7 +282,7 @@ Table 4 lists the operating systems on which you can install the versions of AGP
 ## How to Get MDOP Technologies
 
 
-AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/agpm/index.md b/mdop/agpm/index.md
index 1439565b2c..7d17648258 100644
--- a/mdop/agpm/index.md
+++ b/mdop/agpm/index.md
@@ -43,15 +43,15 @@ In addition to the product documentation available online, supplemental product
 <tbody>
 <tr class="odd">
 <td align="left"><p><strong>MDOP Videos</strong></p></td>
-<td align="left"><p>For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](http://go.microsoft.com/fwlink/?LinkId=234275) (http://go.microsoft.com/fwlink/?LinkId=234275).</p></td>
+<td align="left"><p>For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](https://go.microsoft.com/fwlink/?LinkId=234275) (https://go.microsoft.com/fwlink/?LinkId=234275).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>MDOP Virtual Labs</strong></p></td>
-<td align="left"><p>For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](http://go.microsoft.com/fwlink/?LinkId=234276) (http://go.microsoft.com/fwlink/?LinkId=234276).</p></td>
+<td align="left"><p>For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](https://go.microsoft.com/fwlink/?LinkId=234276) (https://go.microsoft.com/fwlink/?LinkId=234276).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>MDOP TechCenter</strong></p></td>
-<td align="left"><p>For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](http://go.microsoft.com/fwlink/?LinkId=225286) (http://go.microsoft.com/fwlink/?LinkId=225286)</p>
+<td align="left"><p>For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](https://go.microsoft.com/fwlink/?LinkId=225286) (https://go.microsoft.com/fwlink/?LinkId=225286)</p>
 <p></p></td>
 </tr>
 </tbody>
@@ -68,7 +68,7 @@ MDOP is a suite of products that can help streamline desktop deployment, managem
 MDOP is also available for test and evaluation to [MSDN](http://msdn.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) and [TechNet](http://technet.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) subscribers in accordance with MDSN and TechNet agreements.
 
 <a href="" id="download-mdop"></a>**Download MDOP**  
-MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](http://go.microsoft.com/fwlink/?LinkId=166331).
+MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/?LinkId=166331).
 
 <a href="" id="purchase-mdop"></a>**Purchase MDOP**  
 Visit the enterprise [Purchase Windows Enterprise Licensing](http://www.microsoft.com/windows/enterprise/how-to-buy.aspx) website to find out how to purchase MDOP for your business.
diff --git a/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md b/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md
index 4857c10d22..ac902a9785 100644
--- a/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md
+++ b/mdop/agpm/move-the-agpm-server-and-the-archive-agpm40.md
@@ -32,7 +32,7 @@ A user account that is a member of the Domain Admins group and has access to the
 
     1.  Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm40.md).
 
-    2.  Install Microsoft Advanced Group Policy Management - Server on the new server that will host the AGPM Service. During this process, you specify the new archive path, the location for the archive in relation to the AGPM Server. For more information, see [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](http://go.microsoft.com/fwlink/?LinkId=153505) (http://go.microsoft.com/fwlink/?LinkId=153505) and [Planning Guide for Microsoft Advanced Group Policy Management](http://go.microsoft.com/fwlink/?LinkId=156883) (http://go.microsoft.com/fwlink/?LinkId=156883).
+    2.  Install Microsoft Advanced Group Policy Management - Server on the new server that will host the AGPM Service. During this process, you specify the new archive path, the location for the archive in relation to the AGPM Server. For more information, see [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkId=153505) (https://go.microsoft.com/fwlink/?LinkId=153505) and [Planning Guide for Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/?LinkId=156883) (https://go.microsoft.com/fwlink/?LinkId=156883).
 
     3.  Either an AGPM Administrator (Full Control) must configure the AGPM Server connection for all Group Policy administrators who will use the new AGPM Server and remove the connection for the old AGPM Server, or else each Group Policy administrator must manually configure the new AGPM Server connection and remove the old AGPM Server connection for the AGPM snap-in on their computer. For more information, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm40.md).
 
@@ -62,9 +62,9 @@ A user account that is a member of the Domain Admins group and has access to the
 
 -   [Modify the AGPM Service](modify-the-agpm-service-agpm40.md)
 
--   [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](http://go.microsoft.com/fwlink/?LinkId=153505) (http://go.microsoft.com/fwlink/?LinkId=153505)
+-   [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkId=153505) (https://go.microsoft.com/fwlink/?LinkId=153505)
 
--   [Planning Guide for Microsoft Advanced Group Policy Management](http://go.microsoft.com/fwlink/?LinkId=156883) (http://go.microsoft.com/fwlink/?LinkId=156883)
+-   [Planning Guide for Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/?LinkId=156883) (https://go.microsoft.com/fwlink/?LinkId=156883)
 
 -   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm40.md)
 
diff --git a/mdop/agpm/move-the-agpm-server-and-the-archive.md b/mdop/agpm/move-the-agpm-server-and-the-archive.md
index b3386feba0..b2ff901507 100644
--- a/mdop/agpm/move-the-agpm-server-and-the-archive.md
+++ b/mdop/agpm/move-the-agpm-server-and-the-archive.md
@@ -32,7 +32,7 @@ A user account that is a member of the Domain Admins group and has access to the
 
     1.  Stop the AGPM Service. For more information, see [Start and Stop the AGPM Service](start-and-stop-the-agpm-service-agpm30ops.md).
 
-    2.  Install Microsoft Advanced Group Policy Management - Server on the new server that will host the AGPM Service. During this process, you specify the new archive path, the location for the archive in relation to the AGPM Server. For more information, see Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 (<http://go.microsoft.com/fwlink/?LinkId=132706>) and Planning Guide for Microsoft Advanced Group Policy Management (<http://go.microsoft.com/fwlink/?LinkId=141871>).
+    2.  Install Microsoft Advanced Group Policy Management - Server on the new server that will host the AGPM Service. During this process, you specify the new archive path, the location for the archive in relation to the AGPM Server. For more information, see Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 (<https://go.microsoft.com/fwlink/?LinkId=132706>) and Planning Guide for Microsoft Advanced Group Policy Management (<https://go.microsoft.com/fwlink/?LinkId=141871>).
 
     3.  Either an AGPM Administrator (Full Control) must configure the AGPM Server connection for all Group Policy administrators who will use the new AGPM Server and remove the connection for the old AGPM Server, or else each Group Policy administrator must manually configure the new AGPM Server connection and remove the old AGPM Server connection for the AGPM snap-in on their computer. For more information, see [Configure AGPM Server Connections](configure-agpm-server-connections-agpm30ops.md).
 
@@ -62,9 +62,9 @@ A user account that is a member of the Domain Admins group and has access to the
 
 -   [Modify the AGPM Service](modify-the-agpm-service-agpm30ops.md)
 
--   Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 (<http://go.microsoft.com/fwlink/?LinkId=132706>)
+-   Step-by-Step Guide for Microsoft Advanced Group Policy Management 3.0 (<https://go.microsoft.com/fwlink/?LinkId=132706>)
 
--   Planning Guide for Microsoft Advanced Group Policy Management (<http://go.microsoft.com/fwlink/?LinkId=141871>)
+-   Planning Guide for Microsoft Advanced Group Policy Management (<https://go.microsoft.com/fwlink/?LinkId=141871>)
 
 -   [Performing AGPM Administrator Tasks](performing-agpm-administrator-tasks-agpm30ops.md)
 
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md
index 3c3a5edf6d..361d135a71 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp1.md
@@ -60,7 +60,7 @@ WORKAROUND: Manually start the AGPM Service after the domain controller is onlin
 
 ### Upgrade of AGPM Server to AGPM 4.0 SP1 is blocked when you upgrade from the AGPM 4.0 release plus the hotfix
 
-If you try to upgrade the AGPM server to AGPM 4.0. SP1 after installing AGPM 4.0 and then installing the AGPM hotfix (see Knowledge Base article [2643502](http://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed.
+If you try to upgrade the AGPM server to AGPM 4.0. SP1 after installing AGPM 4.0 and then installing the AGPM hotfix (see Knowledge Base article [2643502](https://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed.
 
 WORKAROUND: Uninstall the AGPM 4.0 Server and then install AGPM 4.0 SP1.
 
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md
index 3b40da74ea..9d5f433b78 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp2.md
@@ -60,7 +60,7 @@ When the AGPM Service is installed on a domain controller on the Windows® 8 ope
 
 ### Upgrade of AGPM Server to AGPM 4.0 SP2 is blocked when you upgrade from the AGPM 4.0 release plus hotfix 1
 
-If you try to upgrade the AGPM server to AGPM 4.0. SP2 after installing AGPM 4.0 Server and then installing the AGPM hotfix named AGPM 4.0 reports incorrect differences in the HTML report (see Knowledge Base article [2643502](http://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed.
+If you try to upgrade the AGPM server to AGPM 4.0. SP2 after installing AGPM 4.0 Server and then installing the AGPM hotfix named AGPM 4.0 reports incorrect differences in the HTML report (see Knowledge Base article [2643502](https://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed.
 
 **Workaround:** Uninstall the AGPM 4.0 Server and then install AGPM 4.0 SP2.
 
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md
index c3412ae653..ee8e39c778 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40-sp3.md
@@ -66,7 +66,7 @@ When the AGPM Service is installed on a domain controller on the Windows® 8 ope
 
 ### Upgrade of AGPM Server to AGPM 4.0 SP2 is blocked when you upgrade from the AGPM 4.0 release plus hotfix 1
 
-If you try to upgrade the AGPM server to AGPM 4.0. SP2 after installing AGPM 4.0 Server and then installing the AGPM hotfix named AGPM 4.0 reports incorrect differences in the HTML report (see Knowledge Base article [2643502](http://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed.
+If you try to upgrade the AGPM server to AGPM 4.0. SP2 after installing AGPM 4.0 Server and then installing the AGPM hotfix named AGPM 4.0 reports incorrect differences in the HTML report (see Knowledge Base article [2643502](https://go.microsoft.com/fwlink/?LinkId=254474)), the upgrade fails and cannot be completed.
 
 **Workaround:** Uninstall the AGPM 4.0 Server and then install AGPM 4.0 SP2.
 
diff --git a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md
index 0f6e6394b6..21eafbce4e 100644
--- a/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md
+++ b/mdop/agpm/release-notes-for-microsoft-advanced-group-policy-management-40.md
@@ -22,33 +22,33 @@ Microsoft Advanced Group Policy Management (AGPM) 4.0 extends the capabilities o
 
 The following documents can help you get started with AGPM 4.0.
 
--   For an overview of the capabilities of AGPM, see [Overview of Microsoft Advanced Group Policy Management](http://go.microsoft.com/fwlink/?LinkID=162671) (http://go.microsoft.com/fwlink/?LinkID=162671).
+-   For an overview of the capabilities of AGPM, see [Overview of Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/?LinkID=162671) (https://go.microsoft.com/fwlink/?LinkID=162671).
 
--   For information about how AGPM 4.0 differs from AGPM 3.0, see [What's New in AGPM 4.0](http://go.microsoft.com/fwlink/?LinkId=160058) (http://go.microsoft.com/fwlink/?LinkId=160058).
+-   For information about how AGPM 4.0 differs from AGPM 3.0, see [What's New in AGPM 4.0](https://go.microsoft.com/fwlink/?LinkId=160058) (https://go.microsoft.com/fwlink/?LinkId=160058).
 
--   For guidance about how to determine whether AGPM 4.0, AGPM 3.0, or AGPM 2.5 is appropriate for your environment, see [Choosing Which Version of AGPM to Install](http://go.microsoft.com/fwlink/?LinkId=145981) (http://go.microsoft.com/fwlink/?LinkId=145981).
+-   For guidance about how to determine whether AGPM 4.0, AGPM 3.0, or AGPM 2.5 is appropriate for your environment, see [Choosing Which Version of AGPM to Install](https://go.microsoft.com/fwlink/?LinkId=145981) (https://go.microsoft.com/fwlink/?LinkId=145981).
 
--   For basic guidance about how to install AGPM and a sample scenario for using AGPM, see [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](http://go.microsoft.com/fwlink/?LinkID=153505) (http://go.microsoft.com/fwlink/?LinkID=153505). This guide is primarily designed to help evaluators and first-time users.
+-   For basic guidance about how to install AGPM and a sample scenario for using AGPM, see [Step-by-Step Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkID=153505) (https://go.microsoft.com/fwlink/?LinkID=153505). This guide is primarily designed to help evaluators and first-time users.
 
--   For information about how to upgrade from an earlier version of AGPM or detailed guidance about how to plan the deployment of AGPM in your organization, see the [Planning Guide for Microsoft Advanced Group Policy Management 4.0](http://go.microsoft.com/fwlink/?LinkID=156883) (http://go.microsoft.com/fwlink/?LinkID=156883).
+-   For information about how to upgrade from an earlier version of AGPM or detailed guidance about how to plan the deployment of AGPM in your organization, see the [Planning Guide for Microsoft Advanced Group Policy Management 4.0](https://go.microsoft.com/fwlink/?LinkID=156883) (https://go.microsoft.com/fwlink/?LinkID=156883).
 
--   For information about how to use AGPM to perform specific tasks, see the Advanced Group Policy Management 4.0 Help, which is also available on TechNet as the [Operations Guide for AGPM 4.0](http://go.microsoft.com/fwlink/?LinkId=159872) (http://go.microsoft.com/fwlink/?LinkId=159872).
+-   For information about how to use AGPM to perform specific tasks, see the Advanced Group Policy Management 4.0 Help, which is also available on TechNet as the [Operations Guide for AGPM 4.0](https://go.microsoft.com/fwlink/?LinkId=159872) (https://go.microsoft.com/fwlink/?LinkId=159872).
 
 ## More information
 
 
 For more information about AGPM, see the following:
 
--   [Advanced Group Policy Management TechNet Library](http://go.microsoft.com/fwlink/?LinkID=146846) (http://go.microsoft.com/fwlink/?LinkID=146846)
+-   [Advanced Group Policy Management TechNet Library](https://go.microsoft.com/fwlink/?LinkID=146846) (https://go.microsoft.com/fwlink/?LinkID=146846)
 
--   [Microsoft Desktop Optimization Pack TechCenter](http://go.microsoft.com/fwlink/?LinkId=159870) (http://www.microsoft.com/technet/mdop)
+-   [Microsoft Desktop Optimization Pack TechCenter](https://go.microsoft.com/fwlink/?LinkId=159870) (http://www.microsoft.com/technet/mdop)
 
--   [Group Policy TechCenter](http://go.microsoft.com/fwlink/?LinkId=145531) (http://www.microsoft.com/gp)
+-   [Group Policy TechCenter](https://go.microsoft.com/fwlink/?LinkId=145531) (http://www.microsoft.com/gp)
 
 ## Providing feedback
 
 
-You can post feedback or questions about AGPM to the [Group Policy Forum](http://go.microsoft.com/fwlink/?LinkId=145532) (http://go.microsoft.com/fwlink/?LinkId=145532).
+You can post feedback or questions about AGPM to the [Group Policy Forum](https://go.microsoft.com/fwlink/?LinkId=145532) (https://go.microsoft.com/fwlink/?LinkId=145532).
 
 ## Known issues with AGPM 4.0
 
diff --git a/mdop/agpm/resources-for-agpm.md b/mdop/agpm/resources-for-agpm.md
index aea623d985..6819ebac13 100644
--- a/mdop/agpm/resources-for-agpm.md
+++ b/mdop/agpm/resources-for-agpm.md
@@ -15,21 +15,21 @@ ms.prod: w10
 
 ### Documents for download
 
--   [Advanced Group Policy Management 4.0 documents](http://go.microsoft.com/fwlink/?LinkID=158931)
+-   [Advanced Group Policy Management 4.0 documents](https://go.microsoft.com/fwlink/?LinkID=158931)
 
 ### Microsoft Desktop Optimization Pack resources
 
--   [Microsoft Desktop Optimization Pack (MDOP) for Software Assurance TechCenter](http://go.microsoft.com/fwlink/?LinkID=159870) (http://www.microsoft.com/technet/mdop): Links to MDOP videos and resources.
+-   [Microsoft Desktop Optimization Pack (MDOP) for Software Assurance TechCenter](https://go.microsoft.com/fwlink/?LinkID=159870) (http://www.microsoft.com/technet/mdop): Links to MDOP videos and resources.
 
--   [Enterprise products: MDOP](http://go.microsoft.com/fwlink/?LinkID=160297): Overviews and information about the benefits of applications in MDOP.
+-   [Enterprise products: MDOP](https://go.microsoft.com/fwlink/?LinkID=160297): Overviews and information about the benefits of applications in MDOP.
 
 ### Group Policy resources
 
--   [Group Policy TechCenter](http://go.microsoft.com/fwlink/?LinkID=145531) (http://www.microsoft.com/grouppolicy): Links to Group Policy documentation, tools, and downloads.
+-   [Group Policy TechCenter](https://go.microsoft.com/fwlink/?LinkID=145531) (http://www.microsoft.com/grouppolicy): Links to Group Policy documentation, tools, and downloads.
 
--   [Group Policy Team Blog](http://go.microsoft.com/fwlink/?LinkID=75192) (http://blogs.technet.com/GroupPolicy): Stay current on the latest news about Group Policy with articles by the Group Policy Team and other experts.
+-   [Group Policy Team Blog](https://go.microsoft.com/fwlink/?LinkID=75192) (http://blogs.technet.com/GroupPolicy): Stay current on the latest news about Group Policy with articles by the Group Policy Team and other experts.
 
--   [Group Policy Forum](http://go.microsoft.com/fwlink/?LinkID=145532): Do you have questions about Group Policy or AGPM? You can post your questions to the forum, and receive answers from the experts.
+-   [Group Policy Forum](https://go.microsoft.com/fwlink/?LinkID=145532): Do you have questions about Group Policy or AGPM? You can post your questions to the forum, and receive answers from the experts.
 
  
 
diff --git a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md
index fdd71d9044..fa74f313d2 100644
--- a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md
+++ b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-25.md
@@ -57,7 +57,7 @@ You should install AGPM Server on a member server or domain controller with the
 
 Specifically, if your AGPM Server is running Windows Server 2003 and the version of the GPMC that accompanied it, and your Group Policy administrators’ computers are running Windows Vista and the version of the GPMC that accompanied it, you can still manage most policy settings. However, policy settings from the GPMC in Windows Vista that are not available in the GPMC in Windows Server 2003—such as those related to folder redirection, wireless networking (IEEE 802.11), and deployed printers—cannot be stored by the AGPM Server, even though administrators can configure them using AGPM on their computers.
 
-If you must install AGPM Server on a computer with an older version of GPMC than your Group Policy administrators are running, see the Group Policy Settings Reference for details about which policy settings are available with which operating systems. To download the Group Policy Settings Reference, see <http://go.microsoft.com/fwlink/?LinkID=106147>.
+If you must install AGPM Server on a computer with an older version of GPMC than your Group Policy administrators are running, see the Group Policy Settings Reference for details about which policy settings are available with which operating systems. To download the Group Policy Settings Reference, see <https://go.microsoft.com/fwlink/?LinkID=106147>.
 
 **Note**  
 Archives cannot be migrated from an AGPM Server or a GPOVault Server running Windows Server 2003 to an AGPM Server running Windows Vista.
diff --git a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md
index d74d9b2f90..84a55aac70 100644
--- a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md
+++ b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-30.md
@@ -64,7 +64,7 @@ Before you install AGPM Server, you must be a member of the Domain Admins group
 
     -   Windows Server 2008: The GPMC is automatically installed by AGPM if not present.
 
-    -   Windows Vista: You must install the GPMC from RSAT before you install AGPM. For more information, see <http://go.microsoft.com/fwlink/?LinkID=116179>.
+    -   Windows Vista: You must install the GPMC from RSAT before you install AGPM. For more information, see <https://go.microsoft.com/fwlink/?LinkID=116179>.
 
 -   .NET Framework 3.5
 
@@ -90,7 +90,7 @@ The following Windows features are required by AGPM Client and will be automatic
 
     -   Windows Server 2008: The GPMC is automatically installed by AGPM if not present.
 
-    -   Windows Vista: You must install the GPMC from RSAT before you install AGPM. For more information, see <http://go.microsoft.com/fwlink/?LinkID=116179>.
+    -   Windows Vista: You must install the GPMC from RSAT before you install AGPM. For more information, see <https://go.microsoft.com/fwlink/?LinkID=116179>.
 
 -   .NET Framework 3.0
 
diff --git a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md
index c6c50f7339..364f0682a2 100644
--- a/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md
+++ b/mdop/agpm/step-by-step-guide-for-microsoft-advanced-group-policy-management-40.md
@@ -109,9 +109,9 @@ Before you install AGPM Server, you must be a member of the Domain Admins group
 
     -   Windows Server 2008 R2 or Windows Server 2008: If the GPMC is not present, it is automatically installed by AGPM.
 
-    -   Windows 7: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows 7](http://go.microsoft.com/fwlink/?LinkID=131280) (http://go.microsoft.com/fwlink/?LinkID=131280).
+    -   Windows 7: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows 7](https://go.microsoft.com/fwlink/?LinkID=131280) (https://go.microsoft.com/fwlink/?LinkID=131280).
 
-    -   Windows Vista with SP1: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows Vista with Service Pack 1](http://go.microsoft.com/fwlink/?LinkID=116179) (http://go.microsoft.com/fwlink/?LinkID=116179).
+    -   Windows Vista with SP1: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows Vista with Service Pack 1](https://go.microsoft.com/fwlink/?LinkID=116179) (https://go.microsoft.com/fwlink/?LinkID=116179).
 
 -   The .NET Framework 3.5 or later versions
 
@@ -141,9 +141,9 @@ The following Windows features are required by AGPM Client and unless otherwise
 
     -   Windows Server 2008 R2 or Windows Server 2008: If the GPMC is not present, it is automatically installed by AGPM.
 
-    -   Windows 7: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows 7](http://go.microsoft.com/fwlink/?LinkID=131280) (http://go.microsoft.com/fwlink/?LinkID=131280).
+    -   Windows 7: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows 7](https://go.microsoft.com/fwlink/?LinkID=131280) (https://go.microsoft.com/fwlink/?LinkID=131280).
 
-    -   Windows Vista with SP1: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows Vista with Service Pack 1](http://go.microsoft.com/fwlink/?LinkID=116179) (http://go.microsoft.com/fwlink/?LinkID=116179).
+    -   Windows Vista with SP1: You must install the GPMC from RSAT before you install AGPM. For more information, see [Remote Server Administration Tools for Windows Vista with Service Pack 1](https://go.microsoft.com/fwlink/?LinkID=116179) (https://go.microsoft.com/fwlink/?LinkID=116179).
 
 -   The .NET Framework 3.0 or later version
 
diff --git a/mdop/agpm/technical-overview-of-agpm.md b/mdop/agpm/technical-overview-of-agpm.md
index 66258c0203..73852bc4e2 100644
--- a/mdop/agpm/technical-overview-of-agpm.md
+++ b/mdop/agpm/technical-overview-of-agpm.md
@@ -101,7 +101,7 @@ Table 1 describes both the items that AGPM installs or creates and the parts of
 
 ### Additional references
 
-For more information about the files installed by AGPM, see the [Planning Guide for AGPM](http://go.microsoft.com/fwlink/?LinkId=160060).
+For more information about the files installed by AGPM, see the [Planning Guide for AGPM](https://go.microsoft.com/fwlink/?LinkId=160060).
 
 ## Archive
 
@@ -121,7 +121,7 @@ When AGPM creates the archive, it gives Full Control to SYSTEM, Administrators,
 
 ### Additional references
 
-For information about how to back up the archive, restore the archive from a backup, or move both the AGPM Server and the archive, see the "Performing AGPM Administrator Tasks" section in the [Operations Guide for AGPM](http://go.microsoft.com/fwlink/?LinkId=160061).
+For information about how to back up the archive, restore the archive from a backup, or move both the AGPM Server and the archive, see the "Performing AGPM Administrator Tasks" section in the [Operations Guide for AGPM](https://go.microsoft.com/fwlink/?LinkId=160061).
 
 ## Roles and permissions
 
@@ -268,7 +268,7 @@ The ability to delegate access to GPOs in the production environment for a domai
 
 ### Additional references
 
-For information about what tasks can be performed by Group Policy administrators assigned a particular role or about which permissions are required to perform a specific task, see the [Operations Guide for AGPM](http://go.microsoft.com/fwlink/?LinkId=160061).
+For information about what tasks can be performed by Group Policy administrators assigned a particular role or about which permissions are required to perform a specific task, see the [Operations Guide for AGPM](https://go.microsoft.com/fwlink/?LinkId=160061).
 
  
 
diff --git a/mdop/agpm/whats-new-in-agpm-40-sp1.md b/mdop/agpm/whats-new-in-agpm-40-sp1.md
index 78c1991bf6..bc8d5bf649 100644
--- a/mdop/agpm/whats-new-in-agpm-40-sp1.md
+++ b/mdop/agpm/whats-new-in-agpm-40-sp1.md
@@ -60,7 +60,7 @@ The changes and support for the AGPM 4.0 SP1 installer are:
 
 ### Ability to upgrade or update to AGPM 4.0 SP1 without re-entering configuration parameters
 
-You can upgrade the AGPM client or server to AGPM 4.0 SP1 only from AGPM 4.0 without being prompted to re-enter configuration parameters (called “Smart Upgrade”), as shown in the following table. If you are upgrading to AGPM 4.0 SP1 from other versions of AGPM, as shown in the table, you must use the “Classic Upgrade,” which requires you to re-enter the configuration parameters. Since each version of AGPM is associated with a particular operating system, refer to [Choosing Which Version of AGPM to Install](http://go.microsoft.com/fwlink/?LinkId=254350), and be sure to upgrade your operating system as appropriate before performing an upgrade.
+You can upgrade the AGPM client or server to AGPM 4.0 SP1 only from AGPM 4.0 without being prompted to re-enter configuration parameters (called “Smart Upgrade”), as shown in the following table. If you are upgrading to AGPM 4.0 SP1 from other versions of AGPM, as shown in the table, you must use the “Classic Upgrade,” which requires you to re-enter the configuration parameters. Since each version of AGPM is associated with a particular operating system, refer to [Choosing Which Version of AGPM to Install](https://go.microsoft.com/fwlink/?LinkId=254350), and be sure to upgrade your operating system as appropriate before performing an upgrade.
 
 <table>
 <colgroup>
diff --git a/mdop/agpm/whats-new-in-agpm-40-sp2.md b/mdop/agpm/whats-new-in-agpm-40-sp2.md
index 7c7e323813..571237f2a3 100644
--- a/mdop/agpm/whats-new-in-agpm-40-sp2.md
+++ b/mdop/agpm/whats-new-in-agpm-40-sp2.md
@@ -34,11 +34,11 @@ The new and changed Group Policy client-side extensions are:
 
 -   **Force automatic setup for all users**. If you enable this policy setting, IT administrators can determine whether to create the Work Folders partnership automatically on end-user devices without input from end users. If you enable this policy setting, the synchronization will be set up according to how you configure the **Specify Work Folders settings** policy setting. If you set the **Force automatic setup for all users** policy setting to **Disabled** or **Not configured**, the Work Folders partnership will be configured according to how you set the **Automatic Provisioning** option in the **Specify Work Folders settings** policy setting.
 
-For more information about the Work Folders feature, see [Work Folders Overview](http://go.microsoft.com/fwlink/?LinkId=330444).
+For more information about the Work Folders feature, see [Work Folders Overview](https://go.microsoft.com/fwlink/?LinkId=330444).
 
 ### Customer feedback and hotfix rollup
 
-AGPM 4.0 SP2 includes a rollup of hotfixes to address issues found since the AGPM 4.0 Service Pack 1 (SP1) release. AGPM 4.0 SP2 contains the latest fixes up to and including Microsoft Advanced Group Policy Management 4.0 SP1 Hotfix 1. For more information, see Knowledge Base article [2873472](http://go.microsoft.com/fwlink/?LinkId=325400)).
+AGPM 4.0 SP2 includes a rollup of hotfixes to address issues found since the AGPM 4.0 Service Pack 1 (SP1) release. AGPM 4.0 SP2 contains the latest fixes up to and including Microsoft Advanced Group Policy Management 4.0 SP1 Hotfix 1. For more information, see Knowledge Base article [2873472](https://go.microsoft.com/fwlink/?LinkId=325400)).
 
 ### New Group Policy extensions in settings and difference reports
 
@@ -58,7 +58,7 @@ The changes and support for the AGPM 4.0 SP2 installer are:
 
 ### Ability to upgrade to AGPM 4.0 SP2 without reentering configuration parameters
 
-You can upgrade the AGPM Client or AGPM Server to AGPM 4.0 SP2 without being prompted to reenter configuration parameters (called the Smart Upgrade) only from AGPM 4.0 onward, as shown in the following table. If you are upgrading to AGPM 4.0 SP2 from other versions of AGPM, as shown in the table, you must use the Classic Upgrade, which requires you to reenter the configuration parameters. Because each version of AGPM is associated with a particular operating system, see [Choosing Which Version of AGPM to Install](http://go.microsoft.com/fwlink/?LinkId=254350) and make sure that you upgrade your operating system as appropriate before you upgrade AGPM.
+You can upgrade the AGPM Client or AGPM Server to AGPM 4.0 SP2 without being prompted to reenter configuration parameters (called the Smart Upgrade) only from AGPM 4.0 onward, as shown in the following table. If you are upgrading to AGPM 4.0 SP2 from other versions of AGPM, as shown in the table, you must use the Classic Upgrade, which requires you to reenter the configuration parameters. Because each version of AGPM is associated with a particular operating system, see [Choosing Which Version of AGPM to Install](https://go.microsoft.com/fwlink/?LinkId=254350) and make sure that you upgrade your operating system as appropriate before you upgrade AGPM.
 
 **AGPM 4.0 SP2 supported upgrades**
 
@@ -217,7 +217,7 @@ If the GPMC is not enabled, the installer enables it during the installation.
 ## How to Get MDOP Technologies
 
 
-AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+AGPM 4.0 SP2 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/agpm/whats-new-in-agpm-40-sp3.md b/mdop/agpm/whats-new-in-agpm-40-sp3.md
index a639608821..e598c1a4b8 100644
--- a/mdop/agpm/whats-new-in-agpm-40-sp3.md
+++ b/mdop/agpm/whats-new-in-agpm-40-sp3.md
@@ -34,7 +34,7 @@ AGPM 4.0 SP3 includes a rollup of all fixes up to and including Microsoft Advanc
 
 ### Ability to upgrade to AGPM 4.0 SP3 without re-entering configuration parameters
 
-You can upgrade the AGPM Client or AGPM Server to AGPM 4.0 SP3 without being prompted to re-enter configuration parameters (called the Smart Upgrade) only from AGPM 4.0 and later, as shown in the following table. If you are upgrading to AGPM 4.0 SP3 from other versions of AGPM, as shown in the table, you must use the Classic Upgrade, which requires you to re-enter the configuration parameters. Because each version of AGPM is associated with a particular operating system, see [Choosing Which Version of AGPM to Install](http://go.microsoft.com/fwlink/?LinkId=254350) and make sure that you upgrade your operating system as appropriate before you upgrade AGPM.
+You can upgrade the AGPM Client or AGPM Server to AGPM 4.0 SP3 without being prompted to re-enter configuration parameters (called the Smart Upgrade) only from AGPM 4.0 and later, as shown in the following table. If you are upgrading to AGPM 4.0 SP3 from other versions of AGPM, as shown in the table, you must use the Classic Upgrade, which requires you to re-enter the configuration parameters. Because each version of AGPM is associated with a particular operating system, see [Choosing Which Version of AGPM to Install](https://go.microsoft.com/fwlink/?LinkId=254350) and make sure that you upgrade your operating system as appropriate before you upgrade AGPM.
 
 **AGPM 4.0 SP3 supported upgrades**
 
@@ -231,7 +231,7 @@ If the GPMC is not enabled, the installer enables it during the installation.
 ## How to Get MDOP Technologies
 
 
-AGPM 4.0 SP3 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+AGPM 4.0 SP3 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md b/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md
index 20e54288a5..1bd5cb4df4 100644
--- a/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md
+++ b/mdop/appv-v4/about-app-v-package-accelerators--app-v-46-sp1-.md
@@ -47,7 +47,7 @@ You should also review any settings or configuration files associated with the v
 ## Securing App-V Package Accelerators
 
 
-Always save App-V Package Accelerators and any associated installation media in a secure location on the network to protect the App-V Package Accelerators and the installation files from being tampered with or becoming corrupted. Because Package Accelerators can also contain password and user-specific information, you must save App-V Package Accelerators in a secure location, and you must digitally sign the Package Accelerator after you create it so that the publisher can be verified when the Package Accelerator is applied. For more information about digital signatures, see [Application Guidelines on Digital Signature Practices for Common Criteria Security](http://go.microsoft.com/fwlink/?LinkId=204705) (http://go.microsoft.com/fwlink/?LinkId=204705).
+Always save App-V Package Accelerators and any associated installation media in a secure location on the network to protect the App-V Package Accelerators and the installation files from being tampered with or becoming corrupted. Because Package Accelerators can also contain password and user-specific information, you must save App-V Package Accelerators in a secure location, and you must digitally sign the Package Accelerator after you create it so that the publisher can be verified when the Package Accelerator is applied. For more information about digital signatures, see [Application Guidelines on Digital Signature Practices for Common Criteria Security](https://go.microsoft.com/fwlink/?LinkId=204705) (https://go.microsoft.com/fwlink/?LinkId=204705).
 
 ## Related topics
 
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md
index 84d328ae99..ae8f74d031 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp1.md
@@ -15,13 +15,13 @@ ms.prod: w8
 
 This service pack contains the following changes:
 
--   Support for Windows 7 and Windows Server 2008 R2: App-V 4.5 SP1 provides support for Windows 7 and Windows Server 2008 R2, including support for Windows 7 features such as the taskbar, AppLocker, BranchCache, and BitLocker To Go.  Windows Server 2008 R2 support applies only to Application Virtualization Server. For more information about AppLocker support in Windows 7, see [Windows AppLocker](http://go.microsoft.com/fwlink/?LinkID=156732) (http://go.microsoft.com/fwlink/?LinkID=156732).
+-   Support for Windows 7 and Windows Server 2008 R2: App-V 4.5 SP1 provides support for Windows 7 and Windows Server 2008 R2, including support for Windows 7 features such as the taskbar, AppLocker, BranchCache, and BitLocker To Go.  Windows Server 2008 R2 support applies only to Application Virtualization Server. For more information about AppLocker support in Windows 7, see [Windows AppLocker](https://go.microsoft.com/fwlink/?LinkID=156732) (https://go.microsoft.com/fwlink/?LinkID=156732).
 
--   Support for third-party Kerberos realms: App-V 4.5 SP1 provides support for environments that have a trust relationship and mapped user accounts between a Windows domain and an MIT Kerberos realm, which is a scenario commonly used at many universities. For information about how to enable this support, see [How to Configure the Client for MIT Kerberos Realm Support](http://go.microsoft.com/fwlink/?LinkId=166004) (http://go.microsoft.com/fwlink/?LinkId=166004).
+-   Support for third-party Kerberos realms: App-V 4.5 SP1 provides support for environments that have a trust relationship and mapped user accounts between a Windows domain and an MIT Kerberos realm, which is a scenario commonly used at many universities. For information about how to enable this support, see [How to Configure the Client for MIT Kerberos Realm Support](https://go.microsoft.com/fwlink/?LinkId=166004) (https://go.microsoft.com/fwlink/?LinkId=166004).
 
 -   Improved support for application publishing and streaming through HTTP/HTTPS: App-V 4.5 SP1 provides support for application publishing and streaming through the HTTP/HTTPS protocols for Windows XP Home Edition, Windows Vista Home Basic, and Windows 7 Home Basic.
 
--   Customer Feedback and Hotfix Rollup: App-V 4.5 SP1 also includes a rollup of fixes to address issues found after the Microsoft Application Virtualization (App-V) 4.5 CU1 release. The updates result from a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see [article 976338](http://go.microsoft.com/fwlink/?LinkId=167121) in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=167121).
+-   Customer Feedback and Hotfix Rollup: App-V 4.5 SP1 also includes a rollup of fixes to address issues found after the Microsoft Application Virtualization (App-V) 4.5 CU1 release. The updates result from a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see [article 976338](https://go.microsoft.com/fwlink/?LinkId=167121) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=167121).
 
 ## In This Section
 
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md
index 841c1186d3..b5a9241cfa 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-45-sp2.md
@@ -15,11 +15,11 @@ ms.prod: w8
 
 This service pack contains the following changes:
 
--   Support for Office 2010: Microsoft Application Virtualization (App-V) 4.5 SP2 now supports the virtualization of Microsoft Office 2010. For prescriptive guidance for sequencing Office 2010 with App-V 4.5 SP2, see [Prescriptive guidance for sequencing Office 2010 in Microsoft App-V 4.6](http://go.microsoft.com/fwlink/?LinkId=191539) (http://go.microsoft.com/fwlink/?LinkId=191539).
+-   Support for Office 2010: Microsoft Application Virtualization (App-V) 4.5 SP2 now supports the virtualization of Microsoft Office 2010. For prescriptive guidance for sequencing Office 2010 with App-V 4.5 SP2, see [Prescriptive guidance for sequencing Office 2010 in Microsoft App-V 4.6](https://go.microsoft.com/fwlink/?LinkId=191539) (https://go.microsoft.com/fwlink/?LinkId=191539).
 
--   Support for Database Mirroring: App-V 4.5 SP2 now supports Microsoft SQL Server Database Mirroring. For more information about configuring database mirroring in your App-V environment, see [How to Configure Microsoft SQL Server Mirroring Support for App-V](http://go.microsoft.com/fwlink/?LinkId=190880) (http://go.microsoft.com/fwlink/?LinkId=190880).
+-   Support for Database Mirroring: App-V 4.5 SP2 now supports Microsoft SQL Server Database Mirroring. For more information about configuring database mirroring in your App-V environment, see [How to Configure Microsoft SQL Server Mirroring Support for App-V](https://go.microsoft.com/fwlink/?LinkId=190880) (https://go.microsoft.com/fwlink/?LinkId=190880).
 
--   Customer Feedback and Hotfix Rollup: App-V 4.5 SP2 also includes a rollup of fixes to address issues found after the App-V  4.5 SP1 release. The updates address a combination of known issues and customer feedback from Microsoft internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see article 980847 in the Microsoft Knowledge Base (KB) at [Description of Microsoft Application Virtualization 4.5 Service Pack 2](http://go.microsoft.com/fwlink/?LinkId=191540) (http://go.microsoft.com/fwlink/?LinkId=191540).
+-   Customer Feedback and Hotfix Rollup: App-V 4.5 SP2 also includes a rollup of fixes to address issues found after the App-V  4.5 SP1 release. The updates address a combination of known issues and customer feedback from Microsoft internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see article 980847 in the Microsoft Knowledge Base (KB) at [Description of Microsoft Application Virtualization 4.5 Service Pack 2](https://go.microsoft.com/fwlink/?LinkId=191540) (https://go.microsoft.com/fwlink/?LinkId=191540).
 
 ## In This Section
 
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md
index ce05dc3362..b24beae096 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp2.md
@@ -26,7 +26,7 @@ App-V 4.6 SP2 adds support for Windows 8 and Windows Server 2012 Remote Deskto
 
 **Support for coexistence with App-V 5.0 client**
 
-App-V 4.6 SP2 provides support for coexistence with the Microsoft Application Virtualization 5.0 client. Review the App-V 5.0 documentation for instructions on how to configure the App-V 5.0 client for coexistence with the App-V 4.6 SP2 client. For more information about App-V 5.0, see [Application Virtualization 5](http://go.microsoft.com/fwlink/?LinkId=267599) on TechNet.
+App-V 4.6 SP2 provides support for coexistence with the Microsoft Application Virtualization 5.0 client. Review the App-V 5.0 documentation for instructions on how to configure the App-V 5.0 client for coexistence with the App-V 4.6 SP2 client. For more information about App-V 5.0, see [Application Virtualization 5](https://go.microsoft.com/fwlink/?LinkId=267599) on TechNet.
 
 **Ability to virtualize Adobe Reader X with Protected Mode**
 
@@ -82,7 +82,7 @@ Specify a path to an RTF or TXT file that provides packaging and deployment guid
 
 **Microsoft Application Error Reporting no longer needs to be installed**
 
-When you are installing the App-V 4.6 SP2 client by using setup.msi, you no longer need to install Microsoft Application Error Reporting (dw20shared.msi). App-V 4.6 SP2 now uses Microsoft Error Reporting. For more information, see [How to Install the App-V Client by Using Setup.msi](http://go.microsoft.com/fwlink/?LinkId=267237).
+When you are installing the App-V 4.6 SP2 client by using setup.msi, you no longer need to install Microsoft Application Error Reporting (dw20shared.msi). App-V 4.6 SP2 now uses Microsoft Error Reporting. For more information, see [How to Install the App-V Client by Using Setup.msi](https://go.microsoft.com/fwlink/?LinkId=267237).
 
 **Customer feedback and hotfix rollup**
 
@@ -91,7 +91,7 @@ App-V 4.6 SP2 includes a rollup of fixes to address issues found since the App
 ## In This Section
 
 
-<a href="" id="app-v-4-6-sp2-release-notes"></a>[App-V 4.6 SP2 Release Notes](http://go.microsoft.com/fwlink/?LinkId=267600)  
+<a href="" id="app-v-4-6-sp2-release-notes"></a>[App-V 4.6 SP2 Release Notes](https://go.microsoft.com/fwlink/?LinkId=267600)  
 Provides the most up-to-date information about known issues with App-V 4.6 SP2.
 
  
diff --git a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md
index 5493513ee4..0a642d3bc9 100644
--- a/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md
+++ b/mdop/appv-v4/about-microsoft-application-virtualization-46-sp3.md
@@ -23,7 +23,7 @@ App-V 4.6 SP3 includes support for Windows Server 2012 R2 and Windows 8.1
 ## How to Get MDOP Technologies
 
 
-App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/appv-v4/about-the-deployment-tab.md b/mdop/appv-v4/about-the-deployment-tab.md
index bfaa07b2ad..e3cfc4fcb6 100644
--- a/mdop/appv-v4/about-the-deployment-tab.md
+++ b/mdop/appv-v4/about-the-deployment-tab.md
@@ -117,7 +117,7 @@ Use the **Output Options** controls to specify the output options for the applic
 <td align="left"><p><strong>Compression Algorithm</strong></p></td>
 <td align="left"><p>Use to select the method for compressing the SFT file for streaming across a network. Select one of the following compression methods:</p>
 <ul>
-<li><p><strong>Compressed</strong>—Specifies that the SFT file be compressed in the [ZLIB](http://go.microsoft.com/fwlink/?LinkId=111475) format.</p></li>
+<li><p><strong>Compressed</strong>—Specifies that the SFT file be compressed in the [ZLIB](https://go.microsoft.com/fwlink/?LinkId=111475) format.</p></li>
 <li><p><strong>Not Compressed</strong>—The default; specifies that the SFT file not be compressed.</p></li>
 </ul></td>
 </tr>
diff --git a/mdop/appv-v4/about-the-virtual-file-system-tab.md b/mdop/appv-v4/about-the-virtual-file-system-tab.md
index 4a68cdad5f..e33d52c82f 100644
--- a/mdop/appv-v4/about-the-virtual-file-system-tab.md
+++ b/mdop/appv-v4/about-the-virtual-file-system-tab.md
@@ -15,7 +15,7 @@ ms.prod: w8
 
 The virtual file system is created during sequencing. It maps directories and files that are added or modified outside the package root directory. The **Virtual File System** tab displays the entire virtual file system for a sequenced application package. It also allows you to add, edit, and delete file associations.
 
-For information about the virtual file system and its use, see the section “VFS Installs” of [Advanced Sequencing Topics](http://go.microsoft.com/fwlink/?LinkId=114543), at http://go.microsoft.com/fwlink/?LinkId=114543.
+For information about the virtual file system and its use, see the section “VFS Installs” of [Advanced Sequencing Topics](https://go.microsoft.com/fwlink/?LinkId=114543), at https://go.microsoft.com/fwlink/?LinkId=114543.
 
 ## Columns
 
diff --git a/mdop/appv-v4/app-v-45-sp2-release-notes.md b/mdop/appv-v4/app-v-45-sp2-release-notes.md
index 2acd2c8c91..fef2e9aafc 100644
--- a/mdop/appv-v4/app-v-45-sp2-release-notes.md
+++ b/mdop/appv-v4/app-v-45-sp2-release-notes.md
@@ -20,33 +20,33 @@ Read these Release Notes thoroughly before you install the Microsoft Application
 
  
 
-For updated information about known issues, please visit the Microsoft TechNet Library at [App-V 4.5 SP2 Release Notes](http://go.microsoft.com/fwlink/?LinkId=184640) (http://go.microsoft.com/fwlink/?LinkId=184640).
+For updated information about known issues, please visit the Microsoft TechNet Library at [App-V 4.5 SP2 Release Notes](https://go.microsoft.com/fwlink/?LinkId=184640) (https://go.microsoft.com/fwlink/?LinkId=184640).
 
 ## About Microsoft Application Virtualization 4.5 Service Pack 2
 
 
 These Release Notes have been updated to reflect the changes introduced with Microsoft Application Virtualization (App-V) 4.5 Service Pack 2 (SP2). This service pack contains the following changes:
 
--   Support for Office 2010: App-V 4.5 SP2 now supports the virtualization of Microsoft Office 2010. For prescriptive guidance for sequencing Microsoft Office 2010 with App-V 4.5 SP2, see [Prescriptive guidance for sequencing Office 2010 in Microsoft App-V 4.6](http://go.microsoft.com/fwlink/?LinkId=191539) (http://go.microsoft.com/fwlink/?LinkId=191539).
+-   Support for Office 2010: App-V 4.5 SP2 now supports the virtualization of Microsoft Office 2010. For prescriptive guidance for sequencing Microsoft Office 2010 with App-V 4.5 SP2, see [Prescriptive guidance for sequencing Office 2010 in Microsoft App-V 4.6](https://go.microsoft.com/fwlink/?LinkId=191539) (https://go.microsoft.com/fwlink/?LinkId=191539).
 
--   Support for Database Mirroring: App-V 4.5 SP2 now supports Microsoft SQL Server Database Mirroring. For more information about configuring database mirroring in your App-V environment, see [How to Configure Microsoft SQL Server Mirroring Support for App-V](http://go.microsoft.com/fwlink/?LinkId=190880) (http://go.microsoft.com/fwlink/?LinkId=190880).
+-   Support for Database Mirroring: App-V 4.5 SP2 now supports Microsoft SQL Server Database Mirroring. For more information about configuring database mirroring in your App-V environment, see [How to Configure Microsoft SQL Server Mirroring Support for App-V](https://go.microsoft.com/fwlink/?LinkId=190880) (https://go.microsoft.com/fwlink/?LinkId=190880).
 
--   Customer Feedback and Hotfix Rollup: App-V 4.5 SP2 also includes a rollup of fixes to address issues found after the App-V  4.5 SP1 release. The updates address a combination of known issues and customer feedback from Microsoft internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see article 980847 in the Microsoft Knowledge Base (KB) at [Description of Microsoft Application Virtualization 4.5 Service Pack 2](http://go.microsoft.com/fwlink/?LinkId=191540) (http://go.microsoft.com/fwlink/?LinkId=191540).
+-   Customer Feedback and Hotfix Rollup: App-V 4.5 SP2 also includes a rollup of fixes to address issues found after the App-V  4.5 SP1 release. The updates address a combination of known issues and customer feedback from Microsoft internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see article 980847 in the Microsoft Knowledge Base (KB) at [Description of Microsoft Application Virtualization 4.5 Service Pack 2](https://go.microsoft.com/fwlink/?LinkId=191540) (https://go.microsoft.com/fwlink/?LinkId=191540).
 
 ## About the Product Documentation
 
 
-Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the [Application Virtualization TechCenter Library](http://go.microsoft.com/fwlink/?LinkId=122939) (http://go.microsoft.com/fwlink/?LinkId=122939). The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Clients, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide.
+Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the [Application Virtualization TechCenter Library](https://go.microsoft.com/fwlink/?LinkId=122939) (https://go.microsoft.com/fwlink/?LinkId=122939). The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Clients, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide.
 
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](http://go.microsoft.com/fwlink/?LinkId=3482) (http://go.microsoft.com/fwlink/?LinkId=3482).
+To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482).
 
 ## Provide Feedback
 
 
-You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System through the community forum on the Application Virtualization TechCenter [App-V Documentation Forum](http://go.microsoft.com/fwlink/?LinkId=122917) (http://go.microsoft.com/fwlink/?LinkId=122917).
+You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System through the community forum on the Application Virtualization TechCenter [App-V Documentation Forum](https://go.microsoft.com/fwlink/?LinkId=122917) (https://go.microsoft.com/fwlink/?LinkId=122917).
 
 You can also send your documentation feedback directly to the App-V documentation team at <appvdocs@microsoft.com>.
 
@@ -57,13 +57,13 @@ This section provides the most up-to-date information about issues with Microsof
 
 ### Guidance for installing Server Management Console
 
-If you have to install management software on systems other than the primary Application Virtualization publishing and streaming server, the server installation supports installing the Application Virtualization Management Console and Application Virtualization Management Web service on separate servers from the primary App-V Management Server. To distribute the management components across multiple servers, Kerberos delegation must be enabled on the server where the Application Virtualization Web service is installed. For information about how to enable this support, see [How to Configure the Server to be Trusted for Delegation](http://go.microsoft.com/fwlink/?LinkId=166682) (http://go.microsoft.com/fwlink/?LinkId=166682).
+If you have to install management software on systems other than the primary Application Virtualization publishing and streaming server, the server installation supports installing the Application Virtualization Management Console and Application Virtualization Management Web service on separate servers from the primary App-V Management Server. To distribute the management components across multiple servers, Kerberos delegation must be enabled on the server where the Application Virtualization Web service is installed. For information about how to enable this support, see [How to Configure the Server to be Trusted for Delegation](https://go.microsoft.com/fwlink/?LinkId=166682) (https://go.microsoft.com/fwlink/?LinkId=166682).
 
 ### Guidance for installing or upgrading clients to App-V 4.5 SP2 by using Setup.msi
 
 When installing or upgrading your App-V Clients to App-V 4.5 SP2 by using Setup.msi, the prerequisites are not installed automatically.
 
-WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V Clients to App-V 4.5 SP2. For detailed procedures about how to install the prerequisites and the App-V Client, see [How to Install the Client by Using the Command Line](http://go.microsoft.com/fwlink/?LinkId=144106) (http://go.microsoft.com/fwlink/?LinkId=144106).
+WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V Clients to App-V 4.5 SP2. For detailed procedures about how to install the prerequisites and the App-V Client, see [How to Install the Client by Using the Command Line](https://go.microsoft.com/fwlink/?LinkId=144106) (https://go.microsoft.com/fwlink/?LinkId=144106).
 
 When this has been completed, install the App-V 4.5 SP2 Clients by using Setup.msi with administrative credentials. This file is available on the App-V 4.5 SP2 release media in the Installers\\Client folder.
 
@@ -158,11 +158,11 @@ When using Internet Information Services (IIS) 6.0 or IIS 7.0 for icon or OSD
 
     **Setspn -r HTTP/&lt;Server FQDN&gt;**
 
-For more information, see [Integrated Windows Authentication (IIS 6.0)](http://go.microsoft.com/fwlink/?LinkId=131407) (http://go.microsoft.com/fwlink/?LinkId=131407).
+For more information, see [Integrated Windows Authentication (IIS 6.0)](https://go.microsoft.com/fwlink/?LinkId=131407) (https://go.microsoft.com/fwlink/?LinkId=131407).
 
 ### .NET compatibility changes
 
-Microsoft Application Virtualization (App-V) Cumulative Update 1 or later supports sequencing the .NET Framework on Windows XP SP2 or later. Sequencing routines for .NET applications that were written for SoftGrid 4.2 might have to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, see the Application Virtualization TechCenter article at [Support for .NET in Microsoft Application Virtualization 4.5](http://go.microsoft.com/fwlink/?LinkId=123412) (http://go.microsoft.com/fwlink/?LinkId=123412).
+Microsoft Application Virtualization (App-V) Cumulative Update 1 or later supports sequencing the .NET Framework on Windows XP SP2 or later. Sequencing routines for .NET applications that were written for SoftGrid 4.2 might have to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, see the Application Virtualization TechCenter article at [Support for .NET in Microsoft Application Virtualization 4.5](https://go.microsoft.com/fwlink/?LinkId=123412) (https://go.microsoft.com/fwlink/?LinkId=123412).
 
 ### <a href="" id="after-client-upgrade-from-app-v-4-2--some-applications-are-not-shown-"></a>After client upgrade from App-V 4.2, some applications are not shown
 
@@ -192,7 +192,7 @@ Application Virtualization administrators must have Read and Execute permissions
 
 When used in conjunction with KEEPCURRENTSETTINGS=1, the following client installer command-line parameters are ignored: SWICACHESIZE, MINFREESPACEMB, ALLOWINDEPENDENTFILESTREAMING, APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, SYSTEMEVENTLOGLEVEL, SWIGLOBALDATA, DOTIMEOUTMINUTES, SWIFSDRIVE, AUTOLOADTARGET, AUTOLOADTRIGGERS, SWIUSERDATA, and REQUIRESECURECONNECTION.
 
-WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1, and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. You can download the ADM Template from the Microsoft DownLoad Center at [Microsoft Application Virtualization Administrative Template (ADM Template)](http://go.microsoft.com/fwlink/?LinkId=121835) (http://go.microsoft.com/fwlink/?LinkId=121835).
+WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1, and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. You can download the ADM Template from the Microsoft DownLoad Center at [Microsoft Application Virtualization Administrative Template (ADM Template)](https://go.microsoft.com/fwlink/?LinkId=121835) (https://go.microsoft.com/fwlink/?LinkId=121835).
 
 ### Release Notes Copyright Information
 
diff --git a/mdop/appv-v4/app-v-46-release-notes.md b/mdop/appv-v4/app-v-46-release-notes.md
index 81d8a1852e..854a3c4ca1 100644
--- a/mdop/appv-v4/app-v-46-release-notes.md
+++ b/mdop/appv-v4/app-v-46-release-notes.md
@@ -23,7 +23,7 @@ Read these Release Notes thoroughly before you install the Microsoft Application
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security Web site](http://go.microsoft.com/fwlink/?LinkId=3482) (http://go.microsoft.com/fwlink/?LinkId=3482).
+To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security Web site](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482).
 
 ## Known Issues with Application Virtualization 4.6
 
diff --git a/mdop/appv-v4/app-v-46-sp1-release-notes.md b/mdop/appv-v4/app-v-46-sp1-release-notes.md
index 80d4220900..6b315e90ba 100644
--- a/mdop/appv-v4/app-v-46-sp1-release-notes.md
+++ b/mdop/appv-v4/app-v-46-sp1-release-notes.md
@@ -23,7 +23,7 @@ Read these Release Notes thoroughly before you install the Microsoft Application
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security website](http://go.microsoft.com/fwlink/?LinkId=3482) (http://go.microsoft.com/fwlink/?LinkId=3482).
+To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security website](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482).
 
 ## Known Issues with Application Virtualization 4.6 SP1
 
diff --git a/mdop/appv-v4/app-v-46-sp2-release-notes.md b/mdop/appv-v4/app-v-46-sp2-release-notes.md
index f2414f7825..a9e792b831 100644
--- a/mdop/appv-v4/app-v-46-sp2-release-notes.md
+++ b/mdop/appv-v4/app-v-46-sp2-release-notes.md
@@ -22,7 +22,7 @@ These release notes contain information that is required to successfully install
 ## About the Product Documentation
 
 
-For more information about documentation for App-V, see the [Application Virtualization](http://go.microsoft.com/fwlink/?LinkID=232982) page on Microsoft TechNet.
+For more information about documentation for App-V, see the [Application Virtualization](https://go.microsoft.com/fwlink/?LinkID=232982) page on Microsoft TechNet.
 
 ## Providing feedback
 
@@ -34,9 +34,9 @@ This email address is not a support channel, but your feedback will help us to p
 
  
 
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## <a href="" id="known-issues-with-app-v-4-6-sp2-"></a>Known Issues with App-V 4.6 SP2
 
diff --git a/mdop/appv-v4/app-v-46-sp3-release-notes.md b/mdop/appv-v4/app-v-46-sp3-release-notes.md
index f3b3bbd638..53e91e93f6 100644
--- a/mdop/appv-v4/app-v-46-sp3-release-notes.md
+++ b/mdop/appv-v4/app-v-46-sp3-release-notes.md
@@ -20,7 +20,7 @@ Read these Release Notes thoroughly before you install the Microsoft Application
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security website](http://go.microsoft.com/fwlink/?LinkId=3482) (http://go.microsoft.com/fwlink/?LinkId=3482).
+To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the [Microsoft Security website](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482).
 
 ## Known Issues with Application Virtualization 4.6 SP3
 
diff --git a/mdop/appv-v4/app-v-client-registry-values-sp1.md b/mdop/appv-v4/app-v-client-registry-values-sp1.md
index d1abb66e68..ce05856766 100644
--- a/mdop/appv-v4/app-v-client-registry-values-sp1.md
+++ b/mdop/appv-v4/app-v-client-registry-values-sp1.md
@@ -86,7 +86,7 @@ The following table provides information about the registry values associated wi
 <td align="left"><p>Controls which messages are written to the log. The value indicates a threshold of what is logged—everything less than or equal to that value is logged. For example, a value of 0x3 (Warning) indicates that Warnings (0x3), Errors (0x2), and Critical Errors (0x1) are logged.</p>
 <p>Value Range: 0x0 = None, 0x1 = Critical, 0x2 = Error, 0x3 = Warning, 0x4 = Information (Default), 0x5 = Verbose.</p>
 <p>The log level is configurable from the Application Virtualization (App-V) client console and from the command prompt. At a command prompt, the command sftlist.exe /verboselog will increase the log level to verbose. For more information on command-line details see</p>
-<p>http://go.microsoft.com/fwlink/?LinkId=141467http://go.microsoft.com/fwlink/?LinkId=141467</p>
+<p>https://go.microsoft.com/fwlink/?LinkId=141467https://go.microsoft.com/fwlink/?LinkId=141467</p>
 <p>.</p></td>
 </tr>
 <tr class="odd">
diff --git a/mdop/appv-v4/app-v-desktop-client-security.md b/mdop/appv-v4/app-v-desktop-client-security.md
index 1ac437a216..24bf4ce063 100644
--- a/mdop/appv-v4/app-v-desktop-client-security.md
+++ b/mdop/appv-v4/app-v-desktop-client-security.md
@@ -56,7 +56,7 @@ When using the ADM Template, remember that the settings are Group Policy prefere
 
  
 
-For a full description of the ADM Template, the specific settings, and guidance to successfully deploy clients in your environment, see the App-V ADM Template white paper at [http://go.microsoft.com/fwlink/LinkId=122063](http://go.microsoft.com/fwlink/?LinkId=122063).
+For a full description of the ADM Template, the specific settings, and guidance to successfully deploy clients in your environment, see the App-V ADM Template white paper at [https://go.microsoft.com/fwlink/LinkId=122063](https://go.microsoft.com/fwlink/?LinkId=122063).
 
 ## Removing OSD File Type Associations
 
diff --git a/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md b/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md
index 19861182b0..30fcea79ef 100644
--- a/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md
+++ b/mdop/appv-v4/app-v-interoperability-with-windows-applocker.md
@@ -16,7 +16,7 @@ ms.prod: w8
 Version 4.5 SP1 of the Microsoft Application Virtualization (App-V) client supports the AppLocker feature of Windows 7. The AppLocker feature enables IT administrators to specify which applications are restricted from running on computers. This document describes how to configure the AppLocker rules to work with the App-V virtual environment and virtualized applications.
 
 **Note**  
-Windows AppLocker must first be enabled before configuring Windows AppLocker rules for virtual applications. For more information about enabling Windows AppLocker, [Windows AppLocker](http://go.microsoft.com/fwlink/?LinkId=156732) (http://go.microsoft.com/fwlink/?LinkId=156732).
+Windows AppLocker must first be enabled before configuring Windows AppLocker rules for virtual applications. For more information about enabling Windows AppLocker, [Windows AppLocker](https://go.microsoft.com/fwlink/?LinkId=156732) (https://go.microsoft.com/fwlink/?LinkId=156732).
 
  
 
diff --git a/mdop/appv-v4/app-v-pre-installation-checklist.md b/mdop/appv-v4/app-v-pre-installation-checklist.md
index 4986b4222b..1a675afc30 100644
--- a/mdop/appv-v4/app-v-pre-installation-checklist.md
+++ b/mdop/appv-v4/app-v-pre-installation-checklist.md
@@ -52,7 +52,7 @@ The following checklist is intended to provide a high-level list of items to con
 </tr>
 <tr class="odd">
 <td align="left"><p>Install Microsoft SQL Server 2008.</p></td>
-<td align="left"><p>[Install SQL Server 2008](http://go.microsoft.com/fwlink/?LinkId=181924) (http://go.microsoft.com/fwlink/?LinkId=181924).</p></td>
+<td align="left"><p>[Install SQL Server 2008](https://go.microsoft.com/fwlink/?LinkId=181924) (https://go.microsoft.com/fwlink/?LinkId=181924).</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/mdop/appv-v4/app-v-upgrade-checklist.md b/mdop/appv-v4/app-v-upgrade-checklist.md
index 1cc521ddb6..7e2266af13 100644
--- a/mdop/appv-v4/app-v-upgrade-checklist.md
+++ b/mdop/appv-v4/app-v-upgrade-checklist.md
@@ -81,7 +81,7 @@ Before trying to upgrade to Microsoft Application Virtualization (App-V) 4.5 or
 
 -   Any version 4.2 reports that were created and saved will be overwritten when the server is upgraded to version 4.5. If you have to keep these reports, you must save a backup copy of the SftMMC.msc file located in the SoftGrid Management Console folder on the server and use that copy to replace the new SftMMC.msc that is installed during the upgrade.
 
--   For additional information about upgrading from previous versions, see [Upgrading to Microsoft Application Virtualization 4.5 FAQ](http://go.microsoft.com/fwlink/?LinkId=120358) (http://go.microsoft.com/fwlink/?LinkId=120358).
+-   For additional information about upgrading from previous versions, see [Upgrading to Microsoft Application Virtualization 4.5 FAQ](https://go.microsoft.com/fwlink/?LinkId=120358) (https://go.microsoft.com/fwlink/?LinkId=120358).
 
 ## <a href="" id="app-v-4-6-client-package-support-"></a>App-V 4.6 Client Package Support
 
diff --git a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md b/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md
index c26601e8b8..b840409951 100644
--- a/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md
+++ b/mdop/appv-v4/application-virtualization-client-hardware-and-software-requirements.md
@@ -85,16 +85,16 @@ The hardware requirements requirements are applicable to all versions.
 **Note**  
 The following software prerequisites are installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, the following products must be installed first.
 
--   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=119961) (http://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](http://go.microsoft.com/fwlink/?LinkId=169360) (http://go.microsoft.com/fwlink/?LinkId=169360).
+-   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) (https://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).
 
--   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](http://go.microsoft.com/fwlink/?LinkId=63266) (http://go.microsoft.com/fwlink/?LinkId=63266).
+-   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) (https://go.microsoft.com/fwlink/?LinkId=63266).
 
  
 
 **Note**  
 For the Application Virtualization (App-V) 4.6 Desktop Client, the following additional software prerequisite is installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, you must also install with the other prerequisites listed.
 
--   **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=150700) (http://go.microsoft.com/fwlink/?LinkId=150700).
+-   **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=150700) (https://go.microsoft.com/fwlink/?LinkId=150700).
 
  
 
@@ -149,9 +149,9 @@ The Application Virtualization (App-V) 4.6 Desktop Client supports 32-bit and 64
 **Note**  
 The following software prerequisites are installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, the following products must be installed first.
 
--   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=119961) (http://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](http://go.microsoft.com/fwlink/?LinkId=169360) (http://go.microsoft.com/fwlink/?LinkId=169360).
+-   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) (https://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).
 
--   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](http://go.microsoft.com/fwlink/?LinkId=63266) (http://go.microsoft.com/fwlink/?LinkId=63266).
+-   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) (https://go.microsoft.com/fwlink/?LinkId=63266).
 
 -   **Microsoft Application Error Reporting**—The installation program for this software is included in the **Support\\Watson** folder in the self-extracting archive file.
 
@@ -160,7 +160,7 @@ The following software prerequisites are installed automatically if you are usin
 **Note**  
 For the Application Virtualization (App-V) 4.6 Desktop Client, the following additional software prerequisite is installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, you must also install with the other prerequisites listed.
 
--   **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=150700) (http://go.microsoft.com/fwlink/?LinkId=150700).
+-   **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=150700) (https://go.microsoft.com/fwlink/?LinkId=150700).
 
  
 
@@ -234,9 +234,9 @@ The hardware requirements requirements are applicable to all versions.
 **Note**  
 The following software prerequisites are installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, the following products must be installed first.
 
--   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=119961) (http://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](http://go.microsoft.com/fwlink/?LinkId=169360) (http://go.microsoft.com/fwlink/?LinkId=169360).
+-   **Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2005 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) (https://go.microsoft.com/fwlink/?LinkId=119961). For version 4.5 SP2 of the App-V client, download Vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).
 
--   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](http://go.microsoft.com/fwlink/?LinkId=63266) (http://go.microsoft.com/fwlink/?LinkId=63266).
+-   **Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)**—For more information about installing Microsoft Core XML Services (MSXML) 6.0 SP1 (x86), see [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) (https://go.microsoft.com/fwlink/?LinkId=63266).
 
 -   **Microsoft Application Error Reporting**—The installation program for this software is included in the **Support\\Watson** folder in the self-extracting archive file.
 
@@ -245,7 +245,7 @@ The following software prerequisites are installed automatically if you are usin
 **Note**  
 For the Application Virtualization (App-V) 4.6 Desktop Client, the following additional software prerequisite is installed automatically if you are using the Setup.exe method. If you are using the Setup.msi installation program, you must also install with the other prerequisites listed.
 
--   **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=150700) (http://go.microsoft.com/fwlink/?LinkId=150700).
+-   **Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)**—For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see [Microsoft Visual C++ 2008 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=150700) (https://go.microsoft.com/fwlink/?LinkId=150700).
 
  
 
diff --git a/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md b/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md
index 6171672825..07c6eadf1c 100644
--- a/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md
+++ b/mdop/appv-v4/application-virtualization-client-installer-command-line-parameters.md
@@ -285,7 +285,7 @@ The following table lists all available Microsoft Application Virtualization Cli
 <strong>Important</strong>  
 <p>If set to a value of 1, the following client installer command-line parameters are ignored:</p>
 <p><strong>SWICACHESIZE</strong>, <strong>MINFREESPACEMB</strong>, <strong>ALLOWINDEPENDENTFILESTREAMING</strong>, <strong>APPLICATIONSOURCEROOT</strong>, <strong>ICONSOURCEROOT</strong>, <strong>OSDSOURCEROOT</strong>, <strong>SYSTEMEVENTLOGLEVEL</strong>, <strong>SWIGLOBALDATA</strong>, <strong>DOTIMEOUTMINUTES</strong>, <strong>SWIFSDRIVE</strong>, <strong>AUTOLOADTARGET</strong>, <strong>AUTOLOADTRIGGERS</strong>, and <strong>SWIUSERDATA</strong>.</p>
-<p>For further information about setting these values after installation, see “How to Configure the App-V Client Registry Settings by Using the Command Line” in the Application Virtualization (App-V) Operations Guide ([http://go.microsoft.com/fwlink/?LinkId=122939](http://go.microsoft.com/fwlink/?LinkId=122939)).</p>
+<p>For further information about setting these values after installation, see “How to Configure the App-V Client Registry Settings by Using the Command Line” in the Application Virtualization (App-V) Operations Guide ([https://go.microsoft.com/fwlink/?LinkId=122939](https://go.microsoft.com/fwlink/?LinkId=122939)).</p>
 </div>
 <div>
  
diff --git a/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md b/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md
index be27f4388f..097da31e02 100644
--- a/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md
+++ b/mdop/appv-v4/configuring-app-v-administration-for-a-distributed-environment.md
@@ -48,7 +48,7 @@ To set up the environment where SQL Servers use domain-based service accounts, y
 
 -   Linked servers
 
-For information about configuring Active Directory Domain Services when the SQL service uses a domain-based account, see <http://go.microsoft.com/fwlink/?LinkId=151968>.
+For information about configuring Active Directory Domain Services when the SQL service uses a domain-based account, see <https://go.microsoft.com/fwlink/?LinkId=151968>.
 
  
 
diff --git a/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md b/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md
index 9d14275aea..34f4b265ea 100644
--- a/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md
+++ b/mdop/appv-v4/configuring-certificates-to-support-app-v-management-server-or-streaming-server.md
@@ -38,7 +38,7 @@ The App-V certificate is submitted to a certification authority (CA) that is con
 
 This configuration is necessary only when using an NLB cluster. When the client connects to the server, it will connect using the fully qualified domain name (FQDN) of the NLB cluster and not the FQDN of an individual server. If you do not add the SAN property with the FQDN of the server nodes in the cluster, all client connections are refused because the common name of the certificate won’t match the server name.
 
-For more detailed information about configuring certificates with the SAN attribute, see <http://go.microsoft.com/fwlink/?LinkId=133228>.
+For more detailed information about configuring certificates with the SAN attribute, see <https://go.microsoft.com/fwlink/?LinkId=133228>.
 
 ## Related topics
 
diff --git a/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md b/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md
index 1e904c03a9..50c237450f 100644
--- a/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md
+++ b/mdop/appv-v4/configuring-certificates-to-support-secure-streaming.md
@@ -35,7 +35,7 @@ The scenarios for obtaining and installing a certificate for App-V are as follow
 
 If a PKI infrastructure has been deployed, consult with the PKI administrators to acquire a certificate that complies with the requirements described in this topic. If a PKI infrastructure is not available, use a third-party CA to obtain a valid certificate.
 
-For step-by-step guidance for obtaining and installing a certificate, see <http://go.microsoft.com/fwlink/?LinkId=151969>.
+For step-by-step guidance for obtaining and installing a certificate, see <https://go.microsoft.com/fwlink/?LinkId=151969>.
 
 ## Related topics
 
diff --git a/mdop/appv-v4/configuring-certificates-to-support-the-app-v-web-management-service.md b/mdop/appv-v4/configuring-certificates-to-support-the-app-v-web-management-service.md
index 15f49413c8..41b7a484cd 100644
--- a/mdop/appv-v4/configuring-certificates-to-support-the-app-v-web-management-service.md
+++ b/mdop/appv-v4/configuring-certificates-to-support-the-app-v-web-management-service.md
@@ -30,7 +30,7 @@ The name of the certificate must match the name of the server. It is a best prac
 
  
 
-App-V can use IIS servers to support different infrastructure configurations. For more information about configuring IIS servers to support HTTPS, see <http://go.microsoft.com/fwlink/?LinkId=151972>.
+App-V can use IIS servers to support different infrastructure configurations. For more information about configuring IIS servers to support HTTPS, see <https://go.microsoft.com/fwlink/?LinkId=151972>.
 
 ## Related topics
 
diff --git a/mdop/appv-v4/configuring-iis-for-secure-streaming.md b/mdop/appv-v4/configuring-iis-for-secure-streaming.md
index b5b3018970..32b9bd5155 100644
--- a/mdop/appv-v4/configuring-iis-for-secure-streaming.md
+++ b/mdop/appv-v4/configuring-iis-for-secure-streaming.md
@@ -18,9 +18,9 @@ With the release of Microsoft Application Virtualization (App-V) version 4.5, yo
 **Note**  
 If you want to stream applications from a file server, you should enhance the security of the communications to the application packages. This can be achieved using IPsec. For more information see the following topics in the TechNet Library:
 
--   For Windows Server 2003, <http://go.microsoft.com/fwlink/?LinkId=133226>
+-   For Windows Server 2003, <https://go.microsoft.com/fwlink/?LinkId=133226>
 
--   For Windows Server 2008, <http://go.microsoft.com/fwlink/?LinkId=133227>
+-   For Windows Server 2008, <https://go.microsoft.com/fwlink/?LinkId=133227>
 
  
 
@@ -35,9 +35,9 @@ When you use IIS to stream virtual applications with HTTP or HTTPS, to support A
 
 Use the following KB articles as guidance for adding MIME types:
 
-IIS 6.0: <http://go.microsoft.com/fwlink/?LinkId=151973>
+IIS 6.0: <https://go.microsoft.com/fwlink/?LinkId=151973>
 
-IIS 7.0: <http://go.microsoft.com/fwlink/?LinkId=151977>
+IIS 7.0: <https://go.microsoft.com/fwlink/?LinkId=151977>
 
 ## Kerberos Authentication
 
diff --git a/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md b/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md
index bd51a8de61..9980c9e2c5 100644
--- a/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md
+++ b/mdop/appv-v4/electronic-software-distribution-based-scenario-overview.md
@@ -16,7 +16,7 @@ ms.prod: w8
 If you plan to use an electronic software distribution (ESD) solution to deploy virtual applications, it is important to understand the factors that go into and are affected by that decision. This topic describes the benefits of using an ESD-based scenario and provides information about the publishing and package streaming methods that you will need to consider as you proceed with your deployment.
 
 **Important**  
-Whichever ESD solution you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or later, see the System Center Configuration Manager documentation at <http://go.microsoft.com/fwlink/?LinkId=66999>.
+Whichever ESD solution you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or later, see the System Center Configuration Manager documentation at <https://go.microsoft.com/fwlink/?LinkId=66999>.
 
  
 
diff --git a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md
index b57bb891ef..b883b5b994 100644
--- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md
+++ b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--rds--sp1.md
@@ -140,7 +140,7 @@ Although you can publish the applications by using several different methods, th
 ## How to Use Symbolic Links when Upgrading the Cache
 
 
-Instead of changing the AppFS key FILENAME value every time that a new cache file is deployed that contains new or upgraded packages, you can use a symbolic link in the following operating systems: Windows Vista, Windows 7, and Windows Server 2008. For more information about symbolic links, see [Symbolic Links](http://go.microsoft.com/fwlink/?LinkId=157626) (http://go.microsoft.com/fwlink/?LinkId=157626). In contrast, Windows XP does not support the use of symbolic links, and you must use junction points instead. For more information about junctions, see [article 205524](http://go.microsoft.com/fwlink/?LinkId=182553) in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=182553), and also the tool [Junction v1.05](http://go.microsoft.com/fwlink/?LinkId=182554) (http://go.microsoft.com/fwlink/?LinkId=182554).
+Instead of changing the AppFS key FILENAME value every time that a new cache file is deployed that contains new or upgraded packages, you can use a symbolic link in the following operating systems: Windows Vista, Windows 7, and Windows Server 2008. For more information about symbolic links, see [Symbolic Links](https://go.microsoft.com/fwlink/?LinkId=157626) (https://go.microsoft.com/fwlink/?LinkId=157626). In contrast, Windows XP does not support the use of symbolic links, and you must use junction points instead. For more information about junctions, see [article 205524](https://go.microsoft.com/fwlink/?LinkId=182553) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=182553), and also the tool [Junction v1.05](https://go.microsoft.com/fwlink/?LinkId=182554) (https://go.microsoft.com/fwlink/?LinkId=182554).
 
 **To configure a symbolic link to reference the cache**
 
diff --git a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md
index a36457280d..1d39c091ec 100644
--- a/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md
+++ b/mdop/appv-v4/how-to-configure-a-read-only-cache-on-the-app-v-client--vdi-.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # How to Configure a Read-only Cache on the App-V Client (VDI)
 
 
-In Microsoft Application Virtualization (App-V) 4.6 the Client supports using a shared read-only cache. The shared read-only cache enables the Client to use disk space efficiently in a Virtual Desktop Infrastructure (VDI) system, where users run applications on Virtual Machines (VM) that are hosted in a data center server environment and share network storage on a Storage Area Network (SAN). The following procedures provide an overview of the process that is required to implement the App-V Client in either of the primary VDI architectures, known as “Pooled VM” or “Static VM”. It is assumed that you are familiar with the planning, deployment, and operation of the App-V system and its components, and also the operation and management of the VDI server. For more information about App-V, see [Application Virtualization](http://go.microsoft.com/fwlink/?LinkId=122939) (http://go.microsoft.com/fwlink/?LinkId=122939)
+In Microsoft Application Virtualization (App-V) 4.6 the Client supports using a shared read-only cache. The shared read-only cache enables the Client to use disk space efficiently in a Virtual Desktop Infrastructure (VDI) system, where users run applications on Virtual Machines (VM) that are hosted in a data center server environment and share network storage on a Storage Area Network (SAN). The following procedures provide an overview of the process that is required to implement the App-V Client in either of the primary VDI architectures, known as “Pooled VM” or “Static VM”. It is assumed that you are familiar with the planning, deployment, and operation of the App-V system and its components, and also the operation and management of the VDI server. For more information about App-V, see [Application Virtualization](https://go.microsoft.com/fwlink/?LinkId=122939) (https://go.microsoft.com/fwlink/?LinkId=122939)
 
 **Note**  
 The details outlined in these procedures are intended as examples only. You might use different methods to complete the overall process.
@@ -151,7 +151,7 @@ Although you can publish the applications by using several different methods, th
 ## How to Use Symbolic Links when Upgrading the Cache
 
 
-Instead of modifying the AppFS key FILENAME value every time that a new cache file is deployed that contains new or upgraded packages, you can use a symbolic link in the following operating systems: Windows Vista, Windows 7, and Windows Server 2008. For more information about symbolic links, see [Symbolic Links](http://go.microsoft.com/fwlink/?LinkId=157626) (http://go.microsoft.com/fwlink/?LinkId=157626). In contrast, Windows XP does not support the use of symbolic links, and you must use junction points instead. For more information about junctions, see [article 205524](http://go.microsoft.com/fwlink/?LinkId=182553) in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=182553), and also the tool [Junction v1.05](http://go.microsoft.com/fwlink/?LinkId=182554) (http://go.microsoft.com/fwlink/?LinkId=182554).
+Instead of modifying the AppFS key FILENAME value every time that a new cache file is deployed that contains new or upgraded packages, you can use a symbolic link in the following operating systems: Windows Vista, Windows 7, and Windows Server 2008. For more information about symbolic links, see [Symbolic Links](https://go.microsoft.com/fwlink/?LinkId=157626) (https://go.microsoft.com/fwlink/?LinkId=157626). In contrast, Windows XP does not support the use of symbolic links, and you must use junction points instead. For more information about junctions, see [article 205524](https://go.microsoft.com/fwlink/?LinkId=182553) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=182553), and also the tool [Junction v1.05](https://go.microsoft.com/fwlink/?LinkId=182554) (https://go.microsoft.com/fwlink/?LinkId=182554).
 
 **To configure a symbolic link to reference the cache**
 
diff --git a/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md b/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md
index 381bb8e72c..2ca3425059 100644
--- a/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md
+++ b/mdop/appv-v4/how-to-configure-microsoft-sql-server-mirroring-support-for-app-v.md
@@ -24,17 +24,17 @@ This procedure is written for administrators who are familiar with setting up an
 
 1.  Set up SQL Server database mirroring of the App-V database following your standard business practices for database mirroring. Use the following links for general information about implementing Microsoft SQL Server database mirroring:
 
-    -   **Microsoft SQL 2005**—[Setting Up Database Mirroring](http://go.microsoft.com/fwlink/?LinkId=187478) (http://go.microsoft.com/fwlink/?LinkId=187478)
+    -   **Microsoft SQL 2005**—[Setting Up Database Mirroring](https://go.microsoft.com/fwlink/?LinkId=187478) (https://go.microsoft.com/fwlink/?LinkId=187478)
 
-    -   **Microsoft SQL 2008**—[Setting Up Database Mirroring](http://go.microsoft.com/fwlink/?LinkId=187477) (http://go.microsoft.com/fwlink/?LinkId=187477)
+    -   **Microsoft SQL 2008**—[Setting Up Database Mirroring](https://go.microsoft.com/fwlink/?LinkId=187477) (https://go.microsoft.com/fwlink/?LinkId=187477)
 
-    In addition, you can find Best Practices information in [Database Mirroring Best Practices and Performance Considerations](http://go.microsoft.com/fwlink/?LinkId=190270) (http://go.microsoft.com/fwlink/?LinkId=190270).
+    In addition, you can find Best Practices information in [Database Mirroring Best Practices and Performance Considerations](https://go.microsoft.com/fwlink/?LinkId=190270) (https://go.microsoft.com/fwlink/?LinkId=190270).
 
-2.  After mirroring has been set up, verify that the App-V database shows a status of **(Principal, Synchronized)**, and the mirrored database shows a status of **(Mirror, Synchronized / Restoring)**. Resolve any mirroring issues before proceeding to the next step. For additional information about monitoring the status, see [Monitoring Mirroring Status](http://go.microsoft.com/fwlink/?LinkId=190279) (http://go.microsoft.com/fwlink/?LinkId=190279).
+2.  After mirroring has been set up, verify that the App-V database shows a status of **(Principal, Synchronized)**, and the mirrored database shows a status of **(Mirror, Synchronized / Restoring)**. Resolve any mirroring issues before proceeding to the next step. For additional information about monitoring the status, see [Monitoring Mirroring Status](https://go.microsoft.com/fwlink/?LinkId=190279) (https://go.microsoft.com/fwlink/?LinkId=190279).
 
 3.  On the SQL Server computer that hosts the mirror of the App-V database, create the SQL Server Login for the network service account of the App-V Management Server by using the account name **&lt;domain&gt;\\&lt;ManagementServerHostName&gt;$**.
 
-4.  Install the Microsoft SQL Server Native Client on the App-V Management Server, and on the computer running the App-V Management Web Service if installed on a different computer. If you plan to have additional App-V Management Servers connect to the mirrored SQL database for load balancing, you must install the Microsoft SQL Server Native Client on those computers as well. You can download the Microsoft SQL Server Native Client from the [Microsoft SQL Server 2008 Feature Pack](http://go.microsoft.com/fwlink/?LinkId=187479) page in the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=187479).
+4.  Install the Microsoft SQL Server Native Client on the App-V Management Server, and on the computer running the App-V Management Web Service if installed on a different computer. If you plan to have additional App-V Management Servers connect to the mirrored SQL database for load balancing, you must install the Microsoft SQL Server Native Client on those computers as well. You can download the Microsoft SQL Server Native Client from the [Microsoft SQL Server 2008 Feature Pack](https://go.microsoft.com/fwlink/?LinkId=187479) page in the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=187479).
 
 5.  Check the registry key **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Softgrid\\4.5\\Server\\SQLServerName** and make sure that it contains only the host name of the SQL Server. If it includes an instance name, for example *serverhostname\\instancename*, the instance name must be removed.
 
@@ -58,7 +58,7 @@ This procedure is written for administrators who are familiar with setting up an
     -   Click the **All** tab, and then select the entry **Failover Partner**. Click **Edit Value**, and then enter the server name of the failover SQL Server. Click **OK**.
 
     **Important**  
-    The App-V system uses Kerberos authentication. Therefore, when you configure SQL mirroring where Kerberos Authentication is enabled on the SQL Server and the SQL Server service runs under a domain user account, you must manually configure an SPN. For more information, see “When SQL Service Uses Domain-Based Account” in the article [Configuring App-V Administration for a Distributed Environment](http://go.microsoft.com/fwlink/?LinkId=203186) (http://go.microsoft.com/fwlink/?LinkId=203186).
+    The App-V system uses Kerberos authentication. Therefore, when you configure SQL mirroring where Kerberos Authentication is enabled on the SQL Server and the SQL Server service runs under a domain user account, you must manually configure an SPN. For more information, see “When SQL Service Uses Domain-Based Account” in the article [Configuring App-V Administration for a Distributed Environment](https://go.microsoft.com/fwlink/?LinkId=203186) (https://go.microsoft.com/fwlink/?LinkId=203186).
 
      
 
diff --git a/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md b/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md
index 4bc97b888f..4e744f991f 100644
--- a/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md
+++ b/mdop/appv-v4/how-to-configure-the-app-v-client-registry-settings-by-using-the-command-line.md
@@ -21,7 +21,7 @@ After the Application Virtualization (App-V) Client has been deployed and config
 
 -   Using a scripting language such as VBScript or Windows PowerShell
 
-There is also an ADM template that you can use. For more information about the ADM template, see <http://go.microsoft.com/fwlink/?LinkId=121835>.
+There is also an ADM template that you can use. For more information about the ADM template, see <https://go.microsoft.com/fwlink/?LinkId=121835>.
 
 **Caution**  
 Use care when you edit the registry because errors can leave the computer in an unusable state. Be sure to follow your standard business practices that relate to registry edits. Thoroughly test all proposed changes in a test environment before you deploy them to production computers.
diff --git a/mdop/appv-v4/how-to-configure-user-permissions.md b/mdop/appv-v4/how-to-configure-user-permissions.md
index 062e47ecaa..629ffaef76 100644
--- a/mdop/appv-v4/how-to-configure-user-permissions.md
+++ b/mdop/appv-v4/how-to-configure-user-permissions.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # How to Configure User Permissions
 
 
-You can enable and disable some actions for users who do not have administrative rights by editing the key values under the **Permissions** registry key (HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Permissions). This key is primarily designed to help prevent users from making mistakes rather than to provide any special security, because users with administrative rights can edit any of these key values. The following procedures are examples of how to change the key values. For more information about the Application Virtualization (App-V) Client registry keys and values, see <http://go.microsoft.com/fwlink/?LinkId=121528>.
+You can enable and disable some actions for users who do not have administrative rights by editing the key values under the **Permissions** registry key (HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\SoftGrid\\4.5\\Client\\Permissions). This key is primarily designed to help prevent users from making mistakes rather than to provide any special security, because users with administrative rights can edit any of these key values. The following procedures are examples of how to change the key values. For more information about the Application Virtualization (App-V) Client registry keys and values, see <https://go.microsoft.com/fwlink/?LinkId=121528>.
 
 **To change user permissions**
 
diff --git a/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md b/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md
index 222433549f..0dda96e157 100644
--- a/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md
+++ b/mdop/appv-v4/how-to-configure-windows-server-2008-firewall-for-app-v.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # How to Configure Windows Server 2008 Firewall for App-V
 
 
-With the introduction of Windows Server 2008, the firewall and IPsec components were merged into one service, and the capabilities of this service were enhanced. The new firewall service supports incoming and outgoing stateful inspection. Also, you can configure specific firewall rules and IPsec policies through group policies. For additional information about the Windows firewall in Windows Server 2008, see <http://go.microsoft.com/fwlink/?LinkId=151980>.
+With the introduction of Windows Server 2008, the firewall and IPsec components were merged into one service, and the capabilities of this service were enhanced. The new firewall service supports incoming and outgoing stateful inspection. Also, you can configure specific firewall rules and IPsec policies through group policies. For additional information about the Windows firewall in Windows Server 2008, see <https://go.microsoft.com/fwlink/?LinkId=151980>.
 
 The following procedure does not include adding an exception for ICO and OSD publishing through SMB or HTTP/HTTPS. Those exceptions are automatically added based on the network profile and roles installed on the Windows Server 2008 firewall.
 
diff --git a/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md b/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md
index fa1078f6d6..aa0122d615 100644
--- a/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md
+++ b/mdop/appv-v4/how-to-connect-to-an-application-virtualization-system.md
@@ -22,15 +22,15 @@ You must connect the Application Virtualization Server Management Console to an
     **Note**  
     There are three components to Application Virtualization server management: the Application Virtualization Management Console, the Management Web Service, and the SQL Datastore. If these components are distributed across different physical machines, you must configure security properly for the components to communicate across the system. For more information, see the following manuals and articles:
 
-    [How to Configure the Server to be Trusted for Delegation](http://go.microsoft.com/fwlink/?LinkID=166682) (http://go.microsoft.com/fwlink/?LinkID=166682)
+    [How to Configure the Server to be Trusted for Delegation](https://go.microsoft.com/fwlink/?LinkID=166682) (https://go.microsoft.com/fwlink/?LinkID=166682)
 
-    [Planning and Deployment Guide for the Application Virtualization System](http://go.microsoft.com/fwlink/?LinkID=122063) (http://go.microsoft.com/fwlink/?LinkID=122063)
+    [Planning and Deployment Guide for the Application Virtualization System](https://go.microsoft.com/fwlink/?LinkID=122063) (https://go.microsoft.com/fwlink/?LinkID=122063)
 
-    [Operations Guide for the Application Virtualization System](http://go.microsoft.com/fwlink/?LinkID=133129) (http://go.microsoft.com/fwlink/?LinkID=133129)
+    [Operations Guide for the Application Virtualization System](https://go.microsoft.com/fwlink/?LinkID=133129) (https://go.microsoft.com/fwlink/?LinkID=133129)
 
-    [Article 930472](http://go.microsoft.com/fwlink/?LinkId=114647) in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=114647)
+    [Article 930472](https://go.microsoft.com/fwlink/?LinkId=114647) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=114647)
 
-    [Article 930565](http://go.microsoft.com/fwlink/?LinkId=114648) in the Microsoft Knowledge Base (http://go.microsoft.com/fwlink/?LinkId=114648)
+    [Article 930565](https://go.microsoft.com/fwlink/?LinkId=114648) in the Microsoft Knowledge Base (https://go.microsoft.com/fwlink/?LinkId=114648)
 
      
 
diff --git a/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md b/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md
index 3dbb001d9a..509609cc59 100644
--- a/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md
@@ -41,12 +41,12 @@ Use the following table to determine which type of application you should sequen
 </tr>
 <tr class="even">
 <td align="left"><p>Add-on or Plug-in</p></td>
-<td align="left"><p>Select this option to create a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or another package that is linked by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](http://go.microsoft.com/fwlink/?LinkId=203804) (http://go.microsoft.com/fwlink/?LinkId=203804).</p></td>
+<td align="left"><p>Select this option to create a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or another package that is linked by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](https://go.microsoft.com/fwlink/?LinkId=203804) (https://go.microsoft.com/fwlink/?LinkId=203804).</p></td>
 <td align="left"><p>[How to Sequence a New Add-on or Plug-in Application (App-V 4.6 SP1)](how-to-sequence-a-new-add-on-or-plug-in-application--app-v-46-sp1-.md)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Middleware</p></td>
-<td align="left"><p>Select this option to create a package that is required by a standard application, for example, the Microsoft .NET Framework. Middleware packages are used for linking to other packages by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](http://go.microsoft.com/fwlink/?LinkId=203804) (http://go.microsoft.com/fwlink/?LinkId=203804).</p></td>
+<td align="left"><p>Select this option to create a package that is required by a standard application, for example, the Microsoft .NET Framework. Middleware packages are used for linking to other packages by using Dynamic Suite Composition. For more information about Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](https://go.microsoft.com/fwlink/?LinkId=203804) (https://go.microsoft.com/fwlink/?LinkId=203804).</p></td>
 <td align="left"><p>[How to Sequence a New Middleware Application (App-V 4.6 SP1)](how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md)</p></td>
 </tr>
 </tbody>
diff --git a/mdop/appv-v4/how-to-install-a-database.md b/mdop/appv-v4/how-to-install-a-database.md
index ed8d0ddb38..392f11afda 100644
--- a/mdop/appv-v4/how-to-install-a-database.md
+++ b/mdop/appv-v4/how-to-install-a-database.md
@@ -44,7 +44,7 @@ To install the database, you must use a network account with the appropriate per
 8.  Select a name for the database, and then click **Next**.
 
     **Note**  
-    If error 25109 is displayed when you try to complete this step, you have incorrectly set up the permissions necessary to install the database. For details on setting up the necessary SQL permissions, please see <http://go.microsoft.com/fwlink/?LinkId=132144>.
+    If error 25109 is displayed when you try to complete this step, you have incorrectly set up the permissions necessary to install the database. For details on setting up the necessary SQL permissions, please see <https://go.microsoft.com/fwlink/?LinkId=132144>.
 
      
 
diff --git a/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md b/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md
index f7276d6353..2be69b363b 100644
--- a/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md
+++ b/mdop/appv-v4/how-to-install-the-app-v-client-by-using-setupmsi-new.md
@@ -27,7 +27,7 @@ The x86 versions of the following software are required for both x86 and x64 ver
 
 **To install Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)**
 
-1.  Download the [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=119961) software package from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=119961). \[Template Token Value\] For version 4.5 SP2 and later of the App-V client, download vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](http://go.microsoft.com/fwlink/?LinkId=169360) (http://go.microsoft.com/fwlink/?LinkId=169360).\[Template Token Value\]
+1.  Download the [Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=119961) software package from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=119961). \[Template Token Value\] For version 4.5 SP2 and later of the App-V client, download vcredist\_x86.exe from [Microsoft Visual C++ 2005 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=169360) (https://go.microsoft.com/fwlink/?LinkId=169360).\[Template Token Value\]
 
 2.  To install silently, use the command-line option “/Q” with vcredist\_x86.exe—for example, **vcredist\_x86.exe /Q**.
 
@@ -42,7 +42,7 @@ For version 4.6 and later of the App-V client, you must also install the Micros
 
 ****
 
-1.  Download the [Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update](http://go.microsoft.com/fwlink/?LinkId=150700) software package from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=150700).
+1.  Download the [Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package ATL Security Update](https://go.microsoft.com/fwlink/?LinkId=150700) software package from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=150700).
 
 2.  To install silently, use the command-line option “/Q” with vcredist\_x86.exe—for example, **vcredist\_x86.exe /Q**.
 
@@ -50,7 +50,7 @@ For version 4.6 and later of the App-V client, you must also install the Micros
 
 ****
 
-1.  Download the [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](http://go.microsoft.com/fwlink/?LinkId=63266) software package from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=63266).
+1.  Download the [Microsoft Core XML Services (MSXML) 6.0 SP1 (x86)](https://go.microsoft.com/fwlink/?LinkId=63266) software package from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=63266).
 
 2.  To install silently, use the command-line option /quiet—for example, **msiexec /i msxml6\_x86.msi /quiet**.
 
@@ -130,7 +130,7 @@ For App-V 4.6 SP2 and later, you no longer need to install Microsoft Applicati
 ¹ App-V “Languages” release.
 
 **Note**  
-If you need to find the product code, you can use the Orca.exe database editor or a similar tool to examine Windows Installer files to find the value of the *ProductCode* property. For more information about using Orca.exe, see [Windows Installer Development Tools](http://go.microsoft.com/fwlink/?LinkId=150008) (http://go.microsoft.com/fwlink/?LinkId=150008).
+If you need to find the product code, you can use the Orca.exe database editor or a similar tool to examine Windows Installer files to find the value of the *ProductCode* property. For more information about using Orca.exe, see [Windows Installer Development Tools](https://go.microsoft.com/fwlink/?LinkId=150008) (https://go.microsoft.com/fwlink/?LinkId=150008).
 
  
 
diff --git a/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md b/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md
index 1aa3391b31..79b0480381 100644
--- a/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md
+++ b/mdop/appv-v4/how-to-install-the-client-by-using-the-command-line-new.md
@@ -22,7 +22,7 @@ When you install the App-V client to use with a read-only cache, for example wit
 
  
 
-For more information about setting these parameter values after installation, see [How to Configure the App-V Client Registry Settings by Using the Command Line](http://go.microsoft.com/fwlink/?LinkId=169355) (http://go.microsoft.com/fwlink/?LinkId=169355) in the Application Virtualization (App-V) Operations Guide.
+For more information about setting these parameter values after installation, see [How to Configure the App-V Client Registry Settings by Using the Command Line](https://go.microsoft.com/fwlink/?LinkId=169355) (https://go.microsoft.com/fwlink/?LinkId=169355) in the Application Virtualization (App-V) Operations Guide.
 
 **Note**  
 If a configuration setting on the user’s computer depends on the client installation path, note that the Application Virtualization (App-V) 4.5 client copies its installation files to a different folder than previous versions did. By default, a new installation of the App-V 4.5 client will copy its installation files to the \\Program Files\\Microsoft Application Virtualization Client folder. If an earlier version of the client is already installed, running the App-V 4.5 client installer will perform an upgrade of the existing client using the existing installation folder.
diff --git a/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md b/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md
index 3ae240b774..cb5f03e6a3 100644
--- a/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md
+++ b/mdop/appv-v4/how-to-manage-reports-in-the-server-management-console.md
@@ -16,7 +16,7 @@ ms.prod: w8
 To effectively manage the Application Virtualization System, you can use the Application Virtualization Server Management Console to generate a variety of reports that provide information about the system. This information includes daily usage information for a specific application or all applications, and system error tracking.
 
 **Note**  
--   During installation, the installation script installs only the English language version of report viewer. For the report viewer to display the correct information in other languages, it is necessary to install a language pack from the following location: <http://go.microsoft.com/fwlink/?LinkId=131645>.
+-   During installation, the installation script installs only the English language version of report viewer. For the report viewer to display the correct information in other languages, it is necessary to install a language pack from the following location: <https://go.microsoft.com/fwlink/?LinkId=131645>.
 
 -   When you add or edit an application in the Server Management Console, you must make sure that the application names and versions exactly match those in the OSD files. The reporting feature uses the application names and versions data fields when it identifies application usage data on which to report. If the data fields do not match, the usage records will be skipped.
 
diff --git a/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md b/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md
index 04478ab1e2..d677286608 100644
--- a/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md
+++ b/mdop/appv-v4/how-to-manually-install-the-application-virtualization-client.md
@@ -48,7 +48,7 @@ For App-V version 4.6 and later, when the App-V client is installed, SFTLDR.DLL
     **Note**  
     For App-V version 4.6 and later, the wizard will also install Microsoft Visual C++ 2008 SP1 Redistributable Package (x86).
 
-    For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see <http://go.microsoft.com/fwlink/?LinkId=150700> (http://go.microsoft.com/fwlink/?LinkId=150700).
+    For more information about installing Microsoft Visual C++ 2008 SP1 Redistributable Package (x86), see <https://go.microsoft.com/fwlink/?LinkId=150700> (https://go.microsoft.com/fwlink/?LinkId=150700).
 
      
 
diff --git a/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md b/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md
index 340d259e7b..3f19a6ff37 100644
--- a/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md
+++ b/mdop/appv-v4/how-to-modify-private-key-permissions-to-support-management-server-or-streaming-server.md
@@ -15,7 +15,7 @@ ms.prod: w8
 
 To support a more secure App-V installation, you can use the following procedures to modify private keys in either Windows Server 2003 or Windows Server 2008. To modify the permissions of the private key, you can use the Windows Server 2003 Resource Kit tool `WinHttpCertCfg.exe`.
 
-For Windows Server 2003, the procedure requires that a certificate that meets the prerequisites listed in this document is installed on the computer or computers on which you will install the App-V Management or Streaming Server. Additional information about using the `WinHttpCertCfg.exe` tool is available at <http://go.microsoft.com/fwlink/?LinkId=151981>.
+For Windows Server 2003, the procedure requires that a certificate that meets the prerequisites listed in this document is installed on the computer or computers on which you will install the App-V Management or Streaming Server. Additional information about using the `WinHttpCertCfg.exe` tool is available at <https://go.microsoft.com/fwlink/?LinkId=151981>.
 
 In Windows Server 2008, the process of changing the ACLs on the private key is much simpler. The certificate’s user interface can be used to manage private key permissions.
 
diff --git a/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md b/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md
index 7f9d8a6238..e4ee46311b 100644
--- a/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md
+++ b/mdop/appv-v4/how-to-sequence-a-new-middleware-application--app-v-46-sp1-.md
@@ -15,7 +15,7 @@ ms.prod: w8
 
 Use the following procedure to create a new middleware virtual application package using the Application Virtualization (App-V) Sequencer. A middleware application is software that connects software modules or applications. For more information about the types of applications that you can sequence, see [How to Determine Which Type of Application to Sequence (App-V 4.6 SP1)](how-to-determine-which-type-of-application-to-sequence---app-v-46-sp1-.md).
 
-Use this type of package by using Dynamic Suite Composition in App-V. Dynamic Suite Composition enables you to define a virtual application package as being dependent on another virtual application package. The dependency enables the application to interact with the middleware or plug-in in the virtual environment, where typically this interaction is prevented. This is useful because a secondary application package can be used with several other primary applications, which enables each primary application to reference the same secondary package. For more information about how to use Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](http://go.microsoft.com/fwlink/?LinkID=203804&clcid=0x409) in the Microsoft Technical Library (http://go.microsoft.com/fwlink/?LinkID=203804&clcid=0x409).
+Use this type of package by using Dynamic Suite Composition in App-V. Dynamic Suite Composition enables you to define a virtual application package as being dependent on another virtual application package. The dependency enables the application to interact with the middleware or plug-in in the virtual environment, where typically this interaction is prevented. This is useful because a secondary application package can be used with several other primary applications, which enables each primary application to reference the same secondary package. For more information about how to use Dynamic Suite Composition, see [How To Use Dynamic Suite Composition](https://go.microsoft.com/fwlink/?LinkID=203804&clcid=0x409) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkID=203804&clcid=0x409).
 
 **Important**  
 During sequencing, if the computer running the App-V Sequencer is running Windows Vista or Windows 7 and a restart is initiated outside of the virtual environment, for example, **Start** / **Shut Down**, you must click **Cancel** when prompted to close the program that is preventing Windows from shutting down. If you click **Force shut down**, the package creation fails. When you click **Cancel**, App-V Sequencer successfully records the restart while the application is being sequenced.
diff --git a/mdop/appv-v4/how-to-use-the-differential-sft-file.md b/mdop/appv-v4/how-to-use-the-differential-sft-file.md
index 356e75ae96..4eaab255ce 100644
--- a/mdop/appv-v4/how-to-use-the-differential-sft-file.md
+++ b/mdop/appv-v4/how-to-use-the-differential-sft-file.md
@@ -19,7 +19,7 @@ You do not need to use the Differential SFT file if you are using Configuration
 
 The following procedure shows how to use the mkdiffpkg.exe that is included in the Sequencer installation to create the Differential SFT file, after completing the upgrade of the virtual application package, and to deploy the Differential SFT file. Completing this procedure helps ensure that if the package is somehow unloaded from the client computer, the next time the user tries to run the application, the client will fall back to the override URL, which is set to stream the full package V2.sft from the local file share. This will avoid any failure for the user when starting the application. If the entire client becomes corrupted or is uninstalled, it is recommended that the ESD system be configured to deploy the full version of the upgraded package, V2.sft, to the client.
 
-For more information about upgrading a package, see “How to Upgrade an Existing Virtual Application” in the App-V 4.5 Operations Guide at <http://go.microsoft.com/fwlink/?LinkId=133129>
+For more information about upgrading a package, see “How to Upgrade an Existing Virtual Application” in the App-V 4.5 Operations Guide at <https://go.microsoft.com/fwlink/?LinkId=133129>
 
 **Note**  
 As a prerequisite, all user computers being targeted by the ESD must have the V1.sft file fully loaded into their local cache, and file streaming must be enabled on all computers.
diff --git a/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md b/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md
index dfb29159d0..76c7a6b830 100644
--- a/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md
+++ b/mdop/appv-v4/installing-app-v-management-server-or-streaming-server-securely.md
@@ -29,7 +29,7 @@ When you prepare to install or configure a secure Management or Streaming Server
 -   The certificate fully qualified domain name (FQDN) must match the server on which it is installed. For example, if the client is calling `RTSPS://Myserver.mycompany.com/content/MyApp.sft` and the certificate **Issued To** field is set to `Server1.mycompany.com`, the client will not connect to the server and the session ends. The failure is reported to the user.
 
     **Note**  
-    If you are using App-V in a Network Load Balancing cluster, you must configure the certificate with Subject Alternate Names (SANs) to support RTSPS. For information about configuring the certification authority (CA) and creating certificates with SANs, see <http://go.microsoft.com/fwlink/?LinkId=133228>.
+    If you are using App-V in a Network Load Balancing cluster, you must configure the certificate with Subject Alternate Names (SANs) to support RTSPS. For information about configuring the certification authority (CA) and creating certificates with SANs, see <https://go.microsoft.com/fwlink/?LinkId=133228>.
 
      
 
diff --git a/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md b/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md
index 3afca7b8ac..2f098de85a 100644
--- a/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md
+++ b/mdop/appv-v4/internet-facing-server-scenarios-for-perimeter-networks.md
@@ -19,9 +19,9 @@ App-V 4.5 supports Internet-facing server scenarios, in which users who are not
 
 You can set up an Internet-facing solution, using an ISA Server, where the App-V infrastructure is on the internal network in the following ways:
 
--   Create a Web Publishing rule for the IIS server that is hosting the ICO and OSD files—and optionally, the packages for streaming—located on the internal network. Detailed steps are provided at <http://go.microsoft.com/fwlink/?LinkId=151982>.
+-   Create a Web Publishing rule for the IIS server that is hosting the ICO and OSD files—and optionally, the packages for streaming—located on the internal network. Detailed steps are provided at <https://go.microsoft.com/fwlink/?LinkId=151982>.
 
--   Create a Server Publishing rule for the App-V Web Management Server (RTSPS). Detailed steps are provided at [http://go.microsoft.com/fwlink/?LinkId=151983&](http://go.microsoft.com/fwlink/?LinkId=151983).
+-   Create a Server Publishing rule for the App-V Web Management Server (RTSPS). Detailed steps are provided at [https://go.microsoft.com/fwlink/?LinkId=151983&](https://go.microsoft.com/fwlink/?LinkId=151983).
 
 As shown in the following illustration, if the infrastructure has implemented other firewalls between the client and the ISA Server or between the ISA Server and the internal network, both RTSPS (TCP 322) and HTTPS (TCP 443) firewall rules must be created to support the flow of traffic. Also, if firewalls have been implemented between the ISA Server and the internal network, the default traffic required for domain members must be permitted to tunnel through the firewall (DNS, LDAP, Kerberos, SMB/CIFS).
 
diff --git a/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md b/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md
index adec680218..af5992e3ff 100644
--- a/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md
+++ b/mdop/appv-v4/introduction-to-the-application-virtualization-security-guide.md
@@ -16,7 +16,7 @@ ms.prod: w8
 This Microsoft Application Virtualization (App-V) security guide provides instructions for administrators who are responsible for configuring the security features that were selected for the App-V deployment.
 
 **Note**  
-This documentation does not provide guidance for choosing the specific security options. That information is provided in the App-V Security Best Practices white paper available at <http://go.microsoft.com/fwlink/?LinkId=127120>.
+This documentation does not provide guidance for choosing the specific security options. That information is provided in the App-V Security Best Practices white paper available at <https://go.microsoft.com/fwlink/?LinkId=127120>.
 
  
 
@@ -40,9 +40,9 @@ When planning an enhanced security App-V environment, you can consider several d
 **Note**  
 For more information about App-V infrastructure models, see the following documentation:
 
--   [App-V Planning and Deployment Guide](http://go.microsoft.com/fwlink/?LinkId=122063)
+-   [App-V Planning and Deployment Guide](https://go.microsoft.com/fwlink/?LinkId=122063)
 
--   [Infrastructure Planning and Design Guide Series](http://go.microsoft.com/fwlink/?LinkId=151986)
+-   [Infrastructure Planning and Design Guide Series](https://go.microsoft.com/fwlink/?LinkId=151986)
 
  
 
diff --git a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md
index 7afd24e30d..23fb3c6739 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-1-privacy-statement.md
@@ -76,7 +76,7 @@ The Customer Experience Improvement Program (“CEIP”) collects basic informat
 
 ### Information Collected, Processed, or Transmitted:
 
-For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <http://go.microsoft.com/fwlink/?LinkID=52097>.
+For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <https://go.microsoft.com/fwlink/?LinkID=52097>.
 
 ### Use of Information:
 
@@ -99,7 +99,7 @@ Microsoft Error Reporting provides a service that allows you to report problems
 
 ### Information Collected, Processed, or Transmitted:
 
-For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <http://go.microsoft.com/fwlink/?LinkID=184782>.
+For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <https://go.microsoft.com/fwlink/?LinkID=184782>.
 
 ### Use of Information:
 
@@ -107,7 +107,7 @@ We use the error reporting data to solve customer problems and improve our softw
 
 ### Important Information:
 
-App-V does not change your Microsoft Error Reporting settings. If you previously turned on error reporting, it will send the information described above. Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at [http://go.microsoft.com/fwlink/?LinkId=35776](http://go.microsoft.com/fwlink/?LinkID=35776).
+App-V does not change your Microsoft Error Reporting settings. If you previously turned on error reporting, it will send the information described above. Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at [https://go.microsoft.com/fwlink/?LinkId=35776](https://go.microsoft.com/fwlink/?LinkID=35776).
 
 ## Application Package Accelerators
 
diff --git a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md
index b0491f8e4e..302e639e9f 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-46-service-pack-2-privacy-statement.md
@@ -74,7 +74,7 @@ Microsoft Error Reporting provides a service that allows you to report problems
 
 **Information Collected, Processed, or Transmitted: **
 
-For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <http://go.microsoft.com/fwlink/?linkid=50293>.
+For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <https://go.microsoft.com/fwlink/?linkid=50293>.
 
 **Use of Information:**
 
@@ -92,7 +92,7 @@ Enterprise customers can use Group Policy to configure how Microsoft Error Repor
 
 **What This Feature Does:**
 
-Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software, including App-V.  For details about what information is collected, how it is used and how to change your settings, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?linkid=50142>.
+Microsoft Update is a service that provides Windows updates as well as updates for other Microsoft software, including App-V.  For details about what information is collected, how it is used and how to change your settings, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?linkid=50142>.
 
 **Choice/Control: **
 
@@ -176,7 +176,7 @@ The Customer Experience Improvement Program (“CEIP”) collects basic informat
 
 **Information Collected, Processed, or Transmitted: **
 
-For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <http://go.microsoft.com/fwlink/?LinkID=52097>.
+For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <https://go.microsoft.com/fwlink/?LinkID=52097>.
 
 **Use of Information:**
 
diff --git a/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md b/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md
index ee0e6c8fb8..0540f12a76 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-client-management-help.md
@@ -17,7 +17,7 @@ The Microsoft Application Virtualization Desktop Client and the Client for Remot
 
 This help documentation supports the Application Virtualization Desktop Client and Client for Remote Desktop Services. It includes conceptual information, step-by-step procedures, and a user interface reference.
 
-For the latest updates to this help documentation, please visit the Microsoft TechNet Library at <http://go.microsoft.com/fwlink/?LinkId=150698>.
+For the latest updates to this help documentation, please visit the Microsoft TechNet Library at <https://go.microsoft.com/fwlink/?LinkId=150698>.
 
 ## In This Section
 
diff --git a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md
index 81c5d1af3f..9d99351b50 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes-45-sp1.md
@@ -20,35 +20,35 @@ Read these Release Notes thoroughly before you install the Application Virtualiz
 
  
 
-For updated information about known issues, please visit the Microsoft TechNet Library at <http://go.microsoft.com/fwlink/?LinkId=122918>.
+For updated information about known issues, please visit the Microsoft TechNet Library at <https://go.microsoft.com/fwlink/?LinkId=122918>.
 
 ## About Microsoft Application Virtualization 4.5 Service Pack 1
 
 
 These Release Notes have been updated to reflect the changes introduced with Microsoft Application Virtualization (App-V) 4.5 Service Pack 1 (SP1). This service pack contains the following changes:
 
--   Support for Windows 7 and Windows Server 2008 R2: App-V 4.5 SP1 provides support for Windows 7 and Windows Server 2008 R2, including support for Windows 7 features such as the taskbar, AppLocker, BranchCache, and BitLocker To Go.  Windows Server 2008 R2 support is for the Application Virtualization Server only. For more information on AppLocker support in Windows 7, see <http://go.microsoft.com/fwlink/?LinkID=156732>.
+-   Support for Windows 7 and Windows Server 2008 R2: App-V 4.5 SP1 provides support for Windows 7 and Windows Server 2008 R2, including support for Windows 7 features such as the taskbar, AppLocker, BranchCache, and BitLocker To Go.  Windows Server 2008 R2 support is for the Application Virtualization Server only. For more information on AppLocker support in Windows 7, see <https://go.microsoft.com/fwlink/?LinkID=156732>.
 
--   Support for 3rd Party Kerberos Realms: App-V 4.5 SP1 provides support for environments that have a trust relationship and mapped user accounts between a Windows domain and an MIT Kerberos realm, which is a scenario that is common at many universities. For information on how to enable this support, please visit the Microsoft TechNet Library at <http://go.microsoft.com/fwlink/?LinkId=166004>.
+-   Support for 3rd Party Kerberos Realms: App-V 4.5 SP1 provides support for environments that have a trust relationship and mapped user accounts between a Windows domain and an MIT Kerberos realm, which is a scenario that is common at many universities. For information on how to enable this support, please visit the Microsoft TechNet Library at <https://go.microsoft.com/fwlink/?LinkId=166004>.
 
 -   Improved support for application publishing and streaming via HTTP/HTTPS: App-V 4.5 SP1 provides support for application publishing and streaming via the HTTP/HTTPS protocols for Windows XP Home Edition, Windows Vista Home Basic, and Windows 7 Home Basic.
 
--   Customer Feedback and Hotfix Rollup: App-V 4.5 SP1 also includes a rollup up of fixes to address issues found since the Microsoft Application Virtualization (App-V) 4.5 CU1 release. The updates are a result of a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see the KB article at <http://go.microsoft.com/fwlink/?LinkId=167121>.
+-   Customer Feedback and Hotfix Rollup: App-V 4.5 SP1 also includes a rollup up of fixes to address issues found since the Microsoft Application Virtualization (App-V) 4.5 CU1 release. The updates are a result of a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the updates, see the KB article at <https://go.microsoft.com/fwlink/?LinkId=167121>.
 
 ## About the Product Documentation
 
 
-Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the Application Virtualization (App-V) TechCenter at <http://go.microsoft.com/fwlink/?LinkId=122939>. The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Client, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide.
+Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the Application Virtualization (App-V) TechCenter at <https://go.microsoft.com/fwlink/?LinkId=122939>. The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Client, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide.
 
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see the Microsoft Security Web site at <http://go.microsoft.com/fwlink/?LinkId=3482>.
+To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see the Microsoft Security Web site at <https://go.microsoft.com/fwlink/?LinkId=3482>.
 
 ## Providing Feedback
 
 
-You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System via a community forum on the Microsoft Application Virtualization TechCenter (<http://go.microsoft.com/fwlink/?LinkId=122917>).
+You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System via a community forum on the Microsoft Application Virtualization TechCenter (<https://go.microsoft.com/fwlink/?LinkId=122917>).
 
 You can also provide your feedback on the documentation directly to the App-V documentation team. Send your documentation feedback to appvdocs@microsoft.com.
 
@@ -59,13 +59,13 @@ This section provides the most up-to-date information about issues with Microsof
 
 ### Guidance for installing Server Management Console
 
-If you need to install management software onto systems other than the primary Application Virtualization publishing and streaming server, the server install supports installing the Management Console and Management Web service on separate servers from the primary App-V Management Server. To distribute the management components across multiple servers, Kerberos delegation must be enabled on the server where the Web service is installed. For information on how to enable this support, please visit the Microsoft TechNet Library at <http://go.microsoft.com/fwlink/?LinkId=166682>
+If you need to install management software onto systems other than the primary Application Virtualization publishing and streaming server, the server install supports installing the Management Console and Management Web service on separate servers from the primary App-V Management Server. To distribute the management components across multiple servers, Kerberos delegation must be enabled on the server where the Web service is installed. For information on how to enable this support, please visit the Microsoft TechNet Library at <https://go.microsoft.com/fwlink/?LinkId=166682>
 
 ### Guidance for installing or upgrading clients to App-V 4.5 SP1 using setup.msi
 
 When installing or upgrading your App-V clients to App-V 4.5 SP1 by using setup.msi, the prerequisites are not installed automatically.
 
-WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V client to App-V 4.5 SP1. For detailed procedures for installing the prerequisites and the App-V client, see <http://go.microsoft.com/fwlink/?LinkId=144106>.
+WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V client to App-V 4.5 SP1. For detailed procedures for installing the prerequisites and the App-V client, see <https://go.microsoft.com/fwlink/?LinkId=144106>.
 
 When this has been completed, install the App-V 4.5 SP1 client by using setup.msi with elevated privileges. This file is available on the App-V 4.5 SP1 release media in the Installers\\Client folder.
 
@@ -158,11 +158,11 @@ When using IIS 6.0 or 7.0 for icon or OSD file retrieval and streaming of pack
 
     Setspn -r HTTP/&lt;Server FQDN&gt;
 
-For more information, see <http://go.microsoft.com/fwlink/?LinkId=131407>.
+For more information, see <https://go.microsoft.com/fwlink/?LinkId=131407>.
 
 ### .NET compatibility changes
 
-Microsoft Application Virtualization (App-V) Cumulative Update 1 or later supports sequencing the .NET Framework on Windows XP (SP2 or later). Sequencing routines for .NET applications that were written for SoftGrid 4.2 might need to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, please refer to the Knowledge Base article at <http://go.microsoft.com/fwlink/?LinkId=123412>.
+Microsoft Application Virtualization (App-V) Cumulative Update 1 or later supports sequencing the .NET Framework on Windows XP (SP2 or later). Sequencing routines for .NET applications that were written for SoftGrid 4.2 might need to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, please refer to the Knowledge Base article at <https://go.microsoft.com/fwlink/?LinkId=123412>.
 
 ### <a href="" id="after-client-upgrade-from-app-v-4-2--some-applications-are-not-shown-"></a>After client upgrade from App-V 4.2, some applications are not shown
 
@@ -192,7 +192,7 @@ The Application Virtualization administrators must be given read and execute per
 
 When used in conjunction with KEEPCURRENTSETTINGS=1, the following client installer command-line parameters are ignored: SWICACHESIZE, MINFREESPACEMB, ALLOWINDEPENDENTFILESTREAMING, APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, SYSTEMEVENTLOGLEVEL, SWIGLOBALDATA, DOTIMEOUTMINUTES, SWIFSDRIVE, AUTOLOADTARGET, AUTOLOADTRIGGERS, SWIUSERDATA, and REQUIRESECURECONNECTION.
 
-WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1 and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. The ADM Template can be found at <http://go.microsoft.com/fwlink/?LinkId=121835>.
+WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1 and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. The ADM Template can be found at <https://go.microsoft.com/fwlink/?LinkId=121835>.
 
 ## Release Notes Copyright Information
 
diff --git a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md
index 6aaec04ce5..4c9a41543a 100644
--- a/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md
+++ b/mdop/appv-v4/microsoft-application-virtualization-management-system-release-notes.md
@@ -20,7 +20,7 @@ Read these Release Notes thoroughly before you install the Application Virtualiz
 
  
 
-For updated information about known issues, please visit the Microsoft TechNet Library at <http://go.microsoft.com/fwlink/?LinkId=122918>.
+For updated information about known issues, please visit the Microsoft TechNet Library at <https://go.microsoft.com/fwlink/?LinkId=122918>.
 
 ## About Microsoft Application Virtualization 4.5 Cumulative Update 1
 
@@ -34,24 +34,24 @@ These Release Notes have been updated to reflect the changes introduced with Mic
 
      
 
--   Improved support for sequencing the .NET Framework: App-V 4.5 CU1 addresses previous issues with sequencing the .NET Framework 3.5 and earlier on Windows XP (SP2 or later). For more information about the new capabilities, see the TechNet article at <http://go.microsoft.com/fwlink/?LinkId=123412>.
+-   Improved support for sequencing the .NET Framework: App-V 4.5 CU1 addresses previous issues with sequencing the .NET Framework 3.5 and earlier on Windows XP (SP2 or later). For more information about the new capabilities, see the TechNet article at <https://go.microsoft.com/fwlink/?LinkId=123412>.
 
--   Customer Feedback and Hotfix Rollup: App-V 4.5 CU1 also includes a rollup up of fixes to address issues found since the App-V 4.5 RTM release. This includes a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the included updates, see the KB article at <http://go.microsoft.com/fwlink/?LinkId=141258>.
+-   Customer Feedback and Hotfix Rollup: App-V 4.5 CU1 also includes a rollup up of fixes to address issues found since the App-V 4.5 RTM release. This includes a combination of known issues and customer feedback from our internal teams, partners, and customers who are using App-V 4.5. For a full list of the included updates, see the KB article at <https://go.microsoft.com/fwlink/?LinkId=141258>.
 
 ## About the Product Documentation
 
 
-Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the Application Virtualization (App-V) TechCenter at <http://go.microsoft.com/fwlink/?LinkId=122939>. The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Client, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide.
+Comprehensive documentation for Application Virtualization (App-V) is available on Microsoft TechNet in the Application Virtualization (App-V) TechCenter at <https://go.microsoft.com/fwlink/?LinkId=122939>. The TechNet documentation includes the online Help for the Application Virtualization Sequencer, the Application Virtualization Client, and the Application Virtualization Server. It also includes the Application Virtualization Planning and Deployment Guide and the Application Virtualization Operations Guide.
 
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the Microsoft Security Web site at <http://go.microsoft.com/fwlink/?LinkId=3482>.
+To help protect against security vulnerabilities and viruses, it is important to install the latest available security updates for any new software being installed. For more information, see the Microsoft Security Web site at <https://go.microsoft.com/fwlink/?LinkId=3482>.
 
 ## Providing Feedback
 
 
-You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System via a community forum on the Microsoft Application Virtualization TechCenter (<http://go.microsoft.com/fwlink/?LinkId=122917>).
+You can provide feedback, make a suggestion, or report an issue with the Microsoft Application Virtualization (App-V) Management System via a community forum on the Microsoft Application Virtualization TechCenter (<https://go.microsoft.com/fwlink/?LinkId=122917>).
 
 You can also provide your feedback on the documentation directly to the App-V documentation team. Send your documentation feedback to appvdocs@microsoft.com.
 
@@ -64,7 +64,7 @@ This section provides the most up-to-date information about issues with Microsof
 
 When installing or upgrading your App-V clients to App-V 4.5 CU1 by using setup.msi, the prerequisites are not installed automatically.
 
-WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V client to 4.5 CU1. For detailed procedures for installing the prerequisites and the App-V client, see <http://go.microsoft.com/fwlink/?LinkId=144106>.
+WORKAROUND   You must manually install the prerequisites before installing or upgrading the App-V client to 4.5 CU1. For detailed procedures for installing the prerequisites and the App-V client, see <https://go.microsoft.com/fwlink/?LinkId=144106>.
 
 When this has been completed, install the App-V 4.5 CU1 client by using setup.msi with elevated privileges. This file is available on the App-V 4.5 CU1 release media in the Installers\\Client folder.
 
@@ -98,7 +98,7 @@ You must use the **Advanced** button to set the “Include inheritable permissio
 
 When sequencing on Windows 7 Beta, you might be unable to save your sequenced package because of a sharing violation.
 
-WORKAROUND   As specified in the best practices section of the Microsoft Application Virtualization 4.5 Sequencing Guide (see <http://go.microsoft.com/fwlink/?LinkId=144108>), you must shutdown and disable the following software programs before you begin sequencing:
+WORKAROUND   As specified in the best practices section of the Microsoft Application Virtualization 4.5 Sequencing Guide (see <https://go.microsoft.com/fwlink/?LinkId=144108>), you must shutdown and disable the following software programs before you begin sequencing:
 
 -   Windows Defender
 
@@ -198,7 +198,7 @@ When using IIS 6.0 or 7.0 for icon or OSD file retrieval and streaming of pack
 
     Setspn -r HTTP/&lt;Server FQDN&gt;
 
-For more information, see <http://go.microsoft.com/fwlink/?LinkId=131407>.
+For more information, see <https://go.microsoft.com/fwlink/?LinkId=131407>.
 
 ### On upgrade from RC, the default permissions on client logs do not allow for non-admin users to access the logs for troubleshooting and support
 
@@ -208,7 +208,7 @@ WORKAROUND   After the upgrade, reset existing client logs or manually change
 
 ### .NET compatibility changes
 
-Microsoft Application Virtualization Cumulative Update 1 supports sequencing the .NET Framework on Windows XP (SP2 or later). Sequencing routines for .NET applications that were written for SoftGrid 4.2 might need to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, please refer to the Knowledge Base article at <http://go.microsoft.com/fwlink/?LinkId=123412>.
+Microsoft Application Virtualization Cumulative Update 1 supports sequencing the .NET Framework on Windows XP (SP2 or later). Sequencing routines for .NET applications that were written for SoftGrid 4.2 might need to be updated when used with the App-V 4.5 Sequencer. For details and workarounds, please refer to the Knowledge Base article at <https://go.microsoft.com/fwlink/?LinkId=123412>.
 
 ### <a href="" id="after-client-upgrade-from-app-v-4-2--some-applications-are-not-shown-"></a>After client upgrade from App-V 4.2, some applications are not shown
 
@@ -249,11 +249,11 @@ The Application Virtualization administrators must be given read and execute per
 
 When used in conjunction with KEEPCURRENTSETTINGS=1, the following client installer command-line parameters are ignored: SWICACHESIZE, MINFREESPACEMB, ALLOWINDEPENDENTFILESTREAMING, APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, SYSTEMEVENTLOGLEVEL, SWIGLOBALDATA, DOTIMEOUTMINUTES, SWIFSDRIVE, AUTOLOADTARGET, AUTOLOADTRIGGERS, SWIUSERDATA, and REQUIRESECURECONNECTION.
 
-WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1 and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. The ADM Template can be found at <http://go.microsoft.com/fwlink/?LinkId=121835>.
+WORKAROUND   If you have settings you want to retain, use KEEPCURRENTSETTINGS=1 and then set the other parameters after deployment. The App-V ADM Template can be used to set the following client settings: APPLICATIONSOURCEROOT, ICONSOURCEROOT, OSDSOURCEROOT, AUTOLOADTARGET, AUTOLOADTRIGGERS, DOTIMEOUTMINUTES, and ALLOWINDEPENDENTFILESTREAMING. The ADM Template can be found at <https://go.microsoft.com/fwlink/?LinkId=121835>.
 
 ### Error initializing virtual applications with Symantec Endpoint Protection
 
-When using Symantec Endpoint Protection with the Application and Device Control feature enabled, virtual applications might fail to start, with the error “The application failed to initialize properly (0xc000007b)”. For details and workarounds, please refer to the Knowledge Base article at <http://go.microsoft.com/fwlink/?LinkId=125851>.
+When using Symantec Endpoint Protection with the Application and Device Control feature enabled, virtual applications might fail to start, with the error “The application failed to initialize properly (0xc000007b)”. For details and workarounds, please refer to the Knowledge Base article at <https://go.microsoft.com/fwlink/?LinkId=125851>.
 
 **Important**  
 This issue has been fixed in Microsoft Application Virtualization 4.5 Cumulative Update 1.
diff --git a/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md b/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md
index 8afa6d07aa..1dda9afeed 100644
--- a/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md
+++ b/mdop/appv-v4/operations-guide-for-the-application-virtualization-system.md
@@ -32,9 +32,9 @@ Provides information about operational tasks for using the Application Virtualiz
 
 For more information about general App-V sequencing best practices, see the following Microsoft Web sites:
 
-MCS Sequencing Guidelines at <http://go.microsoft.com/fwlink/?LinkId=113132>
+MCS Sequencing Guidelines at <https://go.microsoft.com/fwlink/?LinkId=113132>
 
-Best Practices for Sequencing at <http://go.microsoft.com/fwlink/?LinkId=122168>
+Best Practices for Sequencing at <https://go.microsoft.com/fwlink/?LinkId=122168>
 
  
 
diff --git a/mdop/appv-v4/planning-for-client-security.md b/mdop/appv-v4/planning-for-client-security.md
index 01e2af6c8f..2ebb17ce06 100644
--- a/mdop/appv-v4/planning-for-client-security.md
+++ b/mdop/appv-v4/planning-for-client-security.md
@@ -28,7 +28,7 @@ By default, at installation the App-V client is configured with the minimum perm
 
 ### File Type Associations
 
-By default, the installation of the client registers file type associations (FTAs) for OSD files, which enables users to start applications directly from OSD files instead of the published shortcuts. If a user with local administrator rights receives an OSD file containing malicious code, either in e-mail or downloaded from a Web site, the user can open the OSD file and start the application even if the client has been set to restrict the **Add Application** permission. You can unregister the FTAs for the OSD to reduce this risk. Also, consider blocking this extension in the e-mail system and at the firewall. For more information about configuring Outlook to block extensions, see <http://go.microsoft.com/fwlink/?LinkId=133278>.
+By default, the installation of the client registers file type associations (FTAs) for OSD files, which enables users to start applications directly from OSD files instead of the published shortcuts. If a user with local administrator rights receives an OSD file containing malicious code, either in e-mail or downloaded from a Web site, the user can open the OSD file and start the application even if the client has been set to restrict the **Add Application** permission. You can unregister the FTAs for the OSD to reduce this risk. Also, consider blocking this extension in the e-mail system and at the firewall. For more information about configuring Outlook to block extensions, see <https://go.microsoft.com/fwlink/?LinkId=133278>.
 
 **Security Note:  **
 
@@ -66,7 +66,7 @@ If you are using IIS to publish the ICO and OSD files, configure a MIME type for
 
 ### Package Streaming
 
-When a user launches an application for the first time, or if auto-loading parameters have been set on the client, the application package is streamed from a server to the client cache. This process supports the RTSP/RTSPS, HTTP/HTTPS, and SMB/CIFS protocols. The OSD files control which protocols are used, unless the **ApplicationSourceRoot** or **OverrideURL** setting has been configured on the clients. You should configure communication to occur over RTSPS, HTTPS, or IPsec for SMB/CIFS to achieve higher levels of security. For more information about choosing which communication method to use, see the App-V Planning and Deployment Guide at <http://go.microsoft.com/fwlink/?LinkId=122063>.
+When a user launches an application for the first time, or if auto-loading parameters have been set on the client, the application package is streamed from a server to the client cache. This process supports the RTSP/RTSPS, HTTP/HTTPS, and SMB/CIFS protocols. The OSD files control which protocols are used, unless the **ApplicationSourceRoot** or **OverrideURL** setting has been configured on the clients. You should configure communication to occur over RTSPS, HTTPS, or IPsec for SMB/CIFS to achieve higher levels of security. For more information about choosing which communication method to use, see the App-V Planning and Deployment Guide at <https://go.microsoft.com/fwlink/?LinkId=122063>.
 
 **Note**  
 If you are using IIS to publish packages (SFT files), configure a MIME type for SFT=Binary; otherwise, IIS will refuse to serve the SFT files to clients.
diff --git a/mdop/appv-v4/planning-for-migration-from-previous-versions.md b/mdop/appv-v4/planning-for-migration-from-previous-versions.md
index dd24ad0381..1decd3f69e 100644
--- a/mdop/appv-v4/planning-for-migration-from-previous-versions.md
+++ b/mdop/appv-v4/planning-for-migration-from-previous-versions.md
@@ -197,7 +197,7 @@ Windows Installer files generated by the App-V 4.5 Sequencer display the error m
 
 Any 4.2 reports that were created and saved will be overwritten when the server is upgraded to 4.5. If you need to keep these reports, you must save a backup copy of the SftMMC.msc file located in the SoftGrid Management Console folder on the server and use that copy to replace the new SftMMC.msc that is installed during the upgrade.
 
-For additional information about upgrading from previous versions, see [Upgrading to Microsoft Application Virtualization 4.5 FAQ](http://go.microsoft.com/fwlink/?LinkId=120358) (http://go.microsoft.com/fwlink/?LinkId=120358).
+For additional information about upgrading from previous versions, see [Upgrading to Microsoft Application Virtualization 4.5 FAQ](https://go.microsoft.com/fwlink/?LinkId=120358) (https://go.microsoft.com/fwlink/?LinkId=120358).
 
 ## Related topics
 
diff --git a/mdop/appv-v4/planning-for-server-security.md b/mdop/appv-v4/planning-for-server-security.md
index 4664961cac..3c58e54c1a 100644
--- a/mdop/appv-v4/planning-for-server-security.md
+++ b/mdop/appv-v4/planning-for-server-security.md
@@ -38,9 +38,9 @@ The Application Virtualization Management Server and Application Virtualization
 
 It is recommended that communications between App-V Management Server, Management Service and the data store be secured with Internet Protocol Security (IPsec). Specifically, create policies that secure the communication channel between the data store (SQL) and the Management Server and the data store and the Management Service. You can also deploy server and domain isolation with IPsec, ensuring all App-V infrastructure components communicate only with secure channels. For information about implementing IPsec, refer to the following documentation:
 
--   For Windows Server 2003, see <http://go.microsoft.com/fwlink/?LinkId=133226> (http://go.microsoft.com/fwlink/?LinkId=133226).
+-   For Windows Server 2003, see <https://go.microsoft.com/fwlink/?LinkId=133226> (https://go.microsoft.com/fwlink/?LinkId=133226).
 
--   For Windows Server 2008, see <http://go.microsoft.com/fwlink/?LinkId=133227> (http://go.microsoft.com/fwlink/?LinkId=133227).
+-   For Windows Server 2008, see <https://go.microsoft.com/fwlink/?LinkId=133227> (https://go.microsoft.com/fwlink/?LinkId=133227).
 
 ### Content Directory
 
@@ -65,7 +65,7 @@ Installing or configuring an App-V Management Server or Streaming Server to use
 -   Certificate fully qualified domain name (FQDN) must match the server on which it is installed. For example, if the client is calling `RTSPS://Myserver.mycompany.com/content/MyApp.sft`, but the certificate **Issued To** field contains `Myserver1.mycompany.com`, the client will not connect to the server and the session is terminated, even if `Myserver.mycompany.com` and `Myserver1.mycompany.com` resolve to the same IP address.
 
     **Note**  
-    If you use App-V in a network load balanced cluster, the certificate must be configured with *Subject Alternate Names* (SANs) to support RTSPS. For information about configuring the certification authority (CA) and creating certificates with SANs, see <http://go.microsoft.com/fwlink/?LinkId=133228> (http://go.microsoft.com/fwlink/?LinkId=133228).
+    If you use App-V in a network load balanced cluster, the certificate must be configured with *Subject Alternate Names* (SANs) to support RTSPS. For information about configuring the certification authority (CA) and creating certificates with SANs, see <https://go.microsoft.com/fwlink/?LinkId=133228> (https://go.microsoft.com/fwlink/?LinkId=133228).
 
      
 
@@ -74,13 +74,13 @@ Installing or configuring an App-V Management Server or Streaming Server to use
 -   You must change the permissions for the *Certificate Private Key* to enable access by the Server App-V Service. By default, the App-V Management Server and Streaming Server services run under the Network Service account. When a PKCS\#10 is generated on the server, a private key is created. Only the Local System and Administrators groups have access to this key. These default ACLs prevent the App-V server from accepting secure connections.
 
     **Note**  
-    For information about configuring a public key infrastructure (PKI), see <http://go.microsoft.com/fwlink/?LinkId=133229> (http://go.microsoft.com/fwlink/?LinkId=133229).
+    For information about configuring a public key infrastructure (PKI), see <https://go.microsoft.com/fwlink/?LinkId=133229> (https://go.microsoft.com/fwlink/?LinkId=133229).
 
      
 
 ### Configuring IIS Servers with HTTPS
 
-App-V might use IIS servers in certain infrastructure configurations. For more information about configuring IIS servers, see <http://go.microsoft.com/fwlink/?LinkId=133230> (http://go.microsoft.com/fwlink/?LinkId=133230).
+App-V might use IIS servers in certain infrastructure configurations. For more information about configuring IIS servers, see <https://go.microsoft.com/fwlink/?LinkId=133230> (https://go.microsoft.com/fwlink/?LinkId=133230).
 
 **Note**  
 If you are using IIS to publish the ICO and OSD files, configure a MIME type for OSD=TXT; otherwise, IIS will refuse to serve the ICO and OSD files to clients.
diff --git a/mdop/appv-v4/support-for-client-reporting-over-http.md b/mdop/appv-v4/support-for-client-reporting-over-http.md
index a857fad0b2..74fab84491 100644
--- a/mdop/appv-v4/support-for-client-reporting-over-http.md
+++ b/mdop/appv-v4/support-for-client-reporting-over-http.md
@@ -15,7 +15,7 @@ ms.prod: w8
 
 Version 4.6 of the App-V client now supports the use of HTTP communication when sending client reporting data to the publishing server. This feature supports scenarios where a customer has implemented a custom HTTP(S) publishing server that is configured to collect and process client data.
 
-For more information on HTTP publishing servers, see <http://go.microsoft.com/fwlink/?LinkId=157426>
+For more information on HTTP publishing servers, see <https://go.microsoft.com/fwlink/?LinkId=157426>
 
 ## Client Reporting over HTTP
 
diff --git a/mdop/appv-v4/virtual-application-package-additional-components.md b/mdop/appv-v4/virtual-application-package-additional-components.md
index 84ab9e06e7..d917912857 100644
--- a/mdop/appv-v4/virtual-application-package-additional-components.md
+++ b/mdop/appv-v4/virtual-application-package-additional-components.md
@@ -27,13 +27,13 @@ To locate the required existing public assemblies, open the directory where the
 
 Use any of the following links to download and install the correct version of the required prerequisites:
 
--   [Microsoft Visual C++ 2005 Redistributable Package (x64)](http://go.microsoft.com/fwlink/?LinkId=152697)
+-   [Microsoft Visual C++ 2005 Redistributable Package (x64)](https://go.microsoft.com/fwlink/?LinkId=152697)
 
--   [Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)](http://go.microsoft.com/fwlink/?LinkId=152698)
+-   [Microsoft Visual C++ 2005 SP1 Redistributable Package (x64)](https://go.microsoft.com/fwlink/?LinkId=152698)
 
--   [Microsoft Visual C++ 2008 Redistributable Package (x64)](http://go.microsoft.com/fwlink/?LinkId=152699)
+-   [Microsoft Visual C++ 2008 Redistributable Package (x64)](https://go.microsoft.com/fwlink/?LinkId=152699)
 
--   [Microsoft Visual C++ 2008 SP1 Redistributable Package (x64)](http://go.microsoft.com/fwlink/?LinkId=152700)
+-   [Microsoft Visual C++ 2008 SP1 Redistributable Package (x64)](https://go.microsoft.com/fwlink/?LinkId=152700)
 
  
 
diff --git a/mdop/appv-v5/about-app-v-50-reporting.md b/mdop/appv-v5/about-app-v-50-reporting.md
index 77ba670095..0a5dfb415b 100644
--- a/mdop/appv-v5/about-app-v-50-reporting.md
+++ b/mdop/appv-v5/about-app-v-50-reporting.md
@@ -32,7 +32,7 @@ The following list displays the end–to-end high-level workflow for reporting i
 
 2.  Install the App-V 5.0 reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database.md). Configure the time when the computer running the App-V 5.0 client should send data to the reporting server.
 
-3.  If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at <http://go.microsoft.com/fwlink/?LinkId=397255>.
+3.  If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at <https://go.microsoft.com/fwlink/?LinkId=397255>.
 
     **Note**  
     If you are using the Configuration Manager integration with App-V 5.0, most reports are generated from Configuration Manager rather than from App-V 5.0.
@@ -287,7 +287,7 @@ To retrieve report information and create reports using App-V 5.0 you must use o
 
 -   **Microsoft SQL Server Reporting Services (SSRS)** - Microsoft SQL Server Reporting Services is available with Microsoft SQL Server. SSRS is not installed when you install the App-V 5.0 reporting server. It must be deployed separately to generate the associated reports.
 
-    Use the following link for more information about using [Microsoft SQL Server Reporting Services](http://go.microsoft.com/fwlink/?LinkId=285596).
+    Use the following link for more information about using [Microsoft SQL Server Reporting Services](https://go.microsoft.com/fwlink/?LinkId=285596).
 
 -   **Scripting** – You can generate reports by scripting directly against the App-V 5.0 reporting database. For example:
 
@@ -295,7 +295,7 @@ To retrieve report information and create reports using App-V 5.0 you must use o
 
     **spProcessClientReport** is scheduled to run at midnight or 12:00 AM.
 
-    To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=287045).
+    To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=287045).
 
     The stored procedure is also created when using the App-V 5.0 database scripts.
 
diff --git a/mdop/appv-v5/about-app-v-50-sp1.md b/mdop/appv-v5/about-app-v-50-sp1.md
index e6f75ebc8c..6f86684497 100644
--- a/mdop/appv-v5/about-app-v-50-sp1.md
+++ b/mdop/appv-v5/about-app-v-50-sp1.md
@@ -33,7 +33,7 @@ This service pack contains the following changes:
 ## How to Get MDOP Technologies
 
 
-App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Got a suggestion for App-V?
 
diff --git a/mdop/appv-v5/about-app-v-50-sp2.md b/mdop/appv-v5/about-app-v-50-sp2.md
index 22d8bd0187..a5362bac7d 100644
--- a/mdop/appv-v5/about-app-v-50-sp2.md
+++ b/mdop/appv-v5/about-app-v-50-sp2.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # About App-V 5.0 SP2
 
 
-App-V 5.0 SP2 provides an improved integrated platform, more flexible virtualization, and powerful management for virtualized applications. For more information see, [App-V 5.0 Overview](http://go.microsoft.com/fwlink/p/?LinkId=325265) (http://go.microsoft.com/fwlink/?LinkId=325265).
+App-V 5.0 SP2 provides an improved integrated platform, more flexible virtualization, and powerful management for virtualized applications. For more information see, [App-V 5.0 Overview](https://go.microsoft.com/fwlink/p/?LinkId=325265) (https://go.microsoft.com/fwlink/?LinkId=325265).
 
 ## Changes in Standard App-V 5.0 SP2 Functionality
 
@@ -101,7 +101,7 @@ This document focuses on creating a Microsoft Office 2013 App-V 5.0 Package. How
 
 In previous versions of App-V 5.0 the Client Management User Interface (UI) was provided with the App-V 5.0 Client installation. With App-V 5.0 SP2 this is no longer the case. Administrators now have the option to deploy the App-V 5.0 Client UI as a Virtual Application (using all supported App-V deployment configurations) or as an installed application.
 
-For more information see [Microsoft Application Virtualization 5.0 Client UI Application](http://go.microsoft.com/fwlink/p/?LinkId=386345) (http://go.microsoft.com/fwlink/?LinkId=386345).
+For more information see [Microsoft Application Virtualization 5.0 Client UI Application](https://go.microsoft.com/fwlink/p/?LinkId=386345) (https://go.microsoft.com/fwlink/?LinkId=386345).
 
 ### Side-by-Side (SxS) Assembly Automatic Packaging and Deployment
 
@@ -157,7 +157,7 @@ App-V 5.0 SP2 provides updated documentation for the following scenarios:
 ## How to Get MDOP Technologies
 
 
-App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Got a suggestion for App-V?
 
diff --git a/mdop/appv-v5/about-app-v-50-sp3.md b/mdop/appv-v5/about-app-v-50-sp3.md
index 23f370c5a5..aeca744a26 100644
--- a/mdop/appv-v5/about-app-v-50-sp3.md
+++ b/mdop/appv-v5/about-app-v-50-sp3.md
@@ -816,7 +816,7 @@ Client-Catalog Client-Integration Client-Orchestration Client-PackageConfig Clie
 ## How to Get MDOP Technologies
 
 
-App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049).
+App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Got a suggestion for App-V?
 
diff --git a/mdop/appv-v5/about-app-v-50.md b/mdop/appv-v5/about-app-v-50.md
index a015d9082d..af2eb38ec2 100644
--- a/mdop/appv-v5/about-app-v-50.md
+++ b/mdop/appv-v5/about-app-v-50.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # About App-V 5.0
 
 
-App-V 5.0 provides an improved integrated platform, more flexible virtualization, and powerful management for virtualized applications. For more information see the [App-V 5.0 Overview](http://go.microsoft.com/fwlink/?LinkId=325265) (http://go.microsoft.com/fwlink/?LinkId=325265).
+App-V 5.0 provides an improved integrated platform, more flexible virtualization, and powerful management for virtualized applications. For more information see the [App-V 5.0 Overview](https://go.microsoft.com/fwlink/?LinkId=325265) (https://go.microsoft.com/fwlink/?LinkId=325265).
 
 ## <a href="" id="what-s-new-"></a>What’s new?
 
@@ -87,7 +87,7 @@ The following table displays some of the differences between App-V 4.6 and App-V
 ## How to Get MDOP Technologies
 
 
-App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+App-V 5.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Got a suggestion for App-V?
 
diff --git a/mdop/appv-v5/about-app-v-51-reporting.md b/mdop/appv-v5/about-app-v-51-reporting.md
index d225aab003..38584df2af 100644
--- a/mdop/appv-v5/about-app-v-51-reporting.md
+++ b/mdop/appv-v5/about-app-v-51-reporting.md
@@ -32,7 +32,7 @@ The following list displays the end–to-end high-level workflow for reporting i
 
 2.  Install the App-V 5.1 reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](how-to-install-the-reporting-server-on-a-standalone-computer-and-connect-it-to-the-database51.md). Configure the time when the computer running the App-V 5.1 client should send data to the reporting server.
 
-3.  If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at <http://go.microsoft.com/fwlink/?LinkId=397255>.
+3.  If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at <https://go.microsoft.com/fwlink/?LinkId=397255>.
 
     **Note**  
     If you are using the Configuration Manager integration with App-V 5.1, most reports are generated from Configuration Manager rather than from App-V 5.1.
@@ -287,7 +287,7 @@ To retrieve report information and create reports using App-V 5.1 you must use o
 
 -   **Microsoft SQL Server Reporting Services (SSRS)** - Microsoft SQL Server Reporting Services is available with Microsoft SQL Server. SSRS is not installed when you install the App-V 5.1 reporting server. It must be deployed separately to generate the associated reports.
 
-    Use the following link for more information about using [Microsoft SQL Server Reporting Services](http://go.microsoft.com/fwlink/?LinkId=285596).
+    Use the following link for more information about using [Microsoft SQL Server Reporting Services](https://go.microsoft.com/fwlink/?LinkId=285596).
 
 -   **Scripting** – You can generate reports by scripting directly against the App-V 5.1 reporting database. For example:
 
@@ -295,7 +295,7 @@ To retrieve report information and create reports using App-V 5.1 you must use o
 
     **spProcessClientReport** is scheduled to run at midnight or 12:00 AM.
 
-    To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=287045).
+    To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=287045).
 
     The stored procedure is also created when using the App-V 5.1 database scripts.
 
diff --git a/mdop/appv-v5/about-app-v-51.md b/mdop/appv-v5/about-app-v-51.md
index 54e14130c6..3e026b4e25 100644
--- a/mdop/appv-v5/about-app-v-51.md
+++ b/mdop/appv-v5/about-app-v-51.md
@@ -503,7 +503,7 @@ Previously, the 4.6 root folder was not recognized and could not be accessed by
 ## How to Get MDOP Technologies
 
 
-App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049).
+App-V is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Got a suggestion for App-V?
 
diff --git a/mdop/appv-v5/accessibility-for-app-v-50.md b/mdop/appv-v5/accessibility-for-app-v-50.md
index a58364ec78..364b488643 100644
--- a/mdop/appv-v5/accessibility-for-app-v-50.md
+++ b/mdop/appv-v5/accessibility-for-app-v-50.md
@@ -110,7 +110,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -132,7 +132,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For More Information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/appv-v5/accessibility-for-app-v-51.md b/mdop/appv-v5/accessibility-for-app-v-51.md
index 1d53ac7b5d..6dd47f7bf3 100644
--- a/mdop/appv-v5/accessibility-for-app-v-51.md
+++ b/mdop/appv-v5/accessibility-for-app-v-51.md
@@ -131,7 +131,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -153,7 +153,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For More Information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/appv-v5/app-v-50-prerequisites.md b/mdop/appv-v5/app-v-50-prerequisites.md
index 29c64a87d8..92befd0ba0 100644
--- a/mdop/appv-v5/app-v-50-prerequisites.md
+++ b/mdop/appv-v5/app-v-50-prerequisites.md
@@ -121,7 +121,7 @@ The following table lists the installation prerequisites for the App-V 5.0 clien
 <li><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) (http://www.microsoft.com/download/details.aspx?id=40784)</p>
 <p>This prerequisite is only required if you have installed Hotfix Package 4 for Application Virtualization 5.0 SP2 or later.</p>
 <p></p></li>
-<li><p>[The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (http://go.microsoft.com/fwlink/?LinkId=26999)</p>
+<li><p>[The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (https://go.microsoft.com/fwlink/?LinkId=26999)</p>
 <p></p></li>
 <li><p>[Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://www.microsoft.com/download/details.aspx?id=5638) (http://www.microsoft.com/download/details.aspx?id=5638)</p></li>
 </ul></li>
@@ -166,7 +166,7 @@ The following table lists the installation prerequisites for the App-V 5.0 Remot
 <div>
  
 </div></li>
-<li><p>Download and install [KB2533623](http://go.microsoft.com/fwlink/?LinkId=286102 ) (http://go.microsoft.com/fwlink/?LinkId=286102)</p>
+<li><p>Download and install [KB2533623](https://go.microsoft.com/fwlink/?LinkId=286102 ) (https://go.microsoft.com/fwlink/?LinkId=286102)</p>
 <p></p>
 <div class="alert">
 <strong>Important</strong>  
@@ -181,7 +181,7 @@ The following table lists the installation prerequisites for the App-V 5.0 Remot
 <li><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784) (http://www.microsoft.com/download/details.aspx?id=40784)</p>
 <p>This prerequisite is required only if you have installed Hotfix Package 4 for Application Virtualization 5.0 SP2 or later.</p>
 <p></p></li>
-<li><p>[The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (http://go.microsoft.com/fwlink/?LinkId=26999)</p>
+<li><p>[The Microsoft Visual C++ 2010 Redistributable](http://www.microsoft.com/download/details.aspx?id=26999) (https://go.microsoft.com/fwlink/?LinkId=26999)</p>
 <p></p></li>
 <li><p>[Microsoft Visual C++ 2005 SP1 Redistributable Package (x86)](http://www.microsoft.com/download/details.aspx?id=5638) (http://www.microsoft.com/download/details.aspx?id=5638)</p></li>
 </ul></li>
@@ -230,7 +230,7 @@ If the system requirements of a locally installed application exceed the require
 <p></p></li>
 <li><p>Download and install [KB2533623](http://support.microsoft.com/kb/2533623) (http://support.microsoft.com/kb/2533623)</p>
 <p></p></li>
-<li><p>For computers running Microsoft Windows Server 2008 R2 SP1, download and install [KB2533623](http://go.microsoft.com/fwlink/?LinkId=286102 ) (http://go.microsoft.com/fwlink/?LinkId=286102)</p>
+<li><p>For computers running Microsoft Windows Server 2008 R2 SP1, download and install [KB2533623](https://go.microsoft.com/fwlink/?LinkId=286102 ) (https://go.microsoft.com/fwlink/?LinkId=286102)</p>
 <p></p>
 <div class="alert">
 <strong>Important</strong>  
@@ -313,7 +313,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
  
 </div></li>
 <li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x64)](http://www.microsoft.com/download/details.aspx?id=13523) (http://www.microsoft.com/download/details.aspx?id=13523)</p></li>
-<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110) (http://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
+<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110) (https://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
 <li><p>64-bit ASP.NET registration</p></li>
 </ul>
 <p>The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 management server.</p>
@@ -345,7 +345,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 </div>
 <ul>
 <li><p>[Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)</p></li>
-<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110)(http://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
+<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
 </ul>
 <p>The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 management database.</p>
 <ul>
@@ -354,14 +354,14 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 <li><p>Custom App-V 5.0 database name (if applicable) – you must specify a unique database name. The default value for the management database is <strong>AppVManagement</strong>.</p></li>
 <li><p>App-V 5.0 management server location – specifies the machine account on which the management server is deployed. This should be specified in the following format <strong>Domain\MachineAccount</strong>.</p></li>
 <li><p>App-V 5.0 management server installation administrator - specifies the account that will be used to install the App-V 5.0 management server. You should use the following format: <strong>Domain\AdministratorLoginName</strong>.</p></li>
-<li><p>Microsoft SQL Server Service Agent - configure the computer running the App-V 5.0 Management Database so that Microsoft SQL Server Agent service is restarted automatically. For more information see [Configure SQL Server Agent to Restart Services Automatically](http://go.microsoft.com/fwlink/?LinkId=273725) (http://go.microsoft.com/fwlink/?LinkId=273725).</p></li>
+<li><p>Microsoft SQL Server Service Agent - configure the computer running the App-V 5.0 Management Database so that Microsoft SQL Server Agent service is restarted automatically. For more information see [Configure SQL Server Agent to Restart Services Automatically](https://go.microsoft.com/fwlink/?LinkId=273725) (https://go.microsoft.com/fwlink/?LinkId=273725).</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Reporting Server</strong></p></td>
 <td align="left"><ul>
 <li><p>[Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)</p></li>
-<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110)(http://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
+<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
 <li><div class="alert">
 <strong>Note</strong>  
 <p>To help reduce the risk of unwanted or malicious data being sent to the reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.</p>
@@ -388,7 +388,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 </div>
 <ul>
 <li><p>[Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)</p></li>
-<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110)(http://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
+<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
 </ul>
 <p>The App-V 5.0 server components are dependent but they have varying requirements and installation options that must be deployed. Use the following information to prepare your environment to run the App-V 5.0 reporting database.</p>
 <ul>
@@ -404,7 +404,7 @@ The installation of the App-V 5.0 server on a computer that runs any previous ve
 <td align="left"><p><strong>Publishing Server</strong></p></td>
 <td align="left"><ul>
 <li><p>[Microsoft .NET Framework 4 (Full Package)](http://www.microsoft.com/download/details.aspx?id=17718) (http://www.microsoft.com/download/details.aspx?id=17718)</p></li>
-<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](http://go.microsoft.com/fwlink/?LinkId=267110)(http://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
+<li><p>[Microsoft Visual C++ 2010 SP1 Redistributable Package (x86)](https://go.microsoft.com/fwlink/?LinkId=267110)(https://go.microsoft.com/fwlink/?LinkId=267110)</p></li>
 <li><p>Windows Web Server with the IIS role with the following features: <strong>Common HTTP Features</strong> (static content and default document), <strong>Application Development</strong> (ASP.NET, .NET Extensibility, ISAPI Extensions and ISAPI Filters), <strong>Security</strong> (Windows Authentication, Request Filtering), <strong>Security</strong> (Windows Authentication, Request Filtering), <strong>Management Tools</strong> (IIS Management Console)</p></li>
 <li><p>64-bit ASP.NET registration</p></li>
 </ul>
diff --git a/mdop/appv-v5/app-v-50-security-considerations.md b/mdop/appv-v5/app-v-50-security-considerations.md
index 80465b3f69..3ab2c1e27b 100644
--- a/mdop/appv-v5/app-v-50-security-considerations.md
+++ b/mdop/appv-v5/app-v-50-security-considerations.md
@@ -32,9 +32,9 @@ Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that wa
 
 **Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V 5.0 server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V 5.0 servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
 
-**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V 5.0, subscribe to the Security Notification service (<http://go.microsoft.com/fwlink/p/?LinkId=28819>).
+**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V 5.0, subscribe to the Security Notification service (<https://go.microsoft.com/fwlink/p/?LinkId=28819>).
 
-**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V 5.0 and App-V 5.0 administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<http://go.microsoft.com/fwlink/p/?LinkId=30009>).
+**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V 5.0 and App-V 5.0 administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<https://go.microsoft.com/fwlink/p/?LinkId=30009>).
 
 ## Accounts and groups in App-V 5.0
 
diff --git a/mdop/appv-v5/app-v-50-sp3-supported-configurations.md b/mdop/appv-v5/app-v-50-sp3-supported-configurations.md
index b8f5ab3ec8..d322d23b00 100644
--- a/mdop/appv-v5/app-v-50-sp3-supported-configurations.md
+++ b/mdop/appv-v5/app-v-50-sp3-supported-configurations.md
@@ -41,7 +41,7 @@ The App-V 5.0 SP3 Server does not support the following scenarios:
 The following table lists the operating systems that are supported for the App-V 5.0 SP3 Management server installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
 
  
 
diff --git a/mdop/appv-v5/app-v-50-supported-configurations.md b/mdop/appv-v5/app-v-50-supported-configurations.md
index 017bbdc6b2..5ccd534c4c 100644
--- a/mdop/appv-v5/app-v-50-supported-configurations.md
+++ b/mdop/appv-v5/app-v-50-supported-configurations.md
@@ -56,7 +56,7 @@ The App-V 5.0 server does not support the following scenarios:
 The following table lists the operating systems that are supported for the App-V 5.0 management server installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
@@ -117,7 +117,7 @@ Deployment of the management server role to a computer with Remote Desktop Shari
 The following table lists the operating systems that are supported for the App-V 5.0 publishing server installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
@@ -173,7 +173,7 @@ Microsoft provides support for the current service pack and, in some cases, the
 The following table lists the operating systems that are supported for the App-V 5.0 reporting server installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
@@ -281,7 +281,7 @@ The following table lists the SQL Server versions that are supported for the Ap
 The following table lists the operating systems that are supported for the App-V 5.0 client installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
@@ -350,7 +350,7 @@ The following list displays the supported hardware configuration for the App-V 5
 The following table lists the operating systems that are supported for App-V 5.0 Remote Desktop client installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
@@ -394,7 +394,7 @@ The following list displays the supported hardware configuration for the App-V 5
 The following table lists the operating systems that are supported for App-V 5.0 Sequencer installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/appv-v5/app-v-51-security-considerations.md b/mdop/appv-v5/app-v-51-security-considerations.md
index 0d4858a9e0..9601386069 100644
--- a/mdop/appv-v5/app-v-51-security-considerations.md
+++ b/mdop/appv-v5/app-v-51-security-considerations.md
@@ -32,9 +32,9 @@ Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that wa
 
 **Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V 5.1 server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V 5.1 servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
 
-**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V 5.1, subscribe to the Security Notification service (<http://go.microsoft.com/fwlink/p/?LinkId=28819>).
+**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V 5.1, subscribe to the Security Notification service (<https://go.microsoft.com/fwlink/p/?LinkId=28819>).
 
-**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V 5.1 and App-V 5.1 administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<http://go.microsoft.com/fwlink/p/?LinkId=30009>).
+**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V 5.1 and App-V 5.1 administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<https://go.microsoft.com/fwlink/p/?LinkId=30009>).
 
 ## Accounts and groups in App-V 5.1
 
diff --git a/mdop/appv-v5/app-v-51-supported-configurations.md b/mdop/appv-v5/app-v-51-supported-configurations.md
index e577b07048..9c74ff17a6 100644
--- a/mdop/appv-v5/app-v-51-supported-configurations.md
+++ b/mdop/appv-v5/app-v-51-supported-configurations.md
@@ -39,7 +39,7 @@ The App-V 5.1 Server does not support the following scenarios:
 The following table lists the operating systems that are supported for the App-V 5.1 Management server installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). See [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976) for more information.
 
  
 
diff --git a/mdop/appv-v5/application-publishing-and-client-interaction.md b/mdop/appv-v5/application-publishing-and-client-interaction.md
index 116dc7fb5b..8d791d1880 100644
--- a/mdop/appv-v5/application-publishing-and-client-interaction.md
+++ b/mdop/appv-v5/application-publishing-and-client-interaction.md
@@ -247,7 +247,7 @@ To change the default location of the package store during setup, see [How to De
 
 ### Shared Content Store
 
-If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information on shared content store mode, see <http://go.microsoft.com/fwlink/p/?LinkId=392750>.
+If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information on shared content store mode, see <https://go.microsoft.com/fwlink/p/?LinkId=392750>.
 
 **Note**  
 The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client.
@@ -589,9 +589,9 @@ App-V packages can be configured with a primary feature block during sequencing.
 
 After the initial stream of any publishing data and the primary feature block, requests for additional files perform stream faults. These blocks of data are downloaded to the package store on an as-needed basis. This allows a user to download only a small part of the package, typically enough to launch the package and run normal tasks. All other blocks are downloaded when a user initiates an operation that requires data not currently in the package store.
 
-For more information on App-V Package streaming visit: <http://go.microsoft.com/fwlink/?LinkId=392770>.
+For more information on App-V Package streaming visit: <https://go.microsoft.com/fwlink/?LinkId=392770>.
 
-Sequencing for streaming optimization is available at: <http://go.microsoft.com/fwlink/?LinkId=392771>.
+Sequencing for streaming optimization is available at: <https://go.microsoft.com/fwlink/?LinkId=392771>.
 
 ### Package upgrades
 
@@ -803,7 +803,7 @@ This process will re-create both the local and network locations for AppData and
 
 In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers via the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of PowerShell commands initiated on the computer running the App-V Client.
 
-This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012 visit: <http://go.microsoft.com/fwlink/?LinkId=392773>.
+This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012 visit: <https://go.microsoft.com/fwlink/?LinkId=392773>.
 
 The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured during setup of the client or post-setup with PowerShell commands. See the How to Deploy the Client section on TechNet at: [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-gb18030.md) or utilize the PowerShell:
 
@@ -1311,7 +1311,7 @@ The App-V Client supports publishing applications with support for COM integrati
 
 App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and in-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes off, Isolated, and Integrated. The integrated mode is configured for either the out-of-process or in-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (deploymentconfig.xml or userconfig.xml).
 
-Details on App-V integration are available at: <http://go.microsoft.com/fwlink/?LinkId=392834>.
+Details on App-V integration are available at: <https://go.microsoft.com/fwlink/?LinkId=392834>.
 
 ### Software clients and application capabilities
 
@@ -1380,7 +1380,7 @@ For situations where there is more than one application that could register the
 
 The AppPath extension point supports calling App-V applications directly from the operating system. This is typically accomplished from the Run or Start Screen, depending on the operating system, which enables administrators to provide access to App-V applications from operating system commands or scripts without calling the specific path to the executable. It therefore avoids modifying the system path environment variable on all systems, as it is accomplished during publishing.
 
-The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: <http://go.microsoft.com/fwlink/?LinkId=392835>.
+The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: <https://go.microsoft.com/fwlink/?LinkId=392835>.
 
 ### Virtual application
 
@@ -1502,7 +1502,7 @@ App-V Packages contain the Manifest file inside of the appv package file, which
 
 ### Example for dynamic configuration files
 
-The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information review the App-V 5 Sequencing Guide at: <http://go.microsoft.com/fwlink/?LinkID=269810>
+The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information review the App-V 5 Sequencing Guide at: <https://go.microsoft.com/fwlink/?LinkID=269810>
 
 **Manifest**
 
diff --git a/mdop/appv-v5/application-publishing-and-client-interaction51.md b/mdop/appv-v5/application-publishing-and-client-interaction51.md
index 0754f6a1d8..47c268f62b 100644
--- a/mdop/appv-v5/application-publishing-and-client-interaction51.md
+++ b/mdop/appv-v5/application-publishing-and-client-interaction51.md
@@ -92,7 +92,7 @@ The Sequencer creates App-V packages and produces a virtualized application. The
 
  
 
-For information about sequencing, see [Application Virtualization Sequencing Guide](http://go.microsoft.com/fwlink/?LinkID=269810).
+For information about sequencing, see [Application Virtualization Sequencing Guide](https://go.microsoft.com/fwlink/?LinkID=269810).
 
 ## <a href="" id="bkmk-appv-file-contents"></a>What’s in the appv file?
 
@@ -247,7 +247,7 @@ To change the default location of the package store during setup, see [How to De
 
 ### Shared Content Store
 
-If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information on shared content store mode, see <http://go.microsoft.com/fwlink/p/?LinkId=392750>.
+If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information on shared content store mode, see <https://go.microsoft.com/fwlink/p/?LinkId=392750>.
 
 **Note**  
 The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client.
@@ -589,9 +589,9 @@ App-V packages can be configured with a primary feature block during sequencing.
 
 After the initial stream of any publishing data and the primary feature block, requests for additional files perform stream faults. These blocks of data are downloaded to the package store on an as-needed basis. This allows a user to download only a small part of the package, typically enough to launch the package and run normal tasks. All other blocks are downloaded when a user initiates an operation that requires data not currently in the package store.
 
-For more information on App-V Package streaming visit: <http://go.microsoft.com/fwlink/?LinkId=392770>.
+For more information on App-V Package streaming visit: <https://go.microsoft.com/fwlink/?LinkId=392770>.
 
-Sequencing for streaming optimization is available at: <http://go.microsoft.com/fwlink/?LinkId=392771>.
+Sequencing for streaming optimization is available at: <https://go.microsoft.com/fwlink/?LinkId=392771>.
 
 ### Package upgrades
 
@@ -803,7 +803,7 @@ This process will re-create both the local and network locations for AppData and
 
 In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers via the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of PowerShell commands initiated on the computer running the App-V Client.
 
-This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012 visit: <http://go.microsoft.com/fwlink/?LinkId=392773>.
+This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012 visit: <https://go.microsoft.com/fwlink/?LinkId=392773>.
 
 The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured during setup of the client or post-setup with PowerShell commands. See the How to Deploy the Client section on TechNet at: [How to Deploy the App-V Client](how-to-deploy-the-app-v-client-51gb18030.md) or utilize the PowerShell:
 
@@ -1311,7 +1311,7 @@ The App-V Client supports publishing applications with support for COM integrati
 
 App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and in-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes off, Isolated, and Integrated. The integrated mode is configured for either the out-of-process or in-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (deploymentconfig.xml or userconfig.xml).
 
-Details on App-V integration are available at: <http://go.microsoft.com/fwlink/?LinkId=392834>.
+Details on App-V integration are available at: <https://go.microsoft.com/fwlink/?LinkId=392834>.
 
 ### Software clients and application capabilities
 
@@ -1380,7 +1380,7 @@ For situations where there is more than one application that could register the
 
 The AppPath extension point supports calling App-V applications directly from the operating system. This is typically accomplished from the Run or Start Screen, depending on the operating system, which enables administrators to provide access to App-V applications from operating system commands or scripts without calling the specific path to the executable. It therefore avoids modifying the system path environment variable on all systems, as it is accomplished during publishing.
 
-The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: <http://go.microsoft.com/fwlink/?LinkId=392835>.
+The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: <https://go.microsoft.com/fwlink/?LinkId=392835>.
 
 ### Virtual application
 
@@ -1502,7 +1502,7 @@ App-V Packages contain the Manifest file inside of the appv package file, which
 
 ### Example for dynamic configuration files
 
-The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information review the App-V 5 Sequencing Guide at: <http://go.microsoft.com/fwlink/?LinkID=269810>
+The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information review the App-V 5 Sequencing Guide at: <https://go.microsoft.com/fwlink/?LinkID=269810>
 
 **Manifest**
 
diff --git a/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md b/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md
index 90f6a35518..b587a6d203 100644
--- a/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md
+++ b/mdop/appv-v5/deploying-app-v-50-packages-by-using-electronic-software-distribution--esd-.md
@@ -15,7 +15,7 @@ ms.prod: w10
 
 You can deploy App-V 5.0 packages using an Electronic Software Distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to Deploy App-V 5.0 with an Electronic Software Distribution System](planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md).
 
-To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816)
+To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816)
 
 ## How to deploy virtualized packages using an ESD
 
@@ -39,7 +39,7 @@ Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-micros
 ## Other resources for using an ESD and App-V 5.0
 
 
-Use the following link for more information about [App-V and Citrix Integration](http://go.microsoft.com/fwlink/?LinkId=330294 ) (http://go.microsoft.com/fwlink/?LinkId=330294).
+Use the following link for more information about [App-V and Citrix Integration](https://go.microsoft.com/fwlink/?LinkId=330294 ) (https://go.microsoft.com/fwlink/?LinkId=330294).
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
diff --git a/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md b/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md
index 1e8db3d31a..2b24f5e756 100644
--- a/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md
+++ b/mdop/appv-v5/deploying-app-v-51-packages-by-using-electronic-software-distribution--esd-.md
@@ -15,7 +15,7 @@ ms.prod: w10
 
 You can deploy App-V 5.1 packages using an Electronic Software Distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to Deploy App-V 5.1 with an Electronic Software Distribution System](planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md).
 
-To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816)
+To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816)
 
 ## How to deploy virtualized packages using an ESD
 
@@ -39,7 +39,7 @@ Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-micros
 ## Other resources for using an ESD and App-V 5.1
 
 
-Use the following link for more information about [App-V and Citrix Integration](http://go.microsoft.com/fwlink/?LinkId=330294 ) (http://go.microsoft.com/fwlink/?LinkId=330294).
+Use the following link for more information about [App-V and Citrix Integration](https://go.microsoft.com/fwlink/?LinkId=330294 ) (https://go.microsoft.com/fwlink/?LinkId=330294).
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
diff --git a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md
index 17fcf783cc..eec1bd9312 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v.md
@@ -73,16 +73,16 @@ The following table shows the App-V versions, methods of Office package creation
 
 Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V 5.0. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V 5.0, refer to the following link for detailed instructions:
 
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
 
 ## Creating Office 2010 App-V 5.0 packages using package accelerators
 
 
 Office 2010 App-V 5.0 packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 8 and Windows 7. To create Office 2010 packages on App-V using Package accelerators, refer to the following pages to access the appropriate package accelerator:
 
--   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](http://go.microsoft.com/fwlink/p/?LinkId=330677)
+-   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://go.microsoft.com/fwlink/p/?LinkId=330677)
 
--   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](http://go.microsoft.com/fwlink/p/?LinkId=330678)
+-   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=330678)
 
 For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator.md).
 
@@ -178,7 +178,7 @@ The following table provides a full list of supported integration points for Off
 </tr>
 <tr class="even">
 <td align="left"><p>Active X Controls:</p></td>
-<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
+<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
@@ -276,19 +276,19 @@ The following table provides a full list of supported integration points for Off
 
 **Office 2013 App-V 5.0 Packages 5.0 Additional Resources**
 
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
 
 **Office 2010 App-V 5.0 Packages**
 
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681)
 
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682)
 
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
 
 **Connection Groups**
 
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
+[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
 
 [Managing Connection Groups](managing-connection-groups.md)
 
diff --git a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md
index 8423b1637e..e48ac4f848 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2010-by-using-app-v51.md
@@ -74,16 +74,16 @@ The following table shows the App-V versions, methods of Office package creation
 
 Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V 5.1. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V 5.1, refer to the following link for detailed instructions:
 
-[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
 
 ## Creating Office 2010 App-V 5.1 packages using package accelerators
 
 
 Office 2010 App-V 5.1 packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8 and Windows 7. To create Office 2010 packages on App-V using Package accelerators, refer to the following pages to access the appropriate package accelerator:
 
--   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](http://go.microsoft.com/fwlink/p/?LinkId=330677)
+-   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://go.microsoft.com/fwlink/p/?LinkId=330677)
 
--   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](http://go.microsoft.com/fwlink/p/?LinkId=330678)
+-   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=330678)
 
 For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](how-to-create-a-virtual-application-package-using-an-app-v-package-accelerator51.md).
 
@@ -179,7 +179,7 @@ The following table provides a full list of supported integration points for Off
 </tr>
 <tr class="even">
 <td align="left"><p>Active X Controls:</p></td>
-<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
+<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
@@ -277,19 +277,19 @@ The following table provides a full list of supported integration points for Off
 
 **Office 2013 App-V Packages Additional Resources**
 
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
 
 **Office 2010 App-V Packages**
 
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681)
 
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682)
 
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
 
 **Connection Groups**
 
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
+[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
 
 [Managing Connection Groups](managing-connection-groups51.md)
 
diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
index d6f50efe56..a0615d5921 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
@@ -859,21 +859,21 @@ The following table describes the requirements and options for deploying Visio 2
 
 **Office 2013 App-V 5.0 Packages 5.0 Additional Resources**
 
-[Office Deployment Tool for Click-to-Run](http://go.microsoft.com/fwlink/p/?LinkID=330672)
+[Office Deployment Tool for Click-to-Run](https://go.microsoft.com/fwlink/p/?LinkID=330672)
 
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
 
 **Office 2010 App-V 5.0 Packages**
 
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681)
 
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682)
 
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
 
 **Connection Groups**
 
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
+[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
 
 [Managing Connection Groups](managing-connection-groups.md)
 
diff --git a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
index 4004b3a502..cc8b0e0899 100644
--- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
@@ -859,21 +859,21 @@ The following table describes the requirements and options for deploying Visio 2
 
 **Office 2013 App-V Packages Additional Resources**
 
-[Office Deployment Tool for Click-to-Run](http://go.microsoft.com/fwlink/p/?LinkID=330672)
+[Office Deployment Tool for Click-to-Run](https://go.microsoft.com/fwlink/p/?LinkID=330672)
 
-[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](http://go.microsoft.com/fwlink/p/?LinkId=330680)
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://go.microsoft.com/fwlink/p/?LinkId=330680)
 
 **Office 2010 App-V Packages**
 
-[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330681)
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330681)
 
-[Known issues when you create or use an App-V 5.0 Office 2010 package](http://go.microsoft.com/fwlink/p/?LinkId=330682)
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://go.microsoft.com/fwlink/p/?LinkId=330682)
 
-[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://go.microsoft.com/fwlink/p/?LinkId=330676)
+[How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://go.microsoft.com/fwlink/p/?LinkId=330676)
 
 **Connection Groups**
 
-[Deploying Connection Groups in Microsoft App-V v5](http://go.microsoft.com/fwlink/p/?LinkId=330683)
+[Deploying Connection Groups in Microsoft App-V v5](https://go.microsoft.com/fwlink/p/?LinkId=330683)
 
 [Managing Connection Groups](managing-connection-groups51.md)
 
diff --git a/mdop/appv-v5/getting-started-with-app-v-50--rtm.md b/mdop/appv-v5/getting-started-with-app-v-50--rtm.md
index 3840ca02e8..368114618a 100644
--- a/mdop/appv-v5/getting-started-with-app-v-50--rtm.md
+++ b/mdop/appv-v5/getting-started-with-app-v-50--rtm.md
@@ -78,10 +78,10 @@ App-V consists of the following elements:
 
 For more information about these elements, see [High Level Architecture for App-V 5.0](high-level-architecture-for-app-v-50.md).
 
-If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <http://go.microsoft.com/fwlink/p/?LinkId=80347>.
+If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <https://go.microsoft.com/fwlink/p/?LinkId=80347>.
 
 **Note**  
-A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <http://go.microsoft.com/fwlink/?LinkId=272491> (http://go.microsoft.com/fwlink/?LinkId=272491).
+A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <https://go.microsoft.com/fwlink/?LinkId=272491> (https://go.microsoft.com/fwlink/?LinkId=272491).
 
  
 
diff --git a/mdop/appv-v5/getting-started-with-app-v-51.md b/mdop/appv-v5/getting-started-with-app-v-51.md
index a52ed5a6af..345a6d90cc 100644
--- a/mdop/appv-v5/getting-started-with-app-v-51.md
+++ b/mdop/appv-v5/getting-started-with-app-v-51.md
@@ -78,10 +78,10 @@ App-V consists of the following elements:
 
 For more information about these elements, see [High Level Architecture for App-V 5.1](high-level-architecture-for-app-v-51.md).
 
-If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <http://go.microsoft.com/fwlink/p/?LinkId=80347>.
+If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <https://go.microsoft.com/fwlink/p/?LinkId=80347>.
 
 **Note**  
-A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <http://go.microsoft.com/fwlink/?LinkId=272491> (http://go.microsoft.com/fwlink/?LinkId=272491).
+A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <https://go.microsoft.com/fwlink/?LinkId=272491> (https://go.microsoft.com/fwlink/?LinkId=272491).
 
  
 
diff --git a/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md b/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md
index 0c26992a88..e173b618dd 100644
--- a/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md
+++ b/mdop/appv-v5/how-to-deploy-app-v-50-packages-using-electronic-software-distribution.md
@@ -56,7 +56,7 @@ Use one of the following methods to publish packages to App-V client computers w
 
 3.  After you create the virtual application, deploy the package by using your ESD solution.
 
-    If you are using System Center Configuration Manager, start by reviewing [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816) for information about using App-V 5.0 and System Center 2012 Configuration Manager.
+    If you are using System Center Configuration Manager, start by reviewing [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816) for information about using App-V 5.0 and System Center 2012 Configuration Manager.
 
     **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issu**e? Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
diff --git a/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md b/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md
index 57d35ae0fd..8dc2d96f99 100644
--- a/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md
+++ b/mdop/appv-v5/how-to-deploy-app-v-51-packages-using-electronic-software-distribution.md
@@ -56,7 +56,7 @@ Use one of the following methods to publish packages to App-V client computers w
 
 3.  After you create the virtual application, deploy the package by using your ESD solution.
 
-    If you are using System Center Configuration Manager, start by reviewing [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816) for information about using App-V 5.1 and System Center 2012 Configuration Manager.
+    If you are using System Center Configuration Manager, start by reviewing [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816) for information about using App-V 5.1 and System Center 2012 Configuration Manager.
 
     **Got a suggestion for App-V**? Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization). **Got an App-V issue?** Use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/home?forum=mdopappv).
 
diff --git a/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md b/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md
index 665ed2cb64..a457bb620d 100644
--- a/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md
+++ b/mdop/appv-v5/how-to-install-the-app-v-50-client-for-shared-content-store-mode.md
@@ -20,7 +20,7 @@ Before performing this procedure if necessary uninstall any existing version of
 
  
 
-For more information about SCS mode, see [Shared Content Store in Microsoft App-V 5.0 – Behind the Scenes](http://go.microsoft.com/fwlink/?LinkId=316879) (http://go.microsoft.com/fwlink/?LinkId=316879).
+For more information about SCS mode, see [Shared Content Store in Microsoft App-V 5.0 – Behind the Scenes](https://go.microsoft.com/fwlink/?LinkId=316879) (https://go.microsoft.com/fwlink/?LinkId=316879).
 
 **Install and configure the App-V 5.0 client for SCS mode**
 
diff --git a/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md b/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md
index 5db3961fc1..a6ec22970a 100644
--- a/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md
+++ b/mdop/appv-v5/how-to-install-the-app-v-51-client-for-shared-content-store-mode.md
@@ -20,7 +20,7 @@ Before performing this procedure if necessary uninstall any existing version of
 
  
 
-For more information about SCS mode, see [Shared Content Store in Microsoft App-V 5.0 – Behind the Scenes](http://go.microsoft.com/fwlink/?LinkId=316879) (http://go.microsoft.com/fwlink/?LinkId=316879).
+For more information about SCS mode, see [Shared Content Store in Microsoft App-V 5.0 – Behind the Scenes](https://go.microsoft.com/fwlink/?LinkId=316879) (https://go.microsoft.com/fwlink/?LinkId=316879).
 
 **Install and configure the App-V 5.1 client for SCS mode**
 
diff --git a/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md b/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md
index 002ace03c3..64a701c578 100644
--- a/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-manage-app-v-50-packages-running-on-a-stand-alone-computer-by-using-powershell.md
@@ -168,7 +168,7 @@ Use the following information to remove a package from the computer.
 **Example**: Remove-AppvClientPackage “ContosoApplication”
 
 **Note**  
-App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](http://go.microsoft.com/fwlink/?LinkId=324466).
+App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://go.microsoft.com/fwlink/?LinkId=324466).
 
  
 
diff --git a/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md b/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md
index 045445d18b..e9326746d0 100644
--- a/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md
+++ b/mdop/appv-v5/how-to-manage-app-v-51-packages-running-on-a-stand-alone-computer-by-using-powershell.md
@@ -168,7 +168,7 @@ Use the following information to remove a package from the computer.
 **Example**: Remove-AppvClientPackage “ContosoApplication”
 
 **Note**  
-App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](http://go.microsoft.com/fwlink/?LinkId=324466).
+App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://go.microsoft.com/fwlink/?LinkId=324466).
 
  
 
diff --git a/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md b/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md
index 74d46be60b..daf5ce0ce1 100644
--- a/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md
+++ b/mdop/appv-v5/how-to-modify-app-v-50-client-configuration-using-the-admx-template-and-group-policy.md
@@ -20,7 +20,7 @@ Use the App-V 5.0 ADMX template to configure App-V 5.0 client settings using the
 1.  To modify the App-V 5.0 client configuration, locate the **ADMXTemplate** files that are available with App-V 5.0.
 
     **Note**  
-    Use the following link to download the App-V 5.0 **ADMX Templates**: <http://go.microsoft.com/fwlink/p/?LinkId=393941>.
+    Use the following link to download the App-V 5.0 **ADMX Templates**: <https://go.microsoft.com/fwlink/p/?LinkId=393941>.
 
      
 
diff --git a/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md b/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md
index 5b2fbda5e8..d52f3cb261 100644
--- a/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md
+++ b/mdop/appv-v5/how-to-modify-app-v-51-client-configuration-using-the-admx-template-and-group-policy.md
@@ -20,7 +20,7 @@ Use the Microsoft Application Virtualization (App-V) 5.1 ADMX template to config
 1.  To modify the App-V 5.1 client configuration, locate the **ADMXTemplate** files that are available with App-V 5.1.
 
     **Note**  
-    Use the following link to download the App-V 5.1 **ADMX Templates**: <http://go.microsoft.com/fwlink/p/?LinkId=393941>.
+    Use the following link to download the App-V 5.1 **ADMX Templates**: <https://go.microsoft.com/fwlink/p/?LinkId=393941>.
 
      
 
diff --git a/mdop/appv-v5/index.md b/mdop/appv-v5/index.md
index 595ae97ee5..32649ad47e 100644
--- a/mdop/appv-v5/index.md
+++ b/mdop/appv-v5/index.md
@@ -37,11 +37,11 @@ View updated product information and known issues for App-V 5.0 SP2.
 <a href="" id="release-notes-for-app-v-5-0"></a>[Release Notes for App-V 5.0](release-notes-for-app-v-50.md)  
 View updated product information and known issues for App-V 5.0.
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Got a suggestion for App-V?
 
diff --git a/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md b/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md
index 61dfa74130..bce39362ac 100644
--- a/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md
+++ b/mdop/appv-v5/migrating-from-a-previous-version-app-v-50.md
@@ -183,7 +183,7 @@ Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-micros
 
 [Operations for App-V 5.0](operations-for-app-v-50.md)
 
-[A simplified Microsoft App-V 5.1 Management Server upgrade procedure](http://go.microsoft.com/fwlink/p/?LinkId=786330)
+[A simplified Microsoft App-V 5.1 Management Server upgrade procedure](https://go.microsoft.com/fwlink/p/?LinkId=786330)
 
  
 
diff --git a/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md b/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md
index 9ebb64b839..66c6dbe443 100644
--- a/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md
+++ b/mdop/appv-v5/migrating-to-app-v-51-from-a-previous-version.md
@@ -319,7 +319,7 @@ Add or vote on suggestions [here](http://appv.uservoice.com/forums/280448-micros
 
 [Operations for App-V 5.1](operations-for-app-v-51.md)
 
-[A simplified Microsoft App-V 5.1 Management Server upgrade procedure](http://go.microsoft.com/fwlink/p/?LinkId=786330)
+[A simplified Microsoft App-V 5.1 Management Server upgrade procedure](https://go.microsoft.com/fwlink/p/?LinkId=786330)
 
  
 
diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md
index e2f3c105d7..7d40072283 100644
--- a/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md
+++ b/mdop/appv-v5/performance-guidance-for-application-virtualization-50.md
@@ -21,9 +21,9 @@ You should read and understand the following information before reading this doc
 
 -   [Microsoft Application Virtualization 5.0 Administrator's Guide](microsoft-application-virtualization-50-administrators-guide.md)
 
--   [App-V 5 SP2 Application Publishing and Client Interaction](http://go.microsoft.com/fwlink/?LinkId=395206)
+-   [App-V 5 SP2 Application Publishing and Client Interaction](https://go.microsoft.com/fwlink/?LinkId=395206)
 
--   [Microsoft Application Virtualization 5.0 Sequencing Guide](http://go.microsoft.com/fwlink/?LinkId=269953)
+-   [Microsoft Application Virtualization 5.0 Sequencing Guide](https://go.microsoft.com/fwlink/?LinkId=269953)
 
 **Note**  
 Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
diff --git a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md b/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md
index 00d873e79f..eae8fc5f75 100644
--- a/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md
+++ b/mdop/appv-v5/performance-guidance-for-application-virtualization-51.md
@@ -21,9 +21,9 @@ You should read and understand the following information before reading this doc
 
 -   [Microsoft Application Virtualization 5.1 Administrator's Guide](microsoft-application-virtualization-51-administrators-guide.md)
 
--   [App-V 5 SP2 Application Publishing and Client Interaction](http://go.microsoft.com/fwlink/?LinkId=395206)
+-   [App-V 5 SP2 Application Publishing and Client Interaction](https://go.microsoft.com/fwlink/?LinkId=395206)
 
--   [Microsoft Application Virtualization Sequencing Guide](http://go.microsoft.com/fwlink/?LinkId=269953)
+-   [Microsoft Application Virtualization Sequencing Guide](https://go.microsoft.com/fwlink/?LinkId=269953)
 
 **Note**  
 Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk **\*** review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
diff --git a/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md b/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md
index b3d640ca76..9926bf487d 100644
--- a/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md
+++ b/mdop/appv-v5/planning-for-high-availability-with-app-v-50.md
@@ -43,16 +43,16 @@ Review the following for more information about configuring IIS and Network Load
 
 -   Provides information about configuring Internet Information Services (IIS) 7.0.
 
-    [Achieving High Availability and Scalability - ARR and NLB](http://go.microsoft.com/fwlink/?LinkId=316369) (http://go.microsoft.com/fwlink/?LinkId=316369)
+    [Achieving High Availability and Scalability - ARR and NLB](https://go.microsoft.com/fwlink/?LinkId=316369) (https://go.microsoft.com/fwlink/?LinkId=316369)
 
 -   Configuring Microsoft Windows Server
 
-    [Network Load Balancing](http://go.microsoft.com/fwlink/?LinkId=316370) (http://go.microsoft.com/fwlink/?LinkId=316370).
+    [Network Load Balancing](https://go.microsoft.com/fwlink/?LinkId=316370) (https://go.microsoft.com/fwlink/?LinkId=316370).
 
     This information also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012.
 
     **Note**  
-    The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](http://go.microsoft.com/fwlink/?LinkId=316371) (http://go.microsoft.com/fwlink/?LinkId=316371).
+    The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](https://go.microsoft.com/fwlink/?LinkId=316371) (https://go.microsoft.com/fwlink/?LinkId=316371).
 
      
 
@@ -77,9 +77,9 @@ The following steps can be used to validate the configuration:
 
 Review the following for more information about configuring Windows Server Failover clusters:
 
--   [Checklist: Create a Clustered File Server](http://go.microsoft.com/fwlink/?LinkId=316372) (http://go.microsoft.com/fwlink/?LinkId=316372).
+-   [Checklist: Create a Clustered File Server](https://go.microsoft.com/fwlink/?LinkId=316372) (https://go.microsoft.com/fwlink/?LinkId=316372).
 
--   [Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster](http://go.microsoft.com/fwlink/?LinkId=316373) (http://go.microsoft.com/fwlink/?LinkId=316373).
+-   [Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster](https://go.microsoft.com/fwlink/?LinkId=316373) (https://go.microsoft.com/fwlink/?LinkId=316373).
 
 ## <a href="" id="bkmk-sqlmirroring"></a>Support for Microsoft SQL Server Mirroring
 
@@ -88,9 +88,9 @@ Using Microsoft SQL Server mirroring, where the App-V 5.0 management server data
 
 Review the following for more information about configuring Microsoft SQL Server Mirroring:
 
--   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](http://go.microsoft.com/fwlink/?LinkId=316375) (http://go.microsoft.com/fwlink/?LinkId=316375)
+-   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=316375) (https://go.microsoft.com/fwlink/?LinkId=316375)
 
--   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=316377) (http://go.microsoft.com/fwlink/?LinkId=316377)
+-   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=316377) (https://go.microsoft.com/fwlink/?LinkId=316377)
 
 The following steps can be used to validate the configuration:
 
@@ -124,13 +124,13 @@ This topic describes how to change the Windows registry by using Registry Editor
 
 Click any of the following links for more information:
 
--   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](http://go.microsoft.com/fwlink/?LinkId=394235) (http://go.microsoft.com/fwlink/?LinkId=394235).
+-   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=394235) (https://go.microsoft.com/fwlink/?LinkId=394235).
 
--   [How to: Configure a Database Mirroring Session (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=394236) (http://go.microsoft.com/fwlink/?LinkId=394236).
+-   [How to: Configure a Database Mirroring Session (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=394236) (https://go.microsoft.com/fwlink/?LinkId=394236).
 
--   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=394237) (http://go.microsoft.com/fwlink/?LinkId=394237).
+-   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=394237) (https://go.microsoft.com/fwlink/?LinkId=394237).
 
--   [Deprecated Database Engine Features in SQL Server 2012](http://go.microsoft.com/fwlink/?LinkId=394238) (http://go.microsoft.com/fwlink/?LinkId=394238).
+-   [Deprecated Database Engine Features in SQL Server 2012](https://go.microsoft.com/fwlink/?LinkId=394238) (https://go.microsoft.com/fwlink/?LinkId=394238).
 
 ## <a href="" id="bkmk-sqlalwayson"></a>Support for Microsoft SQL Server Always On configuration
 
diff --git a/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md b/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md
index 86d1ce0564..02824b3260 100644
--- a/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md
+++ b/mdop/appv-v5/planning-for-high-availability-with-app-v-51.md
@@ -43,16 +43,16 @@ Review the following for more information about configuring IIS and Network Load
 
 -   Provides information about configuring Internet Information Services (IIS) 7.0.
 
-    [Achieving High Availability and Scalability - ARR and NLB](http://go.microsoft.com/fwlink/?LinkId=316369) (http://go.microsoft.com/fwlink/?LinkId=316369)
+    [Achieving High Availability and Scalability - ARR and NLB](https://go.microsoft.com/fwlink/?LinkId=316369) (https://go.microsoft.com/fwlink/?LinkId=316369)
 
 -   Configuring Microsoft Windows Server
 
-    [Network Load Balancing](http://go.microsoft.com/fwlink/?LinkId=316370) (http://go.microsoft.com/fwlink/?LinkId=316370).
+    [Network Load Balancing](https://go.microsoft.com/fwlink/?LinkId=316370) (https://go.microsoft.com/fwlink/?LinkId=316370).
 
     This information also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012.
 
     **Note**  
-    The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](http://go.microsoft.com/fwlink/?LinkId=316371) (http://go.microsoft.com/fwlink/?LinkId=316371).
+    The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](https://go.microsoft.com/fwlink/?LinkId=316371) (https://go.microsoft.com/fwlink/?LinkId=316371).
 
      
 
@@ -77,9 +77,9 @@ The following steps can be used to validate the configuration:
 
 Review the following for more information about configuring Windows Server Failover clusters:
 
--   [Checklist: Create a Clustered File Server](http://go.microsoft.com/fwlink/?LinkId=316372) (http://go.microsoft.com/fwlink/?LinkId=316372).
+-   [Checklist: Create a Clustered File Server](https://go.microsoft.com/fwlink/?LinkId=316372) (https://go.microsoft.com/fwlink/?LinkId=316372).
 
--   [Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster](http://go.microsoft.com/fwlink/?LinkId=316373) (http://go.microsoft.com/fwlink/?LinkId=316373).
+-   [Use Cluster Shared Volumes in a Windows Server 2012 Failover Cluster](https://go.microsoft.com/fwlink/?LinkId=316373) (https://go.microsoft.com/fwlink/?LinkId=316373).
 
 ## <a href="" id="bkmk-sqlmirroring"></a>Support for Microsoft SQL Server Mirroring
 
@@ -88,9 +88,9 @@ Using Microsoft SQL Server mirroring, where the App-V 5.1 management server data
 
 Review the following for more information about configuring Microsoft SQL Server Mirroring:
 
--   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](http://go.microsoft.com/fwlink/?LinkId=316375) (http://go.microsoft.com/fwlink/?LinkId=316375)
+-   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=316375) (https://go.microsoft.com/fwlink/?LinkId=316375)
 
--   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=316377) (http://go.microsoft.com/fwlink/?LinkId=316377)
+-   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=316377) (https://go.microsoft.com/fwlink/?LinkId=316377)
 
 The following steps can be used to validate the configuration:
 
@@ -124,13 +124,13 @@ This topic describes how to change the Windows registry by using Registry Editor
 
 Click any of the following links for more information:
 
--   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](http://go.microsoft.com/fwlink/?LinkId=394235) (http://go.microsoft.com/fwlink/?LinkId=394235).
+-   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=394235) (https://go.microsoft.com/fwlink/?LinkId=394235).
 
--   [How to: Configure a Database Mirroring Session (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=394236) (http://go.microsoft.com/fwlink/?LinkId=394236).
+-   [How to: Configure a Database Mirroring Session (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=394236) (https://go.microsoft.com/fwlink/?LinkId=394236).
 
--   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=394237) (http://go.microsoft.com/fwlink/?LinkId=394237).
+-   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=394237) (https://go.microsoft.com/fwlink/?LinkId=394237).
 
--   [Deprecated Database Engine Features in SQL Server 2012](http://go.microsoft.com/fwlink/?LinkId=394238) (http://go.microsoft.com/fwlink/?LinkId=394238).
+-   [Deprecated Database Engine Features in SQL Server 2012](https://go.microsoft.com/fwlink/?LinkId=394238) (https://go.microsoft.com/fwlink/?LinkId=394238).
 
 ## <a href="" id="bkmk-sqlalwayson"></a>Support for Microsoft SQL Server Always On configuration
 
diff --git a/mdop/appv-v5/planning-for-using-app-v-with-office.md b/mdop/appv-v5/planning-for-using-app-v-with-office.md
index b1ffa81b34..477dfb7dd4 100644
--- a/mdop/appv-v5/planning-for-using-app-v-with-office.md
+++ b/mdop/appv-v5/planning-for-using-app-v-with-office.md
@@ -292,7 +292,7 @@ The Office 2013 App-V package supports the following integration points with the
 </tr>
 <tr class="even">
 <td align="left"><p>Active X Controls:</p></td>
-<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
+<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>   Groove.SiteClient</p></td>
diff --git a/mdop/appv-v5/planning-for-using-app-v-with-office51.md b/mdop/appv-v5/planning-for-using-app-v-with-office51.md
index 031528c7a8..c6edab05da 100644
--- a/mdop/appv-v5/planning-for-using-app-v-with-office51.md
+++ b/mdop/appv-v5/planning-for-using-app-v-with-office51.md
@@ -296,7 +296,7 @@ The Office 2013 App-V package supports the following integration points with the
 </tr>
 <tr class="even">
 <td align="left"><p>Active X Controls:</p></td>
-<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](http://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
+<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://go.microsoft.com/fwlink/p/?LinkId=331361).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>   Groove.SiteClient</p></td>
diff --git a/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md b/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md
index cad59aab8b..e5cdaf09d2 100644
--- a/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md
+++ b/mdop/appv-v5/planning-to-deploy-app-v-50-with-an-electronic-software-distribution-system.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Planning to Deploy App-V 5.0 with an Electronic Software Distribution System
 
 
-If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816).
+If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816).
 
 Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:
 
diff --git a/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md b/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md
index 63025c63a7..28262e158a 100644
--- a/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md
+++ b/mdop/appv-v5/planning-to-deploy-app-v-51-with-an-electronic-software-distribution-system.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Planning to Deploy App-V 5.1 with an Electronic Software Distribution System
 
 
-If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=281816).
+If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=281816).
 
 Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:
 
diff --git a/mdop/appv-v5/release-notes-for-app-v-50-sp1.md b/mdop/appv-v5/release-notes-for-app-v-50-sp1.md
index 5de0457e2e..6d617d34bd 100644
--- a/mdop/appv-v5/release-notes-for-app-v-50-sp1.md
+++ b/mdop/appv-v5/release-notes-for-app-v-50-sp1.md
@@ -34,9 +34,9 @@ This email address is not a support channel, but your feedback will help us to p
 
  
 
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Known Issues with App-V 5.0 SP1
 
diff --git a/mdop/appv-v5/release-notes-for-app-v-50-sp2.md b/mdop/appv-v5/release-notes-for-app-v-50-sp2.md
index f3f88d512f..98cda38565 100644
--- a/mdop/appv-v5/release-notes-for-app-v-50-sp2.md
+++ b/mdop/appv-v5/release-notes-for-app-v-50-sp2.md
@@ -34,9 +34,9 @@ This email address is not a support channel, but your feedback will help us to p
 
  
 
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Known Issues with Hotfix Package 4 for Application Virtualization 5.0 SP2
 
@@ -125,7 +125,7 @@ The first time that end users start an application in the package after they log
 
 ### <a href="" id="-------------app-v-5-0-service-pack-2--app-v-5-0-sp2--does-not-include-a-new-version-of-the-app-v-server"></a> App-V 5.0 Service Pack 2 (App-V 5.0 SP2) does not include a new version of the App-V Server
 
-App-V 5.0 SP2 does not include a new version of the App-V Server. If you deploy App-V 5.0 SP2 clients running Windows 8.1 in your environment and plan to manage the clients using the App-V infrastructure, you must install [Hotfix Package 2 for Microsoft Application Virtualization 5.0 Service Pack 1](http://go.microsoft.com/fwlink/?LinkId=386634). (http://go.microsoft.com/fwlink/?LinkId=386634)
+App-V 5.0 SP2 does not include a new version of the App-V Server. If you deploy App-V 5.0 SP2 clients running Windows 8.1 in your environment and plan to manage the clients using the App-V infrastructure, you must install [Hotfix Package 2 for Microsoft Application Virtualization 5.0 Service Pack 1](https://go.microsoft.com/fwlink/?LinkId=386634). (https://go.microsoft.com/fwlink/?LinkId=386634)
 
 If you are running and managing App-V 5.0 SP2 clients using any of the following methods no client update is required:
 
diff --git a/mdop/appv-v5/release-notes-for-app-v-50.md b/mdop/appv-v5/release-notes-for-app-v-50.md
index 2df214ccdb..7ee8552e81 100644
--- a/mdop/appv-v5/release-notes-for-app-v-50.md
+++ b/mdop/appv-v5/release-notes-for-app-v-50.md
@@ -34,9 +34,9 @@ This email address is not a support channel, but your feedback will help us to p
 
  
 
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Known Issues with App-V 5.0
 
diff --git a/mdop/appv-v5/troubleshooting-app-v-50.md b/mdop/appv-v5/troubleshooting-app-v-50.md
index 8bffb9304f..9a76a66e8f 100644
--- a/mdop/appv-v5/troubleshooting-app-v-50.md
+++ b/mdop/appv-v5/troubleshooting-app-v-50.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Troubleshooting App-V 5.0
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to Find Troubleshooting Content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet Wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/appv-v5/troubleshooting-app-v-51.md b/mdop/appv-v5/troubleshooting-app-v-51.md
index 734f0b8ff5..b44a3b27b5 100644
--- a/mdop/appv-v5/troubleshooting-app-v-51.md
+++ b/mdop/appv-v5/troubleshooting-app-v-51.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Troubleshooting App-V 5.1
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to Find Troubleshooting Content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet Wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/dart-v10/about-dart-10.md b/mdop/dart-v10/about-dart-10.md
index 109f623a7a..0640700499 100644
--- a/mdop/dart-v10/about-dart-10.md
+++ b/mdop/dart-v10/about-dart-10.md
@@ -77,7 +77,7 @@ DaRT 10 is available in the following languages:
 ## How to Get MDOP Technologies
 
 
-DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/dart-v10/accessibility-for-dart-10.md b/mdop/dart-v10/accessibility-for-dart-10.md
index 7e3a6e4cc2..fd48e49ce5 100644
--- a/mdop/dart-v10/accessibility-for-dart-10.md
+++ b/mdop/dart-v10/accessibility-for-dart-10.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For more information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/dart-v10/creating-the-dart-10-recovery-image.md b/mdop/dart-v10/creating-the-dart-10-recovery-image.md
index 6ec9e53ef1..8256160e22 100644
--- a/mdop/dart-v10/creating-the-dart-10-recovery-image.md
+++ b/mdop/dart-v10/creating-the-dart-10-recovery-image.md
@@ -131,7 +131,7 @@ If you include the Crash Analyzer tool in the ISO image, you must also include t
 
 If you installed the Microsoft Windows Software Development Kit (SDK) or the Microsoft Windows Development Kit (WDK), the Windows 10 Debugging Tools are added to the recovery image by default, and the path to the Debugging Tools is automatically filled in. You can change the path of the Windows 10 Debugging Tools if the files are located somewhere other than the location indicated by the default file path. A link in the wizard lets you download and install debugging tools for Windows if they are not already installed.
 
-To download the Windows Debugging Tools, see [Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location.
+To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location.
 
 **Note**  
 The DaRT wizard checks for the tools in the `HKLM\Software\Microsoft\Windows Kits\Installed Roots\WindowsDebuggersRoot` registry key. If the registry value is not there, the wizard looks in one of the following locations, depending on your system architecture:
diff --git a/mdop/dart-v10/dart-10-privacy-statement.md b/mdop/dart-v10/dart-10-privacy-statement.md
index 4a652b3b2e..86cfb6143e 100644
--- a/mdop/dart-v10/dart-10-privacy-statement.md
+++ b/mdop/dart-v10/dart-10-privacy-statement.md
@@ -52,7 +52,7 @@ We will occasionally update this privacy statement to reflect changes in our pro
 ## For More Information
 
 
-Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](http://go.microsoft.com/fwlink/?LinkID=245853).
+Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](https://go.microsoft.com/fwlink/?LinkID=245853).
 
 Microsoft PrivacyMicrosoft CorporationOne Microsoft WayRedmond, Washington 98052 USA
 
@@ -68,15 +68,15 @@ Microsoft Update is a service that provides Windows updates as well as updates f
 
 **Information Collected, Processed, or Transmitted:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244400>.
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244400>.
 
 **Use of Information:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244400>.
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244400>.
 
 **Choice/Control:**
 
-For details about controlling this feature, see the Update Services Privacy Statement at [http://go.microsoft.com/fwlink/?LinkId=244000](http://go.microsoft.com/fwlink/?LinkId=244400).
+For details about controlling this feature, see the Update Services Privacy Statement at [https://go.microsoft.com/fwlink/?LinkId=244000](https://go.microsoft.com/fwlink/?LinkId=244400).
 
 ## Related topics
 
diff --git a/mdop/dart-v10/dart-10-supported-configurations.md b/mdop/dart-v10/dart-10-supported-configurations.md
index de6b9f182a..2d008d3a24 100644
--- a/mdop/dart-v10/dart-10-supported-configurations.md
+++ b/mdop/dart-v10/dart-10-supported-configurations.md
@@ -103,7 +103,7 @@ Make sure that you allocate enough space for any additional tools that you want
  
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md b/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md
index 9ed61b0530..d19ed538ef 100644
--- a/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md
+++ b/mdop/dart-v10/deploying-dart-10-to-administrator-computers.md
@@ -36,7 +36,7 @@ You can change, repair, or remove the DaRT installation by double-clicking the D
 ## How to get DaRT 10
 
 
-To get the DaRT software, see [How to Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049).
+To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Other resources for deploying DaRT 10 to administrator computers
 
diff --git a/mdop/dart-v10/deploying-dart-10.md b/mdop/dart-v10/deploying-dart-10.md
index ef3667c79c..3e450d791a 100644
--- a/mdop/dart-v10/deploying-dart-10.md
+++ b/mdop/dart-v10/deploying-dart-10.md
@@ -36,7 +36,7 @@ Microsoft Diagnostics and Recovery Toolset (DaRT) 10 supports a number of differ
 
 ### How to get DaRT
 
-This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/p/?LinkId=322049) (http://go.microsoft.com/fwlink/p/?LinkId=322049).
+This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/p/?LinkId=322049) (https://go.microsoft.com/fwlink/p/?LinkId=322049).
 
 ## Other Resources for deploying DaRT
 
diff --git a/mdop/dart-v10/getting-started-with-dart-10.md b/mdop/dart-v10/getting-started-with-dart-10.md
index e42d71fae1..86a8d667ea 100644
--- a/mdop/dart-v10/getting-started-with-dart-10.md
+++ b/mdop/dart-v10/getting-started-with-dart-10.md
@@ -13,12 +13,12 @@ ms.prod: w10
 # Getting Started with DaRT 10
 
 
-Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [http://go.microsoft.com/fwlink/p/?LinkId=80347](http://go.microsoft.com/fwlink/?LinkId=80347).
+Microsoft Diagnostics and Recovery Toolset (DaRT) 10 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [https://go.microsoft.com/fwlink/p/?LinkId=80347](https://go.microsoft.com/fwlink/?LinkId=80347).
 
 **Note**  
-A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <http://go.microsoft.com/fwlink/?LinkId=272493> (http://go.microsoft.com/fwlink/?LinkId=272493).
+A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <https://go.microsoft.com/fwlink/?LinkId=272493> (https://go.microsoft.com/fwlink/?LinkId=272493).
 
-Additional downloadable information about this product can also be found at <http://go.microsoft.com/fwlink/?LinkId=267420>.
+Additional downloadable information about this product can also be found at <https://go.microsoft.com/fwlink/?LinkId=267420>.
 
  
 
@@ -40,7 +40,7 @@ Additional downloadable information about this product can also be found at <htt
 ## How to Get DaRT 10
 
 
-DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+DaRT 10 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## <a href="" id="other-resources-for-this-product-"></a>Other resources for this product
 
diff --git a/mdop/dart-v10/how-to-deploy-dart-10.md b/mdop/dart-v10/how-to-deploy-dart-10.md
index 7dbd6d1771..28bd009367 100644
--- a/mdop/dart-v10/how-to-deploy-dart-10.md
+++ b/mdop/dart-v10/how-to-deploy-dart-10.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # How to Deploy DaRT 10
 
 
-The following instructions explain how to deploy Microsoft Diagnostics and Recovery Toolset (DaRT) 10 in your environment. To get the DaRT software, see [How to Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049). It is assumed that you are installing all functionality on one administrator computer. If you need to deploy or uninstall DaRT 10 on multiple computers, using an electronic software distribution system, for example, it might be easier to use command line installation options. Descriptions and examples of the available command line options are provided in this section.
+The following instructions explain how to deploy Microsoft Diagnostics and Recovery Toolset (DaRT) 10 in your environment. To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049). It is assumed that you are installing all functionality on one administrator computer. If you need to deploy or uninstall DaRT 10 on multiple computers, using an electronic software distribution system, for example, it might be easier to use command line installation options. Descriptions and examples of the available command line options are provided in this section.
 
 **Important**  
 Before you install DaRT, see [DaRT 10 Supported Configurations](dart-10-supported-configurations.md) to ensure that you have installed all of the prerequisite software and that the computer meets the minimum system requirements. The computer onto which you install DaRT must be running Windows 10.
diff --git a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md
index 999f139443..74f3d457c4 100644
--- a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md
+++ b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-10.md
@@ -32,7 +32,7 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
 
 3.  Configure the WDS server to use the boot.wim file for DaRT by following your standard WDS deployment procedures.
 
-For more information about how to deploy DaRT as a remote partition, see [Walkthrough: Deploy an Image by Using PXE](http://go.microsoft.com/fwlink/?LinkId=212108) and [Windows Deployment Services Getting Started Guide](http://go.microsoft.com/fwlink/?LinkId=212106).
+For more information about how to deploy DaRT as a remote partition, see [Walkthrough: Deploy an Image by Using PXE](https://go.microsoft.com/fwlink/?LinkId=212108) and [Windows Deployment Services Getting Started Guide](https://go.microsoft.com/fwlink/?LinkId=212106).
 
 ## Related topics
 
diff --git a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md
index bf7628c1c6..3d1ec87121 100644
--- a/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md
+++ b/mdop/dart-v10/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-10.md
@@ -34,11 +34,11 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
 
 3.  Use the boot.wim file to create a bootable recovery partition by using your company’s standard method for creating a custom Windows RE image.
 
-    For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](http://go.microsoft.com/fwlink/?LinkId=214222).
+    For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](https://go.microsoft.com/fwlink/?LinkId=214222).
 
 4.  Replace the target partition in your Windows 10 image with the recovery partition.
 
-    For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](http://go.microsoft.com/fwlink/?LinkId=214221).
+    For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](https://go.microsoft.com/fwlink/?LinkId=214221).
 
 ## Related topics
 
diff --git a/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md b/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md
index 03dd4fd404..9731655f49 100644
--- a/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md
+++ b/mdop/dart-v10/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-10.md
@@ -89,7 +89,7 @@ A file is provided that is named inv32.xml and contains remote connection inform
 
 **To customize the Remote Connection process**
 
-1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](http://go.microsoft.com/fwlink/?LinkId=219413).
+1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413).
 
     Specify the following commands and parameters to customize how a remote connection is established with an end-user computer:
 
diff --git a/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md b/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md
index 1351fd5141..87290ce300 100644
--- a/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md
+++ b/mdop/dart-v10/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-10.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # How to Run the Crash Analyzer on an End-user Computer
 
 
-To run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window on an end-user computer that is experiencing problems, you must have the Microsoft Debugging Tools for Windows and the symbol files installed. To download the Windows Debugging Tools, see [Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=266248).
+To run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window on an end-user computer that is experiencing problems, you must have the Microsoft Debugging Tools for Windows and the symbol files installed. To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248).
 
 **To run the Crash Analyzer on an end-user computer**
 
diff --git a/mdop/dart-v10/index.md b/mdop/dart-v10/index.md
index 7d404dfd1c..403e85d410 100644
--- a/mdop/dart-v10/index.md
+++ b/mdop/dart-v10/index.md
@@ -39,17 +39,17 @@ DaRT 10 is an important part of the Microsoft Desktop Optimization Pack (MDOP),
 
 ### More Information
 
-<a href="" id="how-do-i-get-mdop"></a>[How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049)  
+<a href="" id="how-do-i-get-mdop"></a>[How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049)  
 Get information about how to download DaRT.
 
 <a href="" id="release-notes-for-dart-10"></a>[Release Notes for DaRT 10](release-notes-for-dart-10.md)  
 View updated product information and known issues for DaRT 10.
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
  
 
diff --git a/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md b/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
index b80f07b582..9b29c873ca 100644
--- a/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
+++ b/mdop/dart-v10/planning-to-create-the-dart-10-recovery-image.md
@@ -45,7 +45,7 @@ The following items are required or recommended for creating the DaRT recovery i
 </tr>
 <tr class="odd">
 <td align="left"><p>Windows Debugging Tools for your platform</p></td>
-<td align="left"><p>Required when you run the <strong>Crash Analyzer</strong> to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=99934).</p></td>
+<td align="left"><p>Required when you run the <strong>Crash Analyzer</strong> to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Optional: Windows symbols files for use with <strong>Crash Analyzer</strong></p></td>
diff --git a/mdop/dart-v10/security-considerations-for-dart-10.md b/mdop/dart-v10/security-considerations-for-dart-10.md
index 9735070a44..709e51c264 100644
--- a/mdop/dart-v10/security-considerations-for-dart-10.md
+++ b/mdop/dart-v10/security-considerations-for-dart-10.md
@@ -22,7 +22,7 @@ This topic contains a brief overview about the accounts and groups, log files, a
 
 **Physically secure your computers**. When administrators and help desk workers are not physically at their computers, they should lock their computers and use a secured screen saver.
 
-**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems by subscribing to the Security Notification service (<http://go.microsoft.com/fwlink/?LinkId=28819>).
+**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems by subscribing to the Security Notification service (<https://go.microsoft.com/fwlink/?LinkId=28819>).
 
 ## Limit end-user access to DaRT tools
 
diff --git a/mdop/dart-v10/troubleshooting-dart-10.md b/mdop/dart-v10/troubleshooting-dart-10.md
index 08accb0d61..a6e6ec0996 100644
--- a/mdop/dart-v10/troubleshooting-dart-10.md
+++ b/mdop/dart-v10/troubleshooting-dart-10.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Troubleshooting DaRT 10
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to find troubleshooting content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/dart-v7/accessibility-for-dart-70.md b/mdop/dart-v7/accessibility-for-dart-70.md
index 6d7062c6f5..7f7b30dbda 100644
--- a/mdop/dart-v7/accessibility-for-dart-70.md
+++ b/mdop/dart-v7/accessibility-for-dart-70.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For More Information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md b/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md
index 544162e5da..6642ad1b4b 100644
--- a/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md
+++ b/mdop/dart-v7/deploying-the-dart-70-recovery-image-dart-7.md
@@ -31,7 +31,7 @@ The **DaRT Recovery Image Wizard** only provides the option to burn a CD or DVD.
 ## Deploy the DaRT Recovery Image Using a USB Flash Drive
 
 
-After you have finished running the DaRT Recovery Image Wizard, you can use the tool at <http://go.microsoft.com/fwlink/?LinkId=218888> to copy the ISO image file to a USB flash drive (UFD).
+After you have finished running the DaRT Recovery Image Wizard, you can use the tool at <https://go.microsoft.com/fwlink/?LinkId=218888> to copy the ISO image file to a USB flash drive (UFD).
 
 [How to Deploy the DaRT Recovery Image Using a USB Flash Drive](how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md)
 
diff --git a/mdop/dart-v7/getting-started-with-dart-70-new-ia.md b/mdop/dart-v7/getting-started-with-dart-70-new-ia.md
index 070ce0b204..8bd67ea8a4 100644
--- a/mdop/dart-v7/getting-started-with-dart-70-new-ia.md
+++ b/mdop/dart-v7/getting-started-with-dart-70-new-ia.md
@@ -13,12 +13,12 @@ ms.prod: w7
 # Getting Started with DaRT 7.0
 
 
-DaRT requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [http://go.microsoft.com/fwlink/p/?LinkId=80347](http://go.microsoft.com/fwlink/?LinkId=80347).
+DaRT requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [https://go.microsoft.com/fwlink/p/?LinkId=80347](https://go.microsoft.com/fwlink/?LinkId=80347).
 
 This section provides general information for administrators who are evaluating and using Microsoft Diagnostics and Recovery Toolset (DaRT) 7.
 
 **Note**  
-A downloadable version of this document and the DaRT 7 Evaluation Guide can be downloaded from <http://go.microsoft.com/fwlink/?LinkId=232274>.
+A downloadable version of this document and the DaRT 7 Evaluation Guide can be downloaded from <https://go.microsoft.com/fwlink/?LinkId=232274>.
 
  
 
diff --git a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md
index 1f376b0945..1f0f1174e8 100644
--- a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md
+++ b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-7.md
@@ -34,9 +34,9 @@ After you have finished running the DaRT Recovery Image Wizard and created the r
 
 For more information about how to deploy DaRT as a remote partition, see the following:
 
--   [Walkthrough: Deploy an Image by Using PXE](http://go.microsoft.com/fwlink/?LinkId=212108)
+-   [Walkthrough: Deploy an Image by Using PXE](https://go.microsoft.com/fwlink/?LinkId=212108)
 
--   [Windows Deployment Services Getting Started Guide](http://go.microsoft.com/fwlink/?LinkId=212106)
+-   [Windows Deployment Services Getting Started Guide](https://go.microsoft.com/fwlink/?LinkId=212106)
 
 ## Related topics
 
diff --git a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md
index e4131ffd30..5edc3fa7e6 100644
--- a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md
+++ b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-7.md
@@ -34,13 +34,13 @@ After you have finished running the DaRT Recovery Image Wizard and created the r
 
 3.  Use the boot.wim file to create a bootable recovery partition by using your company’s standard method for creating a custom Windows RE image.
 
-    For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](http://go.microsoft.com/fwlink/?LinkId=214222).
+    For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](https://go.microsoft.com/fwlink/?LinkId=214222).
 
 4.  Replace the target partition in your Windows 7 image with the recovery partition.
 
-After your Windows 7 image is ready, distribute the image to computers in your enterprise by using your company’s standard image deployment process. For more information about how to create a Windows 7 image, see [Building a Standard Image of Windows 7: Step-by-Step Guide](http://go.microsoft.com/fwlink/?LinkId=212103).
+After your Windows 7 image is ready, distribute the image to computers in your enterprise by using your company’s standard image deployment process. For more information about how to create a Windows 7 image, see [Building a Standard Image of Windows 7: Step-by-Step Guide](https://go.microsoft.com/fwlink/?LinkId=212103).
 
-For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](http://go.microsoft.com/fwlink/?LinkId=214221).
+For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](https://go.microsoft.com/fwlink/?LinkId=214221).
 
 ## Related topics
 
diff --git a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md
index 122915aa9a..20ae92ca78 100644
--- a/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md
+++ b/mdop/dart-v7/how-to-deploy-the-dart-recovery-image-using-a-usb-flash-drive-dart-7.md
@@ -13,7 +13,7 @@ ms.prod: w7
 # How to Deploy the DaRT Recovery Image Using a USB Flash Drive
 
 
-After you have finished running the **DaRT Recovery Image Wizard**, you can use the tool at <http://go.microsoft.com/fwlink/?LinkId=218888> to copy the ISO image file to a USB flash drive (UFD).
+After you have finished running the **DaRT Recovery Image Wizard**, you can use the tool at <https://go.microsoft.com/fwlink/?LinkId=218888> to copy the ISO image file to a USB flash drive (UFD).
 
 You can also manually copy the ISO image file to a UFD by following the steps provided in this section.
 
diff --git a/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md b/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md
index 8e663a0e6e..47324aed1c 100644
--- a/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md
+++ b/mdop/dart-v7/how-to-recover-remote-computers-using-the-dart-recovery-image-dart-7.md
@@ -84,7 +84,7 @@ A file is provided that is named inv32.xml and contains remote connection inform
 
 **To customize the Remote Connection process**
 
-1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](http://go.microsoft.com/fwlink/?LinkId=219413).
+1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413).
 
     Specify the following commands and parameters to customize how a remote connection is established with an end-user computer:
 
diff --git a/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md b/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md
index 9395091dd1..9639ec5f67 100644
--- a/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md
+++ b/mdop/dart-v7/how-to-use-the-dart-recovery-image-wizard-to-create-the-recovery-image-dart-7.md
@@ -63,7 +63,7 @@ For more information about remotely running the DaRT tools, see [How to Recover
 
 ### To add the Debugging Tools for Windows to the DaRT recovery image
 
-In the **Crash Analyzer** dialog box of the **DaRT Recovery Image Wizard**, you are asked to specify the location of the Debugging Tools for Windows. If you do not have a copy of the tools, you can download them from Microsoft. The following link to the download page is provided in the wizard: [Download and Install Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=99934).
+In the **Crash Analyzer** dialog box of the **DaRT Recovery Image Wizard**, you are asked to specify the location of the Debugging Tools for Windows. If you do not have a copy of the tools, you can download them from Microsoft. The following link to the download page is provided in the wizard: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934).
 
 You can either specify the location of the debugging tools on the computer where you are running the **DaRT Recovery Image Wizard**, or you can decide to use the tools that are located on the destination computer. If you decide to use a copy on another computer, you must make sure that the tools are installed on each computer on which you are diagnosing a crash.
 
diff --git a/mdop/dart-v7/index.md b/mdop/dart-v7/index.md
index d973a76adc..4a73455bd5 100644
--- a/mdop/dart-v7/index.md
+++ b/mdop/dart-v7/index.md
@@ -42,11 +42,11 @@ DaRT is an important part of the Microsoft Desktop Optimization Pack (MDOP), a d
 <a href="" id="release-notes-for-dart-7-0"></a>[Release Notes for DaRT 7.0](release-notes-for-dart-70-new-ia.md)  
 View updated product information and known issues for DaRT 7.
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
  
 
diff --git a/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md b/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md
index 00a6fe704b..29c955432d 100644
--- a/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md
+++ b/mdop/dart-v7/planning-to-create-the-dart-70-recovery-image.md
@@ -33,7 +33,7 @@ The following items are required or recommended for creating the DaRT recovery i
 
 -   Windows Debugging Tools for your platform
 
-    Windows Debugging Tools are required when you run **Crash Analyzer** to determine the cause of a computer crash. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. If it is necessary, you can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=99934).
+    Windows Debugging Tools are required when you run **Crash Analyzer** to determine the cause of a computer crash. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. If it is necessary, you can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934).
 
 -   Optional: **Standalone System Sweeper** definitions
 
diff --git a/mdop/dart-v7/release-notes-for-dart-70-new-ia.md b/mdop/dart-v7/release-notes-for-dart-70-new-ia.md
index 4500f156a1..d085930a67 100644
--- a/mdop/dart-v7/release-notes-for-dart-70-new-ia.md
+++ b/mdop/dart-v7/release-notes-for-dart-70-new-ia.md
@@ -37,7 +37,7 @@ We are interested in your feedback on DaRT 7. You can send your feedback to dar
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](http://go.microsoft.com/fwlink/?LinkId=3482) (http://go.microsoft.com/fwlink/?LinkId=3482).
+To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482).
 
 ## Known Issues with DaRT 7.0
 
@@ -58,7 +58,7 @@ If you delete a file that has Unicode characters in its file name and try to res
 
 DaRT command-line installation fails silently if run with the quiet mode option unless it is run by using elevated administrator permissions.
 
-**Workaround:** Run the command-line installation by using elevated administrator permissions. DaRT installation supports the typical Windows Installer options for command-line installation. Please see [Command-Line Options](http://go.microsoft.com/fwlink/?LinkId=160689) for Windows Installer for more information about the several available switches.
+**Workaround:** Run the command-line installation by using elevated administrator permissions. DaRT installation supports the typical Windows Installer options for command-line installation. Please see [Command-Line Options](https://go.microsoft.com/fwlink/?LinkId=160689) for Windows Installer for more information about the several available switches.
 
 ### File Search cannot move a folder to a different volume
 
diff --git a/mdop/dart-v7/troubleshooting-dart-70-new-ia.md b/mdop/dart-v7/troubleshooting-dart-70-new-ia.md
index cc0700ce62..a712896fe8 100644
--- a/mdop/dart-v7/troubleshooting-dart-70-new-ia.md
+++ b/mdop/dart-v7/troubleshooting-dart-70-new-ia.md
@@ -13,7 +13,7 @@ ms.prod: w7
 # Troubleshooting DaRT 7.0
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to Find Troubleshooting Content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet Wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/dart-v8/about-dart-80-dart-8.md b/mdop/dart-v8/about-dart-80-dart-8.md
index 852ee39b05..edf23960e4 100644
--- a/mdop/dart-v8/about-dart-80-dart-8.md
+++ b/mdop/dart-v8/about-dart-80-dart-8.md
@@ -60,7 +60,7 @@ For more information, and for late-breaking news that did not make it into the d
 ## How to Get DaRT 8.0
 
 
-This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/dart-v8/about-dart-80-sp1.md b/mdop/dart-v8/about-dart-80-sp1.md
index d71b6c5db4..1e5ac5d349 100644
--- a/mdop/dart-v8/about-dart-80-sp1.md
+++ b/mdop/dart-v8/about-dart-80-sp1.md
@@ -50,7 +50,7 @@ DaRT 8.0 SP1 includes a rollup of fixes to address issues found since the DaRT 8
 ## How to Get DaRT 8.0 SP1
 
 
-DaRT 8.0 SP1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+DaRT 8.0 SP1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/dart-v8/about-dart-81.md b/mdop/dart-v8/about-dart-81.md
index 7f311fe098..49272ee233 100644
--- a/mdop/dart-v8/about-dart-81.md
+++ b/mdop/dart-v8/about-dart-81.md
@@ -26,7 +26,7 @@ Microsoft Diagnostics and Recovery Toolset (DaRT) 8.1 provides the following enh
 
     -   The DaRT 8.1 image is built on Windows 8.1 Update 1 or later.
 
-    For more information about WIMBoot, see [Windows Image File Boot (WIMBoot) Overview](http://go.microsoft.com/fwlink/?LinkId=517536).
+    For more information about WIMBoot, see [Windows Image File Boot (WIMBoot) Overview](https://go.microsoft.com/fwlink/?LinkId=517536).
 
 -   **Support for Windows Server 2012 R2 and Windows 8.1**
 
@@ -61,7 +61,7 @@ Microsoft Diagnostics and Recovery Toolset (DaRT) 8.1 provides the following enh
 
 -   **Microsoft .NET Framework 4.5.1**
 
-    DaRT 8.1 requires that .NET Framework 4.5.1 is installed. To download, see [Microsoft.NET Framework 4.5.1](http://go.microsoft.com/fwlink/?LinkId=329038) in the Microsoft Download Center.
+    DaRT 8.1 requires that .NET Framework 4.5.1 is installed. To download, see [Microsoft.NET Framework 4.5.1](https://go.microsoft.com/fwlink/?LinkId=329038) in the Microsoft Download Center.
 
 -   **Windows 8.1 Debugging Tools**
 
@@ -99,7 +99,7 @@ DaRT 8.1 is available in the following languages:
 ## How to Get MDOP Technologies
 
 
-DaRT 8.1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+DaRT 8.1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/dart-v8/accessibility-for-dart-80-dart-8.md b/mdop/dart-v8/accessibility-for-dart-80-dart-8.md
index ba9a4f51d9..15e828341c 100644
--- a/mdop/dart-v8/accessibility-for-dart-80-dart-8.md
+++ b/mdop/dart-v8/accessibility-for-dart-80-dart-8.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For more information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md b/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md
index f28f338047..b0f7f20fd2 100644
--- a/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md
+++ b/mdop/dart-v8/creating-the-dart-80-recovery-image-dart-8.md
@@ -131,7 +131,7 @@ If you include the Crash Analyzer tool in the ISO image, you must also include t
 
 If you installed the Microsoft Windows Software Development Kit (SDK) or the Microsoft Windows Development Kit (WDK), the Windows 8 Debugging Tools are added to the recovery image by default, and the path to the Debugging Tools is automatically filled in. You can change the path of the Windows 8 Debugging Tools if the files are located somewhere other than the location indicated by the default file path. A link in the wizard lets you download and install debugging tools for Windows if they are not already installed.
 
-To download the Windows Debugging Tools, see [Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location.
+To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248). Install the Debugging Tools to the default location.
 
 **Note**  
 The DaRT wizard checks for the tools in the `HKLM\Software\Microsoft\Windows Kits\Installed Roots\WindowsDebuggersRoot` registry key. If the registry value is not there, the wizard looks in one of the following locations, depending on your system architecture:
diff --git a/mdop/dart-v8/dart-80-privacy-statement-dart-8.md b/mdop/dart-v8/dart-80-privacy-statement-dart-8.md
index 3108fce152..fe2208a231 100644
--- a/mdop/dart-v8/dart-80-privacy-statement-dart-8.md
+++ b/mdop/dart-v8/dart-80-privacy-statement-dart-8.md
@@ -52,7 +52,7 @@ We will occasionally update this privacy statement to reflect changes in our pro
 ## For More Information
 
 
-Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](http://go.microsoft.com/fwlink/?LinkID=245853).
+Microsoft welcomes your comments regarding this privacy statement. If you have questions about this statement or believe that we have not adhered to it, please [contact us](https://go.microsoft.com/fwlink/?LinkID=245853).
 
 Microsoft PrivacyMicrosoft CorporationOne Microsoft WayRedmond, Washington 98052 USA
 
@@ -68,15 +68,15 @@ Microsoft Update is a service that provides Windows updates as well as updates f
 
 **Information Collected, Processed, or Transmitted:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244400>.
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244400>.
 
 **Use of Information:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244400>.
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244400>.
 
 **Choice/Control:**
 
-For details about controlling this feature, see the Update Services Privacy Statement at [http://go.microsoft.com/fwlink/?LinkId=244000](http://go.microsoft.com/fwlink/?LinkId=244400).
+For details about controlling this feature, see the Update Services Privacy Statement at [https://go.microsoft.com/fwlink/?LinkId=244000](https://go.microsoft.com/fwlink/?LinkId=244400).
 
 ## Windows Defender Offline
 
@@ -87,15 +87,15 @@ Windows Defender Offline (WDO) is included in the DaRT download. WDO helps prote
 
 **Information Collected, Processed, or Transmitted:**
 
-For details about what information is collected and how it is used, see the WDO Privacy Statement at [http://go.microsoft.com/fwlink/?LinkId=246081](http://go.microsoft.com/fwlink/?LinkID=211807).
+For details about what information is collected and how it is used, see the WDO Privacy Statement at [https://go.microsoft.com/fwlink/?LinkId=246081](https://go.microsoft.com/fwlink/?LinkID=211807).
 
 **Use of Information:**
 
-For details about what information is collected and how it is used, see the WDO Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=246081>.
+For details about what information is collected and how it is used, see the WDO Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=246081>.
 
 **Choice/Control:**
 
-For details about controlling this feature, see the Windows Defender Offline Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=246081>.
+For details about controlling this feature, see the Windows Defender Offline Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=246081>.
 
 ## Related topics
 
diff --git a/mdop/dart-v8/dart-80-supported-configurations-dart-8.md b/mdop/dart-v8/dart-80-supported-configurations-dart-8.md
index 039d32f356..872da76c34 100644
--- a/mdop/dart-v8/dart-80-supported-configurations-dart-8.md
+++ b/mdop/dart-v8/dart-80-supported-configurations-dart-8.md
@@ -111,7 +111,7 @@ Make sure that you allocate enough space for any additional tools that you want
  
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/dart-v8/deploying-dart-80-dart-8.md b/mdop/dart-v8/deploying-dart-80-dart-8.md
index 8f3c973c4e..26bd31169b 100644
--- a/mdop/dart-v8/deploying-dart-80-dart-8.md
+++ b/mdop/dart-v8/deploying-dart-80-dart-8.md
@@ -36,7 +36,7 @@ Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 supports a number of diffe
 
 ### How to get DaRT
 
-This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/p/?LinkId=322049) (http://go.microsoft.com/fwlink/p/?LinkId=322049).
+This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/p/?LinkId=322049) (https://go.microsoft.com/fwlink/p/?LinkId=322049).
 
 ## Other Resources for deploying DaRT
 
diff --git a/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md b/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md
index cbaefbe48b..76300d9651 100644
--- a/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md
+++ b/mdop/dart-v8/deploying-dart-80-to-administrator-computers-dart-8.md
@@ -36,7 +36,7 @@ You can change, repair, or remove the DaRT installation by double-clicking the D
 ## How to get DaRT 8.0
 
 
-To get the DaRT software, see [How to Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049).
+To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Other resources for deploying the DaRT 8.0 to administrator computers
 
diff --git a/mdop/dart-v8/getting-started-with-dart-80-dart-8.md b/mdop/dart-v8/getting-started-with-dart-80-dart-8.md
index b7cf71b4a0..25a08c738d 100644
--- a/mdop/dart-v8/getting-started-with-dart-80-dart-8.md
+++ b/mdop/dart-v8/getting-started-with-dart-80-dart-8.md
@@ -13,12 +13,12 @@ ms.prod: w8
 # Getting Started with DaRT 8.0
 
 
-Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [http://go.microsoft.com/fwlink/p/?LinkId=80347](http://go.microsoft.com/fwlink/?LinkId=80347).
+Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 requires thorough planning before you deploy it or use its features. If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at [https://go.microsoft.com/fwlink/p/?LinkId=80347](https://go.microsoft.com/fwlink/?LinkId=80347).
 
 **Note**  
-A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <http://go.microsoft.com/fwlink/?LinkId=272493> (http://go.microsoft.com/fwlink/?LinkId=272493).
+A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <https://go.microsoft.com/fwlink/?LinkId=272493> (https://go.microsoft.com/fwlink/?LinkId=272493).
 
-Additional downloadable information about this product can also be found at <http://go.microsoft.com/fwlink/?LinkId=267420>.
+Additional downloadable information about this product can also be found at <https://go.microsoft.com/fwlink/?LinkId=267420>.
 
  
 
@@ -40,7 +40,7 @@ Additional downloadable information about this product can also be found at <htt
 ## How to Get DaRT 8.0
 
 
-DaRT 8.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+DaRT 8.0 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## <a href="" id="other-resources-for-this-product-"></a>Other resources for this product
 
diff --git a/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md b/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md
index 0e281bcce4..e752e88d1d 100644
--- a/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md
+++ b/mdop/dart-v8/how-to-deploy-dart-80-dart-8.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # How to Deploy DaRT 8.0
 
 
-The following instructions explain how to deploy Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 in your environment. To get the DaRT software, see [How to Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049). It is assumed that you are installing all functionality on one administrator computer. If you need to deploy or uninstall DaRT 8.0 on multiple computers, using an electronic software distribution system, for example, it might be easier to use command line installation options. Descriptions and examples of the available command line options are provided in this section.
+The following instructions explain how to deploy Microsoft Diagnostics and Recovery Toolset (DaRT) 8.0 in your environment. To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049). It is assumed that you are installing all functionality on one administrator computer. If you need to deploy or uninstall DaRT 8.0 on multiple computers, using an electronic software distribution system, for example, it might be easier to use command line installation options. Descriptions and examples of the available command line options are provided in this section.
 
 **Important**  
 Before you install DaRT, see [DaRT 8.0 Supported Configurations](dart-80-supported-configurations-dart-8.md) to ensure that you have installed all of the prerequisite software and that the computer meets the minimum system requirements. The computer onto which you install DaRT must be running Windows 8 or Windows Server 2012.
diff --git a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md
index 533309871f..897ac180e8 100644
--- a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md
+++ b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-a-remote-partition-dart-8.md
@@ -32,7 +32,7 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
 
 3.  Configure the WDS server to use the boot.wim file for DaRT by following your standard WDS deployment procedures.
 
-For more information about how to deploy DaRT as a remote partition, see [Walkthrough: Deploy an Image by Using PXE](http://go.microsoft.com/fwlink/?LinkId=212108) and [Windows Deployment Services Getting Started Guide](http://go.microsoft.com/fwlink/?LinkId=212106).
+For more information about how to deploy DaRT as a remote partition, see [Walkthrough: Deploy an Image by Using PXE](https://go.microsoft.com/fwlink/?LinkId=212108) and [Windows Deployment Services Getting Started Guide](https://go.microsoft.com/fwlink/?LinkId=212106).
 
 ## Related topics
 
diff --git a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md
index d54e1fefae..9f716da0a5 100644
--- a/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md
+++ b/mdop/dart-v8/how-to-deploy-the-dart-recovery-image-as-part-of-a-recovery-partition-dart-8.md
@@ -34,11 +34,11 @@ After you have finished running the Microsoft Diagnostics and Recovery Toolset (
 
 3.  Use the boot.wim file to create a bootable recovery partition by using your company’s standard method for creating a custom Windows RE image.
 
-    For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](http://go.microsoft.com/fwlink/?LinkId=214222).
+    For more information about how to create or customize a recovery partition, see [Customizing the Windows RE Experience](https://go.microsoft.com/fwlink/?LinkId=214222).
 
 4.  Replace the target partition in your Windows 8 image with the recovery partition.
 
-    For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](http://go.microsoft.com/fwlink/?LinkId=214221).
+    For more information about how to deploy a recovery solution to reinstall the factory image in the event of a system failure, see [Deploy a System Recovery Image](https://go.microsoft.com/fwlink/?LinkId=214221).
 
 ## Related topics
 
diff --git a/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md b/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md
index 27123b0c22..69c3dce751 100644
--- a/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md
+++ b/mdop/dart-v8/how-to-recover-remote-computers-by-using-the-dart-recovery-image-dart-8.md
@@ -89,7 +89,7 @@ A file is provided that is named inv32.xml and contains remote connection inform
 
 **To customize the Remote Connection process**
 
-1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](http://go.microsoft.com/fwlink/?LinkId=219413).
+1.  You can customize the Remote Connection process by editing the winpeshl.ini file. For more information about how to edit the winpeshl.ini file, see [Winpeshl.ini Files](https://go.microsoft.com/fwlink/?LinkId=219413).
 
     Specify the following commands and parameters to customize how a remote connection is established with an end-user computer:
 
diff --git a/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md b/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md
index 286ec2cba8..c64653f0c5 100644
--- a/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md
+++ b/mdop/dart-v8/how-to-run-the-crash-analyzer-on-an-end-user-computer-dart-8.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # How to Run the Crash Analyzer on an End-user Computer
 
 
-To run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window on an end-user computer that is experiencing problems, you must have the Microsoft Debugging Tools for Windows and the symbol files installed. To download the Windows Debugging Tools, see [Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=266248).
+To run **Crash Analyzer** from the **Diagnostics and Recovery Toolset** window on an end-user computer that is experiencing problems, you must have the Microsoft Debugging Tools for Windows and the symbol files installed. To download the Windows Debugging Tools, see [Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=266248).
 
 **To run the Crash Analyzer on an end-user computer**
 
diff --git a/mdop/dart-v8/index.md b/mdop/dart-v8/index.md
index 5e0d6c2d68..aa7739f75f 100644
--- a/mdop/dart-v8/index.md
+++ b/mdop/dart-v8/index.md
@@ -43,17 +43,17 @@ DaRT 8.0 is an important part of the Microsoft Desktop Optimization Pack (MDOP),
 
 ### More Information
 
-<a href="" id="how-do-i-get-mdop"></a>[How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049)  
+<a href="" id="how-do-i-get-mdop"></a>[How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049)  
 Get information about how to download DaRT.
 
 <a href="" id="release-notes-for-dart-8-0"></a>[Release Notes for DaRT 8.0](release-notes-for-dart-80--dart-8.md)  
 View updated product information and known issues for DaRT 8.0.
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
  
 
diff --git a/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md b/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md
index d5759a4c80..f40ebfb98c 100644
--- a/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md
+++ b/mdop/dart-v8/microsoft-diagnostics-and-recovery-toolset--dart--users-should-use-windows-defender-offline--wdo--for-malware-detection.md
@@ -22,7 +22,7 @@ The Windows Defender tool distributes anti-malware updates more frequently than
 
 Currently deployed DaRT images do not have to be removed or updated. We recommend that you deploy the bootable image that is provided by Windows Defender Offline for all future malware scans. Using an outdated version of the DaRT Defender tool could result in undetected malware.
 
-For more information about Windows Defender Offline downloads and FAQs, go to the following website: [What is Windows Defender Offline?](http://go.microsoft.com/fwlink/p/?LinkId=394127).
+For more information about Windows Defender Offline downloads and FAQs, go to the following website: [What is Windows Defender Offline?](https://go.microsoft.com/fwlink/p/?LinkId=394127).
 
  
 
diff --git a/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md b/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md
index d7368301d7..ae8c0392cd 100644
--- a/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md
+++ b/mdop/dart-v8/planning-to-create-the-dart-80-recovery-image-dart-8.md
@@ -45,7 +45,7 @@ The following items are required or recommended for creating the DaRT recovery i
 </tr>
 <tr class="odd">
 <td align="left"><p>Windows Debugging Tools for your platform</p></td>
-<td align="left"><p>Required when you run the <strong>Crash Analyzer</strong> to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](http://go.microsoft.com/fwlink/?LinkId=99934).</p></td>
+<td align="left"><p>Required when you run the <strong>Crash Analyzer</strong> to determine the cause of a computer failure. We recommend that you specify the path of the Windows Debugging Tools at the time that you create the DaRT recovery image. You can download the Windows Debugging Tools here: [Download and Install Debugging Tools for Windows](https://go.microsoft.com/fwlink/?LinkId=99934).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Optional: <strong>Defender</strong> definitions</p></td>
diff --git a/mdop/dart-v8/release-notes-for-dart-80--dart-8.md b/mdop/dart-v8/release-notes-for-dart-80--dart-8.md
index afe0bcba01..99d7be85b7 100644
--- a/mdop/dart-v8/release-notes-for-dart-80--dart-8.md
+++ b/mdop/dart-v8/release-notes-for-dart-80--dart-8.md
@@ -19,14 +19,14 @@ Read these release notes thoroughly before you install Microsoft Diagnostics and
 
 These release notes contain information that is required to successfully install DaRT 8.0. The release notes also contain information that is not available in the product documentation. If there is a difference between these release notes and other DaRT documentation, the latest change should be considered authoritative. These release notes supersede the content that is included with this product.
 
-To get the DaRT software, see [How to Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049).
+To get the DaRT software, see [How to Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## About the product documentation
 
 
-For information about documentation for DaRT, see the [DaRT home page](http://go.microsoft.com/fwlink/?LinkID=252096) on Microsoft TechNet.
+For information about documentation for DaRT, see the [DaRT home page](https://go.microsoft.com/fwlink/?LinkID=252096) on Microsoft TechNet.
 
-To obtain a downloadable copy of DaRT documentation, see <http://go.microsoft.com/fwlink/?LinkID=267420> on the Microsoft Download Center.
+To obtain a downloadable copy of DaRT documentation, see <https://go.microsoft.com/fwlink/?LinkID=267420> on the Microsoft Download Center.
 
 ## Providing feedback
 
@@ -38,9 +38,9 @@ This email address is not a support channel, but your feedback will help us to p
 
  
 
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Known issues with DaRT 8.0
 
diff --git a/mdop/dart-v8/release-notes-for-dart-80-sp1.md b/mdop/dart-v8/release-notes-for-dart-80-sp1.md
index b5a77cc607..8be4a28b96 100644
--- a/mdop/dart-v8/release-notes-for-dart-80-sp1.md
+++ b/mdop/dart-v8/release-notes-for-dart-80-sp1.md
@@ -22,7 +22,7 @@ These release notes contain information that is required to successfully install
 ## About the product documentation
 
 
-For information about documentation for DaRT, see the [DaRT home page](http://go.microsoft.com/fwlink/?LinkID=252096) on Microsoft TechNet.
+For information about documentation for DaRT, see the [DaRT home page](https://go.microsoft.com/fwlink/?LinkID=252096) on Microsoft TechNet.
 
 ## Known issues with DaRT 8.0 SP1
 
diff --git a/mdop/dart-v8/security-considerations-for-dart-80--dart-8.md b/mdop/dart-v8/security-considerations-for-dart-80--dart-8.md
index b540c4f38c..2be87d0146 100644
--- a/mdop/dart-v8/security-considerations-for-dart-80--dart-8.md
+++ b/mdop/dart-v8/security-considerations-for-dart-80--dart-8.md
@@ -22,7 +22,7 @@ This topic contains a brief overview about the accounts and groups, log files, a
 
 **Physically secure your computers**. When administrators and help desk workers are not physically at their computers, they should lock their computers and use a secured screen saver.
 
-**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems by subscribing to the Security Notification service (<http://go.microsoft.com/fwlink/?LinkId=28819>).
+**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems by subscribing to the Security Notification service (<https://go.microsoft.com/fwlink/?LinkId=28819>).
 
 ## Limit end-user access to DaRT tools
 
diff --git a/mdop/dart-v8/troubleshooting-dart-80-dart-8.md b/mdop/dart-v8/troubleshooting-dart-80-dart-8.md
index 5087597b76..4452434a46 100644
--- a/mdop/dart-v8/troubleshooting-dart-80-dart-8.md
+++ b/mdop/dart-v8/troubleshooting-dart-80-dart-8.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # Troubleshooting DaRT 8.0
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to find troubleshooting content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/index.md b/mdop/index.md
index 4632622c96..0863054ac2 100644
--- a/mdop/index.md
+++ b/mdop/index.md
@@ -10,7 +10,7 @@ author: jamiejdt
 
 The Microsoft Desktop Optimization Pack (MDOP) is a portfolio of technologies available as a subscription for Software Assurance customers. MDOP helps to improve compatibility and management, reduce support costs, improve asset management, and improve policy control.
 
-The MDOP Information Experience provides product documentation, videos, blogs, and other resources to help users implement and optimize their experience with the MDOP technologies. You can learn about updates and events by following us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+The MDOP Information Experience provides product documentation, videos, blogs, and other resources to help users implement and optimize their experience with the MDOP technologies. You can learn about updates and events by following us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## MDOP Documentation Links
 
@@ -31,14 +31,14 @@ The following table provides links to the product documentation for the MDOP pro
 <p><strong>AGPM 4.0</strong> - Windows Vista SP1, Windows 7, Windows Server 2008, Windows Server 2008 R2</p>
 <p><strong>AGPM 3.0</strong>- Windows Vista SP1, Windows Server 2008</p>
 <p><strong>AGPM 2.5</strong> - Windows Vista, Windows Server 2003</p></td>
-<td align="left"><p>[Overview of Microsoft Advanced Group Policy Management](http://go.microsoft.com/fwlink/p/?LinkId=232980)(http://go.microsoft.com/fwlink/p/?LinkId=232980)</p>
+<td align="left"><p>[Overview of Microsoft Advanced Group Policy Management](https://go.microsoft.com/fwlink/p/?LinkId=232980)(https://go.microsoft.com/fwlink/p/?LinkId=232980)</p>
 <p>[AGPM 4.0 SP3](https://technet.microsoft.com/library/mt346468.aspx) (https://technet.microsoft.com/library/mt346468.aspx)</p>
-<p>[AGPM 4.0 SP2](http://go.microsoft.com/fwlink/p/?LinkId=325035) (http://go.microsoft.com/fwlink/p/?LinkId=325035)</p>
-<p>[AGPM 4.0 SP1](http://go.microsoft.com/fwlink/p/?LinkId=286715) (http://go.microsoft.com/fwlink/p/?LinkId=286715)</p>
-<p>[AGPM 4.0](http://go.microsoft.com/fwlink/p/?LinkId=232964) (http://go.microsoft.com/fwlink/p/?LinkId=232964)</p>
-<p>[AGPM 3.0](http://go.microsoft.com/fwlink/p/?LinkId=232967) (http://go.microsoft.com/fwlink/p/?LinkId=232967)</p>
-<p>[AGPM 2.5](http://go.microsoft.com/fwlink/p/?LinkId=232969) (http://go.microsoft.com/fwlink/p/?LinkId=232969)</p>
-<p>[AGPM Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=232275) (http://go.microsoft.com/fwlink/p/?LinkId=232275)</p></td>
+<p>[AGPM 4.0 SP2](https://go.microsoft.com/fwlink/p/?LinkId=325035) (https://go.microsoft.com/fwlink/p/?LinkId=325035)</p>
+<p>[AGPM 4.0 SP1](https://go.microsoft.com/fwlink/p/?LinkId=286715) (https://go.microsoft.com/fwlink/p/?LinkId=286715)</p>
+<p>[AGPM 4.0](https://go.microsoft.com/fwlink/p/?LinkId=232964) (https://go.microsoft.com/fwlink/p/?LinkId=232964)</p>
+<p>[AGPM 3.0](https://go.microsoft.com/fwlink/p/?LinkId=232967) (https://go.microsoft.com/fwlink/p/?LinkId=232967)</p>
+<p>[AGPM 2.5](https://go.microsoft.com/fwlink/p/?LinkId=232969) (https://go.microsoft.com/fwlink/p/?LinkId=232969)</p>
+<p>[AGPM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232275) (https://go.microsoft.com/fwlink/p/?LinkId=232275)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Microsoft Application Virtualization</strong> (App-V) lets you make applications available to end user computers without installing the applications directly on those computers.</p></td>
@@ -52,20 +52,20 @@ The following table provides links to the product documentation for the MDOP pro
 <p>[About Microsoft Application Virtualization 4.6 SP1](appv-v4/about-microsoft-application-virtualization-46-sp1.md)</p>
 <p>[About Microsoft Application Virtualization 4.6](appv-v4/about-microsoft-application-virtualization-46.md)</p>
 <p>[About Microsoft Application Virtualization 4.5](appv-v4/about-microsoft-application-virtualization-45.md)</p>
-<p>[SoftGrid](http://go.microsoft.com/fwlink/p/?LinkId=232981) (http://go.microsoft.com/fwlink/p/?LinkId=232981)</p>
-<p>[App-V Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=231902) (http://go.microsoft.com/fwlink/p/?LinkId=231902)</p>
-<p>[App-V 5.0 eBooks](http://go.microsoft.com/fwlink/p/?LinkId=309570) (http://go.microsoft.com/fwlink/p/?LinkId=309570)</p></td>
+<p>[SoftGrid](https://go.microsoft.com/fwlink/p/?LinkId=232981) (https://go.microsoft.com/fwlink/p/?LinkId=232981)</p>
+<p>[App-V Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231902) (https://go.microsoft.com/fwlink/p/?LinkId=231902)</p>
+<p>[App-V 5.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309570) (https://go.microsoft.com/fwlink/p/?LinkId=309570)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Microsoft BitLocker Administration and Monitoring</strong> (MBAM) provides an administrative interface to enterprise-wide BitLocker drive encryption.</p></td>
 <td align="left"><p>[Microsoft BitLocker Administration and Monitoring 2.5](mbam-v25/index.md)</p>
-<p>[MBAM 2.5 Video Demonstration: Deploying MBAM 2.5](http://go.microsoft.com/fwlink/?LinkId=518206) (http://go.microsoft.com/fwlink/?LinkId=518206)</p>
+<p>[MBAM 2.5 Video Demonstration: Deploying MBAM 2.5](https://go.microsoft.com/fwlink/?LinkId=518206) (https://go.microsoft.com/fwlink/?LinkId=518206)</p>
 <p>[About MBAM 2.5 SP1](mbam-v25/about-mbam-25-sp1.md)</p>
 <p>[About MBAM 2.0 SP1](mbam-v2/about-mbam-20-sp1.md)</p>
 <p>[Microsoft BitLocker Administration and Monitoring 2 Administrator's Guide](mbam-v2/index.md)</p>
 <p>[Microsoft BitLocker Administration and Monitoring 1 Administrator's Guide](mbam-v1/index.md)</p>
-<p>[MBAM Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=231905) (http://go.microsoft.com/fwlink/p/?LinkId=231905)</p>
-<p>[MBAM 1.0 eBooks](http://go.microsoft.com/fwlink/p/?LinkId=309571) (http://go.microsoft.com/fwlink/p/?LinkId=309571)</p></td>
+<p>[MBAM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231905) (https://go.microsoft.com/fwlink/p/?LinkId=231905)</p>
+<p>[MBAM 1.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309571) (https://go.microsoft.com/fwlink/p/?LinkId=309571)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Microsoft Diagnostics and Recovery Toolset</strong> (DaRT) helps troubleshoot and repair Windows-based computers.</p>
@@ -82,15 +82,15 @@ The following table provides links to the product documentation for the MDOP pro
 <p>[About DaRT 8.0 SP1](dart-v8/about-dart-80-sp1.md)</p>
 <p>[Diagnostics and Recovery Toolset 8 Administrator's Guide](dart-v8/index.md)</p>
 <p>[Diagnostics and Recovery Toolset 7 Administrator's Guide](dart-v7/index.md)</p>
-<p>[DaRT 6.5](http://go.microsoft.com/fwlink/p/?LinkId=232983) (http://go.microsoft.com/fwlink/p/?LinkId=232983)</p>
-<p>[DaRT Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=232274) (http://go.microsoft.com/fwlink/p/?LinkId=232274)</p>
-<p>[DaRT 8.0 eBook](http://go.microsoft.com/fwlink/p/?LinkId=309573) (http://go.microsoft.com/fwlink/p/?LinkId=309573)</p>
-<p>[DaRT 7.0 eBook](http://go.microsoft.com/fwlink/p/?LinkId=309572) (http://go.microsoft.com/fwlink/p/?LinkId=309572)</p></td>
+<p>[DaRT 6.5](https://go.microsoft.com/fwlink/p/?LinkId=232983) (https://go.microsoft.com/fwlink/p/?LinkId=232983)</p>
+<p>[DaRT Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232274) (https://go.microsoft.com/fwlink/p/?LinkId=232274)</p>
+<p>[DaRT 8.0 eBook](https://go.microsoft.com/fwlink/p/?LinkId=309573) (https://go.microsoft.com/fwlink/p/?LinkId=309573)</p>
+<p>[DaRT 7.0 eBook](https://go.microsoft.com/fwlink/p/?LinkId=309572) (https://go.microsoft.com/fwlink/p/?LinkId=309572)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Microsoft Desktop Enterprise Monitoring</strong> (DEM) monitors and reports enterprise-wide desktop application and system failures.</p></td>
-<td align="left"><p>[DEM 3.5](http://go.microsoft.com/fwlink/p/?LinkId=232985) (http://go.microsoft.com/fwlink/p/?LinkId=232985)</p>
-<p>[DEM Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=232276) (http://go.microsoft.com/fwlink/p/?LinkId=232276)</p></td>
+<td align="left"><p>[DEM 3.5](https://go.microsoft.com/fwlink/p/?LinkId=232985) (https://go.microsoft.com/fwlink/p/?LinkId=232985)</p>
+<p>[DEM Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=232276) (https://go.microsoft.com/fwlink/p/?LinkId=232276)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>Microsoft Enterprise Desktop Virtualization</strong> (MED-V) uses Microsoft Virtual PC to provide an enterprise solution for desktop virtualization.</p>
@@ -100,7 +100,7 @@ The following table provides links to the product documentation for the MDOP pro
 <td align="left"><p>[Microsoft Enterprise Desktop Virtualization 2.0](medv-v2/index.md)</p>
 <p>[About MED-V 1.0 SP1](medv-v1/about-med-v-10-sp1.md)</p>
 <p>[Microsoft Enterprise Desktop Virtualization 1.0](medv-v1/index.md)</p>
-<p>[MED-V Whitepapers on the Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=231903) (http://go.microsoft.com/fwlink/p/?LinkId=231903)</p></td>
+<p>[MED-V Whitepapers on the Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=231903) (https://go.microsoft.com/fwlink/p/?LinkId=231903)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>Microsoft User Experience Virtualization</strong> (UE-V) captures settings to apply to computers accessed by the user including desktop computers, laptop computers, and VDI sessions.</p></td>
@@ -110,7 +110,7 @@ The following table provides links to the product documentation for the MDOP pro
 <p>[What's New in UE-V 2.0](uev-v2/whats-new-in-ue-v-20-new-uevv2.md)</p>
 <p>[About User Experience Virtualization 1.0 SP1](uev-v1/about-user-experience-virtualization-10-sp1.md)</p>
 <p>[Microsoft User Experience Virtualization (UE-V) 1.0](uev-v1/index.md)</p>
-<p>[UE-V 1.0 eBooks](http://go.microsoft.com/fwlink/p/?LinkId=309574) (http://go.microsoft.com/fwlink/p/?LinkId=309574)</p></td>
+<p>[UE-V 1.0 eBooks](https://go.microsoft.com/fwlink/p/?LinkId=309574) (https://go.microsoft.com/fwlink/p/?LinkId=309574)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>[MDOP Solutions and Scenarios](solutions/index.md)</p></td>
@@ -138,20 +138,20 @@ In addition to the product documentation available online, supplemental product
 <tbody>
 <tr class="odd">
 <td align="left"><p><strong>MDOP Videos</strong></p></td>
-<td align="left"><p>For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](http://go.microsoft.com/fwlink/p/?LinkId=234275) (http://go.microsoft.com/fwlink/p/?LinkId=234275).</p></td>
+<td align="left"><p>For a list of available MDOP videos, go to [Microsoft Desktop Optimization Pack Technologies Videos](https://go.microsoft.com/fwlink/p/?LinkId=234275) (https://go.microsoft.com/fwlink/p/?LinkId=234275).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>MDOP Virtual Labs</strong></p></td>
-<td align="left"><p>For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](http://go.microsoft.com/fwlink/p/?LinkId=234276) (http://go.microsoft.com/fwlink/p/?LinkId=234276).</p></td>
+<td align="left"><p>For a list of available MDOP virtual labs, go to [Microsoft Desktop Optimization Pack (MDOP) Virtual Labs](https://go.microsoft.com/fwlink/p/?LinkId=234276) (https://go.microsoft.com/fwlink/p/?LinkId=234276).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p><strong>MDOP TechCenter</strong></p></td>
-<td align="left"><p>For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=225286) (http://go.microsoft.com/fwlink/p/?LinkId=225286)</p>
+<td align="left"><p>For technical whitepapers, evaluation materials, blogs, and additional MDOP resources, go to [MDOP TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=225286) (https://go.microsoft.com/fwlink/p/?LinkId=225286)</p>
 <p></p></td>
 </tr>
 <tr class="even">
 <td align="left"><p><strong>MDOP Forums</strong></p></td>
-<td align="left"><p>Join in the MDOP community where you can ask and answer questions at the [MDOP TechNet Forum](http://go.microsoft.com/fwlink/p/?LinkId=286973) (http://go.microsoft.com/fwlink/p/?LinkId=286973).</p></td>
+<td align="left"><p>Join in the MDOP community where you can ask and answer questions at the [MDOP TechNet Forum](https://go.microsoft.com/fwlink/p/?LinkId=286973) (https://go.microsoft.com/fwlink/p/?LinkId=286973).</p></td>
 </tr>
 </tbody>
 </table>
@@ -167,7 +167,7 @@ MDOP is a suite of products that can help streamline desktop deployment, managem
 MDOP is also available for test and evaluation to [MSDN](http://msdn.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) and [TechNet](http://technet.microsoft.com/subscriptions/downloads/default.aspx?PV=42:178) subscribers in accordance with MDSN and TechNet agreements.
 
 <a href="" id="download-mdop"></a>**Download MDOP**  
-MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](http://go.microsoft.com/fwlink/p/?LinkId=166331).
+MDOP subscribers can download the software at the [Microsoft Volume Licensing website (MVLS)](https://go.microsoft.com/fwlink/p/?LinkId=166331).
 
 <a href="" id="purchase-mdop"></a>**Purchase MDOP**  
 Visit the enterprise [Purchase Windows Enterprise Licensing](http://www.microsoft.com/windows/enterprise/how-to-buy.aspx) website to find out how to purchase MDOP for your business.
diff --git a/mdop/mbam-v1/about-mbam-10.md b/mdop/mbam-v1/about-mbam-10.md
index f4c118ca23..e2ef22c1fb 100644
--- a/mdop/mbam-v1/about-mbam-10.md
+++ b/mdop/mbam-v1/about-mbam-10.md
@@ -18,7 +18,7 @@ Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified a
 With Microsoft BitLocker Administration and Monitoring, you can select the BitLocker encryption policy options that are appropriate for your enterprise so that you can monitor the client compliance with those policies and then report the encryption status of both the enterprise and individual computers. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes.
 
 **Note**  
-BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](http://go.microsoft.com/fwlink/p/?LinkId=225013).
+BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
 
  
 
diff --git a/mdop/mbam-v1/accessibility-for-mbam-10.md b/mdop/mbam-v1/accessibility-for-mbam-10.md
index 4f7f4dbc5b..8b435e8c20 100644
--- a/mdop/mbam-v1/accessibility-for-mbam-10.md
+++ b/mdop/mbam-v1/accessibility-for-mbam-10.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For More Information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md b/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md
index f125457210..69969978ba 100644
--- a/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md
+++ b/mdop/mbam-v1/deploying-the-mbam-10-server-infrastructure.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # Deploying the MBAM 1.0 Server Infrastructure
 
 
-You can install Microsoft BitLocker Administration and Monitoring (MBAM) Server features in different configurations by using one to five servers. Generally, you should use a configuration of three to five servers for production environments, depending on your scalability needs. For more information about performance scalability of MBAM and recommended deployment topologies, see the [MBAM Scalability and High-Availability Guide White Paper](http://go.microsoft.com/fwlink/p/?LinkId=258314).
+You can install Microsoft BitLocker Administration and Monitoring (MBAM) Server features in different configurations by using one to five servers. Generally, you should use a configuration of three to five servers for production environments, depending on your scalability needs. For more information about performance scalability of MBAM and recommended deployment topologies, see the [MBAM Scalability and High-Availability Guide White Paper](https://go.microsoft.com/fwlink/p/?LinkId=258314).
 
 ## Deploy all MBAM 1.0 on a single server
 
diff --git a/mdop/mbam-v1/evaluating-mbam-10.md b/mdop/mbam-v1/evaluating-mbam-10.md
index b78e64d267..0b462a18f1 100644
--- a/mdop/mbam-v1/evaluating-mbam-10.md
+++ b/mdop/mbam-v1/evaluating-mbam-10.md
@@ -69,7 +69,7 @@ BACKUP CERTIFICATE tdeCert TO FILE = &#39;C:\Backup\TDECertificate.cer&#39;
          ENCRYPTION BY PASSWORD = &#39;P@55w0rd&#39;);
 GO</code></pre></td>
 <td align="left"><p>[MBAM 1.0 Deployment Prerequisites](mbam-10-deployment-prerequisites.md)</p>
-<p>[Database Encryption in SQL Server 2008 Enterprise Edition](http://go.microsoft.com/fwlink/?LinkId=269703)</p></td>
+<p>[Database Encryption in SQL Server 2008 Enterprise Edition](https://go.microsoft.com/fwlink/?LinkId=269703)</p></td>
 <td align="left"><p></p></td>
 </tr>
 <tr class="odd">
diff --git a/mdop/mbam-v1/getting-started-with-mbam-10.md b/mdop/mbam-v1/getting-started-with-mbam-10.md
index 628a1b8928..ac95a2fb22 100644
--- a/mdop/mbam-v1/getting-started-with-mbam-10.md
+++ b/mdop/mbam-v1/getting-started-with-mbam-10.md
@@ -15,14 +15,14 @@ ms.prod: w8
 
 Microsoft BitLocker Administration and Monitoring (MBAM) requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business needs, MBAM can help reduce your administrative overhead and total cost of ownership.
 
-If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <http://go.microsoft.com/fwlink/p/?LinkId=80347>.
+If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <https://go.microsoft.com/fwlink/p/?LinkId=80347>.
 
 **Note**  
-You can find a downloadable version of this documentation and the MBAM Evaluation Guide at <http://go.microsoft.com/fwlink/p/?LinkId=225356>.
+You can find a downloadable version of this documentation and the MBAM Evaluation Guide at <https://go.microsoft.com/fwlink/p/?LinkId=225356>.
 
  
 
-This section of the MBAM Administrator’s Guide includes high-level information about MBAM to provide you with a basic understanding of the product before you begin the deployment planning. Additional MBAM documentation can be found on the MBAM Documentation Resources Download page at <http://go.microsoft.com/fwlink/p/?LinkId=258391>.
+This section of the MBAM Administrator’s Guide includes high-level information about MBAM to provide you with a basic understanding of the product before you begin the deployment planning. Additional MBAM documentation can be found on the MBAM Documentation Resources Download page at <https://go.microsoft.com/fwlink/p/?LinkId=258391>.
 
 ## Getting started with MBAM 1.0
 
diff --git a/mdop/mbam-v1/high-availability-for-mbam-10.md b/mdop/mbam-v1/high-availability-for-mbam-10.md
index 2fdfbd6599..38b2537dc6 100644
--- a/mdop/mbam-v1/high-availability-for-mbam-10.md
+++ b/mdop/mbam-v1/high-availability-for-mbam-10.md
@@ -32,11 +32,11 @@ When you plan your MBAM installation, consider the following concerns that can a
 
 The main concern for MBAM high availability is BitLocker key recovery availability. If the help desk cannot provide recovery keys, users who are locked out cannot unlock their computers. To avoid this problem, consider implementing redundant web servers and databases to ensure high availability.
 
-For more information about MBAM scalability and high availability, see the [MBAM Scalability White Paper](http://go.microsoft.com/fwlink/p/?LinkId=229025) (http://go.microsoft.com/fwlink/p/?LinkId=229025).
+For more information about MBAM scalability and high availability, see the [MBAM Scalability White Paper](https://go.microsoft.com/fwlink/p/?LinkId=229025) (https://go.microsoft.com/fwlink/p/?LinkId=229025).
 
-For general guidance on high availability for Microsoft SQL Server, see [High Availability](http://go.microsoft.com/fwlink/p/?LinkId=221504) (http://go.microsoft.com/fwlink/p/?LinkId=221504).
+For general guidance on high availability for Microsoft SQL Server, see [High Availability](https://go.microsoft.com/fwlink/p/?LinkId=221504) (https://go.microsoft.com/fwlink/p/?LinkId=221504).
 
-For general guidance on availability and scalability for web servers, see [Availability and Scalability](http://go.microsoft.com/fwlink/p/?LinkId=221503) (http://go.microsoft.com/fwlink/p/?LinkId=221503).
+For general guidance on availability and scalability for web servers, see [Availability and Scalability](https://go.microsoft.com/fwlink/p/?LinkId=221503) (https://go.microsoft.com/fwlink/p/?LinkId=221503).
 
 ## Related topics
 
diff --git a/mdop/mbam-v1/high-level-architecture-for-mbam-10.md b/mdop/mbam-v1/high-level-architecture-for-mbam-10.md
index 57d66ff003..25af4e0a30 100644
--- a/mdop/mbam-v1/high-level-architecture-for-mbam-10.md
+++ b/mdop/mbam-v1/high-level-architecture-for-mbam-10.md
@@ -15,7 +15,7 @@ ms.prod: w8
 
 Microsoft BitLocker Administration and Monitoring (MBAM) is a client/server data encryption solution that can help you simplify BitLocker provisioning and deployment, improve BitLocker compliance and reporting, and reduce support costs. MBAM includes the features that are described in this topic.
 
-Additionally, there is a video that provides an overview of the MBAM architecture and MBAM Setup. For more information, see [MBAM Deployment and Architecture Overview](http://go.microsoft.com/fwlink/p/?LinkId=258392).
+Additionally, there is a video that provides an overview of the MBAM architecture and MBAM Setup. For more information, see [MBAM Deployment and Architecture Overview](https://go.microsoft.com/fwlink/p/?LinkId=258392).
 
 ## Architecture Overview
 
diff --git a/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md b/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md
index 4eccfd6064..1cc7c2b4b0 100644
--- a/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md
+++ b/mdop/mbam-v1/how-to-configure-network-load-balancing-for-mbam.md
@@ -47,7 +47,7 @@ The following steps describe how to configure an NLB cluster virtual name and IP
 Before you begin the procedures described in this topic, you must have the MBAM Administration and Monitoring Server feature successfully installed by using the same IIS port binding on two separate server computers that meet the prerequisites for both MBAM Server feature installation and NLB Cluster configuration.
 
 **Note**  
-This topic describes the basic process of using Network Load Balancing Manager to create an NLB Cluster. The exact steps to configure a Windows Server as part of an NLB cluster depend on the Windows Server version in use.. For more information about how to create NLBs on Windows Server 2008, see [Creating Network Load Balancing Clusters](http://go.microsoft.com/fwlink/?LinkId=197176) in the Windows Server 2008 TechNet library.
+This topic describes the basic process of using Network Load Balancing Manager to create an NLB Cluster. The exact steps to configure a Windows Server as part of an NLB cluster depend on the Windows Server version in use.. For more information about how to create NLBs on Windows Server 2008, see [Creating Network Load Balancing Clusters](https://go.microsoft.com/fwlink/?LinkId=197176) in the Windows Server 2008 TechNet library.
 
  
 
diff --git a/mdop/mbam-v1/index.md b/mdop/mbam-v1/index.md
index 22a039ab4b..e1d4cafd4f 100644
--- a/mdop/mbam-v1/index.md
+++ b/mdop/mbam-v1/index.md
@@ -38,11 +38,11 @@ Microsoft BitLocker Administration and Monitoring (MBAM) provides a simplified a
 <a href="" id="release-notes-for-mbam-1-0"></a>[Release Notes for MBAM 1.0](release-notes-for-mbam-10.md)  
 View updated product information and known issues for MBAM 1.0.
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
  
 
diff --git a/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md b/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md
index 4f8f3f7279..389a47b9e9 100644
--- a/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md
+++ b/mdop/mbam-v1/known-issues-in-the-mbam-international-release-mbam-1.md
@@ -32,7 +32,7 @@ If you are using a certificate for authentication between MBAM servers, after up
 
 ### MBAM Svclog File Filling Disk Space
 
-If you have followed Knowledge Base article 2668170, [http://support.microsoft.com/kb/2668170](http://go.microsoft.com/fwlink/?LinkID=247277), you might have to repeat the KB steps after you install this update.
+If you have followed Knowledge Base article 2668170, [http://support.microsoft.com/kb/2668170](https://go.microsoft.com/fwlink/?LinkID=247277), you might have to repeat the KB steps after you install this update.
 
 **Workaround**: None.
 
diff --git a/mdop/mbam-v1/maintaining-mbam-10.md b/mdop/mbam-v1/maintaining-mbam-10.md
index edbecc6098..d0fc680506 100644
--- a/mdop/mbam-v1/maintaining-mbam-10.md
+++ b/mdop/mbam-v1/maintaining-mbam-10.md
@@ -22,7 +22,7 @@ The Microsoft System Center Operations Manager Management Pack for MBAM is a
 
 This management pack monitors the critical interactions in the server-side infrastructure, such as the connections between the web services and databases and the operational calls between websites and their supportive web service. It also uploads the requests between desktop clients and their respective receiving web service endpoints.
 
-[Microsoft BitLocker Administration And Monitoring Management Pack](http://go.microsoft.com/fwlink/p/?LinkId=258390)
+[Microsoft BitLocker Administration And Monitoring Management Pack](https://go.microsoft.com/fwlink/p/?LinkId=258390)
 
 ## Ensure high availability for MBAM 1.0
 
diff --git a/mdop/mbam-v1/mbam-10-supported-configurations.md b/mdop/mbam-v1/mbam-10-supported-configurations.md
index 556ee45582..f460c7240a 100644
--- a/mdop/mbam-v1/mbam-10-supported-configurations.md
+++ b/mdop/mbam-v1/mbam-10-supported-configurations.md
@@ -23,7 +23,7 @@ This topic specifies the necessary requirements to install and run Microsoft Bit
 The following table lists the operating systems that are supported for the Microsoft BitLocker Administration and Monitoring Server installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
@@ -132,7 +132,7 @@ The following table lists the SQL Server versions that are supported for the MB
 The following table lists the operating systems that are supported for MBAM Client installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md b/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md
index b151537b84..2a75bde0f1 100644
--- a/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md
+++ b/mdop/mbam-v1/planning-for-mbam-10-server-deployment.md
@@ -31,7 +31,7 @@ The following MBAM features represent the server infrastructure for an MBAM serv
 MBAM server databases and features can be installed in different configurations, depending on your scalability needs. All MBAM Server features can be installed on a single server or distributed across multiple servers. Generally, we recommend that you use a three-server or five-server configuration for production environments, although configurations of two or four servers can also be used, depending on your computing needs.
 
 **Note**  
-For more information about performance scalability of MBAM and recommended deployment topologies, see the MBAM Scalability and High-Availability Guide white paper at <http://go.microsoft.com/fwlink/p/?LinkId=258314>.
+For more information about performance scalability of MBAM and recommended deployment topologies, see the MBAM Scalability and High-Availability Guide white paper at <https://go.microsoft.com/fwlink/p/?LinkId=258314>.
 
  
 
diff --git a/mdop/mbam-v1/release-notes-for-mbam-10.md b/mdop/mbam-v1/release-notes-for-mbam-10.md
index 9cfa0fa3f5..5a2becc998 100644
--- a/mdop/mbam-v1/release-notes-for-mbam-10.md
+++ b/mdop/mbam-v1/release-notes-for-mbam-10.md
@@ -24,7 +24,7 @@ These release notes contain information that is required to successfully install
 
 For information about MBAM documentation, see the MBAM home page on Microsoft TechNet.
 
-To obtain a downloadable copy of the MBAM documentation, see <http://go.microsoft.com/fwlink/p/?LinkId=225356> on the Microsoft Download Center.
+To obtain a downloadable copy of the MBAM documentation, see <https://go.microsoft.com/fwlink/p/?LinkId=225356> on the Microsoft Download Center.
 
 ## Provide Feedback
 
@@ -36,9 +36,9 @@ This email address is not a support channel, but your feedback will help us to p
 
  
 
-For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) page.
+For the latest information about MDOP and additional learning resources, see the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) page.
 
-For more information about new updates or to provide feedback, follow us on [Facebook](http://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](http://go.microsoft.com/fwlink/p/?LinkId=242447).
+For more information about new updates or to provide feedback, follow us on [Facebook](https://go.microsoft.com/fwlink/p/?LinkId=242445) or [Twitter](https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Known Issues with MBAM 1.0
 
diff --git a/mdop/mbam-v1/security-considerations-for-mbam-10.md b/mdop/mbam-v1/security-considerations-for-mbam-10.md
index ec5c69ad30..18fd7f3ded 100644
--- a/mdop/mbam-v1/security-considerations-for-mbam-10.md
+++ b/mdop/mbam-v1/security-considerations-for-mbam-10.md
@@ -22,9 +22,9 @@ This topic contains a brief overview of the accounts and groups, log files, and
 
 **Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an MBAM Server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. MBAM servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
 
-**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems, Microsoft SQL Server, and MBAM by subscribing to the Security Notification service (<http://go.microsoft.com/fwlink/p/?LinkId=28819>).
+**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems, Microsoft SQL Server, and MBAM by subscribing to the Security Notification service (<https://go.microsoft.com/fwlink/p/?LinkId=28819>).
 
-**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM and MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<http://go.microsoft.com/fwlink/p/?LinkId=30009>).
+**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM and MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<https://go.microsoft.com/fwlink/p/?LinkId=30009>).
 
 ## Accounts and Groups in MBAM
 
@@ -186,7 +186,7 @@ When TDE is enabled on a database, all backups are encrypted. Thus, special care
 
 For an example of how to enable TDE for MBAM database instances, see [Evaluating MBAM 1.0](evaluating-mbam-10.md).
 
-For more information about TDE in SQL Server 2008, see [Database Encryption in SQL Server 2008 Enterprise Edition](http://go.microsoft.com/fwlink/?LinkId=269703).
+For more information about TDE in SQL Server 2008, see [Database Encryption in SQL Server 2008 Enterprise Edition](https://go.microsoft.com/fwlink/?LinkId=269703).
 
 ## Related topics
 
diff --git a/mdop/mbam-v1/troubleshooting-mbam-10.md b/mdop/mbam-v1/troubleshooting-mbam-10.md
index 31b1dd1859..4a1a361b48 100644
--- a/mdop/mbam-v1/troubleshooting-mbam-10.md
+++ b/mdop/mbam-v1/troubleshooting-mbam-10.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # Troubleshooting MBAM 1.0
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to Find Troubleshooting Content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet Wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/mbam-v2/about-mbam-20-mbam-2.md b/mdop/mbam-v2/about-mbam-20-mbam-2.md
index ff196a4897..6a57731b36 100644
--- a/mdop/mbam-v2/about-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/about-mbam-20-mbam-2.md
@@ -21,7 +21,7 @@ Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 provides a simpl
 BitLocker Administration and Monitoring 2.0 enforces the BitLocker encryption policy options that you set for your enterprise, monitors the compliance of client computers with those policies, and reports on the encryption status of both the enterprise and the individual computers. In addition, MBAM lets you access the recovery key information when users forget their PIN or password, or when their BIOS or boot record changes.
 
 **Note**  
-BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](http://go.microsoft.com/fwlink/p/?LinkId=225013).
+BitLocker is not covered in detail in this guide. For an overview of BitLocker, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
 
  
 
@@ -94,7 +94,7 @@ For more information, and for late-breaking news that is not included in the doc
 ## How to Get MBAM 2.0
 
 
-This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP?](http://go.microsoft.com/fwlink/p/?LinkId=322049)
+This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/p/?LinkId=322049)
 
 ## Related topics
 
diff --git a/mdop/mbam-v2/about-mbam-20-sp1.md b/mdop/mbam-v2/about-mbam-20-sp1.md
index ed45a5ea60..48b81f4257 100644
--- a/mdop/mbam-v2/about-mbam-20-sp1.md
+++ b/mdop/mbam-v2/about-mbam-20-sp1.md
@@ -131,7 +131,7 @@ You can configure a localized version of the Self-Service Portal “HelpdeskText
 
 2.  In the **Actions** pane, click **Add** to open the **Add Application Setting** dialog box.
 
-3.  In the **Name** field, type **HelpdeskText**\_&lt;*language*&gt;, where &lt;*language*&gt; is the appropriate language code for the text. For example, to create a localized HelpdeskText statement in Spanish, you would name the parameter HelpdeskText\_es-es. For a list of the valid language codes that you can use, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947).
+3.  In the **Name** field, type **HelpdeskText**\_&lt;*language*&gt;, where &lt;*language*&gt; is the appropriate language code for the text. For example, to create a localized HelpdeskText statement in Spanish, you would name the parameter HelpdeskText\_es-es. For a list of the valid language codes that you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947).
 
 4.  In the **Value** field, type the localized text that you want to display to end users.
 
@@ -145,7 +145,7 @@ You can configure a localized version of the Self-Service Portal HelpdeskURL to
 
 2.  In the **Actions** pane, click **Add** to open the **Add Application Setting** dialog box.
 
-3.  In the **Name** field, type **HelpdeskURL**\_&lt;*language*&gt;, where &lt;*language*&gt; is the appropriate language code for the URL. For example, to create a localized HelpdeskURL in Spanish, you would name the parameter HelpdeskURL\_es-es. For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947).
+3.  In the **Name** field, type **HelpdeskURL**\_&lt;*language*&gt;, where &lt;*language*&gt; is the appropriate language code for the URL. For example, to create a localized HelpdeskURL in Spanish, you would name the parameter HelpdeskURL\_es-es. For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947).
 
 4.  In the **Value** field, type the localized HelpdeskURL that you want to display to end users.
 
@@ -181,7 +181,7 @@ If an end user’s browser is set to a language that does not have a correspondi
     &lt;*MBAM Self-Service Install Directory*&gt;\\Self Service Website\\
 
     **Note**  
-    Some language folders already exist, so you may not have to create one. If you do need to create a language folder, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the &lt;*language*&gt; folder.
+    Some language folders already exist, so you may not have to create one. If you do need to create a language folder, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the &lt;*language*&gt; folder.
 
      
 
@@ -470,7 +470,7 @@ MBAM 2.0 SP1 is now available in the following languages:
 ## How to Get MDOP Technologies
 
 
-MBAM 2.0 SP1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+MBAM 2.0 SP1 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## Related topics
 
diff --git a/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md b/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md
index 6dea99fe3f..0dcfc82b06 100644
--- a/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/accessibility-for-mbam-20-mbam-2.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For More Information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md b/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md
index 67727acd97..d4c943d507 100644
--- a/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md
+++ b/mdop/mbam-v2/deploying-mbam-with-configuration-manager-mbam2.md
@@ -17,7 +17,7 @@ The following procedures describe how to deploy Microsoft BitLocker Administrati
 
 Before you start the installation, ensure that you have met the prerequisites and hardware and software requirements for installing MBAM with Configuration Manager by reviewing [Planning to Deploy MBAM with Configuration Manager](planning-to-deploy-mbam-with-configuration-manager-2.md).
 
-If you ever have to reinstall MBAM with the Configuration Manager topology, you will need to remove certain Configuration Manager objects first. Read the [Knowledge Base article](http://go.microsoft.com/fwlink/?LinkId=286306) for more information.
+If you ever have to reinstall MBAM with the Configuration Manager topology, you will need to remove certain Configuration Manager objects first. Read the [Knowledge Base article](https://go.microsoft.com/fwlink/?LinkId=286306) for more information.
 
 The steps to install MBAM with Configuration Manager are grouped into the following categories. Complete the steps for each category to complete the installation.
 
diff --git a/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md b/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md
index 8f6e2c1019..87b442cc09 100644
--- a/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/getting-started-with-mbam-20-mbam-2.md
@@ -15,9 +15,9 @@ ms.prod: w8
 
 Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business requirements, BitLocker Administration and Monitoring 2.0 can help reduce your administrative overhead and total cost of ownership.
 
-If you are new to this product, we recommend that you read the documentation carefully. To get the MBAM software, see [How Do I Get MDOP?](http://go.microsoft.com/fwlink/p/?LinkId=322049). Before you deploy MBAM to a production environment, we also recommend that you validate your deployment plan in a test environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <http://go.microsoft.com/fwlink/p/?LinkId=80347>.
+If you are new to this product, we recommend that you read the documentation carefully. To get the MBAM software, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/p/?LinkId=322049). Before you deploy MBAM to a production environment, we also recommend that you validate your deployment plan in a test environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <https://go.microsoft.com/fwlink/p/?LinkId=80347>.
 
-This section of the MBAM 2.0 Administrator’s Guide includes high-level information about MBAM 2.0 to provide a basic understanding of the product before you begin to plan deployment. For specific information about deploying MBAM with the Configuration Manager integrated topology, see [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md). You can find additional MBAM documentation on the Microsoft BitLocker Administration and Monitoring (MBAM) Documentation Resources Download Page at <http://go.microsoft.com/fwlink/p/?LinkId=258391>.
+This section of the MBAM 2.0 Administrator’s Guide includes high-level information about MBAM 2.0 to provide a basic understanding of the product before you begin to plan deployment. For specific information about deploying MBAM with the Configuration Manager integrated topology, see [Using MBAM with Configuration Manager](using-mbam-with-configuration-manager.md). You can find additional MBAM documentation on the Microsoft BitLocker Administration and Monitoring (MBAM) Documentation Resources Download Page at <https://go.microsoft.com/fwlink/p/?LinkId=258391>.
 
 ## Getting Started with MBAM 2.0
 
diff --git a/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md b/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md
index 9558074f46..7c31fda4ef 100644
--- a/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md
+++ b/mdop/mbam-v2/how-to-install-and-configure-mbam-on-distributed-servers-mbam-2.md
@@ -137,7 +137,7 @@ The following steps describe how to install general MBAM features.
 
      
 
-10. To optionally register a Service Principal Name (SPN) for the Self-Service Portal, select **Register this machine’s Service Principal Names (SPN) with Active Directory (Required for Windows Authentication)**. If you select this check box, MBAM Setup will not try to register the existing SPNs, and you can manually register the SPN before or after the MBAM installation. For instructions on registering the SPN manually, see [Manual SPN Registration](http://go.microsoft.com/fwlink/?LinkId=286758).
+10. To optionally register a Service Principal Name (SPN) for the Self-Service Portal, select **Register this machine’s Service Principal Names (SPN) with Active Directory (Required for Windows Authentication)**. If you select this check box, MBAM Setup will not try to register the existing SPNs, and you can manually register the SPN before or after the MBAM installation. For instructions on registering the SPN manually, see [Manual SPN Registration](https://go.microsoft.com/fwlink/?LinkId=286758).
 
 11. Click **Next** to continue with the Microsoft BitLocker Administration and Monitoring Setup wizard.
 
@@ -160,13 +160,13 @@ The following steps describe how to install general MBAM features.
 
 2.  Download the four JavaScript files from the Microsoft CDN:
 
-    -   jQuery-1.7.2.min.js - [http://go.microsoft.com/p/fwlink/?LinkID=271736](http://go.microsoft.com/fwlink/p/?LinkID=271736)
+    -   jQuery-1.7.2.min.js - [https://go.microsoft.com/p/fwlink/?LinkID=271736](https://go.microsoft.com/fwlink/p/?LinkID=271736)
 
-    -   MicrosoftAjax.js –[http://go.microsoft.com/p/fwlink/?LinkId=272283](http://go.microsoft.com/fwlink/p/?LinkId=272283)
+    -   MicrosoftAjax.js –[https://go.microsoft.com/p/fwlink/?LinkId=272283](https://go.microsoft.com/fwlink/p/?LinkId=272283)
 
-    -   MicrosoftMvcAjax.js - [http://go.microsoft.com/p/fwlink/?LinkId=272284](http://go.microsoft.com/fwlink/p/?LinkId=272284)
+    -   MicrosoftMvcAjax.js - [https://go.microsoft.com/p/fwlink/?LinkId=272284](https://go.microsoft.com/fwlink/p/?LinkId=272284)
 
-    -   MicrosoftMvcValidation.js - <http://go.microsoft.com/fwlink/p/?LinkId=272285>
+    -   MicrosoftMvcValidation.js - <https://go.microsoft.com/fwlink/p/?LinkId=272285>
 
 3.  Copy the JavaScript files to the **Scripts** directory of the Self-Service Portal. This directory is located in *&lt;MBAM Self-Service Install Directory&gt;\\*Self Service Website\\Scripts.
 
@@ -227,7 +227,7 @@ The following steps describe how to install general MBAM features.
 
      
 
-12. To optionally register a Service Principal Name (SPN) for the Self-Service Portal, select **Register this machine’s Service Principal Names (SPN) with Active Directory (Required for Windows Authentication)**. If you select this check box, MBAM Setup will not try to register the existing SPNs, and you can manually register the SPN before or after the MBAM installation. For instructions on registering the SPN manually, see [Manual SPN Registration](http://go.microsoft.com/fwlink/?LinkId=286758).
+12. To optionally register a Service Principal Name (SPN) for the Self-Service Portal, select **Register this machine’s Service Principal Names (SPN) with Active Directory (Required for Windows Authentication)**. If you select this check box, MBAM Setup will not try to register the existing SPNs, and you can manually register the SPN before or after the MBAM installation. For instructions on registering the SPN manually, see [Manual SPN Registration](https://go.microsoft.com/fwlink/?LinkId=286758).
 
 13. Click **Next** to continue with the Microsoft BitLocker Administration and Monitoring Setup wizard.
 
diff --git a/mdop/mbam-v2/index.md b/mdop/mbam-v2/index.md
index 9b13be4d7f..6bb7ed3791 100644
--- a/mdop/mbam-v2/index.md
+++ b/mdop/mbam-v2/index.md
@@ -39,13 +39,13 @@ Microsoft BitLocker Administration and Monitoring (MBAM) 2.0 provides a simpl
 
     View updated product information and known issues for MBAM 2.0.
 
--   [MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)
+-   [MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)
 
     Learn about the latest MDOP information and resources.
 
--   [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)
+-   [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
 
-    Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+    Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
  
 
diff --git a/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md b/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md
index 32629af033..ca28148a37 100644
--- a/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-deployment-prerequisites-mbam-2.md
@@ -275,7 +275,7 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 </tr>
 <tr class="even">
 <td align="left"><p>ASP.NET MVC 2.0</p></td>
-<td align="left"><p>[ASP.NET MVC 2 download](http://go.microsoft.com/fwlink/?LinkId=392270)</p></td>
+<td align="left"><p>[ASP.NET MVC 2 download](https://go.microsoft.com/fwlink/?LinkId=392270)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Web Service IIS Management Tools</p></td>
@@ -310,12 +310,12 @@ For a list of supported operating systems, see [MBAM 2.0 Supported Configuration
 <td align="left"><p>For more information, see the BIOS documentation.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p><strong>Windows 8 clients only</strong>: To have MBAM store and manage the TPM recovery keys: TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM. To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](http://go.microsoft.com/fwlink/?LinkId=286468).</p>
+<td align="left"><p><strong>Windows 8 clients only</strong>: To have MBAM store and manage the TPM recovery keys: TPM auto-provisioning must be turned off, and MBAM must be set as the owner of the TPM before you deploy MBAM. To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](https://go.microsoft.com/fwlink/?LinkId=286468).</p>
 <ul>
 <li><p>TPM auto-provisioning must be turned off.</p></li>
 <li><p>MBAM must be set as the owner of the TPM before you deploy MBAM.</p></li>
 </ul></td>
-<td align="left"><p>To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](http://go.microsoft.com/fwlink/?LinkId=286468).</p>
+<td align="left"><p>To turn off TPM auto-provisioning, see [Disable-TpmAutoProvisioning](https://go.microsoft.com/fwlink/?LinkId=286468).</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>Ensure that the keyboard, video, or mouse are directly connected and not managed through a keyboard, video, or mouse (KVM) switch. A KVM switch can interfere with the ability of the computer to detect the physical presence of hardware.</p>
diff --git a/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md b/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md
index 3a51b59b37..10985c643c 100644
--- a/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-privacy-statement-mbam-2.md
@@ -68,7 +68,7 @@ Microsoft Error Reporting provides a service that allows you to report problems
 
 **Information Collected, Processed, or Transmitted:**
 
-For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at [http://go.microsoft.com](http://go.microsoft.com/fwlink/?LinkID=244395).
+For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at [https://go.microsoft.com](https://go.microsoft.com/fwlink/?LinkID=244395).
 
 **Use of Information:**
 
@@ -98,15 +98,15 @@ Microsoft Update is a service that provides Windows updates as well as updates f
 
 **Information Collected, Processed, or Transmitted:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244400>.
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244400>.
 
 **Use of Information:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244400>.
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244400>.
 
 **Choice/Control:**
 
-For details about controlling this feature, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=244000>.
+For details about controlling this feature, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=244000>.
 
 ### Customer Experience Improvement Program
 
@@ -116,7 +116,7 @@ The Customer Experience Improvement Program (“CEIP”) collects basic informat
 
 **Information Collected, Processed, or Transmitted:**
 
-For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <http://go.microsoft.com/fwlink/?LinkID=52097>.
+For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <https://go.microsoft.com/fwlink/?LinkID=52097>.
 
 **Use of Information:**
 
diff --git a/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md b/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md
index 0215cbc294..49e3c18cf1 100644
--- a/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-security-considerations-mbam-2.md
@@ -22,9 +22,9 @@ This topic contains a brief overview about the accounts and groups, log files, a
 
 **Physically secure your computers**. There is no security without physical security. An attacker who gets physical access to an MBAM Server could potentially use it to attack the entire client base. All potential physical attacks must be considered high risk and mitigated appropriately. MBAM servers should be stored in a secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
 
-**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems, Microsoft SQL Server, and MBAM by subscribing to the Security Notification service (<http://go.microsoft.com/fwlink/?LinkId=28819>).
+**Apply the most recent security updates to all computers**. Stay informed about new updates for operating systems, Microsoft SQL Server, and MBAM by subscribing to the Security Notification service (<https://go.microsoft.com/fwlink/?LinkId=28819>).
 
-**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM and MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<http://go.microsoft.com/fwlink/?LinkId=30009>).
+**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM and MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see the “Account Passwords and Policies” white paper on TechNet (<https://go.microsoft.com/fwlink/?LinkId=30009>).
 
 ## Accounts and Groups in MBAM
 
@@ -185,7 +185,7 @@ When TDE is enabled on a database, all backups are encrypted. Thus, special care
 
 For an example of how to enable TDE for MBAM database instances, see [Evaluating MBAM 2.0](evaluating-mbam-20-mbam-2.md).
 
-For more information about TDE in SQL Server 2008, see [SQL Server Encryption]( http://go.microsoft.com/fwlink/?LinkId=299883).
+For more information about TDE in SQL Server 2008, see [SQL Server Encryption]( https://go.microsoft.com/fwlink/?LinkId=299883).
 
 ## Related topics
 
diff --git a/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md b/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md
index 2f7ccf2976..8e7013294e 100644
--- a/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md
+++ b/mdop/mbam-v2/mbam-20-supported-configurations-mbam-2.md
@@ -20,7 +20,7 @@ If you plan to install MBAM 2.0 by using the Configuration Manager topology and
 The recommended configuration for running MBAM in a production environment is with two servers, depending on your scalability requirements. This configuration supports up to 200,000 MBAM clients. For an image and descriptions of the Stand-alone MBAM server infrastructure, see [High-Level Architecture for MBAM 2.0](high-level-architecture-for-mbam-20-mbam-2.md).
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md b/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md
index 6a3213a699..a0bbbee2b3 100644
--- a/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md
+++ b/mdop/mbam-v2/planning-to-deploy-mbam-with-configuration-manager-2.md
@@ -43,18 +43,18 @@ Ensure that you have met the following prerequisites before you install MBAM wit
 </tr>
 <tr class="even">
 <td align="left"><p>Enable the Hardware Inventory Client Agent on the Configuration Manager Server.</p></td>
-<td align="left"><p>For Configuration Manager 2007, see [How to Configure Hardware Inventory for a Site](http://go.microsoft.com/fwlink/?LinkId=301656).</p>
-<p>For System Center 2012 Configuration Manager, see [How to Configure Hardware Inventory in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301685).</p></td>
+<td align="left"><p>For Configuration Manager 2007, see [How to Configure Hardware Inventory for a Site](https://go.microsoft.com/fwlink/?LinkId=301656).</p>
+<p>For System Center 2012 Configuration Manager, see [How to Configure Hardware Inventory in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301685).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Enable the Desired Configuration Management (DCM) agent or the compliance settings, depending on the version of Configuration Manager that you are using.</p></td>
-<td align="left"><p>For Configuration Manager 2007, enable the see [Desired Configuration Management Client Agent Properties](http://go.microsoft.com/fwlink/?LinkId=301686).</p>
-<p>For System Center 2012 Configuration Manager, see [Configuring Compliance Settings in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301687).</p></td>
+<td align="left"><p>For Configuration Manager 2007, enable the see [Desired Configuration Management Client Agent Properties](https://go.microsoft.com/fwlink/?LinkId=301686).</p>
+<p>For System Center 2012 Configuration Manager, see [Configuring Compliance Settings in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301687).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Define a reporting services point in Configuration Manager. Required for SQL Reporting Services.</p></td>
-<td align="left"><p>For Configuration Manager 2007, see [How to Create a Reporting Services Point for SQL Reporting Services](http://go.microsoft.com/fwlink/?LinkId=301688).</p>
-<p>For System Center 2012 Configuration Manager, see [Prerequisites for Reporting in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301689).</p></td>
+<td align="left"><p>For Configuration Manager 2007, see [How to Create a Reporting Services Point for SQL Reporting Services](https://go.microsoft.com/fwlink/?LinkId=301688).</p>
+<p>For System Center 2012 Configuration Manager, see [Prerequisites for Reporting in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301689).</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md b/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md
index efd62a6169..911a162764 100644
--- a/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md
+++ b/mdop/mbam-v2/release-notes-for-mbam-20-sp1.md
@@ -67,7 +67,7 @@ If you are using MBAM with Configuration Manager, and you want to upgrade to MBA
 
 When you use Internet Explorer 10 to access the Administration and Monitoring Website, the **Submit** button on the website does not work.
 
-**Workaround**: On the server where you installed the Administration and Monitoring Website, install [Hotfix for ASP.NET browser definition files](http://go.microsoft.com/fwlink/?LinkId=317798).
+**Workaround**: On the server where you installed the Administration and Monitoring Website, install [Hotfix for ASP.NET browser definition files](https://go.microsoft.com/fwlink/?LinkId=317798).
 
 ### International domain names are not supported
 
diff --git a/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md b/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md
index 33672448b9..6eda8b11ab 100644
--- a/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md
+++ b/mdop/mbam-v2/troubleshooting-mbam-20-mbam-2.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # Troubleshooting MBAM 2.0
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to Find Troubleshooting Content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet Wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/mbam-v25/about-mbam-25-sp1.md b/mdop/mbam-v25/about-mbam-25-sp1.md
index 4f19a1527d..96df87e28a 100644
--- a/mdop/mbam-v25/about-mbam-25-sp1.md
+++ b/mdop/mbam-v25/about-mbam-25-sp1.md
@@ -45,7 +45,7 @@ The following groups might be interested in using MBAM to manage BitLocker:
 -   Administrators who are responsible for client computers that are running Windows
 
 **Note**  
-BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](http://go.microsoft.com/fwlink/p/?LinkId=225013).
+BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
 
  
 
@@ -123,11 +123,11 @@ In MBAM 2.5, support was added for Federal Information Processing Standard (FIP
 The Windows team has backported FIPS-compliant recovery keys with a hotfix, and MBAM 2.5 SP1 has added support for them as well.
 
 **Note**  
-Client computers that are running the Windows 8 operating system still require a DRA protector since the hotfix was not backported to that OS. See [Hotfix Package 2 for BitLocker Administration and Monitoring 2.5](https://support.microsoft.com/kb/3015477) to download and install the BitLocker hotfix for Windows 7 and Windows 8 computers. For information about DRA, see [Using Data Recovery Agents with BitLocker](http://go.microsoft.com/fwlink/?LinkId=393557).
+Client computers that are running the Windows 8 operating system still require a DRA protector since the hotfix was not backported to that OS. See [Hotfix Package 2 for BitLocker Administration and Monitoring 2.5](https://support.microsoft.com/kb/3015477) to download and install the BitLocker hotfix for Windows 7 and Windows 8 computers. For information about DRA, see [Using Data Recovery Agents with BitLocker](https://go.microsoft.com/fwlink/?LinkId=393557).
 
  
 
-To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](http://go.microsoft.com/fwlink/?LinkId=393560).
+To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](https://go.microsoft.com/fwlink/?LinkId=393560).
 
 ### Customize pre-boot recovery message and URL with new Group Policy setting
 
@@ -220,7 +220,7 @@ The compliance calculation logic for "Locked Fixed Data" volumes has been change
 ## How to Get MDOP Technologies
 
 
-MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](http://go.microsoft.com/fwlink/?LinkId=322049).
+MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## MBAM 2.5 SP1 Release Notes
 
diff --git a/mdop/mbam-v25/about-mbam-25.md b/mdop/mbam-v25/about-mbam-25.md
index b9d9a8e8d4..89e69dbb3c 100644
--- a/mdop/mbam-v25/about-mbam-25.md
+++ b/mdop/mbam-v25/about-mbam-25.md
@@ -45,7 +45,7 @@ The following groups might be interested in using MBAM to manage BitLocker:
 -   Administrators who are responsible for client computers that are running Windows
 
 **Note**  
-BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](http://go.microsoft.com/fwlink/p/?LinkId=225013).
+BitLocker is not explained in detail in this MBAM documentation. For more information, see [BitLocker Drive Encryption Overview](https://go.microsoft.com/fwlink/p/?LinkId=225013).
 
  
 
@@ -60,7 +60,7 @@ MBAM adds support for Microsoft SQL Server 2014, in addition to the same softwar
 
 ### <a href="" id="-------------mbam-group-policy-templates-downloaded-separately"></a> MBAM Group Policy Templates downloaded separately
 
-The MBAM Group Policy Templates must be downloaded separately from the MBAM installation. In previous versions of MBAM, the MBAM installer included an MBAM Policy Template, which contained the required MBAM-specific Group Policy Objects (GPOs) that define MBAM implementation settings for BitLocker Drive Encryption. These GPOs have been removed from the MBAM installer. You now download the GPOs from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation before you begin the MBAM Client installation. You can copy the Group Policy Templates to any server or workstation that is running a supported version of the Windows Server or Windows operating system.
+The MBAM Group Policy Templates must be downloaded separately from the MBAM installation. In previous versions of MBAM, the MBAM installer included an MBAM Policy Template, which contained the required MBAM-specific Group Policy Objects (GPOs) that define MBAM implementation settings for BitLocker Drive Encryption. These GPOs have been removed from the MBAM installer. You now download the GPOs from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation before you begin the MBAM Client installation. You can copy the Group Policy Templates to any server or workstation that is running a supported version of the Windows Server or Windows operating system.
 
 **Important**  
 Do not change the Group Policy settings in the **BitLocker Drive Encryption** node, or MBAM will not work correctly. When you configure the Group Policy settings in the **MDOP MBAM (BitLocker Management)** node, MBAM automatically configures the BitLocker Drive Encryption settings for you.
@@ -133,7 +133,7 @@ Copy the template files to the location that best meets your needs. For the lang
 
      
 
-For more information about template files, see [Managing Group Policy ADMX Files Step-by-Step Guide](http://go.microsoft.com/fwlink/?LinkId=392818).
+For more information about template files, see [Managing Group Policy ADMX Files Step-by-Step Guide](https://go.microsoft.com/fwlink/?LinkId=392818).
 
 ### Ability to enforce encryption policies on operating system and fixed data drives
 
@@ -189,9 +189,9 @@ The new Group Policy setting is located in the following GPO node: **Computer Co
 
 MBAM 2.5 supports Federal Information Processing Standard (FIPS)-compliant BitLocker recovery keys on devices that are running the Windows 8.1 operating system. The recovery key was not FIPS compliant in earlier versions of Windows. This enhancement improves the drive recovery process in organizations that require FIPS compliance because it enables end users to use the Self-Service Portal or Administration and Monitoring Website (Help Desk) to recover their drives if they forget their PIN or password or get locked out of their computers. The new FIPS compliance feature does not extend to password protectors.
 
-To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](http://go.microsoft.com/fwlink/?LinkId=393560).
+To enable FIPS compliance in your organization, you must configure the Federal Information Processing Standard (FIPS) Group Policy settings. For configuration instructions, see [BitLocker Group Policy Settings](https://go.microsoft.com/fwlink/?LinkId=393560).
 
-For client computers that are running the Windows 8 or Windows 7 operating systems without the [installed BitLocker hotfix](https://support.microsoft.com/kb/3015477), IT administrators will continue to use the Data Recovery Agents (DRA) protector in FIPS-compliant environments. For information about DRA, see [Using Data Recovery Agents with BitLocker](http://go.microsoft.com/fwlink/?LinkId=393557).
+For client computers that are running the Windows 8 or Windows 7 operating systems without the [installed BitLocker hotfix](https://support.microsoft.com/kb/3015477), IT administrators will continue to use the Data Recovery Agents (DRA) protector in FIPS-compliant environments. For information about DRA, see [Using Data Recovery Agents with BitLocker](https://go.microsoft.com/fwlink/?LinkId=393557).
 
 See [Hotfix Package 2 for BitLocker Administration and Monitoring 2.5](https://support.microsoft.com/kb/3015477) to download and install the BitLocker hotfix for Windows 7 and Windows 8 computers.
 
@@ -282,15 +282,15 @@ Windows PowerShell Help for MBAM is available in the following formats:
 </tr>
 <tr class="even">
 <td align="left"><p>On TechNet as webpages</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393498</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393498</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>On the Download Center as a Word .docx file</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393497</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393497</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>On the Download Center as a .pdf file</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393499</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393499</p></td>
 </tr>
 </tbody>
 </table>
@@ -346,7 +346,7 @@ MBAM supports BitLocker on Encrypted Hard Drives that meet TCG specification req
 ## How to Get MDOP Technologies
 
 
-MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](http://go.microsoft.com/fwlink/?LinkId=322049).
+MBAM is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of the Microsoft Software Assurance program. For more information about the Microsoft Software Assurance program and how to acquire the MDOP, see [How Do I Get MDOP?](https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## <a href="" id="---------mbam-2-5-release-notes"></a> MBAM 2.5 Release Notes
 
diff --git a/mdop/mbam-v25/accessibility-for-mbam-25.md b/mdop/mbam-v25/accessibility-for-mbam-25.md
index c9526f1eee..9f43694659 100644
--- a/mdop/mbam-v25/accessibility-for-mbam-25.md
+++ b/mdop/mbam-v25/accessibility-for-mbam-25.md
@@ -63,7 +63,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites mentioned here.</p></td>
 </tr>
 </tbody>
@@ -85,7 +85,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For more information
 
 
-For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/?linkid=8431).
+For more information about how accessible technology for computers helps to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/?linkid=8431).
 
 ## Got a suggestion for MBAM?
 
diff --git a/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md b/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
index d50cde850a..ebc86f347e 100644
--- a/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
+++ b/mdop/mbam-v25/configuring-mbam-25-server-features-by-using-windows-powershell.md
@@ -37,7 +37,7 @@ For information about the **Get-MbamBitLockerRecoveryKey** and **Get-MbamTPMOwne
 ## <a href="" id="bkmk-load-posh-help"></a>How to load Windows PowerShell Help for MBAM 2.5
 
 
-For a list of the Windows PowerShell cmdlets on TechNet, see [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://go.microsoft.com/fwlink/?LinkId=392816).
+For a list of the Windows PowerShell cmdlets on TechNet, see [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://go.microsoft.com/fwlink/?LinkId=392816).
 
 **To load the MBAM 2.5 Help for Windows PowerShell cmdlets after installing the MBAM Server software**
 
@@ -68,15 +68,15 @@ Windows PowerShell Help for MBAM is available in the following formats:
 </tr>
 <tr class="even">
 <td align="left"><p>On TechNet as webpages</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393498</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393498</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>On the Download Center as a Word .docx file</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393497</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393497</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>On the Download Center as a .pdf file</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393499</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393499</p></td>
 </tr>
 </tbody>
 </table>
@@ -193,7 +193,7 @@ Before starting the configuration, complete the following prerequisites.
 <p>This user account must be a part of the local administrators group or the Backup Operators group to register the MBAM Volume Shadow Copy Service (VSS) Writer.</p></td>
 <td align="left"><p>By default, the database administrator or system administrator has the required &quot;create any database&quot; permissions.</p>
 <p></p>
-<p>For more information about VSS Writer, see [Volume Shadow Copy Service](http://go.microsoft.com/fwlink/?LinkId=392814).</p></td>
+<p>For more information about VSS Writer, see [Volume Shadow Copy Service](https://go.microsoft.com/fwlink/?LinkId=392814).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>For the <strong>System Center Configuration Manager Integration</strong> feature only:</p>
@@ -251,7 +251,7 @@ Before starting the configuration, complete the following prerequisites.
 <ul>
 <li><p>Ensure that the MBAM 2.5 Server software has been installed on the remote computer.</p></li>
 <li><p>Use the Credential Security Support Provider (CredSSP) Protocol to open the Windows PowerShell session.</p></li>
-<li><p>Enable Windows Remote Management (WinRM). If you fail to enable WinRM and to configure it correctly, the <strong>New-PSSession</strong> cmdlet that is described in this table displays an error and describes how to fix the issue. For more information about WinRM, see [Using Windows Remote Management](http://go.microsoft.com/fwlink/?LinkId=393064).</p></li>
+<li><p>Enable Windows Remote Management (WinRM). If you fail to enable WinRM and to configure it correctly, the <strong>New-PSSession</strong> cmdlet that is described in this table displays an error and describes how to fix the issue. For more information about WinRM, see [Using Windows Remote Management](https://go.microsoft.com/fwlink/?LinkId=393064).</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
diff --git a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
index 087b44ec4b..9c4d42d879 100644
--- a/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
+++ b/mdop/mbam-v25/copying-the-mbam-25-group-policy-templates.md
@@ -22,7 +22,7 @@ MDOP Group Policy templates are available for download in a self-extracting, com
 
 **How to download and deploy the MDOP Group Policy templates**
 
-1.  Download the MDOP Group Policy templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) .
+1.  Download the MDOP Group Policy templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) .
 
 2.  Run the downloaded file to extract the template folders.
 
diff --git a/mdop/mbam-v25/getting-started-with-mbam-25.md b/mdop/mbam-v25/getting-started-with-mbam-25.md
index ce79fb2767..d917998cbf 100644
--- a/mdop/mbam-v25/getting-started-with-mbam-25.md
+++ b/mdop/mbam-v25/getting-started-with-mbam-25.md
@@ -17,9 +17,9 @@ This topic provides a list of links to help you learn about Microsoft BitLocker
 
 See the following resources for additional MBAM documentation:
 
--   [Microsoft BitLocker Administration and Monitoring Deployment Guide](http://go.microsoft.com/fwlink/?LinkId=396653)
+-   [Microsoft BitLocker Administration and Monitoring Deployment Guide](https://go.microsoft.com/fwlink/?LinkId=396653)
 
--   [Microsoft Training Overview](http://go.microsoft.com/fwlink/p/?LinkId=80347)
+-   [Microsoft Training Overview](https://go.microsoft.com/fwlink/p/?LinkId=80347)
 
 Before you deploy MBAM to a production environment, we recommend that you validate your deployment plan in a test environment.
 
@@ -72,7 +72,7 @@ Before you start planning your MBAM deployment, review the following topics.
 ## How to get MDOP technologies
 
 
-MBAM 2.5 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and about acquiring MDOP, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+MBAM 2.5 is a part of the Microsoft Desktop Optimization Pack (MDOP). MDOP is part of Microsoft Software Assurance. For more information about Microsoft Software Assurance and about acquiring MDOP, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 ## <a href="" id="other-resources-for-this-product-"></a>Other resources for this product
 
diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
index 6a47917431..78d2526dde 100644
--- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
+++ b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-configuration-manager-integration-topology.md
@@ -139,7 +139,7 @@ MBAM Group Policy Templates
 
 -   The **MBAM Group Policy Templates** are Group Policy settings that define implementation settings for MBAM, which enable you to manage BitLocker drive encryption.
 
--   Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system.
+-   Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system.
 
     **Note**  
     The workstation does not have to be a dedicated computer.
diff --git a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
index 6cced98084..c0d16c3f7a 100644
--- a/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
+++ b/mdop/mbam-v25/high-level-architecture-of-mbam-25-with-stand-alone-topology.md
@@ -118,7 +118,7 @@ MBAM Group Policy Templates
 
 -   The MBAM Group Policy Templates are Group Policy settings that define implementation settings for MBAM, which enable you to manage BitLocker Drive Encryption.
 
--   Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system.
+-   Before you run MBAM, you must download the Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and copy them to a server or workstation that is running a supported Windows Server or Windows operating system.
 
 -   The workstation does not have to be a dedicated computer.
 
diff --git a/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md b/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
index 11443abd41..75c1e1ac11 100644
--- a/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
+++ b/mdop/mbam-v25/how-to-configure-the-self-service-portal-when-client-computers-cannot-access-the-microsoft-content-delivery-network.md
@@ -28,11 +28,11 @@ In MBAM 2.5 SP1, the JavaScript files are included in the product, and you do no
 
 1.  Download the following JavaScript files from the CDN:
 
-    -   [jQuery-1.10.2.min.js](http://go.microsoft.com/fwlink/?LinkID=390515)
+    -   [jQuery-1.10.2.min.js](https://go.microsoft.com/fwlink/?LinkID=390515)
 
-    -   [jQuery.validate.min.js](http://go.microsoft.com/fwlink/?LinkID=390516)
+    -   [jQuery.validate.min.js](https://go.microsoft.com/fwlink/?LinkID=390516)
 
-    -   [jQuery.validate.unobtrusive.min.js](http://go.microsoft.com/fwlink/?LinkID=390517)
+    -   [jQuery.validate.unobtrusive.min.js](https://go.microsoft.com/fwlink/?LinkID=390517)
 
 2.  Copy the JavaScript files to the **Scripts** directory of the Self-Service Portal. This directory is located in *&lt;MBAM Self-Service Install Directory&gt;\\*Self Service Website\\Scripts.
 
diff --git a/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md b/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
index 47933f4215..806f8c1fe6 100644
--- a/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
+++ b/mdop/mbam-v25/how-to-localize-the-helpdesktext-statement-that-points-users-to-more-self-service-portal-information.md
@@ -32,7 +32,7 @@ In the following instructions, *SelfService* is the default virtual directory na
 
     The name of the Language folder can also be the language neutral name **es** instead of **es-es**. If the end user’s browser is set to **es-es** and that folder does not exist, the parent locale (as defined in .NET) is recursively retrieved and checked, resolving to &lt;MBAM Self-Service Install Directory&gt;\\SelfServiceWebsite\\es\\Notice.txt before finally becoming the default Notice.txt file. This recursive fallback mimics the .NET resource loading rules.
 
-    For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947).
+    For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947).
 
 4.  In the **Value** field, type the localized text that you want to display to end users.
 
diff --git a/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md b/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
index 2c6f87f506..9142469468 100644
--- a/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
+++ b/mdop/mbam-v25/how-to-localize-the-self-service-portal-helpdeskurl.md
@@ -34,7 +34,7 @@ In the following instructions, *SelfService* is the default virtual directory na
 
     The name of the Language folder can also be the language neutral name **es** instead of **es-es**. If the end user’s browser is set to **es-es** and that folder does not exist, the parent locale (as defined in .NET) is recursively retrieved and checked, resolving to &lt;MBAM Self-Service Install Directory&gt;\\SelfServiceWebsite\\es\\Notice.txt before finally becoming the default Notice.txt file. This recursive fallback mimics the .NET resource loading rules.
 
-    For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947).
+    For a list of the valid language codes you can use, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947).
 
 4.  In the **Value** field, type the localized version of the `HelpdeskURL` value that you want to display to end users.
 
diff --git a/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md b/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
index a718bcc0c5..99d5d15e63 100644
--- a/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
+++ b/mdop/mbam-v25/how-to-localize-the-self-service-portal-notice-text.md
@@ -48,7 +48,7 @@ If an end user’s browser is set to a language that does not have a correspondi
     &lt;*MBAM Self-Service Install Directory*&gt;\\Self Service Website\\
 
     **Note**  
-    Some language folders already exist, so you might not have to create a folder. If you do have to create a language folder, see [National Language Support (NLS) API Reference](http://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the &lt;*Language*&gt; folder.
+    Some language folders already exist, so you might not have to create a folder. If you do have to create a language folder, see [National Language Support (NLS) API Reference](https://go.microsoft.com/fwlink/?LinkId=317947) for a list of the valid names that you can use for the &lt;*Language*&gt; folder.
 
      
 
diff --git a/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
index a648d9fe0c..1828c9e862 100644
--- a/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
+++ b/mdop/mbam-v25/how-to-recover-a-corrupted-drive-mbam-25.md
@@ -37,7 +37,7 @@ You can use this procedure with the Administration and Monitoring Website (also
 </tr>
 <tr class="odd">
 <td align="left"><p>Use the <code>repair-bde</code> command to complete the recovery process.</p></td>
-<td align="left"><p>To avoid a potential loss of data, it is strongly recommended that you review the [Manage-bde](http://go.microsoft.com/fwlink/?LinkId=393567) command before using it.</p></td>
+<td align="left"><p>To avoid a potential loss of data, it is strongly recommended that you review the [Manage-bde](https://go.microsoft.com/fwlink/?LinkId=393567) command before using it.</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md b/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
index ceb184dd8f..609ec18b52 100644
--- a/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
+++ b/mdop/mbam-v25/how-to-recover-a-moved-drive-mbam-25.md
@@ -37,7 +37,7 @@ You may have given these roles different names when you created them. For more i
 
     If the moved drive was configured to use a TPM chip on the original computer, complete the following additional steps. Otherwise, the recovery process is complete.
 
-4.  After unlocking the drive and completing the start process, open a command prompt in WinRE mode and use the `manage-bde` command to decrypt the drive. Using this tool is the only way to remove the TPM plus the PIN protector without the original TPM chip. For information about the `manage-bde` command, see [Manage-bde](http://go.microsoft.com/fwlink/?LinkId=393567).
+4.  After unlocking the drive and completing the start process, open a command prompt in WinRE mode and use the `manage-bde` command to decrypt the drive. Using this tool is the only way to remove the TPM plus the PIN protector without the original TPM chip. For information about the `manage-bde` command, see [Manage-bde](https://go.microsoft.com/fwlink/?LinkId=393567).
 
 5.  When the removal is completed, start the computer normally. The MBAM agent will now enforce the policy to encrypt the drive with the new computer’s TPM plus the PIN.
 
diff --git a/mdop/mbam-v25/index.md b/mdop/mbam-v25/index.md
index 897bb62a41..fd60429382 100644
--- a/mdop/mbam-v25/index.md
+++ b/mdop/mbam-v25/index.md
@@ -15,7 +15,7 @@ ms.prod: w10
 
 Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 provides a simplified administrative interface that you can use to manage BitLocker Drive Encryption. You configure MBAM Group Policy Templates that enable you to set BitLocker Drive Encryption policy options that are appropriate for your enterprise, and then use them to monitor client compliance with those policies. You can also report on the encryption status of an individual computer and on the enterprise as a whole. In addition, you can access recovery key information when users forget their PIN or password or when their BIOS or boot record changes. For a more detailed description of MBAM, see [About MBAM 2.5](about-mbam-25.md).
 
-To get the MBAM software, see [How Do I Get MDOP](http://go.microsoft.com/fwlink/?LinkId=322049) (http://go.microsoft.com/fwlink/?LinkId=322049).
+To get the MBAM software, see [How Do I Get MDOP](https://go.microsoft.com/fwlink/?LinkId=322049) (https://go.microsoft.com/fwlink/?LinkId=322049).
 
 <a href="" id="getting-started-with-mbam-2-5"></a>[Getting Started with MBAM 2.5](getting-started-with-mbam-25.md)  
 
@@ -45,13 +45,13 @@ To get the MBAM software, see [How Do I Get MDOP](http://go.microsoft.com/fwlink
 
     View updated product information and known issues for MBAM 2.5.
 
--   [MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)
+-   [MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)
 
     Learn about the latest MDOP information and resources.
 
--   [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)
+-   [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)
 
-    Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+    Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 -   [MBAM Deployment Guide](http://www.microsoft.com/download/details.aspx?id=38398)
 
diff --git a/mdop/mbam-v25/mbam-25-security-considerations.md b/mdop/mbam-v25/mbam-25-security-considerations.md
index 5da2d97409..533102fb68 100644
--- a/mdop/mbam-v25/mbam-25-security-considerations.md
+++ b/mdop/mbam-v25/mbam-25-security-considerations.md
@@ -104,7 +104,7 @@ The Read-AD\* cmdlets read information from Active Directory. The Write-Mbam\* c
 
 **Create user-to-computer associations:** The MBAM Active Directory Data Import cmdlets gather information from Active Directory and insert the data into MBAM database. However, they do not associate users to volumes. You can download the Add-ComputerUser.ps1 PowerShell script to create user-to-machine associations, which let users regain access to a computer through the Administration and Monitoring Website or by using the Self-Service Portal for recovery. The Add-ComputerUser.ps1 script gathers data from the **Managed By** attribute in Active Directory (AD), the object owner in AD, or from a custom CSV file. The script then adds the discovered users to the recovery information pipeline object, which must be passed to Write-MbamRecoveryInformation to insert the data into the recovery database.
 
-Download the Add-ComputerUser.ps1 PowerShell script from the [Microsoft Download Center](http://go.microsoft.com/fwlink/?LinkId=613122).
+Download the Add-ComputerUser.ps1 PowerShell script from the [Microsoft Download Center](https://go.microsoft.com/fwlink/?LinkId=613122).
 
 You can specify **help Add-ComputerUser.ps1** to get help for the script, including examples of how to use the cmdlets and the script.
 
@@ -287,7 +287,7 @@ For an example of how to enable TDE for MBAM database instances, see [Understand
 
 **Physically secure your computers**. There is no security without physical security. An attacker who gets physical access to an MBAM Server could potentially use it to attack the entire client base. All potential physical attacks must be considered high risk and mitigated appropriately. MBAM Servers should be stored in a secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
 
-**Apply the most recent security updates to all computers**. Stay informed about new updates for Windows operating systems, SQL Server, and MBAM by subscribing to the Security Notification service at the [Security TechCenter](http://go.microsoft.com/fwlink/?LinkId=28819).
+**Apply the most recent security updates to all computers**. Stay informed about new updates for Windows operating systems, SQL Server, and MBAM by subscribing to the Security Notification service at the [Security TechCenter](https://go.microsoft.com/fwlink/?LinkId=28819).
 
 **Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all MBAM administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](http://technet.microsoft.com/library/hh994572.aspx).
 
diff --git a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
index dbbd704e9b..21e84dabb1 100644
--- a/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
+++ b/mdop/mbam-v25/mbam-25-server-prerequisites-for-stand-alone-and-configuration-manager-integration-topologies.md
@@ -260,7 +260,7 @@ The following table lists the installation prerequisites for the MBAM Administra
 <li><p><strong>.NET Framework 4.5</strong></p>
 <ul>
 <li><p><strong>Windows Server 2012 or Windows Server 2012 R2</strong> - .NET Framework 4.5 is already installed for these versions of Windows Server, but you must enable it.</p></li>
-<li><p><strong>Windows Server 2008 R2</strong> - .NET Framework 4.5 is not included with Windows Server 2008 R2, so you must [download Microsoft .NET Framework 4.5](http://go.microsoft.com/fwlink/?LinkId=392318) and install it separately.</p>
+<li><p><strong>Windows Server 2008 R2</strong> - .NET Framework 4.5 is not included with Windows Server 2008 R2, so you must [download Microsoft .NET Framework 4.5](https://go.microsoft.com/fwlink/?LinkId=392318) and install it separately.</p>
 <div class="alert">
 <strong>Note</strong>  
 <p>If you are upgrading from MBAM 2.0 or MBAM 2.0 SP1 and need to install .NET Framework 4.5, see [Release Notes for MBAM 2.5](release-notes-for-mbam-25.md) for an additional required step to make the websites work.</p>
@@ -327,7 +327,7 @@ Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser</code></pre>
 </tr>
 <tr class="even">
 <td align="left"><p>ASP.NET MVC 4.0</p></td>
-<td align="left"><p>[ASP.NET MVC 4 download](http://go.microsoft.com/fwlink/?LinkId=392271)</p></td>
+<td align="left"><p>[ASP.NET MVC 4 download](https://go.microsoft.com/fwlink/?LinkId=392271)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Web Service IIS Management Tools</p></td>
@@ -371,7 +371,7 @@ Setspn -s http/mbamvirtual.contoso.com contoso\mbamapppooluser</code></pre>
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>Before installing the MBAM Client, download the MBAM Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and configure them with the settings that you want to implement in your enterprise for BitLocker Drive Encryption.</p></td>
+<td align="left"><p>Before installing the MBAM Client, download the MBAM Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and configure them with the settings that you want to implement in your enterprise for BitLocker Drive Encryption.</p></td>
 <td align="left"><p>Before installing the MBAM Client, do the following:</p>
 <table>
 <colgroup>
diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md
index cfe24704f3..ae4aa4c63c 100644
--- a/mdop/mbam-v25/mbam-25-supported-configurations.md
+++ b/mdop/mbam-v25/mbam-25-supported-configurations.md
@@ -18,7 +18,7 @@ You can run Microsoft BitLocker Administration and Monitoring (MBAM) 2.5 in a St
 For additional configurations that are specific to the Configuration Manager Integration topology, see [Versions of Configuration Manager that MBAM supports](#bkmk-cm-ramreqs).
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md b/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md
index e424414d23..13e646e1a9 100644
--- a/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md
+++ b/mdop/mbam-v25/monitoring-web-service-request-performance-counters.md
@@ -78,7 +78,7 @@ If you are concerned about whether your MBAM Servers can support your client bas
 
 The recommended tool for viewing MBAM performance counters is Windows Performance Monitor, which comes with Windows. If you are using Windows PowerShell, you don’t need to enable the counters before viewing them, as they are automatically registered by the Windows PowerShell **Enable-webapplication** cmdlet.
 
-For detailed instructions on how to view performance counters, see [How to View MBAM Performance Counters](http://go.microsoft.com/fwlink/?LinkId=393457).
+For detailed instructions on how to view performance counters, see [How to View MBAM Performance Counters](https://go.microsoft.com/fwlink/?LinkId=393457).
 
 ## Got a suggestion for MBAM?
 
diff --git a/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md b/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md
index 73bbf306fe..267668835a 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-group-policy-requirements.md
@@ -91,7 +91,7 @@ When you are ready to configure the MBAM Group Policy settings you want, do the
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>Copy the MBAM Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941) and install them on a computer that is capable of running the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM).</p></td>
+<td align="left"><p>Copy the MBAM Group Policy Templates from [How to Get MDOP Group Policy (.admx) Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941) and install them on a computer that is capable of running the Group Policy Management Console (GPMC) or Advanced Group Policy Management (AGPM).</p></td>
 <td align="left"><p>[Copying the MBAM 2.5 Group Policy Templates](copying-the-mbam-25-group-policy-templates.md)</p></td>
 </tr>
 <tr class="even">
diff --git a/mdop/mbam-v25/planning-for-mbam-25-high-availability.md b/mdop/mbam-v25/planning-for-mbam-25-high-availability.md
index 9dc7663655..84a3de74f4 100644
--- a/mdop/mbam-v25/planning-for-mbam-25-high-availability.md
+++ b/mdop/mbam-v25/planning-for-mbam-25-high-availability.md
@@ -34,7 +34,7 @@ MBAM enables you to configure and manage availability groups for the databases i
 
 An availability group supports a set of read/write primary databases and one to four sets of corresponding secondary databases. Optionally, secondary databases can be made available for read-only permission, some backup operations, or for both.
 
-For information about how to set up availability groups, see [AlwaysOn Availability Groups](http://go.microsoft.com/fwlink/?LinkId=393277).
+For information about how to set up availability groups, see [AlwaysOn Availability Groups](https://go.microsoft.com/fwlink/?LinkId=393277).
 
 ## <a href="" id="bkmk-sql-clustering"></a>Microsoft SQL Server clustering
 
@@ -50,7 +50,7 @@ You can use Network Load Balancing to configure a highly available environment f
 
 Before configuring load balancing, ensure that you have met the following prerequisites:
 
--   A load balancer must be available. You can use load balancers from Microsoft or another company. For more information about Microsoft load balancer technology, see [Build a Web Farm with IIS Servers](http://go.microsoft.com/fwlink/?LinkId=393326).
+-   A load balancer must be available. You can use load balancers from Microsoft or another company. For more information about Microsoft load balancer technology, see [Build a Web Farm with IIS Servers](https://go.microsoft.com/fwlink/?LinkId=393326).
 
 -   At least two servers are running IIS and have met all of the MBAM prerequisites to support its web features, including ASP.NET MVC 4.
 
@@ -82,7 +82,7 @@ Complete the following tasks:
 
     For instructions about how to automatically generate a key, see [Generate a Machine Key (IIS 7)](https://technet.microsoft.com/library/cc772287.aspx).
 
-The information about Load Balancing also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2012 or Windows Server 2008 R2. The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are different in Windows Server 2012. For information about new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](http://go.microsoft.com/fwlink/?LinkId=316371).
+The information about Load Balancing also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2012 or Windows Server 2008 R2. The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are different in Windows Server 2012. For information about new ways to do tasks, see [Common Management Tasks and Navigation in Windows Server 2012 R2 Preview and Windows Server 2012](https://go.microsoft.com/fwlink/?LinkId=316371).
 
 ## <a href="" id="bkmk-db-mirroring"></a>Database mirroring in SQL Server
 
@@ -111,9 +111,9 @@ Enable-MbamWebApplication -SelfServicePortal -ComplianceAndAuditDBConnectionStri
 
 The following links provide more information about configuring SQL Server mirroring:
 
--   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](http://go.microsoft.com/fwlink/?LinkId=316375)
+-   [How to: Prepare a Mirror Database for Mirroring (Transact-SQL)](https://go.microsoft.com/fwlink/?LinkId=316375)
 
--   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](http://go.microsoft.com/fwlink/?LinkId=316377)
+-   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://go.microsoft.com/fwlink/?LinkId=316377)
 
 ## <a href="" id="bkmk-vss"></a>Backing up MBAM databases by using the Volume Shadow Copy Service (VSS)
 
diff --git a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md b/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md
index 7c17c264a4..c3f9fe2ec2 100644
--- a/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md
+++ b/mdop/mbam-v25/planning-how-to-secure-the-mbam-websites.md
@@ -140,7 +140,7 @@ If you use a fully qualified domain host name when you configure MBAM, you have
 </tr>
 <tr class="even">
 <td align="left"><p>Configure constrained delegation for the SPN that you are registering for the application pool account.</p></td>
-<td align="left"><p>[Configuring Constrained Delegation](http://go.microsoft.com/fwlink/?LinkId=394335)</p>
+<td align="left"><p>[Configuring Constrained Delegation](https://go.microsoft.com/fwlink/?LinkId=394335)</p>
 <p>This requirement only applies to MBAM 2.5; it is not necessary in MBAM 2.5 SP1.</p></td>
 </tr>
 </tbody>
@@ -176,7 +176,7 @@ If you use a NetBIOS host name when you configure MBAM, register one SPN for the
 </tr>
 <tr class="odd">
 <td align="left"><p>Configure constrained delegation for the SPNs that you are registering for the application pool account.</p></td>
-<td align="left"><p>[Configuring Constrained Delegation](http://go.microsoft.com/fwlink/?LinkId=394335)</p>
+<td align="left"><p>[Configuring Constrained Delegation](https://go.microsoft.com/fwlink/?LinkId=394335)</p>
 <p>This requirement only applies to MBAM 2.5; it is not necessary in MBAM 2.5 SP1.</p></td>
 </tr>
 </tbody>
@@ -217,12 +217,12 @@ If you configure MBAM with a virtual host name that is a fully qualified domain
 </tr>
 <tr class="even">
 <td align="left"><p>On the Domain Name Server (DNS) server, create an “A record” for the custom host name and point it to a web server or a load balancer.</p></td>
-<td align="left"><p>See the “To configure DNS Host A Records” section in [Configure DNS Host Records](http://go.microsoft.com/fwlink/?LinkId=394337).</p>
+<td align="left"><p>See the “To configure DNS Host A Records” section in [Configure DNS Host Records](https://go.microsoft.com/fwlink/?LinkId=394337).</p>
 <p>We recommend that you use A records instead of CNAMES. If you use CNAMES to point to the domain address, you must also register SPNs for the web server name in the application pool account.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Configure constrained delegation for the SPNs that you are registering for the application pool account.</p></td>
-<td align="left"><p>[Configuring Constrained Delegation](http://go.microsoft.com/fwlink/?LinkId=394335)</p>
+<td align="left"><p>[Configuring Constrained Delegation](https://go.microsoft.com/fwlink/?LinkId=394335)</p>
 <p>This requirement only applies to MBAM 2.5; it is not necessary in MBAM 2.5 SP1.</p></td>
 </tr>
 </tbody>
diff --git a/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md b/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md
index a8de68cf08..7417d8b4b8 100644
--- a/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md
+++ b/mdop/mbam-v25/prerequisites-for-the-configuration-manager-integration-feature.md
@@ -43,8 +43,8 @@ When you install MBAM with Configuration Manager, the following additional prere
 </tr>
 <tr class="even">
 <td align="left"><p>The Hardware Inventory Client Agent is on the Configuration Manager Server.</p></td>
-<td align="left"><p>For System Center 2012 Configuration Manager, see [How to Configure Hardware Inventory in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301685).</p>
-<p>For Configuration Manager 2007, see [How to Configure Hardware Inventory for a Site](http://go.microsoft.com/fwlink/?LinkId=301656).</p></td>
+<td align="left"><p>For System Center 2012 Configuration Manager, see [How to Configure Hardware Inventory in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301685).</p>
+<p>For Configuration Manager 2007, see [How to Configure Hardware Inventory for a Site](https://go.microsoft.com/fwlink/?LinkId=301656).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>One of the following is enabled, depending on the version of Configuration Manager that you are using:</p>
@@ -52,13 +52,13 @@ When you install MBAM with Configuration Manager, the following additional prere
 <li><p>Compliance Settings - (System Center 2012 Configuration Manager)</p></li>
 <li><p>Desired Configuration Management (DCM) Client Agent – (Configuration Manager 2007)</p></li>
 </ul></td>
-<td align="left"><p>For System Center 2012 Configuration Manager, see [Configuring Compliance Settings in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301687).</p>
-<p>For Configuration Manager 2007, see [Desired Configuration Management Client Agent Properties](http://go.microsoft.com/fwlink/?LinkId=301686).</p></td>
+<td align="left"><p>For System Center 2012 Configuration Manager, see [Configuring Compliance Settings in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301687).</p>
+<p>For Configuration Manager 2007, see [Desired Configuration Management Client Agent Properties](https://go.microsoft.com/fwlink/?LinkId=301686).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>A reporting services point is defined in Configuration Manager. Required for SQL Server Reporting Services (SSRS).</p></td>
-<td align="left"><p>For System Center 2012 Configuration Manager, see [Prerequisites for Reporting in Configuration Manager](http://go.microsoft.com/fwlink/?LinkId=301689).</p>
-<p>For Configuration Manager 2007, see [How to Create a Reporting Services Point for SQL Reporting Services](http://go.microsoft.com/fwlink/?LinkId=301688).</p></td>
+<td align="left"><p>For System Center 2012 Configuration Manager, see [Prerequisites for Reporting in Configuration Manager](https://go.microsoft.com/fwlink/?LinkId=301689).</p>
+<p>For Configuration Manager 2007, see [How to Create a Reporting Services Point for SQL Reporting Services](https://go.microsoft.com/fwlink/?LinkId=301688).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Configuration Manager 2007 requires Microsoft .NET Framework 2.0</p></td>
diff --git a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
index d8cf0a12a2..7a1f4ce2ae 100644
--- a/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
+++ b/mdop/mbam-v25/release-notes-for-mbam-25-sp1.md
@@ -80,7 +80,7 @@ A user principal name (UPN) must be set for all service accounts in MBAM. If you
 
 When you upgrade Internet Information Services (IIS) to the Microsoft .NET Framework 4.5, the Self-Service Portal and the Administration and Monitoring Website do not open.
 
-**Workaround:** See the article [Error message after you install the .NET Framework 4.0: "Could not load type 'System.ServiceModel.Activation.HttpModule'](http://go.microsoft.com/fwlink/?LinkId=393568).
+**Workaround:** See the article [Error message after you install the .NET Framework 4.0: "Could not load type 'System.ServiceModel.Activation.HttpModule'](https://go.microsoft.com/fwlink/?LinkId=393568).
 
 ### Administration and Monitoring Website displays a "Report cannot be found" error message when Reports are not configured
 
diff --git a/mdop/mbam-v25/release-notes-for-mbam-25.md b/mdop/mbam-v25/release-notes-for-mbam-25.md
index f0e69536dd..77fb10929e 100644
--- a/mdop/mbam-v25/release-notes-for-mbam-25.md
+++ b/mdop/mbam-v25/release-notes-for-mbam-25.md
@@ -37,7 +37,7 @@ This is fixed in MBAM 2.5 SP1.
 
 If a computer has the MBAM 2.5 client installed and is encrypted by using the AES 256-bit with Diffuser cipher strength, the MBAM client is reported as noncompliant in the MBAM compliance reports.
 
-**Workaround:** Install the hotfix at [KB2975636](http://go.microsoft.com/fwlink/?LinkId=511972).
+**Workaround:** Install the hotfix at [KB2975636](https://go.microsoft.com/fwlink/?LinkId=511972).
 
 ### <a href="" id="-------------mbam-fails-to-encrypt-a-volume-and-reports-an-error-if-you-set-a-tpm---pin-protector-on-a-tablet-device"></a> MBAM fails to encrypt a volume and reports an error if you set a TPM + PIN protector on a tablet device
 
@@ -61,7 +61,7 @@ If your client computers do not have access to the Microsoft Ajax Content Delive
 
 When you upgrade Internet Information Services (IIS) to the Microsoft .NET Framework 4.5, the Self-Service Portal and the Administration and Monitoring Website do not open.
 
-**Workaround:** See the article [Error message after you install the .NET Framework 4.0: "Could not load type 'System.ServiceModel.Activation.HttpModule'](http://go.microsoft.com/fwlink/?LinkId=393568).
+**Workaround:** See the article [Error message after you install the .NET Framework 4.0: "Could not load type 'System.ServiceModel.Activation.HttpModule'](https://go.microsoft.com/fwlink/?LinkId=393568).
 
 ### Administration and Monitoring Website displays a "Report cannot be found" error message when Reports are not configured
 
diff --git a/mdop/mbam-v25/removing-mbam-server-features-or-software.md b/mdop/mbam-v25/removing-mbam-server-features-or-software.md
index 68a503a904..bc32e92632 100644
--- a/mdop/mbam-v25/removing-mbam-server-features-or-software.md
+++ b/mdop/mbam-v25/removing-mbam-server-features-or-software.md
@@ -57,7 +57,7 @@ Use the following steps as a general guide to remove MBAM Server features by usi
 
     -   Disable-MbamCMIntegration
 
-    To get help with Windows PowerShell cmdlets, type **Get-Help** &lt;*cmdlet*&gt; or see the [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://go.microsoft.com/fwlink/?LinkId=393498) page for the MBAM Windows PowerShell cmdlets.
+    To get help with Windows PowerShell cmdlets, type **Get-Help** &lt;*cmdlet*&gt; or see the [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](https://go.microsoft.com/fwlink/?LinkId=393498) page for the MBAM Windows PowerShell cmdlets.
 
 ## Removing MBAM Server software
 
diff --git a/mdop/mbam-v25/troubleshooting-mbam-25.md b/mdop/mbam-v25/troubleshooting-mbam-25.md
index 039cf035e3..5afd3f7113 100644
--- a/mdop/mbam-v25/troubleshooting-mbam-25.md
+++ b/mdop/mbam-v25/troubleshooting-mbam-25.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Troubleshooting MBAM 2.5
 
 
-Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator’s Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ## How to find troubleshooting content
 
@@ -28,7 +28,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the MDOP product documentation**
 
-1.  Use a web browser to navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
+1.  Use a web browser to navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/?LinkId=236032) TechNet home page.
 
 2.  Enter applicable search terms in the **Search TechNet with Bing** search box at the top of the MDOP Information Experience home page.
 
@@ -36,7 +36,7 @@ After you search the MDOP documentation, your next step would be to search the t
 
 **To search the TechNet Wiki**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Enter applicable search terms in the **Search TechNet Wiki** search box on the TechNet Wiki home page.
 
@@ -49,7 +49,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Use a web browser to navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Use a web browser to navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log in with your Windows Live ID.
 
diff --git a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
index 8689fe73e0..80fa3a1a92 100644
--- a/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
+++ b/mdop/mbam-v25/upgrading-to-mbam-25-or-mbam-25-sp1-from-previous-versions.md
@@ -48,7 +48,7 @@ Review the following information before you start the upgrade.
 <td align="left"><p><strong>To resolve this issue:</strong></p>
 <p>Run <strong>aspnet_regiis –i</strong> from the following location:</p>
 <p>C:\windows\microsoft.net\Framework\v4.0.30319</p>
-<p>For more information, see: [ASP.NET IIS Registration Tool](http://go.microsoft.com/fwlink/?LinkId=393272).</p></td>
+<p>For more information, see: [ASP.NET IIS Registration Tool](https://go.microsoft.com/fwlink/?LinkId=393272).</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Register an SPN on the application pool account if all of the following are true:</p>
diff --git a/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md b/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md
index 8354649b6f..41833fc753 100644
--- a/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md
+++ b/mdop/mbam-v25/using-windows-powershell-to-administer-mbam-25.md
@@ -70,15 +70,15 @@ Windows PowerShell Help for MBAM cmdlets is available in the following formats:
 </tr>
 <tr class="even">
 <td align="left"><p>On TechNet as webpages</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393498</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393498</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>On the Download Center as a Word .docx file</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393497</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393497</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>On the Download Center as a .pdf file</p></td>
-<td align="left"><p>http://go.microsoft.com/fwlink/?LinkId=393499</p></td>
+<td align="left"><p>https://go.microsoft.com/fwlink/?LinkId=393499</p></td>
 </tr>
 </tbody>
 </table>
diff --git a/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md b/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md
index d8d020cc25..5b630c65bf 100644
--- a/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md
+++ b/mdop/medv-v1/creating-a-virtual-pc-image-for-med-v.md
@@ -34,9 +34,9 @@ To create a Virtual PC image using Microsoft Virtual PC, refer to the Virtual PC
 
 For more information, see the following:
 
--   [Windows Virtual PC Help](http://go.microsoft.com/fwlink/?LinkId=182378)
+-   [Windows Virtual PC Help](https://go.microsoft.com/fwlink/?LinkId=182378)
 
--   [Create a virtual machine and install a guest operating system](http://go.microsoft.com/fwlink/?LinkId=182379)
+-   [Create a virtual machine and install a guest operating system](https://go.microsoft.com/fwlink/?LinkId=182379)
 
 ## <a href="" id="bkmk-howtoinstallthemedvworkspacemsipackage"></a>How to Install the MED-V Workspace .msi Package
 
@@ -203,9 +203,9 @@ Sysprep is Microsoft's system preparation utility for the Windows operating syst
 
 2.  From the Windows installation CD, extract *deploy.cab* to the root of the system drive, or download the latest Deployment Tools update from the Microsoft Web site.
 
-    -   For Windows 2000, see [Deployment Tools update for Windows 2000](http://go.microsoft.com/fwlink/?LinkId=143001).
+    -   For Windows 2000, see [Deployment Tools update for Windows 2000](https://go.microsoft.com/fwlink/?LinkId=143001).
 
-    -   For Windows XP, see [Deployment Tools update for Windows XP](http://go.microsoft.com/fwlink/?LinkId=143000).
+    -   For Windows XP, see [Deployment Tools update for Windows XP](https://go.microsoft.com/fwlink/?LinkId=143000).
 
 3.  Run **Setup Manager** (setupmgr.exe).
 
diff --git a/mdop/medv-v1/design-the-med-v-image-repositories.md b/mdop/medv-v1/design-the-med-v-image-repositories.md
index 98e48d55d6..a1f9c7d386 100644
--- a/mdop/medv-v1/design-the-med-v-image-repositories.md
+++ b/mdop/medv-v1/design-the-med-v-image-repositories.md
@@ -58,7 +58,7 @@ The image repository can reside on the same system as the MED-V server and the s
 
 ### Fault Tolerance
 
-If the image repository is unavailable, clients will not be able to download new or updated MED-V images. To design fault-tolerance options for the file server and fault-tolerant disks, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](http://go.microsoft.com/fwlink/?LinkId=163302) guide.
+If the image repository is unavailable, clients will not be able to download new or updated MED-V images. To design fault-tolerance options for the file server and fault-tolerant disks, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](https://go.microsoft.com/fwlink/?LinkId=163302) guide.
 
 ## Design and Place the IIS Servers
 
@@ -69,11 +69,11 @@ The IIS server can coexist on the same system as the MED-V server and the server
 
 For each image repository, sum the number of clients that may download MED-V images using IIS. This is the maximum number of concurrent downloads that can occur when an image is loaded into the repository. Use the throughput sum and the service level expectations determined in [Define the Project Scope](define-the-project-scope.md) to plan the design of the IIS server infrastructure and to determine the appropriate amount of bandwidth to allocate for the repository.
 
-To design the IIS infrastructure, see the [Infrastructure Planning and Design Microsoft Internet Information Services](http://go.microsoft.com/fwlink/?LinkId=160826) guide.
+To design the IIS infrastructure, see the [Infrastructure Planning and Design Microsoft Internet Information Services](https://go.microsoft.com/fwlink/?LinkId=160826) guide.
 
 ### Fault Tolerance
 
-If the IIS server infrastructure is unavailable, clients will not be able to download new or updated images. To configure fault tolerance, the Windows Server 2008-based IIS server can be placed in a failover cluster. To design the fault tolerance for the IIS server infrastructure, see the [Infrastructure Planning and Design Microsoft Internet Information Services](http://go.microsoft.com/fwlink/?LinkId=160826) guide.
+If the IIS server infrastructure is unavailable, clients will not be able to download new or updated images. To configure fault tolerance, the Windows Server 2008-based IIS server can be placed in a failover cluster. To design the fault tolerance for the IIS server infrastructure, see the [Infrastructure Planning and Design Microsoft Internet Information Services](https://go.microsoft.com/fwlink/?LinkId=160826) guide.
 
 ## Related topics
 
diff --git a/mdop/medv-v1/design-the-med-v-server-infrastructure.md b/mdop/medv-v1/design-the-med-v-server-infrastructure.md
index 16803828f3..9a112b2835 100644
--- a/mdop/medv-v1/design-the-med-v-server-infrastructure.md
+++ b/mdop/medv-v1/design-the-med-v-server-infrastructure.md
@@ -45,7 +45,7 @@ If you place the database server in a location that is remote from the MED-V ser
 
 ### Form Factor
 
-If you will run SQL Server on the same server as MED-V, and if SQL Server will only be used to store data for that server, start with the MED-V recommendation and add resources for the SQL Server load. If SQL Server will store events and alerts from more than one MED-V instance, for information on how to scale up the server form factor, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](http://go.microsoft.com/fwlink/?LinkId=163302) guide (http:// go.microsoft.com/fwlink/?LinkId=163302).
+If you will run SQL Server on the same server as MED-V, and if SQL Server will only be used to store data for that server, start with the MED-V recommendation and add resources for the SQL Server load. If SQL Server will store events and alerts from more than one MED-V instance, for information on how to scale up the server form factor, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](https://go.microsoft.com/fwlink/?LinkId=163302) guide (http:// go.microsoft.com/fwlink/?LinkId=163302).
 
 The size of the database depends on the number of client events that the database will store. Events are created by normal operation of the client, such as when a MED-V workspace is started, or when there is an error in the MED-V workspace. The default interval at which the client sends events is 1 minute.
 
@@ -71,7 +71,7 @@ To approximate the infrastructure optimization per second (IOPs) requirement, us
 
 When MED-V client is running, if the server is unavailable, events will be backed up on the client and reports will be unavailable in the management console. Refer to the organization’s service level expectations determined in [Define the Project Scope](define-the-project-scope.md) to decide whether the design of a fault-tolerant SQL Server infrastructure is necessary.
 
-MED-V does not provide support for running SQL Server in an MSCS cluster. In order to provide warm standby and to avoid data loss in the event of a failure, you can place SQL Server in a log shipping configuration. For information on log shipping, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](http://go.microsoft.com/fwlink/?LinkId=163302) guide (http://go.microsoft.com/fwlink/?LinkId=163302).
+MED-V does not provide support for running SQL Server in an MSCS cluster. In order to provide warm standby and to avoid data loss in the event of a failure, you can place SQL Server in a log shipping configuration. For information on log shipping, see the [Infrastructure Planning and Design Microsoft SQL Server 2008](https://go.microsoft.com/fwlink/?LinkId=163302) guide (https://go.microsoft.com/fwlink/?LinkId=163302).
 
 ## Design the Management Console
 
diff --git a/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md b/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md
index 054d2fba0c..5162470c80 100644
--- a/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md
+++ b/mdop/medv-v1/how-to-configure-the-image-web-distribution-server.md
@@ -20,7 +20,7 @@ An image repository is an optional server that is used for image distribution (w
 
 An image distribution server requires the following:
 
--   Internet Information Services (IIS)—For information, see [Internet Information Services](http://go.microsoft.com/fwlink/?LinkId=142995).
+-   Internet Information Services (IIS)—For information, see [Internet Information Services](https://go.microsoft.com/fwlink/?LinkId=142995).
 
     During the IIS installation, when adding role services, select the following supported authentication methods:
 
@@ -46,7 +46,7 @@ An image distribution server requires the following:
 
     -   Restart IIS.
 
--   BITS Server Extensions for IIS—For information, see [Install BITS Server Extensions](http://go.microsoft.com/fwlink/?LinkId=142996).
+-   BITS Server Extensions for IIS—For information, see [Install BITS Server Extensions](https://go.microsoft.com/fwlink/?LinkId=142996).
 
 ## Related topics
 
diff --git a/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md b/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md
index 0b992dd722..d5fa158ff6 100644
--- a/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md
+++ b/mdop/medv-v1/how-to-install-and-configure-the-med-v-server-component.md
@@ -87,9 +87,9 @@ The following server settings can be configured:
 
         -   Associate the server certificate with the port specified using netsh. For information, see the following:
 
-            -   [Netsh Commands for Hypertext Transfer Protocol (HTTP)](http://go.microsoft.com/fwlink/?LinkId=183314)
+            -   [Netsh Commands for Hypertext Transfer Protocol (HTTP)](https://go.microsoft.com/fwlink/?LinkId=183314)
 
-            -   [How to: Configure a Port with an SSL Certificate](http://go.microsoft.com/fwlink/?LinkID=183315)
+            -   [How to: Configure a Port with an SSL Certificate](https://go.microsoft.com/fwlink/?LinkID=183315)
 
             -   [How to: Configure a Port with an SSL Certificate](http://msdn.microsoft.com/library/ms733791.aspx)
 
diff --git a/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md b/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md
index d35cdc8ee7..8af4246244 100644
--- a/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md
+++ b/mdop/medv-v1/med-v-10-sp1-and-sp2-release-notesmedv-10-sp1.md
@@ -28,7 +28,7 @@ Comprehensive documentation for Microsoft Enterprise Desktop Virtualization (MED
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, you should install the latest available security updates for any new software that you are installing. For more information, see the Microsoft Security website at <http://go.microsoft.com/fwlink/?LinkId=3482>.
+To help protect against security vulnerabilities and viruses, you should install the latest available security updates for any new software that you are installing. For more information, see the Microsoft Security website at <https://go.microsoft.com/fwlink/?LinkId=3482>.
 
 ## <a href="" id="what-s-new-in-med-v-1-0-sp2"></a>What’s New in MED-V 1.0 SP2
 
diff --git a/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md b/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md
index 467c2a0a98..556b54dfb9 100644
--- a/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md
+++ b/mdop/medv-v1/med-v-10-sp1-supported-configurationsmedv-10-sp1.md
@@ -23,7 +23,7 @@ This topic specifies the requirements necessary to install and run Microsoft Ent
 The following table lists the operating systems that are supported for MED-V 1.0 SP1 client installation.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/?LinkId=31975) (http://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/?LinkId=31976) (http://go.microsoft.com/fwlink/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/?LinkId=31975) (https://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/?LinkId=31976) (https://go.microsoft.com/fwlink/?LinkId=31976).
 
  
 
@@ -146,7 +146,7 @@ MED-V 1.0 SP1 introduces changes to system requirements from those for MED-V 1
 The following table lists the operating systems supported for MED-V 1.0 SP1 workspaces.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/?LinkId=31975) (http://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/?LinkId=31976) (http://go.microsoft.com/fwlink/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/?LinkId=31975) (https://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/?LinkId=31976) (https://go.microsoft.com/fwlink/?LinkId=31976).
 
  
 
@@ -225,7 +225,7 @@ MED-V 1.0 SP1 introduces changes to system requirements from those for MED-V 1
 The following table lists the operating systems supported for MED-V 1.0 SP1 server installations.
 
 **Note**  
-Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/?LinkId=31975) (http://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/?LinkId=31976) (http://go.microsoft.com/fwlink/?LinkId=31976).
+Microsoft provides support for the current service pack and, in some cases, the immediately preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/?LinkId=31975) (https://go.microsoft.com/fwlink/?LinkId=31975). For additional information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/?LinkId=31976) (https://go.microsoft.com/fwlink/?LinkId=31976).
 
  
 
diff --git a/mdop/medv-v1/med-v-installation-prerequisites.md b/mdop/medv-v1/med-v-installation-prerequisites.md
index 3957776b1d..053c904941 100644
--- a/mdop/medv-v1/med-v-installation-prerequisites.md
+++ b/mdop/medv-v1/med-v-installation-prerequisites.md
@@ -55,19 +55,19 @@ SQL Server can be installed on the same server as the MED-V server or on a remot
 
 2.  Install the following files on the MED-V server:
 
-    -   To install the prerequisites for the management pack objects collection for Microsoft SQL Server 2008, download [Microsoft SQL Server 2008 Native Client](http://go.microsoft.com/fwlink/?LinkId=164039) from the Microsoft Download Center.
+    -   To install the prerequisites for the management pack objects collection for Microsoft SQL Server 2008, download [Microsoft SQL Server 2008 Native Client](https://go.microsoft.com/fwlink/?LinkId=164039) from the Microsoft Download Center.
 
-    -   To install the prerequisites for the management pack objects collection for Microsoft SQL Server 2005, download [Microsoft SQL Server 2005 Native Client](http://go.microsoft.com/fwlink/?LinkId=164038) from the Microsoft Download Center.
+    -   To install the prerequisites for the management pack objects collection for Microsoft SQL Server 2005, download [Microsoft SQL Server 2005 Native Client](https://go.microsoft.com/fwlink/?LinkId=164038) from the Microsoft Download Center.
 
-    -   To install the required dll files for Microsoft SQL Server 2008, download [Microsoft SQL Server 2008 Management Objects Collection](http://go.microsoft.com/fwlink/?LinkId=164041) from the Microsoft Download Center.
+    -   To install the required dll files for Microsoft SQL Server 2008, download [Microsoft SQL Server 2008 Management Objects Collection](https://go.microsoft.com/fwlink/?LinkId=164041) from the Microsoft Download Center.
 
-    -   To install the required dll files for Microsoft SQL Server 2005, download [Microsoft SQL Server 2005 Management Objects](http://go.microsoft.com/fwlink/?LinkId=164040) from the Microsoft Download Center.
+    -   To install the required dll files for Microsoft SQL Server 2005, download [Microsoft SQL Server 2005 Management Objects](https://go.microsoft.com/fwlink/?LinkId=164040) from the Microsoft Download Center.
 
-    -   To install the stand-alone install packages that provide additional value for SQL Server 2008, download the [Microsoft SQL Server 2008 Feature Pack](http://go.microsoft.com/fwlink/?LinkId=163960) from the Microsoft Download Center.
+    -   To install the stand-alone install packages that provide additional value for SQL Server 2008, download the [Microsoft SQL Server 2008 Feature Pack](https://go.microsoft.com/fwlink/?LinkId=163960) from the Microsoft Download Center.
 
-    -   To install the stand-alone install packages that provide additional value for SQL Server 2005, download the [Feature Pack for Microsoft SQL Server 2005]( http://go.microsoft.com/fwlink/?LinkId=163961) from the Microsoft Download Center.
+    -   To install the stand-alone install packages that provide additional value for SQL Server 2005, download the [Feature Pack for Microsoft SQL Server 2005]( https://go.microsoft.com/fwlink/?LinkId=163961) from the Microsoft Download Center.
 
-    For more information about these files, see [Microsoft SQL Server 2008 Feature Pack](http://go.microsoft.com/fwlink/?LinkId=163960) on the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=163960) or [Feature Pack for Microsoft SQL Server 2005](http://go.microsoft.com/fwlink/?LinkId=163961) on the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=163961).
+    For more information about these files, see [Microsoft SQL Server 2008 Feature Pack](https://go.microsoft.com/fwlink/?LinkId=163960) on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=163960) or [Feature Pack for Microsoft SQL Server 2005](https://go.microsoft.com/fwlink/?LinkId=163961) on the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=163961).
 
 ## <a href="" id="bkmk-antivirusbackupsoftwareconfiguration"></a>Antivirus/Backup Software Configuration
 
@@ -94,13 +94,13 @@ If Virtual PC for Windows exists on the host computer, uninstall it before insta
 
 **To install Microsoft Virtual PC 2007 SP1**
 
-1.  Download Virtual PC 2007 SP1 from the Microsoft Download Center [Virtual PC 2007 SP1](http://go.microsoft.com/fwlink/?LinkId=142994).
+1.  Download Virtual PC 2007 SP1 from the Microsoft Download Center [Virtual PC 2007 SP1](https://go.microsoft.com/fwlink/?LinkId=142994).
 
 2.  Run the installation file on the host computer, and follow the wizard.
 
 3.  Install Virtual PC 2007 SP1 update on the host computer in elevated mode.
 
-    For more information, see [the description of the hotfix package for Virtual PC 2007 SP1](http://go.microsoft.com/fwlink/?LinkId=150575).
+    For more information, see [the description of the hotfix package for Virtual PC 2007 SP1](https://go.microsoft.com/fwlink/?LinkId=150575).
 
     **Note**  
     The Virtual PC 2007 SP1 update is required for running Virtual PC 2007 SP1.
diff --git a/mdop/medv-v2/configure-environment-prerequisites.md b/mdop/medv-v2/configure-environment-prerequisites.md
index 8e5f590264..6433d80f37 100644
--- a/mdop/medv-v2/configure-environment-prerequisites.md
+++ b/mdop/medv-v2/configure-environment-prerequisites.md
@@ -28,7 +28,7 @@ The MED-V Guest Agent is only supported in Windows XP SP3.
 The MED-V Host and Guest agents and the MED-V Workspace Packager require the Microsoft .NET Framework 3.5 SP1.
 
 **Important**  
-You must also install the update [KB959209](http://go.microsoft.com/fwlink/?LinkId=204950) (http://go.microsoft.com/fwlink/?LinkId=204950), which addresses several known application compatibility issues.
+You must also install the update [KB959209](https://go.microsoft.com/fwlink/?LinkId=204950) (https://go.microsoft.com/fwlink/?LinkId=204950), which addresses several known application compatibility issues.
 
  
 
diff --git a/mdop/medv-v2/configure-installation-prerequisites.md b/mdop/medv-v2/configure-installation-prerequisites.md
index 7248ec2a87..faa82e6b04 100644
--- a/mdop/medv-v2/configure-installation-prerequisites.md
+++ b/mdop/medv-v2/configure-installation-prerequisites.md
@@ -31,7 +31,7 @@ If a version of Virtual PC for Windows already exists on the host computer, you
 
 **To install Windows Virtual PC**
 
-1.  Download [Windows Virtual PC](http://go.microsoft.com/fwlink/?LinkId=195918) from the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=195918).
+1.  Download [Windows Virtual PC](https://go.microsoft.com/fwlink/?LinkId=195918) from the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=195918).
 
 2.  Run the installation file on the host computer, and follow the steps in the wizard.
 
@@ -59,13 +59,13 @@ In addition to the update listed here, we recommend that you review all availabl
 
 1.  Download the required Windows Virtual PC update from the Microsoft Download Center.
 
-    [32-bit Update](http://go.microsoft.com/fwlink/?LinkId=195919) (http://go.microsoft.com/fwlink/?LinkId=195919).
+    [32-bit Update](https://go.microsoft.com/fwlink/?LinkId=195919) (https://go.microsoft.com/fwlink/?LinkId=195919).
 
-    [64-bit Update](http://go.microsoft.com/fwlink/?LinkId=195920) (http://go.microsoft.com/fwlink/?LinkId=195920).
+    [64-bit Update](https://go.microsoft.com/fwlink/?LinkId=195920) (https://go.microsoft.com/fwlink/?LinkId=195920).
 
 2.  Run the installation file on the host computer in elevated mode, and follow the steps in the wizard.
 
-    For more information about the hotfix package for Windows Virtual PC, see [article 977206](http://go.microsoft.com/fwlink/?LinkId=195921) (http://go.microsoft.com/fwlink/?LinkId=195921).
+    For more information about the hotfix package for Windows Virtual PC, see [article 977206](https://go.microsoft.com/fwlink/?LinkId=195921) (https://go.microsoft.com/fwlink/?LinkId=195921).
 
 ## <a href="" id="bkmk-antivirusbackupsoftwareconfiguration"></a>How to Configure Antivirus/Backup Software
 
diff --git a/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md b/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md
index 887be3896a..c4a9a942e4 100644
--- a/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md
+++ b/mdop/medv-v2/configuring-a-windows-virtual-pc-image-for-med-v.md
@@ -29,7 +29,7 @@ Follow these steps to configure your MED-V image for running first time setup:
 
 1.  As part of preparing your image for use with MED-V, you can configure various settings on the virtual machine, such as specifying the settings for running Windows Update. Specify all the necessary virtual machine settings before you create the MED-V workspace package.
 
-2.  Before you create the MED-V workspace package, we recommend that you disable restore points on the virtual machine to prevent the differencing disk from growing unbounded. For more information, see [How to turn off and turn on System Restore in Windows XP](http://go.microsoft.com/fwlink/?LinkId=195927) (http://go.microsoft.com/fwlink/?LinkId=195927).
+2.  Before you create the MED-V workspace package, we recommend that you disable restore points on the virtual machine to prevent the differencing disk from growing unbounded. For more information, see [How to turn off and turn on System Restore in Windows XP](https://go.microsoft.com/fwlink/?LinkId=195927) (https://go.microsoft.com/fwlink/?LinkId=195927).
 
     **Note**  
     You can set up your Sysprep.inf file to disable restore points when first time setup is run. For an example of setting this GuiRunOnce key, see the sample Sysprep.inf file later in this section.
@@ -58,7 +58,7 @@ After you have completed customization of your MED-V image, you are ready to sea
 2.  In a MED-V environment, you can use Sysprep to assign unique security IDs (SID) and other settings to each MED-V workspace the first time that they are started.
 
     **Note**  
-    For more information about how to use Sysprep, see [Sysprep Technical Reference](http://go.microsoft.com/fwlink/?LinkId=195930) (http://go.microsoft.com/fwlink/?LinkId=195930).
+    For more information about how to use Sysprep, see [Sysprep Technical Reference](https://go.microsoft.com/fwlink/?LinkId=195930) (https://go.microsoft.com/fwlink/?LinkId=195930).
 
      
 
@@ -81,13 +81,13 @@ After you have completed customization of your MED-V image, you are ready to sea
 
     1.  Create a folder named *Sysprep* in the root of the MED-V image system drive.
 
-    2.  Download the deploy.cab file. For more information, see [Windows XP Service Pack 3 Deployment Tools](http://go.microsoft.com/fwlink/?LinkId=195928) From the Microsoft Download Center (http://go.microsoft.com/fwlink/?LinkId=195928).
+    2.  Download the deploy.cab file. For more information, see [Windows XP Service Pack 3 Deployment Tools](https://go.microsoft.com/fwlink/?LinkId=195928) From the Microsoft Download Center (https://go.microsoft.com/fwlink/?LinkId=195928).
 
     3.  From the deploy.cab file, copy or extract the Setupmgr.exe, Sysprep.exe, and Setupcl.exe files to the Sysprep folder.
 
     4.  In the Sysprep folder, run **Setup Manager** (Setupmgr.exe) to create a Sysprep.inf answer file.
 
-        Or, you can create this file manually or use your company’s existing file. For more information, see [How to use the Sysprep tool to automate successful deployment of Windows XP](http://go.microsoft.com/fwlink/?LinkId=195929) (http://go.microsoft.com/fwlink/?LinkId=195929).
+        Or, you can create this file manually or use your company’s existing file. For more information, see [How to use the Sysprep tool to automate successful deployment of Windows XP](https://go.microsoft.com/fwlink/?LinkId=195929) (https://go.microsoft.com/fwlink/?LinkId=195929).
 
     5.  Follow the **Setup Manager** wizard.
 
diff --git a/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md b/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md
index 14202ab249..cdf7325436 100644
--- a/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md
+++ b/mdop/medv-v2/creating-a-windows-virtual-pc-image-for-med-v.md
@@ -32,11 +32,11 @@ To create a virtual image for MED-V, you must follow these steps.
 
 To create a Windows Virtual PC image, see the Windows Virtual PC documentation:
 
--   [Windows Virtual PC Home Page](http://go.microsoft.com/fwlink/?LinkId=148103) (http://go.microsoft.com/fwlink/?LinkId=148103).
+-   [Windows Virtual PC Home Page](https://go.microsoft.com/fwlink/?LinkId=148103) (https://go.microsoft.com/fwlink/?LinkId=148103).
 
--   [Windows Virtual PC Help](http://go.microsoft.com/fwlink/?LinkId=182378) (http://go.microsoft.com/fwlink/?LinkId=182378).
+-   [Windows Virtual PC Help](https://go.microsoft.com/fwlink/?LinkId=182378) (https://go.microsoft.com/fwlink/?LinkId=182378).
 
-Alternately, if you already have a Windows Imaging (WIM) file that you want to use as the basis for your virtual image, you can convert it to a VHD that you use to build the MED-V workspace. For more information about how to convert a WIM to a virtual hard disk, see [Native VHD Support in Windows 7](http://go.microsoft.com/fwlink/?LinkId=195922) (http://go.microsoft.com/fwlink/?LinkId=195922).
+Alternately, if you already have a Windows Imaging (WIM) file that you want to use as the basis for your virtual image, you can convert it to a VHD that you use to build the MED-V workspace. For more information about how to convert a WIM to a virtual hard disk, see [Native VHD Support in Windows 7](https://go.microsoft.com/fwlink/?LinkId=195922) (https://go.microsoft.com/fwlink/?LinkId=195922).
 
 **Important**  
 MED-V only supports one virtual hard disk per virtual machine and only one partition on each virtual disk.
@@ -50,12 +50,12 @@ After you have created your virtual hard disk, install Windows XP on the image.
 
 MED-V requires that Windows XP SP3 is installed on the Windows Virtual PC image before you build the MED-V workspace.
 
-For more information about how to install Windows XP, see [Create a virtual machine and install a guest operating system](http://go.microsoft.com/fwlink/?LinkId=182379) (http://go.microsoft.com/fwlink/?LinkId=182379).
+For more information about how to install Windows XP, see [Create a virtual machine and install a guest operating system](https://go.microsoft.com/fwlink/?LinkId=182379) (https://go.microsoft.com/fwlink/?LinkId=182379).
 
 ## <a href="" id="bkmk-installingnet"></a>Installing the .NET Framework 3.5 SP1 on a Windows Virtual PC Image
 
 
-You must manually install the .NET Framework 3.5 SP1 and the update KB959209 into the Windows Virtual PC image that you prepare for use with MED-V. The update [KB959209](http://go.microsoft.com/fwlink/?LinkId=204950) (http://go.microsoft.com/fwlink/?LinkId=204950) addresses several known application compatibility issues.
+You must manually install the .NET Framework 3.5 SP1 and the update KB959209 into the Windows Virtual PC image that you prepare for use with MED-V. The update [KB959209](https://go.microsoft.com/fwlink/?LinkId=204950) (https://go.microsoft.com/fwlink/?LinkId=204950) addresses several known application compatibility issues.
 
 ## <a href="" id="bkmk-applypatchestovpc"></a>Applying Updates to the Windows Virtual PC Image
 
@@ -74,7 +74,7 @@ When you install updates to Windows XP, make sure that you remain on the version
 
 ### Installing an Optional Performance Update
 
-Although it is optional, we recommend that you install the following update for [hotfix KB972435](http://go.microsoft.com/fwlink/?LinkId=201077) (http://go.microsoft.com/fwlink/?LinkId=201077). This update increases the performance of shared folders in a Terminal Services session:
+Although it is optional, we recommend that you install the following update for [hotfix KB972435](https://go.microsoft.com/fwlink/?LinkId=201077) (https://go.microsoft.com/fwlink/?LinkId=201077). This update increases the performance of shared folders in a Terminal Services session:
 
 **Note**  
 The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
@@ -107,16 +107,16 @@ When you configure the virtual image to work with MED-V, you must manually insta
 
 For more information about how to install and use the Integration Components package, see the following:
 
--   [Install or Upgrade the Integration Components Package](http://go.microsoft.com/fwlink/?LinkId=195923) (http://go.microsoft.com/fwlink/?LinkId=195923).
+-   [Install or Upgrade the Integration Components Package](https://go.microsoft.com/fwlink/?LinkId=195923) (https://go.microsoft.com/fwlink/?LinkId=195923).
 
--   [About Integration Features](http://go.microsoft.com/fwlink/?LinkId=195924) (http://go.microsoft.com/fwlink/?LinkId=195924).
+-   [About Integration Features](https://go.microsoft.com/fwlink/?LinkId=195924) (https://go.microsoft.com/fwlink/?LinkId=195924).
 
 ### Installing RemoteApp Update
 
 After you install the Integration Components package, you are prompted to install the following update: "Update for Windows XP SP3 to enable RemoteApp." This is a required component for MED-V.
 
 **Important**  
-If you are not prompted to install the RemoteApp update, you must download and install it manually. For more information and instructions about how to download this update, see [Update for Windows XP SP3 to enable RemoteApp](http://go.microsoft.com/fwlink/?LinkId=195925) (http://go.microsoft.com/fwlink/?LinkId=195925).
+If you are not prompted to install the RemoteApp update, you must download and install it manually. For more information and instructions about how to download this update, see [Update for Windows XP SP3 to enable RemoteApp](https://go.microsoft.com/fwlink/?LinkId=195925) (https://go.microsoft.com/fwlink/?LinkId=195925).
 
  
 
@@ -124,12 +124,12 @@ If you are not prompted to install the RemoteApp update, you must download and i
 
 By default, Remote Desktop is enabled after you install the Integration Components package. For MED-V to be operational, ensure that Remote Desktop is enabled, and do not distribute any Group Policy that disables it.
 
-For information about how to enable Remote Desktop, see [Enable or disable Remote Desktop](http://go.microsoft.com/fwlink/?LinkId=201162) (http://go.microsoft.com/fwlink/?LinkId=201162).
+For information about how to enable Remote Desktop, see [Enable or disable Remote Desktop](https://go.microsoft.com/fwlink/?LinkId=201162) (https://go.microsoft.com/fwlink/?LinkId=201162).
 
 ## Customizing Internet Explorer by Using the Internet Explorer Administration Kit
 
 
-If you want, you can use the Internet Explorer Administration Kit to customize Internet Explorer on the guest operating system. For more information, see the [Internet Explorer 6 Administration Kit and Deployment Guide](http://go.microsoft.com/fwlink/?LinkId=200007) (http:// go.microsoft.com/fwlink/?LinkId=200007).
+If you want, you can use the Internet Explorer Administration Kit to customize Internet Explorer on the guest operating system. For more information, see the [Internet Explorer 6 Administration Kit and Deployment Guide](https://go.microsoft.com/fwlink/?LinkId=200007) (http:// go.microsoft.com/fwlink/?LinkId=200007).
 
 **Warning**  
 You should consider security concerns associated with customizing Internet Explorer in the MED-V workspace. For more information, see [Security Best Practices for MED-V Operations](security-best-practices-for-med-v-operations.md).
diff --git a/mdop/medv-v2/determining-how-med-v-will-be-deployed.md b/mdop/medv-v2/determining-how-med-v-will-be-deployed.md
index cfd3d8eece..61a47be0c8 100644
--- a/mdop/medv-v2/determining-how-med-v-will-be-deployed.md
+++ b/mdop/medv-v2/determining-how-med-v-will-be-deployed.md
@@ -23,7 +23,7 @@ Because MED-V is a desktop-based solution, it works with your existing infrastru
 If you are currently using an electronic software distribution solution, you can use that to distribute MED-V workspaces and their dependent applications. You can also use this solution for distribution of subsequent applications after MED-V is deployed. For more information about deploying MED-V with an ESD, see [How to Deploy a MED-V Workspace Through an Electronic Software Distribution System](how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md).
 
 **Note**  
-Whichever electronic software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](http://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (http://go.microsoft.com/fwlink/?LinkId=66999).
+Whichever electronic software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](https://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkId=66999).
 
  
 
diff --git a/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md b/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md
index 5a971ee220..6703f60d3e 100644
--- a/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md
+++ b/mdop/medv-v2/end-to-end-operations-scenario-for-med-v-20.md
@@ -26,7 +26,7 @@ The step-by-step procedures that you follow in a MED-V operations scenario inclu
 
 -   [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md#bkmk-installingwindowsxpontovpc) reviews how to install the Windows XP SP3 operating system on your Windows Virtual PC image. MED-V requires that Windows XP SP3 is installed on the Windows Virtual PC image before you build the MED-V workspace.
 
--   [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md#bkmk-installingnet) reviews how to manually install the .NET Framework 3.5 SP1 and the update KB959209 into the Windows Virtual PC image that you prepare for use with MED-V. MED-V requires the .NET Framework 3.5 SP1, and the update [KB959209](http://go.microsoft.com/fwlink/?LinkId=204950) (http://go.microsoft.com/fwlink/?LinkId=204950) addresses several known application compatibility issues.
+-   [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md#bkmk-installingnet) reviews how to manually install the .NET Framework 3.5 SP1 and the update KB959209 into the Windows Virtual PC image that you prepare for use with MED-V. MED-V requires the .NET Framework 3.5 SP1, and the update [KB959209](https://go.microsoft.com/fwlink/?LinkId=204950) (https://go.microsoft.com/fwlink/?LinkId=204950) addresses several known application compatibility issues.
 
 -   [Creating a Windows Virtual PC Image for MED-V](creating-a-windows-virtual-pc-image-for-med-v.md#bkmk-applypatchestovpc) reviews how to update your Windows XP image with the latest software updates and other hotfixes necessary or important for running MED-V.
 
diff --git a/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md b/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md
index f020b8536e..544141d6d3 100644
--- a/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md
+++ b/mdop/medv-v2/how-to-add-or-remove-url-redirection-information-in-a-deployed-med-v-workspace.md
@@ -37,7 +37,7 @@ You can add and remove URL redirection information by performing one of the foll
 
     If you are adding URLs to the registry key, enter them one per line, as was required when you built the MED-V workspace package. For more information, see [Create a MED-V Workspace Package](create-a-med-v-workspace-package.md).
 
-2.  Deploy the updated registry key by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](http://go.microsoft.com/fwlink/?LinkId=195931) (http://go.microsoft.com/fwlink/?LinkId=195931).
+2.  Deploy the updated registry key by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931).
 
 **Note**  
 This method of editing URL redirection information is a MED-V best practice.
diff --git a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md
index d642c59eee..adfd91f54c 100644
--- a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md
+++ b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-in-a-windows-7-image.md
@@ -19,7 +19,7 @@ The following section provides information and instructions to help you deploy t
 
 **To deploy a MED-V workspace in a Windows 7 image**
 
-1.  Create a standard image of Windows 7. For more information, see [Building a Standard Image of Windows 7: Step-by-Step Guide](http://go.microsoft.com/fwlink/?LinkId=204843) (http://go.microsoft.com/fwlink/?LinkId=204843).
+1.  Create a standard image of Windows 7. For more information, see [Building a Standard Image of Windows 7: Step-by-Step Guide](https://go.microsoft.com/fwlink/?LinkId=204843) (https://go.microsoft.com/fwlink/?LinkId=204843).
 
 2.  In the Windows 7 image, install Windows Virtual PC and the Windows Virtual PC updates. For more information, see [Configure Installation Prerequisites](configure-installation-prerequisites.md).
 
diff --git a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md
index 09b62dd423..55ac6b1ec0 100644
--- a/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md
+++ b/mdop/medv-v2/how-to-deploy-a-med-v-workspace-through-an-electronic-software-distribution-system.md
@@ -16,14 +16,14 @@ ms.prod: w7
 An electronic software distribution system is designed to efficiently move software to many different computers over slow or fast network connections. The following section provides information and instructions to help you deploy your MED-V workspace throughout your enterprise by using a software distribution system.
 
 **Note**  
-Whichever software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](http://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (http://go.microsoft.com/fwlink/?LinkId=66999).
+Whichever software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](https://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkId=66999).
 
  
 
 **Important**  
 If you are using System Center Configuration Manager 2007 SP2 and your MED-V workspaces are configured to operate in **NAT** mode, the virtual machines are classified as Internet-based clients and cannot find the closest distribution points from which to download content.
 
-The [hotfix to improve the functionality for VMs that are managed by MED-V](http://go.microsoft.com/fwlink/?LinkId=201088) (http://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
+The [hotfix to improve the functionality for VMs that are managed by MED-V](https://go.microsoft.com/fwlink/?LinkId=201088) (https://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
 
 The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
 
diff --git a/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md b/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md
index e794a345cb..171a89953e 100644
--- a/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md
+++ b/mdop/medv-v2/how-to-deploy-the-med-v-components-through-an-electronic-software-distribution-system.md
@@ -16,14 +16,14 @@ ms.prod: w7
 An electronic software distribution system can help you efficiently move software to many computers over slow or fast network connections. The following section provides information and instructions to help you deploy the Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 components throughout your enterprise by using a software distribution system.
 
 **Note**  
-Whichever software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](http://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (http://go.microsoft.com/fwlink/?LinkId=66999).
+Whichever software distribution solution that you use, you must be familiar with the requirements of your particular solution. If you are using System Center Configuration Manager 2007 R2 or a later version, see the [Configuration Manager Documentation Library](https://go.microsoft.com/fwlink/?LinkId=66999) in the Microsoft Technical Library (https://go.microsoft.com/fwlink/?LinkId=66999).
 
  
 
 **Important**  
 If you are using System Center Configuration Manager 2007 SP2 and your MED-V workspaces are configured to operate in **NAT** mode, the virtual machines are classified as Internet-based clients and cannot find the closest distribution points from which to download content.
 
-The [hotfix to improve the functionality for VMs that are managed by MED-V](http://go.microsoft.com/fwlink/?LinkId=201088) (http://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
+The [hotfix to improve the functionality for VMs that are managed by MED-V](https://go.microsoft.com/fwlink/?LinkId=201088) (https://go.microsoft.com/fwlink/?LinkId=201088) adds new functionality to virtual machines that are managed by MED-V and that are configured to operate in **NAT** mode. The new functionality lets virtual machines access the closest distribution points. Therefore, the administrator can manage the virtual machine and the host computer in the same manner. This hotfix must be installed first on the site server and then on the client.
 
 The update is publically available. However, you might be prompted to accept an agreement for Microsoft Services. Follow the prompts on the successive webpages to retrieve this hotfix.
 
diff --git a/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md b/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md
index 4b45e3baeb..163df79b5e 100644
--- a/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md
+++ b/mdop/medv-v2/how-to-manage-url-redirection-by-using-the-med-v-workspace-packager.md
@@ -43,7 +43,7 @@ You can use the MED-V Workspace Packager to manage URL redirection in the MED-V
 
      
 
-4.  Click **Save as…** to save the updated URL redirection files in the specified folder. MED-V creates a registry file that contains the updated URL redirection information. Deploy the updated registry key by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](http://go.microsoft.com/fwlink/?LinkId=195931) (http://go.microsoft.com/fwlink/?LinkId=195931).
+4.  Click **Save as…** to save the updated URL redirection files in the specified folder. MED-V creates a registry file that contains the updated URL redirection information. Deploy the updated registry key by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931).
 
     MED-V also creates a Windows PowerShell script in the specified folder that you can use to re-create the updated MED-V workspace package.
 
diff --git a/mdop/medv-v2/index.md b/mdop/medv-v2/index.md
index f5de2f22e6..7aaba93e6c 100644
--- a/mdop/medv-v2/index.md
+++ b/mdop/medv-v2/index.md
@@ -43,7 +43,7 @@ For more information about how to perform MED-V tasks, use the following section
 
 For more information about MED-V, see
 
-[Microsoft Windows Enterprise: Improving Virtual PCs with MED-V](http://go.microsoft.com/fwlink/?LinkId=195917) (http://go.microsoft.com/fwlink/?LinkId=195917).
+[Microsoft Windows Enterprise: Improving Virtual PCs with MED-V](https://go.microsoft.com/fwlink/?LinkId=195917) (https://go.microsoft.com/fwlink/?LinkId=195917).
 
  
 
diff --git a/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md b/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md
index ab01f5aeb9..be5657cbfd 100644
--- a/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md
+++ b/mdop/medv-v2/installing-and-removing-an-application-on-the-med-v-workspace.md
@@ -42,7 +42,7 @@ You can use Group Policy and Group Policy objects to assign or publish applicati
 
 You can also use Group Policy and Group Policy objects in the same manner to remove applications from the MED-V workspace.
 
-For more information about how to add and remove applications by using Group Policy, see [Group Policy Software Installation](http://go.microsoft.com/fwlink/?LinkId=195931) (http://go.microsoft.com/fwlink/?LinkId=195931).
+For more information about how to add and remove applications by using Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931).
 
 ## <a href="" id="bkmk-esd"></a> Adding and Removing Applications by Using an ESD System
 
@@ -56,7 +56,7 @@ Microsoft Application Virtualization (App-V) provides the administrative capabil
 
 You can use MED-V together with App-V to add and remove virtual applications on a deployed MED-V workspace. To manage applications in this manner, you must first install the App-V agent on the MED-V guest operating system. You can then use App-V in the MED-V workspace to add and remove the virtual applications.
 
-For information about how to install and use App-V, see [Application Virtualization](http://go.microsoft.com/fwlink/?LinkId=122939) (http://go.microsoft.com/fwlink/?LinkId=122939).
+For information about how to install and use App-V, see [Application Virtualization](https://go.microsoft.com/fwlink/?LinkId=122939) (https://go.microsoft.com/fwlink/?LinkId=122939).
 
 **Important**  
 App-V applications that you publish to the MED-V workspace have file-type associations that cannot redirect from the host computer to the guest virtual machine. However, the end user can still access these file types by clicking **File**, and then by clicking **Open** on the published App-V application.
diff --git a/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md b/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md
index 397318a04a..414b6c825b 100644
--- a/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md
+++ b/mdop/medv-v2/installing-applications-on-a-windows-virtual-pc-image.md
@@ -43,9 +43,9 @@ Repeat these steps for any software or application that you want to install on t
 
 For more information about how to install software on a virtual image, see the following articles:
 
--   [Publish and Use Virtual Applications](http://go.microsoft.com/fwlink/?LinkId=195926) (http://go.microsoft.com/fwlink/?LinkId=195926).
+-   [Publish and Use Virtual Applications](https://go.microsoft.com/fwlink/?LinkId=195926) (https://go.microsoft.com/fwlink/?LinkId=195926).
 
--   [Windows Virtual PC Help](http://go.microsoft.com/fwlink/?LinkId=182378) (http://go.microsoft.com/fwlink/?LinkId=182378).
+-   [Windows Virtual PC Help](https://go.microsoft.com/fwlink/?LinkId=182378) (https://go.microsoft.com/fwlink/?LinkId=182378).
 
 After you have installed all of the software that you want on the MED-V image, your image is ready to be packaged.
 
diff --git a/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md b/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md
index c7ad9749c6..c37764919e 100644
--- a/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md
+++ b/mdop/medv-v2/managing-automatic-updates-for-med-v-workspaces.md
@@ -21,7 +21,7 @@ The MED-V workspace is a virtual machine that contains a separate operating syst
 The MED-V workspace wake-up policy guarantees that the MED-V virtual machine is made available for updates for the time that you specify in your MED-V configuration settings. This applies to both updates that are published from Microsoft through Windows Update and updates deployed and controlled by non-Microsoft solutions, such as antivirus applications.
 
 **Important**  
-The MED-V workspace wake-up policy is optimized for the Microsoft Update infrastructure. If you are using Microsoft System Center Configuration Manager to deploy non-Microsoft updates, we recommend that you also use the System Center Updates Publisher, which takes advantage of the same infrastructure as Microsoft Update and therefore benefits from the MED-V workspace wake-up policy. For more information, see [System Center Updates Publisher](http://go.microsoft.com/fwlink/?LinkId=200035) (http://go.microsoft.com/fwlink/?LinkId=200035).
+The MED-V workspace wake-up policy is optimized for the Microsoft Update infrastructure. If you are using Microsoft System Center Configuration Manager to deploy non-Microsoft updates, we recommend that you also use the System Center Updates Publisher, which takes advantage of the same infrastructure as Microsoft Update and therefore benefits from the MED-V workspace wake-up policy. For more information, see [System Center Updates Publisher](https://go.microsoft.com/fwlink/?LinkId=200035) (https://go.microsoft.com/fwlink/?LinkId=200035).
 
  
 
diff --git a/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md b/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md
index b6d6f97c32..c59322f69c 100644
--- a/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md
+++ b/mdop/medv-v2/managing-med-v-workspace-settings-by-using-the-med-v-workspace-packager.md
@@ -75,7 +75,7 @@ You can use the MED-V Workspace Packager to manage certain settings in the MED-V
 
      
 
-4.  Click **Save as…** to save the updated configuration settings in the specified folder. MED-V creates a registry file that contains the updated settings. Deploy the updated registry file by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](http://go.microsoft.com/fwlink/?LinkId=195931) (http://go.microsoft.com/fwlink/?LinkId=195931).
+4.  Click **Save as…** to save the updated configuration settings in the specified folder. MED-V creates a registry file that contains the updated settings. Deploy the updated registry file by using Group Policy. For more information about how to use Group Policy, see [Group Policy Software Installation](https://go.microsoft.com/fwlink/?LinkId=195931) (https://go.microsoft.com/fwlink/?LinkId=195931).
 
     MED-V also creates a Windows PowerShell script in the specified folder that you can use to re-create this updated registry file.
 
diff --git a/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md b/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md
index 0b1693f526..6be8fd72bd 100644
--- a/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md
+++ b/mdop/medv-v2/managing-software-updates-for-med-v-workspaces.md
@@ -32,7 +32,7 @@ For information about how to specify the configuration settings that define how
 
 3.  **Using Application Virtualization (APP-V)**
 
-    If you use MED-V together with App-V, you can provide software updates to applications in the MED-V workspace by following the steps that are required by App-V for updating software. For more information, see [Application Virtualization](http://go.microsoft.com/fwlink/?LinkId=122939) (http://go.microsoft.com/fwlink/?LinkId=122939).
+    If you use MED-V together with App-V, you can provide software updates to applications in the MED-V workspace by following the steps that are required by App-V for updating software. For more information, see [Application Virtualization](https://go.microsoft.com/fwlink/?LinkId=122939) (https://go.microsoft.com/fwlink/?LinkId=122939).
 
 4.  **Updating Software in the Core Image**
 
diff --git a/mdop/medv-v2/med-v-20-best-practices.md b/mdop/medv-v2/med-v-20-best-practices.md
index fe5933aee8..2893ba441f 100644
--- a/mdop/medv-v2/med-v-20-best-practices.md
+++ b/mdop/medv-v2/med-v-20-best-practices.md
@@ -21,11 +21,11 @@ Although you can specify any settings that you prefer, a MED-V best practice is
 
 ### Disable restore points on the virtual machine
 
-Before you create the MED-V workspace package, we recommend that you disable restore points on the virtual machine to prevent the differencing disk from growing unbounded. For more information, see [How to turn off and turn on System Restore in Windows XP](http://go.microsoft.com/fwlink/?LinkId=195927) (http://go.microsoft.com/fwlink/?LinkId=195927).
+Before you create the MED-V workspace package, we recommend that you disable restore points on the virtual machine to prevent the differencing disk from growing unbounded. For more information, see [How to turn off and turn on System Restore in Windows XP](https://go.microsoft.com/fwlink/?LinkId=195927) (https://go.microsoft.com/fwlink/?LinkId=195927).
 
 ### Configure MED-V image to use local profiles
 
-We recommend that you apply only those policies that make sense in an application compatibility environment for Windows XP. For example, desktop customization policies do not typically have to be applied and should be disabled. For more information about how to allow only local profiles, see [Group Policy Settings for Roaming User Profiles](http://go.microsoft.com/fwlink/?LinkId=205072) (http://go.microsoft.com/fwlink/?LinkId=205072).
+We recommend that you apply only those policies that make sense in an application compatibility environment for Windows XP. For example, desktop customization policies do not typically have to be applied and should be disabled. For more information about how to allow only local profiles, see [Group Policy Settings for Roaming User Profiles](https://go.microsoft.com/fwlink/?LinkId=205072) (https://go.microsoft.com/fwlink/?LinkId=205072).
 
 ### Configure a Group Policy performance update
 
diff --git a/mdop/medv-v2/med-v-20-deployment-overview.md b/mdop/medv-v2/med-v-20-deployment-overview.md
index 6e43197850..4af2d324d5 100644
--- a/mdop/medv-v2/med-v-20-deployment-overview.md
+++ b/mdop/medv-v2/med-v-20-deployment-overview.md
@@ -137,7 +137,7 @@ After MED-V and its required components are installed, MED-V must be configured.
 
 4.  After the MED-V workspace is restarted by Ftscompletion.exe, the end user is logged on. If they did not save their password during first time setup, they are prompted for it again. The MED-V workspace is then started and configured for the user. Configuration includes applying Group Policy.
 
-    We recommend that you apply only those policies that make sense in an application compatibility environment for Windows XP. For example, desktop personalization policies do not typically need to be applied and should be disabled. For more information about how to allow only local profiles, see [Group Policy Settings for Roaming User Profiles](http://go.microsoft.com/fwlink/?LinkId=205072) (http://go.microsoft.com/fwlink/?LinkId=205072).
+    We recommend that you apply only those policies that make sense in an application compatibility environment for Windows XP. For example, desktop personalization policies do not typically need to be applied and should be disabled. For more information about how to allow only local profiles, see [Group Policy Settings for Roaming User Profiles](https://go.microsoft.com/fwlink/?LinkId=205072) (https://go.microsoft.com/fwlink/?LinkId=205072).
 
 After first time setup is complete, the end user is notified that the published applications are ready. They are then able to access the applications installed in the MED-V workspace from their **Start** menu.
 
diff --git a/mdop/medv-v2/med-v-20-release-notes.md b/mdop/medv-v2/med-v-20-release-notes.md
index 483af712b5..baecc7445e 100644
--- a/mdop/medv-v2/med-v-20-release-notes.md
+++ b/mdop/medv-v2/med-v-20-release-notes.md
@@ -22,12 +22,12 @@ Read these release notes thoroughly before you install the Microsoft Enterprise
 ## About the Product Documentation
 
 
-Documentation for Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 is distributed with the product and is also located at [Microsoft Enterprise Desktop Virtualization 2.0](http://go.microsoft.com/fwlink/?LinkID=207065) (http://go.microsoft.com/fwlink/?LinkId=207065).
+Documentation for Microsoft Enterprise Desktop Virtualization (MED-V) 2.0 is distributed with the product and is also located at [Microsoft Enterprise Desktop Virtualization 2.0](https://go.microsoft.com/fwlink/?LinkID=207065) (https://go.microsoft.com/fwlink/?LinkId=207065).
 
 ## Protect Against Security Vulnerabilities and Viruses
 
 
-To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](http://go.microsoft.com/fwlink/?LinkId=3482) (http://go.microsoft.com/fwlink/?LinkId=3482).
+To help protect against security vulnerabilities and viruses, we recommend that you install the latest available security updates for any new software being installed. For more information, see [Microsoft Security](https://go.microsoft.com/fwlink/?LinkId=3482) (https://go.microsoft.com/fwlink/?LinkId=3482).
 
 ## Known Issues with MED-V 2.0
 
diff --git a/mdop/medv-v2/operations-troubleshooting-medv2.md b/mdop/medv-v2/operations-troubleshooting-medv2.md
index ac2101a641..a789860a4e 100644
--- a/mdop/medv-v2/operations-troubleshooting-medv2.md
+++ b/mdop/medv-v2/operations-troubleshooting-medv2.md
@@ -82,7 +82,7 @@ None.
 
 **Solution**
 
-You can specify the length of time that MED-V waits to close unresponsive applications by setting the WaitToKillAppTimeout registry key in the guest virtual machine. For more information, see [How To Increase Shutdown Time So That Processes Can Quit Properly in Windows XP](http://go.microsoft.com/fwlink/?LinkId=206819) (http://go.microsoft.com/fwlink/?LinkId=206819).
+You can specify the length of time that MED-V waits to close unresponsive applications by setting the WaitToKillAppTimeout registry key in the guest virtual machine. For more information, see [How To Increase Shutdown Time So That Processes Can Quit Properly in Windows XP](https://go.microsoft.com/fwlink/?LinkId=206819) (https://go.microsoft.com/fwlink/?LinkId=206819).
 
 **Renaming a Published Application Shortcut in the Guest Virtual Machine does not Change the Published Name in the Host**. When you publish an application by creating a shortcut and then rename the shortcut in the guest virtual machine, the original application name remains in the host **Start** menu. The program continues to run as expected, however the program will always retain the original name.
 
diff --git a/mdop/medv-v2/technical-reference-for-med-v.md b/mdop/medv-v2/technical-reference-for-med-v.md
index 5f2c1e4e47..3f1ca2cd96 100644
--- a/mdop/medv-v2/technical-reference-for-med-v.md
+++ b/mdop/medv-v2/technical-reference-for-med-v.md
@@ -33,10 +33,10 @@ Provides information about how to upgrade your MED-V installation.
 <a href="" id="windows-virtual-pc-application-exclude-list"></a>[Windows Virtual PC Application Exclude List](windows-virtual-pc-application-exclude-list.md)  
 Describes how to specify certain installed applications that you do not want published to the host computer.
 
-<a href="" id="med-v-2-configuration-cmdlets"></a>[MED-V 2 Configuration Cmdlets](http://go.microsoft.com/fwlink/?LinkId=213301)  
+<a href="" id="med-v-2-configuration-cmdlets"></a>[MED-V 2 Configuration Cmdlets](https://go.microsoft.com/fwlink/?LinkId=213301)  
 Provides information about cmdlets you can use to perform various MED-V configuration tasks from the command line.
 
-<a href="" id="med-v-2-workspace-cmdlets"></a>[MED-V 2 Workspace Cmdlets](http://go.microsoft.com/fwlink/?LinkId=213302)  
+<a href="" id="med-v-2-workspace-cmdlets"></a>[MED-V 2 Workspace Cmdlets](https://go.microsoft.com/fwlink/?LinkId=213302)  
 Provides information about cmdlets you can use to perform various MED-V workspace configuration tasks from the command line.
 
 <a href="" id="example-med-v-checklists"></a>[Example MED-V Checklists](example-med-v-checklists.md)  
diff --git a/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md b/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md
index 6d97c03bb7..fa6a813093 100644
--- a/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md
+++ b/mdop/solutions/how-to-download-and-deploy-mdop-group-policy--admx--templates.md
@@ -20,7 +20,7 @@ You can manage the feature settings of certain Microsoft Desktop Optimization Pa
 
 **How to download and deploy the MDOP Group Policy templates**
 
-1.  Download the MDOP Group Policy templates from <http://go.microsoft.com/fwlink/p/?LinkId=393941> .
+1.  Download the MDOP Group Policy templates from <https://go.microsoft.com/fwlink/p/?LinkId=393941> .
 
 2.  Run the downloaded file to extract the template folders.
 
diff --git a/mdop/uev-v1/accessibility-for-ue-v.md b/mdop/uev-v1/accessibility-for-ue-v.md
index 945e5bd331..aebe2a9c77 100644
--- a/mdop/uev-v1/accessibility-for-ue-v.md
+++ b/mdop/uev-v1/accessibility-for-ue-v.md
@@ -62,7 +62,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/p/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/p/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites that are mentioned here.</p></td>
 </tr>
 </tbody>
@@ -83,7 +83,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For more information
 
 
-For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/p/?linkid=8431).
+For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/p/?linkid=8431).
 
 ## Related topics
 
diff --git a/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md b/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md
index 3f08b69f5b..d99aea03bd 100644
--- a/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md
+++ b/mdop/uev-v1/changing-the-frequency-of-ue-v-scheduled-tasks.md
@@ -15,7 +15,7 @@ ms.prod: w8
 
 The Microsoft User Experience Virtualization (UE-V) Agent installer, AgentSetup.exe, creates two scheduled tasks during the UE-V Agent installation. The two tasks are the **Template Auto Update** task and the **Setting Storage Location Status** task. These scheduled tasks are not configurable with the UE-V tools. Administrators who wish to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options.
 
-For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](http://go.microsoft.com/fwlink/?LinkID=264854).
+For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](https://go.microsoft.com/fwlink/?LinkID=264854).
 
 ## Template Auto-Update
 
diff --git a/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md b/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md
index 6651234e46..79324f056c 100644
--- a/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md
+++ b/mdop/uev-v1/getting-started-with-user-experience-virtualization-10.md
@@ -33,10 +33,10 @@ User Experience Virtualization delivers an enhanced user state virtualization ex
 
 This product requires thorough planning before you deploy it or use its features. Because this product can affect every computer in your organization, you might disrupt your entire network if you do not plan your deployment carefully. However, if you plan your deployment carefully and manage it so that it meets your business needs, this product can help reduce your administrative overhead and total cost of ownership.
 
-If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <http://go.microsoft.com/fwlink/p/?LinkId=80347>.
+If you are new to this product, we recommend that you read the documentation carefully. Before you deploy the product to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For more information about Microsoft training opportunities, see the Microsoft Training Overview at <https://go.microsoft.com/fwlink/p/?LinkId=80347>.
 
 **Note**  
-A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <http://go.microsoft.com/fwlink/?LinkId=272497> (http://go.microsoft.com/fwlink/?LinkId=272497).
+A downloadable version of this administrator’s guide is not available. However, you can learn about a special mode of the TechNet Library that allows you to select articles, group them in a collection, and print them or export them to a file at <https://go.microsoft.com/fwlink/?LinkId=272497> (https://go.microsoft.com/fwlink/?LinkId=272497).
 
  
 
diff --git a/mdop/uev-v1/index.md b/mdop/uev-v1/index.md
index 149477d081..ce46b1dc0d 100644
--- a/mdop/uev-v1/index.md
+++ b/mdop/uev-v1/index.md
@@ -38,11 +38,11 @@ Microsoft User Experience Virtualization (UE-V) captures and centralizes applica
 <a href="" id="microsoft-user-experience-virtualization--ue-v--1-0-release-notes"></a>[Microsoft User Experience Virtualization (UE-V) 1.0 Release Notes](microsoft-user-experience-virtualization--ue-v--10-release-notes.md)  
 View updated product information and known issues for UE-V 1.0.
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
  
 
diff --git a/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md b/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
index c575f77c8b..d6b256689e 100644
--- a/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
+++ b/mdop/uev-v1/installing-the-ue-v-group-policy-admx-templates.md
@@ -27,9 +27,9 @@ ADMX files can be installed and tested locally on any computer that runs the Win
 
 **To download the UE-V ADMX templates**
 
-1.  Download the UE-V ADMX template files: <http://go.microsoft.com/fwlink/p/?LinkId=393941>.
+1.  Download the UE-V ADMX template files: <https://go.microsoft.com/fwlink/p/?LinkId=393941>.
 
-2.  For more information about how to deploy the Group Policy templates, see <http://go.microsoft.com/fwlink/p/?LinkId=393944>.
+2.  For more information about how to deploy the Group Policy templates, see <https://go.microsoft.com/fwlink/p/?LinkId=393944>.
 
 ## Related topics
 
diff --git a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md
index aaf57aed0f..b348650d8e 100644
--- a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md
+++ b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-release-notes.md
@@ -59,7 +59,7 @@ WORKAROUND: None.
 
 ### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
 
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](http://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
 
 WORKAROUND: None
 
diff --git a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md
index 89c2bfc59e..1aed81ba9b 100644
--- a/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md
+++ b/mdop/uev-v1/microsoft-user-experience-virtualization--ue-v--10-sp1-release-notes.md
@@ -54,7 +54,7 @@ WORKAROUND: None.
 
 ### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
 
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](http://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
 
 WORKAROUND: None
 
diff --git a/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md b/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md
index 545ab193ce..1ecf43b423 100644
--- a/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md
+++ b/mdop/uev-v1/sharing-settings-location-templates-with-the-ue-v-template-gallery.md
@@ -16,7 +16,7 @@ ms.prod: w8
 ##  Share location templates with the template gallery
 
 
-The Microsoft User Experience Virtualization (UE-V) template gallery allows administrators to share their UE-V settings location templates. In the gallery, you can upload your settings location templates for other people to use, and you can download templates that other people have created. The UE-V template gallery is located on Microsoft TechNet here: <http://go.microsoft.com/fwlink/p/?LinkID=246589>.
+The Microsoft User Experience Virtualization (UE-V) template gallery allows administrators to share their UE-V settings location templates. In the gallery, you can upload your settings location templates for other people to use, and you can download templates that other people have created. The UE-V template gallery is located on Microsoft TechNet here: <https://go.microsoft.com/fwlink/p/?LinkID=246589>.
 
 Before you share a settings location template on the UE-V template gallery, make sure it does not contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share it with anyone outside your company.
 
diff --git a/mdop/uev-v1/supported-configurations-for-ue-v-10.md b/mdop/uev-v1/supported-configurations-for-ue-v-10.md
index aabe98a43b..8ab70ee12c 100644
--- a/mdop/uev-v1/supported-configurations-for-ue-v-10.md
+++ b/mdop/uev-v1/supported-configurations-for-ue-v-10.md
@@ -16,7 +16,7 @@ ms.prod: w8
 Microsoft User Experience Virtualization (UE-V) supports the following described configurations.
 
 **Note**  
-Microsoft provides support for the current service pack, and in some cases, the preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](http://go.microsoft.com/fwlink/p/?LinkId=31975). For more information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](http://go.microsoft.com/fwlink/p/?LinkId=31976).
+Microsoft provides support for the current service pack, and in some cases, the preceding service pack. To find the support timelines for your product, see the [Lifecycle Supported Service Packs](https://go.microsoft.com/fwlink/p/?LinkId=31975). For more information about Microsoft Support Lifecycle Policy, see [Microsoft Support Lifecycle Support Policy FAQ](https://go.microsoft.com/fwlink/p/?LinkId=31976).
 
  
 
diff --git a/mdop/uev-v1/troubleshooting-ue-v-10.md b/mdop/uev-v1/troubleshooting-ue-v-10.md
index 03225ed777..7b0cc84f4e 100644
--- a/mdop/uev-v1/troubleshooting-ue-v-10.md
+++ b/mdop/uev-v1/troubleshooting-ue-v-10.md
@@ -13,7 +13,7 @@ ms.prod: w8
 # Troubleshooting UE-V 1.0
 
 
-Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ##  Find troubleshooting information
 
@@ -26,7 +26,7 @@ The first step to find help content in the Administrator’s Guide is to search
 
 **To search the MDOP product documentation**
 
-1.  Open a web browser and navigate to the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) home page on TechNet.
+1.  Open a web browser and navigate to the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) home page on TechNet.
 
 2.  Locate the **Search TechNet with Bing** search box and enter your search term.
 
@@ -34,7 +34,7 @@ The first step to find help content in the Administrator’s Guide is to search
 
 **To search the TechNet Wiki**
 
-1.  Open a web browser and navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Open a web browser and navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Locate the **Search TechNet Wiki** search box and enter your search term.
 
@@ -47,7 +47,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Open a web browser and navigate to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Open a web browser and navigate to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Log on with your Windows Live ID.
 
diff --git a/mdop/uev-v1/user-experience-virtualization-privacy-statement.md b/mdop/uev-v1/user-experience-virtualization-privacy-statement.md
index 45aa73a732..16c77e3adc 100644
--- a/mdop/uev-v1/user-experience-virtualization-privacy-statement.md
+++ b/mdop/uev-v1/user-experience-virtualization-privacy-statement.md
@@ -92,7 +92,7 @@ The Customer Experience Improvement Program (“CEIP”) collects basic informat
 
 **Information Collected, Processed, or Transmitted:**
 
-For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <http://go.microsoft.com/fwlink/?LinkID=248701>.
+For more information about the information collected, processed, or transmitted by CEIP, see the CEIP privacy statement at <https://go.microsoft.com/fwlink/?LinkID=248701>.
 
 **Use of Information:**
 
@@ -119,7 +119,7 @@ Microsoft Error Reporting provides a service that allows you to report problems
 
 **Information Collected, Processed, or Transmitted:**
 
-For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <http://go.microsoft.com/fwlink/?LinkId=248702>.
+For information about the information collected, processed, or transmitted by Microsoft Error Reporting, see the Microsoft Error Reporting privacy statement at <https://go.microsoft.com/fwlink/?LinkId=248702>.
 
 **Use of Information:**
 
@@ -131,7 +131,7 @@ If you choose the recommended settings during Windows setup, you turn on automat
 
 **Important Information:**
 
-Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at <http://go.microsoft.com/fwlink/?LinkId=262264>.
+Enterprise customers can use Group Policy to configure how Microsoft Error Reporting behaves on their computers. Configuration options include the ability to turn off Microsoft Error Reporting. If you are an administrator and wish to configure Group Policy for Microsoft Error Reporting, technical details are available at <https://go.microsoft.com/fwlink/?LinkId=262264>.
 
 UE-V will not modify the Microsoft Error Reporting preference and will honor the system setting in the Control Panel and/or the setting enforced via Group Policy.
 
@@ -144,15 +144,15 @@ Microsoft Update is a service that provides Windows updates as well as updates f
 
 **Information Collected, Processed, or Transmitted:**
 
-For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=248704>
+For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=248704>
 
 **Use of Information:**
 
--   For details about what information is collected and how it is used, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=248704>.
+-   For details about what information is collected and how it is used, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=248704>.
 
 -   Choice/Control:
 
-    For details about controlling this feature, see the Update Services Privacy Statement at <http://go.microsoft.com/fwlink/?LinkId=248704>.
+    For details about controlling this feature, see the Update Services Privacy Statement at <https://go.microsoft.com/fwlink/?LinkId=248704>.
 
 ## Related topics
 
diff --git a/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md
index 64b640b2e6..8cfc4da6fd 100644
--- a/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/accessibility-for-ue-v-2x-both-uevv2.md
@@ -57,7 +57,7 @@ For information about the availability of Microsoft product documentation and bo
 <td align="left"><p>(609) 987-8116</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[http://www.learningally.org/](http://go.microsoft.com/fwlink/p/?linkid=239)</p></td>
+<td align="left"><p>[http://www.learningally.org/](https://go.microsoft.com/fwlink/p/?linkid=239)</p></td>
 <td align="left"><p>Web addresses can change, so you might be unable to connect to the website or sites that are mentioned here.</p></td>
 </tr>
 </tbody>
@@ -78,7 +78,7 @@ Microsoft Support Services are subject to the prices, terms, and conditions in p
 ## For more information
 
 
-For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](http://go.microsoft.com/fwlink/p/?linkid=8431).
+For more information about how accessible technology for computers can help to improve the lives of people with disabilities, see the [Microsoft Accessibility website](https://go.microsoft.com/fwlink/p/?linkid=8431).
 
 ## Got a suggestion for UE-V?
 
diff --git a/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md
index 5493bfd1dd..c5486d033d 100644
--- a/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md
+++ b/mdop/uev-v2/administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md
@@ -16,7 +16,7 @@ ms.prod: w10
 Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 provide Windows PowerShell cmdlets, which can help administrators perform various UE-V tasks. The following sections provide more information about using Windows PowerShell in UE-V.
 
 **Note**  
-Administering UE-V 2 with Windows PowerShell requires Windows PowerShell 3.0 or higher. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](http://go.microsoft.com/fwlink/p/?LinkId=393495).
+Administering UE-V 2 with Windows PowerShell requires Windows PowerShell 3.0 or higher. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://go.microsoft.com/fwlink/p/?LinkId=393495).
 
  
 
diff --git a/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md b/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md
index 2971a05834..da5caca883 100644
--- a/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md
+++ b/mdop/uev-v2/changing-the-frequency-of-ue-v-2x-scheduled-tasks-both-uevv2.md
@@ -34,7 +34,7 @@ With the exception of Collect CEIP Data, these tasks must remain enabled as UE-V
 
 These scheduled tasks are not configurable with the UE-V tools. Administrators who want to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options.
 
-For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](http://go.microsoft.com/fwlink/?LinkID=264854).
+For more information about Schtasks.exe, see [How to use Schtasks,exe to Schedule Tasks in Windows Server 2003](https://go.microsoft.com/fwlink/?LinkID=264854).
 
 For more information about
 
diff --git a/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md
index 778b479ca2..239e324e35 100644
--- a/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/configuring-the-company-settings-center-for-ue-v-2x-both-uevv2.md
@@ -48,7 +48,7 @@ The Company Settings Center can include a hyperlink that users can click to get
 
 1.  Open your preferred management tool:
 
-    -   **Group Policy** - If you have not already done so, download the ADMX template for UE-V 2 from [MDOP Administrative Templates](http://go.microsoft.com/fwlink/p/?LinkId=393941).
+    -   **Group Policy** - If you have not already done so, download the ADMX template for UE-V 2 from [MDOP Administrative Templates](https://go.microsoft.com/fwlink/p/?LinkId=393941).
 
     -   **Windows PowerShell** – On a computer with the UE-V Agent installed, open **Windows PowerShell**. For more information about administering UE-V by using Windows PowerShell, see [Administering UE-V 2.x with Windows PowerShell and WMI](administering-ue-v-2x-with-windows-powershell-and-wmi-both-uevv2.md).
 
diff --git a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md
index 0476446f14..036cada1cc 100644
--- a/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md
+++ b/mdop/uev-v2/configuring-ue-v-2x-with-system-center-configuration-manager-2012-both-uevv2.md
@@ -226,7 +226,7 @@ To distribute a new Notepad template, you would perform these steps:
 ## Get the UE-V Configuration Pack
 
 
-The UE-V Configuration Pack for Configuration Manager 2012 SP1 or later can be downloaded [here](http://go.microsoft.com/fwlink/?LinkId=317263).
+The UE-V Configuration Pack for Configuration Manager 2012 SP1 or later can be downloaded [here](https://go.microsoft.com/fwlink/?LinkId=317263).
 
 ## Got a suggestion for UE-V?
 
diff --git a/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md b/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md
index bea4eef51e..724ad604c8 100644
--- a/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md
+++ b/mdop/uev-v2/deploy-ue-v-2x-for-custom-applications-new-uevv2.md
@@ -81,6 +81,7 @@ UE-V settings location templates cannot be created from virtualized applications
 -   Windows operating system files that are located in %Systemroot%
 
 If registry keys and files that are stored in excluded locations are required to synchronize application settings, you can manually add the locations to the settings location template during the template creation process.
+However, only changes to the HKEY\_CURRENT\_USER hive will be sync-ed.
 
 ### Replace the default Microsoft templates
 
diff --git a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
index ccc160080f..4ec1527347 100644
--- a/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
+++ b/mdop/uev-v2/get-started-with-ue-v-2x-new-uevv2.md
@@ -98,7 +98,7 @@ Before you proceed, make sure your environment includes these requirements for r
 
 Also…
 
--   **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (http://go.microsoft.com/fwlink/p/?LinkId=322049).
+-   **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (https://go.microsoft.com/fwlink/p/?LinkId=322049).
 
 -   **Administrative Credentials** for any computer on which you’ll be installing
 
diff --git a/mdop/uev-v2/index.md b/mdop/uev-v2/index.md
index 4875f0d7c9..6eeef89ebe 100644
--- a/mdop/uev-v2/index.md
+++ b/mdop/uev-v2/index.md
@@ -300,11 +300,11 @@ For more information, and for late-breaking news that did not make it into the d
 
 ### More information
 
-<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](http://go.microsoft.com/fwlink/p/?LinkId=225286)  
+<a href="" id="mdop-techcenter-page"></a>[MDOP TechCenter Page](https://go.microsoft.com/fwlink/p/?LinkId=225286)  
 Learn about the latest MDOP information and resources.
 
-<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032)  
-Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28http://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28http://go.microsoft.com/fwlink/p/?LinkId=242447).
+<a href="" id="mdop-information-experience"></a>[MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032)  
+Find documentation, videos, and other resources for MDOP technologies. You can also [send us feedback](mailto:MDOPDocs@microsoft.com%29 or learn about updates by following us on [Facebook]%28https://go.microsoft.com/fwlink/p/?LinkId=242445%29 or [Twitter]%28https://go.microsoft.com/fwlink/p/?LinkId=242447).
 
 ## Got a suggestion for UE-V?
 
diff --git a/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md
index fe8bb33a9e..a903b15af8 100644
--- a/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md
+++ b/mdop/uev-v2/managing-the-ue-v-2x-agent-and-packages-with-windows-powershell-and-wmi-both-uevv2.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Managing the UE-V 2.x Agent and Packages with Windows PowerShell and WMI
 
 
-You can use Windows Management Instrumentation (WMI) and Windows PowerShell to manage Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 Agent configuration and synchronization behavior. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](http://go.microsoft.com/fwlink/?LinkId=393495) (http://go.microsoft.com/fwlink/?LinkId=393495).
+You can use Windows Management Instrumentation (WMI) and Windows PowerShell to manage Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 Agent configuration and synchronization behavior. For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://go.microsoft.com/fwlink/?LinkId=393495) (https://go.microsoft.com/fwlink/?LinkId=393495).
 
 **To deploy the UE-V Agent by using Windows PowerShell**
 
diff --git a/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md b/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md
index daf1ff7f20..784a05752c 100644
--- a/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md
+++ b/mdop/uev-v2/managing-ue-v-2x-settings-location-templates-using-windows-powershell-and-wmi-both-uevv2.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Managing UE-V 2.x Settings Location Templates Using Windows PowerShell and WMI
 
 
-Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 use XML settings location templates to define the settings that User Experience Virtualization captures and applies. UE-V includes a set of standard settings location templates. It also includes the UE-V Generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates, you can manage those templates by using Windows PowerShell and the Windows Management Instrumentation (WMI). For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](http://go.microsoft.com/fwlink/p/?LinkId=393495) (http://go.microsoft.com/fwlink/p/?LinkId=393495).
+Microsoft User Experience Virtualization (UE-V) 2.0, 2.1, and 2.1 SP1 use XML settings location templates to define the settings that User Experience Virtualization captures and applies. UE-V includes a set of standard settings location templates. It also includes the UE-V Generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates, you can manage those templates by using Windows PowerShell and the Windows Management Instrumentation (WMI). For a complete list of UE-V PowerShell cmdlets, see [UE-V 2 Cmdlet Reference](https://go.microsoft.com/fwlink/p/?LinkId=393495) (https://go.microsoft.com/fwlink/p/?LinkId=393495).
 
 ## Manage UE-V 2 settings location templates by using Windows PowerShell
 
diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
index ce504d629b..3225fa1cbe 100644
--- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
+++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
@@ -59,7 +59,7 @@ WORKAROUND: None.
 
 ### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
 
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](http://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
 
 WORKAROUND: None
 
diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md
index dc3d01fbc5..f8ee54fd82 100644
--- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md
+++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-release-notesuevv21.md
@@ -86,7 +86,7 @@ WORKAROUND: None.
 
 ### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
 
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](http://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
 
 WORKAROUND: None
 
diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md
index b2d83bf32b..b4759fe68c 100644
--- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md
+++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--21-sp1-release-notes.md
@@ -86,7 +86,7 @@ WORKAROUND: None.
 
 ### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
 
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](http://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
 
 WORKAROUND: None
 
diff --git a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
index 0916c46201..a97b55540e 100644
--- a/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
+++ b/mdop/uev-v2/prepare-a-ue-v-2x-deployment-new-uevv2.md
@@ -83,7 +83,7 @@ See [User Experience Virtualization (UE-V) settings templates for Microsoft Offi
 When you install the UE-V 2.1 or 2.1 SP1 Agent, it registers a default group of settings location templates that capture settings values for these common Microsoft applications.
 
 **Tip**  
-**Microsoft Office 2007 Settings Synchronization** – In UE-V 2.1 and 2.1 SP1, a settings location template is no longer included by default for Office 2007 applications. However, you can still use Office 2007 templates from UE-V 2.0 or earlier and can get the templates from the [UE-V template gallery](http://go.microsoft.com/fwlink/p/?LinkID=246589).
+**Microsoft Office 2007 Settings Synchronization** – In UE-V 2.1 and 2.1 SP1, a settings location template is no longer included by default for Office 2007 applications. However, you can still use Office 2007 templates from UE-V 2.0 or earlier and can get the templates from the [UE-V template gallery](https://go.microsoft.com/fwlink/p/?LinkID=246589).
 
  
 
@@ -172,7 +172,7 @@ UE-V 2.1 SP1 does not synchronize settings between the Microsoft Calculator in W
 When you install the UE-V 2.0 Agent, it registers a default group of settings location templates that capture settings values for these common Microsoft applications.
 
 **Tip**  
-**Microsoft Office 2013 Settings Synchronization** – In UE-V 2.0, a settings location template is not included by default for Office 2013 applications, but is available for download from the [UE-V template gallery](http://go.microsoft.com/fwlink/p/?LinkID=246589). [Synchronizing Office 2013 with UE-V 2.0](synchronizing-office-2013-with-ue-v-20-both-uevv2.md) provides details about the supported templates that synchronize Office 2013 settings.
+**Microsoft Office 2013 Settings Synchronization** – In UE-V 2.0, a settings location template is not included by default for Office 2013 applications, but is available for download from the [UE-V template gallery](https://go.microsoft.com/fwlink/p/?LinkID=246589). [Synchronizing Office 2013 with UE-V 2.0](synchronizing-office-2013-with-ue-v-20-both-uevv2.md) provides details about the supported templates that synchronize Office 2013 settings.
 
  
 
@@ -517,7 +517,7 @@ This PowerShell cmdlet disables credential synchronization:
 Disable-UevTemplate RoamingCredentialSettings
 ```
 
-[Group Policy](http://technet.microsoft.com/library/dn458893.aspx)**:** You must [deploy the latest MDOP ADMX template](http://go.microsoft.com/fwlink/p/?LinkId=393944) to enable credential synchronization through group policy. Credentials synchronization is managed with the Windows settings. To manage this feature with Group Policy, enable the Synchronize Windows settings policy.
+[Group Policy](http://technet.microsoft.com/library/dn458893.aspx)**:** You must [deploy the latest MDOP ADMX template](https://go.microsoft.com/fwlink/p/?LinkId=393944) to enable credential synchronization through group policy. Credentials synchronization is managed with the Windows settings. To manage this feature with Group Policy, enable the Synchronize Windows settings policy.
 
 1.  Open Group Policy Editor and navigate to **User Configuration – Administrative Templates – Windows Components – Microsoft User Experience Virtualization**.
 
@@ -597,7 +597,7 @@ The UE-V settings storage location and settings template catalog support storing
 
 -   Format the storage volume with an NTFS file system.
 
--   The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is specifically not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see [Microsoft’s Support Statement Around Replicated User Profile Data](http://go.microsoft.com/fwlink/p/?LinkId=313991).
+-   The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is specifically not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see [Microsoft’s Support Statement Around Replicated User Profile Data](https://go.microsoft.com/fwlink/p/?LinkId=313991).
 
     In addition, because SYSVOL uses DFSR for replication, SYSVOL cannot be used for UE-V data file replication.
 
@@ -692,12 +692,12 @@ Before you proceed, make sure your environment includes these requirements for r
 
 Also…
 
--   **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (http://go.microsoft.com/fwlink/p/?LinkId=322049).
+-   **MDOP License:** This technology is a part of the Microsoft Desktop Optimization Pack (MDOP). Enterprise customers can get MDOP with Microsoft Software Assurance. For more information about Microsoft Software Assurance and acquiring MDOP, see How Do I Get MDOP (https://go.microsoft.com/fwlink/p/?LinkId=322049).
 
 -   **Administrative Credentials** for any computer on which you’ll be installing
 
 **Note**  
--   The UE-V Windows PowerShell feature of the UE-V Agent requires .NET Framework 4 or higher and Windows PowerShell 3.0 or higher to be enabled. Download Windows PowerShell 3.0 [here](http://go.microsoft.com/fwlink/?LinkId=309609).
+-   The UE-V Windows PowerShell feature of the UE-V Agent requires .NET Framework 4 or higher and Windows PowerShell 3.0 or higher to be enabled. Download Windows PowerShell 3.0 [here](https://go.microsoft.com/fwlink/?LinkId=309609).
 
 -   Install .NET Framework 4 or .NET Framework 4.5 on computers that run the Windows 7 or the Windows Server 2008 R2 operating system. The Windows 8, Windows 8.1, and Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed.
 -   The “Delete Roaming Cache” policy for Mandatory profiles is not supported with UE-V and should not be used.
diff --git a/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md b/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md
index ef418d7c0c..7aa983fc6e 100644
--- a/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/security-considerations-for-ue-v-2x-both-uevv2.md
@@ -33,143 +33,36 @@ Because settings packages might contain personal information, you should take ca
 
     1.  Set the following share-level SMB permissions for the setting storage location folder.
 
-        <table>
-        <colgroup>
-        <col width="50%" />
-        <col width="50%" />
-        </colgroup>
-        <thead>
-        <tr class="header">
-        <th align="left">User account</th>
-        <th align="left">Recommended permissions</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr class="odd">
-        <td align="left"><p>Everyone</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Security group of UE-V</p></td>
-        <td align="left"><p>Full control</p></td>
-        </tr>
-        </tbody>
-        </table>
-
-         
+        | User account | Recommended permissions |
+        | - | - |
+        | Everyone | No permissions |
+        |Security group of UE-V | Full control |
 
     2.  Set the following NTFS file system permissions for the settings storage location folder.
 
-        <table>
-        <colgroup>
-        <col width="33%" />
-        <col width="33%" />
-        <col width="33%" />
-        </colgroup>
-        <thead>
-        <tr class="header">
-        <th align="left">User account</th>
-        <th align="left">Recommended permissions</th>
-        <th align="left">Folder</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr class="odd">
-        <td align="left"><p>Creator/Owner</p></td>
-        <td align="left"><p>No permissions</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Domain Admins</p></td>
-        <td align="left"><p>Full control</p></td>
-        <td align="left"><p>This folder, subfolders, and files</p></td>
-        </tr>
-        <tr class="odd">
-        <td align="left"><p>Security group of UE-V users</p></td>
-        <td align="left"><p>List folder/read data, create folders/append data</p></td>
-        <td align="left"><p>This folder only</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Everyone</p></td>
-        <td align="left"><p>Remove all permissions</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        </tbody>
-        </table>
-
-         
+        | User account | Recommended permissions | Folder |
+        | - | - | - |
+        | Creator/Owner | No permissions | No permissions |
+        | Domain Admins | Full control | This folder, subfolders, and files |
+        | Security group of UE-V users | List folder/read data, create folders/append data | This folder only |
+        | Everyone | Remove all permissions | No permissions |
 
     3.  Set the following share-level SMB permissions for the settings template catalog folder.
 
-        <table>
-        <colgroup>
-        <col width="50%" />
-        <col width="50%" />
-        </colgroup>
-        <thead>
-        <tr class="header">
-        <th align="left">User account</th>
-        <th align="left">Recommend permissions</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr class="odd">
-        <td align="left"><p>Everyone</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Domain computers</p></td>
-        <td align="left"><p>Read permission Levels</p></td>
-        </tr>
-        <tr class="odd">
-        <td align="left"><p>Administrators</p></td>
-        <td align="left"><p>Read/write permission levels</p></td>
-        </tr>
-        </tbody>
-        </table>
-
+        | User account | Recommend permissions |
+        | - | - |
+        | Everyone | No permissions |
+        | Domain computers | Read permission Levels |
+        | Administrators | Read/write permission levels |
          
-
     4.  Set the following NTFS permissions for the settings template catalog folder.
 
-        <table>
-        <colgroup>
-        <col width="33%" />
-        <col width="33%" />
-        <col width="33%" />
-        </colgroup>
-        <thead>
-        <tr class="header">
-        <th align="left">User account</th>
-        <th align="left">Recommended permissions</th>
-        <th align="left">Apply to</th>
-        </tr>
-        </thead>
-        <tbody>
-        <tr class="odd">
-        <td align="left"><p>Creator/Owner</p></td>
-        <td align="left"><p>Full control</p></td>
-        <td align="left"><p>This folder, subfolders, and files</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Domain Computers</p></td>
-        <td align="left"><p>List folder contents and Read permissions</p></td>
-        <td align="left"><p>This folder, subfolders, and files</p></td>
-        </tr>
-        <tr class="odd">
-        <td align="left"><p>Everyone</p></td>
-        <td align="left"><p>No permissions</p></td>
-        <td align="left"><p>No permissions</p></td>
-        </tr>
-        <tr class="even">
-        <td align="left"><p>Administrators</p></td>
-        <td align="left"><p>Full Control</p></td>
-        <td align="left"><p>This folder, subfolders, and files</p></td>
-        </tr>
-        </tbody>
-        </table>
-
-         
+        | User account | Recommended permissions | Apply to |
+        | - | - | - |
+        | Creator/Owner | Full control | This folder, subfolders, and files |
+        | Domain Computers | List folder contents and Read permissions | This folder, subfolders, and files|
+        | Everyone| No permissions| No permissions|
+        | Administrators| Full Control| This folder, subfolders, and files|
 
 ### Use Windows Server as of Windows Server 2003 to host redirected file shares
 
diff --git a/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md b/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md
index fbba2bc34c..4b20fbb7a1 100644
--- a/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md
+++ b/mdop/uev-v2/synchronizing-office-2013-with-ue-v-20-both-uevv2.md
@@ -15,12 +15,12 @@ ms.prod: w10
 
 Microsoft User Experience Virtualization (UE-V) 2.0 supports the synchronization of Microsoft Office 2013 application setting using a template available from the UE-V template gallery. The combination of UE-V 2 and App-V 5.0 SP2 support of Office 2013 Professional Plus enables the same experience on virtualized instance of Office 2013 from any UE-V-enabled device or virtualized desktop.
 
-To activate UE-V application settings support of Office 2013, you can download official UE-V Office 2013 templates from the [Microsoft User Experience Virtualization (UE-V) 2 Template Gallery](http://go.microsoft.com/fwlink/p/?LinkId=246589). This resource provides Microsoft-authored UE-V settings location templates as well as community-developed settings location templates.
+To activate UE-V application settings support of Office 2013, you can download official UE-V Office 2013 templates from the [Microsoft User Experience Virtualization (UE-V) 2 Template Gallery](https://go.microsoft.com/fwlink/p/?LinkId=246589). This resource provides Microsoft-authored UE-V settings location templates as well as community-developed settings location templates.
 
 ## Microsoft Office support in UE-V
 
 
-UE-V 1.0 and UE-V 2 include settings location templates for Microsoft Office 2010. These templates are distributed and registered as part of the UE-V Agent installation process. These templates help synchronize users’ Office experience between devices. The UE-V templates for Office 2013 provide a very similar settings experience to the templates for Office 2010. Microsoft Office 2013 settings roamed by Office 365 experience are not included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office 2013](http://go.microsoft.com/fwlink/p/?LinkId=391220).
+UE-V 1.0 and UE-V 2 include settings location templates for Microsoft Office 2010. These templates are distributed and registered as part of the UE-V Agent installation process. These templates help synchronize users’ Office experience between devices. The UE-V templates for Office 2013 provide a very similar settings experience to the templates for Office 2010. Microsoft Office 2013 settings roamed by Office 365 experience are not included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkId=391220).
 
 ## Synchronized Office 2013 Settings
 
@@ -112,7 +112,7 @@ You can deploy UE-V settings location template with the following methods:
 
 -   **Registering template via Template Catalog Path**. If you use the Settings Template Catalog Path to manage templates on users’ computers, copy the Office 2013 template into the folder defined in the UE-V Agent. The next time the Template Auto Update (ApplySettingsCatalog.exe) scheduled task runs, the settings location template will be registered on the device. For more information, see [Deploying the Settings Template Catalog for UE-V 2](http://technet.microsoft.com/library/dn458942.aspx#deploycatalogue).
 
--   **Registering template via Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, then recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to your clients. For more information, see the guidance provided in the documentation for the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2](http://go.microsoft.com/fwlink/?LinkId=317263).
+-   **Registering template via Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, then recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to your clients. For more information, see the guidance provided in the documentation for the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2](https://go.microsoft.com/fwlink/?LinkId=317263).
 
 ## Got a suggestion for UE-V?
 
diff --git a/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md b/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md
index b46669f1a7..54488ba947 100644
--- a/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md
+++ b/mdop/uev-v2/troubleshooting-ue-v-2x-both-uevv2.md
@@ -13,7 +13,7 @@ ms.prod: w10
 # Troubleshooting UE-V 2.x
 
 
-Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905).
+Troubleshooting content is not included in the Administrator's Guide for this product. Instead, you can find troubleshooting information for this product on the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905).
 
 ##  Find troubleshooting information
 
@@ -26,7 +26,7 @@ The first step to find help content in the Administrator’s Guide is to search
 
 **To search the MDOP product documentation**
 
-1.  Open a web browser and browse to the [MDOP Information Experience](http://go.microsoft.com/fwlink/p/?LinkId=236032) home page on TechNet.
+1.  Open a web browser and browse to the [MDOP Information Experience](https://go.microsoft.com/fwlink/p/?LinkId=236032) home page on TechNet.
 
 2.  Locate the **Search TechNet with Bing** search box and enter your search term.
 
@@ -34,7 +34,7 @@ The first step to find help content in the Administrator’s Guide is to search
 
 **To search the TechNet Wiki**
 
-1.  Open a web browser and browse to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Open a web browser and browse to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Locate the **Search TechNet Wiki** search box and enter your search term.
 
@@ -47,7 +47,7 @@ If you have a troubleshooting tip or a best practice to share that is not alread
 
 **To create a TechNet Wiki troubleshooting or best practices article**
 
-1.  Open a web browser and browse to the [TechNet Wiki](http://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
+1.  Open a web browser and browse to the [TechNet Wiki](https://go.microsoft.com/fwlink/p/?LinkId=224905) home page.
 
 2.  Sign in with your Microsoft account.
 
diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md b/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md
index a601d3e4a6..b0ac82f317 100644
--- a/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md
+++ b/mdop/uev-v2/whats-new-in-ue-v-21-new-uevv2.md
@@ -25,7 +25,7 @@ An Outlook profile must be created for any device on which a user wants to sync
 
  
 
-Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](http://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
+Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
 
 To enable settings synchronization using UE-V 2.1, do one of the following:
 
@@ -33,7 +33,7 @@ To enable settings synchronization using UE-V 2.1, do one of the following:
 
 -   Do not enable the Office 365 synchronization experience during Office 2013 installation
 
-UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](http://go.microsoft.com/fwlink/p/?LinkID=246589).
+UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](https://go.microsoft.com/fwlink/p/?LinkID=246589).
 
 ## Fix for Distributed File System Namespace Users
 
diff --git a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
index d8950b0ead..017b35478b 100644
--- a/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
+++ b/mdop/uev-v2/whats-new-in-ue-v-21-sp1uevv21-sp1.md
@@ -64,7 +64,7 @@ An Outlook profile must be created for any device on which a user wants to sync
 
  
 
-Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](http://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
+Previously UE-V included Microsoft Office 2010 settings location templates that were automatically distributed and registered with the UE-V Agent. UE-V 2.1 works with Office 365 to determine whether Office 2013 settings are roamed by Office 365. If settings are roamed by Office 365 they are not roamed by UE-V. [Overview of user and roaming settings for Office 2013](https://go.microsoft.com/fwlink/p/?LinkID=391220) provides more information.
 
 To enable settings synchronization using UE-V 2.1, do one of the following:
 
@@ -72,7 +72,7 @@ To enable settings synchronization using UE-V 2.1, do one of the following:
 
 -   Do not enable the Office 365 synchronization experience during Office 2013 installation
 
-UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](http://go.microsoft.com/fwlink/p/?LinkID=246589).
+UE-V 2.1 ships [Office 2013 and Office 2010 templates](http://technet.microsoft.com/library/dn458932.aspx#autosyncsettings). This release removes the Office 2007 templates. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get the templates from the UE-V template gallery located [here](https://go.microsoft.com/fwlink/p/?LinkID=246589).
 
 ## Got a suggestion for UE-V?
 
diff --git a/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md b/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md
index 04136b1e89..115cb8405c 100644
--- a/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md
+++ b/mdop/uev-v2/working-with-custom-ue-v-2x-templates-and-the-ue-v-2x-generator-new-uevv2.md
@@ -49,7 +49,8 @@ The UE-V Generator excludes locations, which commonly store application software
 
 -   Windows operating system files that are located in %Systemroot%, which requires administrator rights and might require to set a UAC agreement
 
-If registry keys and files that are stored in these locations are required to synchronize application settings, you can manually add the excluded locations to the settings location template during the template creation process.
+If registry keys and files that are stored in these locations are required to synchronize application settings, you can manually add the excluded locations to the settings location template during the template creation process
+ (except for registry entries in the HKEY\_LOCAL\_MACHINE hive).
 
 ## <a href="" id="edit"></a>Edit Settings Location Templates with the UE-V Generator
 
@@ -138,7 +139,7 @@ It is possible to create or edit settings location templates in an XML editor wi
 ## <a href="" id="share"></a>Share Settings Location Templates with the Template Gallery
 
 
-The Microsoft User Experience Virtualization (UE-V) 2.0 template gallery enables administrators to share their UE-V settings location templates. In the gallery, you can upload your settings location templates for other users to use, and you can download templates that other users have created. The UE-V template gallery is located on Microsoft TechNet [here](http://go.microsoft.com/fwlink/p/?LinkId=246589).
+The Microsoft User Experience Virtualization (UE-V) 2.0 template gallery enables administrators to share their UE-V settings location templates. In the gallery, you can upload your settings location templates for other users to use, and you can download templates that other users have created. The UE-V template gallery is located on Microsoft TechNet [here](https://go.microsoft.com/fwlink/p/?LinkId=246589).
 
 Before you share a settings location template on the UE-V template gallery, ensure it does not contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share a template with anyone outside your company.
 
diff --git a/windows/breadcrumb/toc.yml b/windows/breadcrumb/toc.yml
new file mode 100644
index 0000000000..fa80416cab
--- /dev/null
+++ b/windows/breadcrumb/toc.yml
@@ -0,0 +1,19 @@
+- name: Windows
+  tocHref: /itpro/windows/
+  topicHref: /itpro/windows/index
+  items:
+  - name: What's new
+    tocHref: /itpro/windows/whats-new/
+    topicHref: /itpro/windows/whats-new/index
+  - name: Plan
+    tocHref: /itpro/windows/plan/
+    topicHref: /itpro/windows/plan/index
+  - name: Deploy
+    tocHref: /itpro/windows/deploy/
+    topicHref: /itpro/windows/deploy/index
+  - name: Keep secure
+    tocHref: /itpro/windows/keep-secure/
+    topicHref: /itpro/windows/keep-secure/index
+  - name: Manage
+    tocHref: /itpro/windows/manage/
+    topicHref: /itpro/windows/manage/index
\ No newline at end of file
diff --git a/windows/deploy/TOC.md b/windows/deploy/TOC.md
index 2515e9c934..8d1cde1de9 100644
--- a/windows/deploy/TOC.md
+++ b/windows/deploy/TOC.md
@@ -1,5 +1,15 @@
 # [Deploy Windows 10](index.md)
 ## [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
+## [Manage Windows upgrades with Upgrade Analytics](manage-windows-upgrades-with-upgrade-analytics.md)
+### [Upgrade Analytics architecture](upgrade-analytics-architecture.md)
+### [Upgrade Analytics requirements](upgrade-analytics-requirements.md)
+### [Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
+### [Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
+### [Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md)
+#### [Prepare your environment](upgrade-analytics-prepare-your-environment.md)
+#### [Resolve application and driver issues](upgrade-analytics-resolve-issues.md)
+#### [Deploy Windows](upgrade-analytics-deploy-windows.md)
+### [Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)
 ## [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
 ### [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)
 #### [Key features in MDT 2013 Update 2](key-features-in-mdt-2013.md)
@@ -51,6 +61,7 @@
 ### [Monitor activation [client]](monitor-activation-client.md)
 ### [Use the Volume Activation Management Tool [client]](use-the-volume-activation-management-tool-client.md)
 ### [Appendix: Information sent to Microsoft during activation [client]](appendix-information-sent-to-microsoft-during-activation-client.md)
+## [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md)
 ## [Windows 10 deployment tools reference](windows-10-deployment-tools-reference.md)
 ### [Windows 10 deployment tools](windows-deployment-scenarios-and-tools.md)
 ### [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md)
diff --git a/windows/deploy/activate-using-active-directory-based-activation-client.md b/windows/deploy/activate-using-active-directory-based-activation-client.md
index dbf9a5a617..a3dce6ef96 100644
--- a/windows/deploy/activate-using-active-directory-based-activation-client.md
+++ b/windows/deploy/activate-using-active-directory-based-activation-client.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: greg-lindsay
+localizationpriority: high
 ---
 
 # Activate using Active Directory-based activation
@@ -21,10 +22,10 @@ author: greg-lindsay
 -   Windows Server 2008 R2
 
 **Looking for retail activation?**
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
-Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that the forest schema be updated by adprep.exe on a computer running Windows Server 2012 R2 or Windows Server 2012, but after the schema is updated, older domain controllers can still activate clients.
-Any domain-joined computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 with a GVLK will be activated automatically and transparently. They will stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention.
+Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that the forest schema be updated by adprep.exe on a computer running Windows Server 2012 or Windows Server 2012 R2, but after the schema is updated, older domain controllers can still activate clients.
+Any domain-joined computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012, or Windows Server 2012 R2 with a GVLK will be activated automatically and transparently. They will stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention.
 To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console in Windows Server 2012 R2 or the VAMT in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10.
 The process proceeds as follows:
 1.  Perform one of the following tasks:
@@ -37,7 +38,7 @@ The process proceeds as follows:
     
     **Figure 10**. The Active Directory-based activation flow
     
-For environments in which all computers are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2, and they are joined to a domain, Active Directory-based activation is the best option for activating all client computers and servers, and you may be able to remove any KMS hosts from your environment.
+For environments in which all computers are running Windows 10, Windows 8.1, Windows 8, Windows Server 2012, or Windows Server 2012 R2, and they are joined to a domain, Active Directory-based activation is the best option for activating all client computers and servers, and you may be able to remove any KMS hosts from your environment.
 If an environment will continue to contain earlier volume licensing operating systems and applications or if you have workgroup computers outside the domain, you need to maintain a KMS host to maintain activation status for earlier volume licensing editions of Windows and Office.
 Clients that are activated with Active Directory-based activation will maintain their activated state for up to 180 days since the last contact with the domain, but they will periodically attempt to reactivate before then and at the end of the 180day period. By default, this reactivation event occurs every seven days.
 When a reactivation event occurs, the client queries AD DS for the activation object. Client computers examine the activation object and compare it to the local edition as defined by the GVLK. If the object and GVLK match, reactivation occurs. If the AD DS object cannot be retrieved, client computers use KMS activation. If the computer is removed from the domain, when the computer or the Software Protection service is restarted, the operating system will change the status from activated to not activated, and the computer will try to activate with KMS.
diff --git a/windows/deploy/activate-using-key-management-service-vamt.md b/windows/deploy/activate-using-key-management-service-vamt.md
index 9681860156..0e20177f45 100644
--- a/windows/deploy/activate-using-key-management-service-vamt.md
+++ b/windows/deploy/activate-using-key-management-service-vamt.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Activate using Key Management Service
@@ -23,7 +24,7 @@ author: jdeckerMS
 
 **Looking for retail activation?**
 
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host:
 -   Host KMS on a computer running Windows 10
@@ -47,7 +48,7 @@ To enable KMS functionality, a KMS key is installed on a KMS host; then, the hos
     -   To activate by using the telephone, type **slui.exe 4**.
 3.  After activating the KMS key, restart the Software Protection Service.
 
-For more information, see the information for Windows 7 in [Deploy KMS Activation](http://go.microsoft.com/fwlink/p/?LinkId=717032).
+For more information, see the information for Windows 7 in [Deploy KMS Activation](https://go.microsoft.com/fwlink/p/?LinkId=717032).
 
 ## Key Management Service in Windows Server 2012 R2
 Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Sever 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista.
@@ -59,7 +60,7 @@ This scenario is commonly used in larger organizations that do not find the over
 
 **Note**  
 
-If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](http://go.microsoft.com/fwlink/p/?LinkId=620687).
+If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](https://go.microsoft.com/fwlink/p/?LinkId=620687).
 
 **Configure KMS in Windows Server 2012 R2**
 
@@ -121,7 +122,7 @@ The **/ato** command causes the operating system to attempt activation by using
 
 The **/dlv** command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated.
 
-For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](http://go.microsoft.com/fwlink/p/?LinkId=733639).
+For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](https://go.microsoft.com/fwlink/p/?LinkId=733639).
 
 ## Key Management Service in earlier versions of Windows
 
@@ -132,7 +133,7 @@ If you have already established a KMS infrastructure in your organization for an
 3.  Install the new KMS host key on your KMS host.
 4.  Activate the new KMS host key by running the slmrg.vbs script.
 
-For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](http://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=626590).
+For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590).
 
 ## See also
 -   [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deploy/activate-windows-10-clients-vamt.md b/windows/deploy/activate-windows-10-clients-vamt.md
index 2d77f355dc..30cea0c7ff 100644
--- a/windows/deploy/activate-windows-10-clients-vamt.md
+++ b/windows/deploy/activate-windows-10-clients-vamt.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Activate clients running Windows 10
@@ -23,7 +24,7 @@ author: jdeckerMS
 
 **Looking for retail activation?**
 
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. If the computer has been configured with a Generic Volume License Key (GVLK), neither IT nor the user need take any action. It just works.
 Enterprise edition images and installation media should already be configured with the GVLK. When the client computer starts, the Licensing service examines the current licensing condition of the computer.
@@ -83,7 +84,7 @@ KMS hosts on the network need to install a KMS key, and then be activated with M
 
 ### Activating subsequent Key Management Service hosts
 
-Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization’s KMS key by calling a Microsoft Volume [Licensing Activation Center](http://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception.
+Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization’s KMS key by calling a Microsoft Volume [Licensing Activation Center](https://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception.
 
 ## How Multiple Activation Key works
 
diff --git a/windows/deploy/active-directory-based-activation-overview.md b/windows/deploy/active-directory-based-activation-overview.md
index 9a64d7572a..7eced02f55 100644
--- a/windows/deploy/active-directory-based-activation-overview.md
+++ b/windows/deploy/active-directory-based-activation-overview.md
@@ -21,7 +21,7 @@ VAMT enables IT Professionals to manage and activate the Active Directory-Based
 
 ## Related topics
 
-- [How to Activate an Active Directory Forest Online](http://go.microsoft.com/fwlink/p/?LinkId=246565)
-- [How to Proxy Activate an Active Directory Forest](http://go.microsoft.com/fwlink/p/?LinkId=246566)
+- [How to Activate an Active Directory Forest Online](https://go.microsoft.com/fwlink/p/?LinkId=246565)
+- [How to Proxy Activate an Active Directory Forest](https://go.microsoft.com/fwlink/p/?LinkId=246566)
  
  
diff --git a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
index 5a3eadbc33..8fb81af58a 100644
--- a/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deploy/add-a-windows-10-operating-system-image-using-configuration-manager.md
@@ -5,6 +5,7 @@ ms.assetid: 77f769cc-1a47-4f36-8082-201cd77b8d3b
 keywords: image, deploy, distribute
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index de701986b4..878c230d72 100644
--- a/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deploy/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -4,6 +4,7 @@ description: In this topic, you will learn how to configure the Windows Preinsta
 ms.assetid: 97b3ea46-28d9-407e-8c42-ded2e45e8d5c
 keywords: deploy, task sequence
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
@@ -35,13 +36,12 @@ This section will show you how to import some network and storage drivers for Wi
 
 5.  On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image. Also select the **Update distribution points when finished** check box, and click **Next** twice.
 
-![figure 21](images/fig21-add-drivers.png)
+![Add drivers to Windows PE](images/fig21-add-drivers.png "Add drivers to Windows PE")
 
-Figure 21. Add drivers to Windows PE.
-
-**Note**  
-The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two.
+*Figure 21. Add drivers to Windows PE*
 
+>[!NOTE]  
+>The Updating Boot Image part of the wizard will appear to hang when displaying Done. It will complete in a minute or two.
  
 
 ## <a href="" id="sec02"></a>Add drivers for Windows 10
@@ -55,31 +55,28 @@ This section illustrates how to add drivers for Windows 10 through an example in
 
 3.  On the **Specify the details for the imported driver** page, click **Categories**, create a category named Windows 10 x64 - HP EliteBook 8560w, and then click **Next**.
 
-    ![figure 22](images/fig22-createcategories.png)
+    ![Create driver categories](images/fig22-createcategories.png "Create driver categories")
 
-    Figure 22. Create driver categories.
+    *Figure 22. Create driver categories*
 
 4.  On the **Select the packages to add the imported driver** page, click **New Package**, use the following settings for the package, and then click **Next**:
 
-    1.  Name: Windows 10 x64 - HP EliteBook 8560w
+    * Name: Windows 10 x64 - HP EliteBook 8560w
 
-    2.  Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\HP EliteBook 8560w
-
-    **Note**  
-    The package path does not yet exist, so you have to type it in. The wizard will create the new package in that folder.
+    * Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\HP EliteBook 8560w
 
+    >[!NOTE]  
+    >The package path does not yet exist, so you have to type it in. The wizard will create the new package in that folder.
      
 
 5.  On the **Select drivers to include in the boot image** page, do not select anything, and click **Next** twice. After the package has been created, click **Close**.
 
-**Note**  
-If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import.
-
- 
-
-![figure 23](images/mdt-06-fig26.png)
-
-Figure 23. Drivers imported and a new driver package created.
+    >[!NOTE]  
+    >If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import.
+  
+    ![Drivers imported and a new driver package created](images/mdt-06-fig26.png "Drivers imported and a new driver package created")
+  
+    *Figure 23. Drivers imported and a new driver package created*
 
 ## Related topics
 
diff --git a/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
index 39133a9d8c..c8b4b71449 100644
--- a/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deploy/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: medium
 ---
 # Appendix: Information sent to Microsoft during activation
 **Applies to**
@@ -21,7 +22,7 @@ author: jdeckerMS
 
 **Looking for retail activation?**
 
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 When you activate a computer running Windows 10, the following information is sent to Microsoft:
 
@@ -55,7 +56,7 @@ Standard computer information is also sent, but your computer’s IP address is
 ## Use of information
 
 Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft does not use the information to contact individual consumers.
-For additional details, see [Windows 10 Privacy Statement](http://go.microsoft.com/fwlink/p/?LinkId=619879).
+For additional details, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879).
 
 ## See also
 
diff --git a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
index 1319888616..a6e7d69377 100644
--- a/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
+++ b/windows/deploy/assign-applications-using-roles-in-mdt-2013.md
@@ -5,6 +5,7 @@ ms.assetid: d82902e4-de9c-4bc4-afe0-41d649b83ce7
 keywords: settings, database, deploy
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
diff --git a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
index f015c71c1f..010284c04f 100644
--- a/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
+++ b/windows/deploy/build-a-distributed-environment-for-windows-10-deployment.md
@@ -5,6 +5,7 @@ ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c
 keywords: replication, replicate, deploy, configure, remote
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -76,6 +77,7 @@ Setting up DFS-R for replication is a quick and straightforward process. You pre
     ![figure 3](images/mdt-10-fig03.png)
 
     Figure 3. Sharing the **E:\\MDTProduction folder** on MDT02.
+
 ### Configure the deployment share
 
 When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT, that can be done by using the DefaultGateway property.
@@ -146,6 +148,7 @@ Once the MDT01 and MDT02 servers are prepared, you are ready to configure the ac
     1.  In the **Staging** tab, set the quota to **20480 MB**.
     2.  In the **Advanced** tab, set the quota to **8192 MB**.
         In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Here is a Windows PowerShell example that calculates the size of the 16 largest files in the E:\\MDTProduction deployment share:
+        
         ``` syntax
         (Get-ChildItem E:\MDTProduction -Recurse | Sort-Object Length -Descending | Select-Object -First 16 | Measure-Object -Property Length -Sum).Sum /1GB
         ```
diff --git a/windows/deploy/change-history-for-deploy-windows-10.md b/windows/deploy/change-history-for-deploy-windows-10.md
index b24a8b5382..fb3f4478ec 100644
--- a/windows/deploy/change-history-for-deploy-windows-10.md
+++ b/windows/deploy/change-history-for-deploy-windows-10.md
@@ -11,6 +11,11 @@ author: greg-lindsay
 # Change history for Deploy Windows 10
 This topic lists new and updated topics in the [Deploy Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+## September 2016
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Windows 10 Enterprise E3 in CSP Overview](windows-10-enterprise-e3-overview.md) | New | 
+
 ## RELEASE: Windows 10, version 1607
 
 The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: 
@@ -19,6 +24,17 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 - [Provision PCs with apps and certificates for initial deployment](provision-pcs-with-apps-and-certificates.md)
 - [Provision PCs with common settings for initial deployment](provision-pcs-for-initial-deployment.md)
 
+=======
+
+## August 2016
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Windows 10 edition upgrade](windows-10-edition-upgrades.md) | Updated with reboot requirements | 
+
+## July 2016
+| New or changed topic | Description |
+|----------------------|-------------|
+| [Manage Windows upgrades with Upgrade Analytics](manage-windows-upgrades-with-upgrade-analytics.md) | New |
 
 ## June 2016
 | New or changed topic | Description |
@@ -48,12 +64,3 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 - [Change history for Plan for Windows 10 deployment](../plan/change-history-for-plan-for-windows-10-deployment.md)
 - [Change history for Keep Windows 10 secure](../keep-secure/change-history-for-keep-windows-10-secure.md)
 - [Change history for Manage and update Windows 10](../manage/change-history-for-manage-and-update-windows-10.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
index e5c6db8bda..9591616e9d 100644
--- a/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deploy/configure-a-pxe-server-to-load-windows-pe.md
@@ -4,6 +4,7 @@ description: This topic describes how to configure a PXE server to load Windows
 keywords: upgrade, update, windows, windows 10, pxe, WinPE, image, wim
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: deploy
 author: greg-lindsay
@@ -21,7 +22,7 @@ This walkthrough describes how to configure a PXE server to load Windows PE by
 
 ## Prerequisites
 
-- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](http://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) installed.
+- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) installed.
 - A DHCP server: A DHCP server or DHCP proxy configured to respond to PXE client requests is required.
 - A PXE server: A server running the TFTP service that can host Windows PE boot files that the client will download.
 - A file server: A server hosting a network file share.
@@ -59,6 +60,8 @@ All four of the roles specified above can be hosted on the same computer or each
     ```
     Dism /mount-image /imagefile:c:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:C:\winpe_amd64\mount
     ```
+    Verify that "The operation completed successfully" is displayed. Note: To view currently mounted images, type **dism /get-MountedWiminfo**. 
+
 5. Map a network share to the root TFTP directory on the PXE/TFTP server and create a \Boot folder. Consult your TFTP server documentation to determine the root TFTP server directory, then enable sharing for this directory, and verify it can be accessed on the network. In the following example, the PXE server name is PXE-1 and the TFTP root directory is shared using a network path of **\\\PXE-1\TFTPRoot**:
 
     ```
@@ -66,7 +69,7 @@ All four of the roles specified above can be hosted on the same computer or each
     y:
     md boot
     ```
-6. Copy the PXE boot files from the mounted directory to the \Boot folder. For example:
+6. Copy the PXE boot files from the mounted directory to the \boot folder. For example:
 
     ```
     copy c:\winpe_amd64\mount\windows\boot\pxe\*.* y:\boot
@@ -76,11 +79,16 @@ All four of the roles specified above can be hosted on the same computer or each
     ```
     copy C:\winpe_amd64\media\boot\boot.sdi y:\boot
     ```
-8.  Copy the bootable Windows PE image (boot.wim) to the \Boot folder.
+8.  Copy the bootable Windows PE image (boot.wim) to the \boot folder.
 
     ```
     copy C:\winpe_amd64\media\sources\boot.wim y:\boot
     ```
+9. (Optional) Copy true type fonts to the \boot folder
+
+    ```
+    copy C:\winpe_amd64\media\Boot\Fonts y:\boot\Fonts
+    ```
 
 ## Step 2: Configure boot settings and copy the BCD file
 
@@ -93,29 +101,37 @@ All four of the roles specified above can be hosted on the same computer or each
 
     ```
     bcdedit /store c:\BCD /create {ramdiskoptions} /d "Ramdisk options"
-    bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdidevice partition=C:
-    bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdipath \winpe_amd64\media\boot\boot.sdi
+    bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdidevice boot
+    bcdedit /store c:\BCD /set {ramdiskoptions} ramdisksdipath \boot\boot.sdi
+    bcdedit /store c:\BCD /create /d "winpe boot image" /application osloader
     ```
+    The last command will return a GUID, for example:
+    ```
+    The entry {a4f89c62-2142-11e6-80b6-00155da04110} was successfully created. 
+    ```
+    Copy this GUID for use in the next set of commands. In each command shown, replace "GUID1" with your GUID.
+
 3.  Create a new boot application entry for the Windows PE image:
 
     ```
-    bcdedit /store c:\BCD /set {GUID1} device ramdisk=[c:]\winpe_amd64\media\sources\boot.wim,{ramdiskoptions} 
+    bcdedit /store c:\BCD /set {GUID1} device ramdisk=[boot]\boot\boot.wim,{ramdiskoptions} 
     bcdedit /store c:\BCD /set {GUID1} path \windows\system32\winload.exe 
-    bcdedit /store c:\BCD /set {GUID1} osdevice ramdisk=[c:]\winpe_amd64\media\sources\boot.wim,{ramdiskoptions} 
+    bcdedit /store c:\BCD /set {GUID1} osdevice ramdisk=[boot]\boot\boot.wim,{ramdiskoptions} 
     bcdedit /store c:\BCD /set {GUID1} systemroot \windows
     bcdedit /store c:\BCD /set {GUID1} detecthal Yes
     bcdedit /store c:\BCD /set {GUID1} winpe Yes
     ```
-4.  Configure BOOTMGR settings:
+4.  Configure BOOTMGR settings (remember to replace GUID1 in the third command with your GUID):
 
     ```
+    bcdedit /store c:\BCD /create {bootmgr} /d "boot manager"
     bcdedit /store c:\BCD /set {bootmgr} timeout 30 
     bcdedit /store c:\BCD -displayorder {GUID1} -addlast
     ```
 5.  Copy the BCD file to your TFTP server:
 
     ```
-    copy c:\BCD \\PXE-1\TFTPRoot\Boot
+    copy c:\BCD \\PXE-1\TFTPRoot\boot\BCD
     ```
 
 Your PXE/TFTP server is now configured. You can view the BCD settings that have been configured using the command bcdedit /store &lt;BCD file location&gt; /enum all. See the following example. Note: Your GUID will be different than the one shown below.
@@ -151,10 +167,11 @@ ramdisksdipath          \boot\boot.sdi
 
 The following summarizes the PXE client boot process.
 
-1.  A client is directed by DHCP options 066 and 067 to download boot\\wdsnbp.com from the TFTP server.
-2.  Wdsnbp.com validates the DHCP/PXE response packet and then the client downloads boot\\pxeboot.com.
-3.  Pxeboot.com requires the client to press the F12 key to initiate a PXE boot.
-4.  The client downloads boot\\bootmgr.exe and the boot\\BCD file from the TFTP server. Note: The BCD store must reside in the \\boot directory on the TFTP server and must be named BCD.
+>The following assumes that you have configured DHCP option 67 (Bootfile Name) to "boot\PXEboot.n12" which enables direct boot to PXE with no user interaction. For more information about DHCP options for network boot, see [Managing Network Boot Programs](https://technet.microsoft.com/en-us/library/cc732351.aspx).
+
+1.  A client is directed by DHCP options 066 and 067 to download boot\\PXEboot.n12 from the TFTP server.
+2.  PXEboot.n12 immediately begins a network boot.
+3.  The client downloads boot\\bootmgr.exe and the boot\\BCD file from the TFTP server. Note: The BCD store must reside in the \\boot directory on the TFTP server and must be named BCD.
 5.  Bootmgr.exe reads the BCD operating system entries and downloads boot\\boot.sdi and the Windows PE image (boot\\boot.wim). Optional files that can also be downloaded include true type fonts (boot\\Fonts\\wgl4\_boot.ttf) and the hibernation state file (\\hiberfil.sys) if these files are present.
 6.  Bootmgr.exe starts Windows PE by calling winload.exe within the Windows PE image.
 7.  Windows PE loads, a command prompt opens and wpeinit.exe is run to initialize Windows PE.
diff --git a/windows/deploy/configure-client-computers-vamt.md b/windows/deploy/configure-client-computers-vamt.md
index 704c8d01f9..c5334ea193 100644
--- a/windows/deploy/configure-client-computers-vamt.md
+++ b/windows/deploy/configure-client-computers-vamt.md
@@ -19,7 +19,7 @@ To enable the Volume Activation Management Tool (VAMT) to function correctly, ce
 Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows.
 
 **Important**  
-This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](http://go.microsoft.com/fwlink/p/?LinkId=182933).
+This procedure only applies to clients running Windows Vista or later. For clients running Windows XP Service Pack 1, see [Connecting Through Windows Firewall](https://go.microsoft.com/fwlink/p/?LinkId=182933).
 
 ## Configuring the Windows Firewall to allow VAMT access
 
@@ -56,12 +56,12 @@ Enable the VAMT to access client computers across multiple subnets using the **W
     - On the **Advanced** tab, verify selection of all profiles that are applicable to the network (Domain or Private/Public).
 
 In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports.
-For more info, see [How to configure RPC dynamic port allocation to work with firewalls](http://go.microsoft.com/fwlink/p/?LinkId=182911).
+For more info, see [How to configure RPC dynamic port allocation to work with firewalls](https://go.microsoft.com/fwlink/p/?LinkId=182911).
 
 ## Create a registry value for the VAMT to access workgroup-joined computer
 
 **Caution**  
-This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](http://go.microsoft.com/fwlink/p/?LinkId=182912).
+This section contains information about how to modify the registry. Make sure to back up the registry before you modify it; in addition, ensure that you know how to restore the registry, if a problem occurs. For more information about how to back up, restore, and modify the registry, see [Windows registry information for advanced users](https://go.microsoft.com/fwlink/p/?LinkId=182912).
 
 On the client computer, create the following registry key using regedit.exe.
 
diff --git a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
index a94bee6b7b..c95b0fc69e 100644
--- a/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
+++ b/windows/deploy/configure-mdt-2013-for-userexit-scripts.md
@@ -5,6 +5,7 @@ ms.assetid: 29a421d1-12d2-414e-86dc-25b62f5238a7
 keywords: rules, script
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
diff --git a/windows/deploy/configure-mdt-2013-settings.md b/windows/deploy/configure-mdt-2013-settings.md
index ba84efd5c1..46c1e30220 100644
--- a/windows/deploy/configure-mdt-2013-settings.md
+++ b/windows/deploy/configure-mdt-2013-settings.md
@@ -5,6 +5,7 @@ ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122
 keywords: customize, customization, deploy, features, tools
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
diff --git a/windows/deploy/configure-mdt-deployment-share-rules.md b/windows/deploy/configure-mdt-deployment-share-rules.md
index 5eeadbbfd6..97a448f5da 100644
--- a/windows/deploy/configure-mdt-deployment-share-rules.md
+++ b/windows/deploy/configure-mdt-deployment-share-rules.md
@@ -5,6 +5,7 @@ ms.assetid: b5ce2360-33cc-4b14-b291-16f75797391b
 keywords: rules, configuration, automate, deploy
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
diff --git a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index a5cbfb7886..3d55bb7385 100644
--- a/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deploy/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -5,6 +5,7 @@ ms.assetid: b9e96974-324d-4fa4-b0ce-33cfc49c4809
 keywords: tool, customize, deploy, boot image
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
index 0838ebde59..f259ac4131 100644
--- a/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deploy/create-a-task-sequence-with-configuration-manager-and-mdt.md
@@ -5,6 +5,7 @@ ms.assetid: 0b069bec-5be8-47c6-bf64-7a630f41ac98
 keywords: deploy, upgrade, task sequence, install
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.pagetype: mdt
 ms.sitesec: library
 author: mtniehaus
@@ -24,7 +25,7 @@ For the purposes of this topic, we will use two machines: DC01 and CM01. DC01 is
 ## <a href="" id="sec01"></a>Create a task sequence using the MDT Integration Wizard
 
 
-This section will walk you through the process of creating a System Center 2012 R2 Configuration Manager task sequence for production use.
+This section walks you through the process of creating a System Center 2012 R2 Configuration Manager task sequence for production use.
 
 1.  On CM01, using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create MDT Task Sequence**.
 
@@ -32,27 +33,27 @@ This section will walk you through the process of creating a System Center 2012
 
 3.  On the **General** page, assign the following settings and then click **Next**:
 
-    1.  Task sequence name: Windows 10 Enterprise x64 RTM
+    * Task sequence name: Windows 10 Enterprise x64 RTM
 
-    2.  Task sequence comments: Production image with Office 2013
+    * Task sequence comments: Production image with Office 2013
 
 4.  On the **Details** page, assign the following settings and then click **Next**:
 
-    1.  Join a Domain
+    * Join a Domain
 
-    2.  Domain: contoso.com
+    * Domain: contoso.com
 
-        1.  Account: CONTOSO\\CM\_JD
+        * Account: CONTOSO\\CM\_JD
 
-        2.  Password: Passw0rd!
+        * Password: Passw0rd!
 
-    3.  Windows Settings
+    * Windows Settings
 
-        1.  User name: Contoso
+        * User name: Contoso
 
-        2.  Organization name: Contoso
+        * Organization name: Contoso
 
-        3.  Product key: &lt;blank&gt;
+        * Product key: &lt;blank&gt;
 
 5.  On the **Capture Settings** page, accept the default settings, and click **Next**.
 
@@ -87,12 +88,10 @@ After you create the task sequence, we recommend that you configure the task seq
 
 2.  In the **Install** group, select the **Set Variable for Drive Letter** action and configure the following:
 
-    -   OSDPreserveDriveLetter: True
-
-    **Note**  
-    If you don't change this value, your Windows installation will end up in E:\\Windows.
-
-     
+    * OSDPreserveDriveLetter: True
+    
+    >[!NOTE]  
+    >If you don't change this value, your Windows installation will end up in E:\\Windows.
 
 3.  In the **Post Install** group, select **Apply Network Settings**, and configure the Domain OU value to use the **Contoso / Workstations** OU (browse for values).
 
@@ -102,57 +101,55 @@ After you create the task sequence, we recommend that you configure the task seq
 
 6.  After the **Post Install / Drivers** group, add an **Apply Driver Package** action with the following settings:
 
-    1.  Name: HP EliteBook 8560w
+    * Name: HP EliteBook 8560w
 
-    2.  Driver Package: Windows 10 x64 - HP EliteBook 8560w
+    * Driver Package: Windows 10 x64 - HP EliteBook 8560w
 
-    3.  Options: Task Sequence Variable: Model equals HP EliteBook 8560w
-
-    **Note**  
-    You also can add a Query WMI condition with the following query: SELECT \* FROM Win32\_ComputerSystem WHERE Model LIKE '%HP EliteBook 8560w%'
-
-     
-
-    ![figure 24](images/fig27-driverpackage.png)
-
-    Figure 24. The driver package options.
+    * Options: Task Sequence Variable: Model equals HP EliteBook 8560w
+    
+    >[!NOTE]  
+    >You also can add a Query WMI condition with the following query: SELECT \* FROM Win32\_ComputerSystem WHERE Model LIKE '%HP EliteBook 8560w%'
+    
+    ![Driver package options](images/fig27-driverpackage.png "Driver package options")
+    
+    *Figure 24. The driver package options*
 
 7.  In the **State Restore / Install Applications** group, select the **Install Application** action.
 
 8.  Select the **Install the following applications** option, and add the OSD / Adobe Reader XI - OSD Install application to the list.
 
-    ![figure 25](images/fig28-addapp.png)
+    ![Add an application to the task sequence](images/fig28-addapp.png "Add an application to the task sequence")
 
-    Figure 25. Add an application to the Configuration Manager task sequence.
+    *Figure 25. Add an application to the Configuration Manager task sequence*
 
 9.  In the **State Restore** group, after the **Set Status 5** action, add a **Request State Store** action with the following settings:
 
-    1.  Restore state from another computer
+    * Restore state from another computer
 
-    2.  If computer account fails to connect to state store, use the Network Access account
+    * If computer account fails to connect to state store, use the Network Access account
 
-    3.  Options: Continue on error
+    * Options: Continue on error
 
-    4.  Options / Condition:
-
-        1.  Task Sequence Variable
-
-        2.  USMTLOCAL not equals True
+    * Options / Condition:
+    
+      * Task Sequence Variable
+      
+      * USMTLOCAL not equals True
 
 10. In the **State Restore** group, after the **Restore User State** action, add a **Release State Store** action with the following settings:
 
-    1.  Options: Continue on error
+    * Options: Continue on error
 
-    2.  Options / Condition:
-
-        1.  Task Sequence Variable
-
-        2.  USMTLOCAL not equals True
+    * Options / Condition:
+    
+      * Task Sequence Variable
+      
+      * USMTLOCAL not equals True
 
 11. Click **OK**.
 
-**Note**  
-The Request State Store and Release State Store actions need to be added for common computer replace scenarios.
+>[!NOTE]  
+>The Request State Store and Release State Store actions need to be added for common computer replace scenarios.
 
  
 
diff --git a/windows/deploy/create-a-windows-10-reference-image.md b/windows/deploy/create-a-windows-10-reference-image.md
index 50ec7f2fcf..4954dd3dcd 100644
--- a/windows/deploy/create-a-windows-10-reference-image.md
+++ b/windows/deploy/create-a-windows-10-reference-image.md
@@ -5,6 +5,7 @@ ms.assetid: 9da2fb57-f2ff-4fce-a858-4ae4c237b5aa
 keywords: deploy, deployment, configure, customize, install, installation
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -115,7 +116,7 @@ By storing configuration items as MDT applications, it is easy to move these obj
 In these examples, we assume that you downloaded the software in this list to the E:\\Downloads folder. The first application is added using the UI, but because MDT supports Windows PowerShell, you add the other applications using Windows PowerShell.
 
 **Note**  
-All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](http://go.microsoft.com/fwlink/p/?LinkId=619523).
+All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523).
  
 ### Create the install: Microsoft Office Professional Plus 2013 x86
 
@@ -164,6 +165,7 @@ You also can customize the Office installation using a Config.xml file. But we r
 If you need to add many applications, you can take advantage of the PowerShell support that MDT has. To start using PowerShell against the deployment share, you must first load the MDT PowerShell snap-in and then make the deployment share a PowerShell drive (PSDrive).
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Import the snap-in and create the PSDrive by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     Import-Topic "C:\Program Files\Microsoft Deployment Toolkit\bin\MicrosoftDeploymentToolkit.psd1"
     New-PSDrive -Name "DS001" -PSProvider MDTProvider -Root "E:\MDTBuildLab"
@@ -173,7 +175,9 @@ If you need to add many applications, you can take advantage of the PowerShell s
 
 In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2005SP1x86.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
+
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x86"
     $CommandLine = "vcredist_x86.exe /Q"
@@ -187,6 +191,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1
 In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2005SP1x64.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2005 SP1 - x64"
     $CommandLine = "vcredist_x64.exe /Q"
@@ -200,6 +205,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2005 SP1
 In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2008SP1x86.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x86"
     $CommandLine = "vcredist_x86.exe /Q"
@@ -213,6 +219,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1
 In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2008SP1x64.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2008 SP1 - x64"
     $CommandLine = "vcredist_x64.exe /Q"
@@ -226,6 +233,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2008 SP1
 In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2010SP1x86.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x86"
     $CommandLine = "vcredist_x86.exe /Q"
@@ -239,6 +247,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1
 In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2010SP1x64.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2010 SP1 - x64"
     $CommandLine = "vcredist_x64.exe /Q"
@@ -252,6 +261,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2010 SP1
 In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Update 4 x86. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2012Ux86.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x86"
     $CommandLine = "vcredist_x86.exe /Q"
@@ -265,6 +275,7 @@ In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Upda
 In these steps we assume that you have downloaded Microsoft Visual C++ 2012 Update 4 x64. You might need to modify the path to the source folder to reflect your current environment. In this example, the source path is set to E:\\Downloads\\VC++2012Ux64.
 1.  On MDT01, log on as **CONTOSO\\Administrator**.
 2.  Create the application by running the following commands in an elevated PowerShell prompt:
+
     ``` syntax
     $ApplicationName = "Install - Microsoft Visual C++ 2012 Update 4 - x64"
     $CommandLine = "vcredist_x64.exe /Q"
diff --git a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
index 5dbd28f0c8..4e7b504b13 100644
--- a/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@@ -4,7 +4,9 @@ description: Microsoft System Center 2012 R2 Configuration Manager supports depl
 ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
 keywords: deployment, task sequence, custom, customize
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
@@ -20,15 +22,13 @@ Microsoft System Center 2012 R2 Configuration Manager supports deploying applica
 
 For the purposes of this topic, we will use CM01, a machine running Windows Server 2012 R2 Standard that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
 
-**Note**  
-Even though the new application model is fully supported to deploy via the task sequence, the most reliable way to deploy software via the task sequence is still the legacy packages, especially if you deploy many applications.
-
- 
+>[!NOTE]  
+>Even though the new application model is fully supported to deploy via the task sequence, the most reliable way to deploy software via the task sequence is still the legacy packages, especially if you deploy many applications.
 
 ## Example: Create the Adobe Reader XI application
 
 
-The steps below show you how to create the Adobe Reader XI application. This section assumes that you have downloaded the MSI version of Adobe Reader XI to the C:\\Setup\\Adobe Reader XI folder on CM01.
+The following steps show you how to create the Adobe Reader XI application. This section assumes that you have downloaded the MSI version of Adobe Reader XI to the C:\\Setup\\Adobe Reader XI folder on CM01.
 
 1.  On CM01, using File Explorer, copy the **C:\\Setup\\Adobe Reader XI** folder to the **E:\\Sources\\Software\\Adobe** folder.
 
@@ -40,17 +40,17 @@ The steps below show you how to create the Adobe Reader XI application. This sec
 
 5.  In the Create Application Wizard, on the **General** page, use the following settings:
 
-    1.  Automatically detect information about this application from installation files
+    * Automatically detect information about this application from installation files
 
-    2.  Type: Windows Installer (\*.msi file)
+    * Type: Windows Installer (\*.msi file)
 
-    3.  Location: \\\\CM01\\Sources$\\Software\\Adobe\\Adobe Reader XI
+    * Location: \\\\CM01\\Sources$\\Software\\Adobe\\Adobe Reader XI
 
-    4.  \\AdbeRdr11000\_en\_US.msi
+    * \\AdbeRdr11000\_en\_US.msi
 
-    ![figure 19](images/mdt-06-fig20.png)
+    ![The Create Application Wizard](images/mdt-06-fig20.png "The Create Application Wizard")
 
-    Figure 19. The Create Application Wizard.
+    *Figure 19. The Create Application Wizard*
 
 6.  Click **Next**, and wait while Configuration Manager parses the MSI file.
 
@@ -58,14 +58,12 @@ The steps below show you how to create the Adobe Reader XI application. This sec
 
 8.  On the **General Information** page, name the application Adobe Reader XI - OSD Install, click **Next** twice, and then click **Close**.
 
-    **Note**  
-    Since it is not possible to reference an application deployment type in the task sequence, you should have a single deployment type for applications deployed by the task sequence. If you are deploying applications via both the task sequence and normal application deployment, and you have multiple deployment types, you should have two applications of the same software. In this section, you add the "OSD Install" suffix to applications that are deployed via the task sequence. If using packages, you can still reference both package and program in the task sequence.
-
-     
-
-    ![figure 20](images/mdt-06-fig21.png)
-
-    Figure 20. Add the "OSD Install" suffix to the application name.
+    >[!NOTE]
+    >Because it is not possible to reference an application deployment type in the task sequence, you should have a single deployment type for applications deployed by the task sequence. If you are deploying applications via both the task sequence and normal application deployment, and you have multiple deployment types, you should have two applications of the same software. In this section, you add the "OSD Install" suffix to applications that are deployed via the task sequence. If using packages, you can still reference both package and program in the task sequence.
+  
+    ![Add the OSD Install suffix to the application name](images/mdt-06-fig21.png "Add the OSD Install suffix to the application name")
+  
+    *Figure 20. Add the "OSD Install" suffix to the application name*
 
 9.  In the **Applications** node, select the Adobe Reader XI - OSD Install application, and click **Properties** on the ribbon bar.
 
diff --git a/windows/deploy/deploy-a-windows-10-image-using-mdt.md b/windows/deploy/deploy-a-windows-10-image-using-mdt.md
index 7f92cbc0d8..05f3667cb6 100644
--- a/windows/deploy/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deploy/deploy-a-windows-10-image-using-mdt.md
@@ -5,6 +5,7 @@ ms.assetid: 1d70a3d8-1b1d-4051-b656-c0393a93f83c
 keywords: deployment, automate, tools, configure
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -28,7 +29,7 @@ Figure 1. The machines used in this topic.
 
 ## <a href="" id="sec01"></a>Step 1: Configure Active Directory permissions
 
-These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](http://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01. The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
+These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01. The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
 1.  On DC01, using Active Directory User and Computers, browse to **contoso.com / Contoso / Service Accounts**.
 2.  Select the **Service Accounts** organizational unit (OU) and create the MDT\_JD account using the following settings:
     1.  Name: MDT\_JD
@@ -177,7 +178,7 @@ Or, you can use this command in a normal command prompt:
 wmic csproduct get name
 ```
 
-If you want a more standardized naming convention, try the ModelAliasExit.vbs script from the Deployment Guys blog post entitled [Using and Extending Model Aliases for Hardware Specific Application Installation](http://go.microsoft.com/fwlink/p/?LinkId=619536).
+If you want a more standardized naming convention, try the ModelAliasExit.vbs script from the Deployment Guys blog post entitled [Using and Extending Model Aliases for Hardware Specific Application Installation](https://go.microsoft.com/fwlink/p/?LinkId=619536).
 
 ![figure 4](images/fig4-oob-drivers.png)
 
@@ -217,7 +218,7 @@ In these steps, we assume you have downloaded PROWinx64.exe from Intel.com and s
 
 For the Lenovo T420 model, you use the Lenovo ThinkVantage Update Retriever software to download the drivers. With Update Retriever, you need to specify the correct Lenovo Machine Type for the actual hardware (the first four characters of the model name). As an example, the Lenovo T420 model has the 4178B9G model name, meaning the Machine Type is 4178.
 
-To get the updates, you download the drivers from the Lenovo ThinkVantage Update Retriever using its export function. You can download the drivers from the [Lenovo website](http://go.microsoft.com/fwlink/p/?LinkId=619543).
+To get the updates, you download the drivers from the Lenovo ThinkVantage Update Retriever using its export function. You can download the drivers from the [Lenovo website](https://go.microsoft.com/fwlink/p/?LinkId=619543).
 
 In these steps, we assume you have downloaded and extracted the drivers using ThinkVantage Update Retriever v5.0 to the E:\\Drivers\\Lenovo\\ThinkPad T420 (4178) folder.
 
@@ -227,7 +228,7 @@ In these steps, we assume you have downloaded and extracted the drivers using Th
 
 ### For the Latitude E6440
 
-For the Dell Latitude E6440 model, you use the Dell Driver CAB file, which is accessible via the [Dell TechCenter website](http://go.microsoft.com/fwlink/p/?LinkId=619544).
+For the Dell Latitude E6440 model, you use the Dell Driver CAB file, which is accessible via the [Dell TechCenter website](https://go.microsoft.com/fwlink/p/?LinkId=619544).
 
 In these steps, we assume you have downloaded and extracted the CAB file for the Latitude E6440 model to the E:\\Drivers\\Dell\\Latitude E6440 folder.
 
@@ -237,7 +238,7 @@ In these steps, we assume you have downloaded and extracted the CAB file for the
 
 ### For the HP EliteBook 8560w
 
-For the HP EliteBook 8560w, you use HP SoftPaq Download Manager to get the drivers. The HP SoftPaq Download Manager can be accessed on the [HP Support site](http://go.microsoft.com/fwlink/p/?LinkId=619545).
+For the HP EliteBook 8560w, you use HP SoftPaq Download Manager to get the drivers. The HP SoftPaq Download Manager can be accessed on the [HP Support site](https://go.microsoft.com/fwlink/p/?LinkId=619545).
 
 In these steps, we assume you have downloaded and extracted the drivers for the HP EliteBook 8650w model to the E:\\Drivers\\Windows 10 x64\\HP\\HP EliteBook 8560w folder.
 
@@ -304,6 +305,7 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh
     2.  CustomSettings.ini
 2.  Right-click the **MDT Production** deployment share and select **Properties**.
 3.  Select the **Rules** tab and modify using the following information:
+
     ``` syntax
     [Settings]
     Priority=Default
@@ -340,6 +342,7 @@ In this section, you will learn how to configure the MDT Build Lab deployment sh
     SkipFinalSummary=NO
     ```
 4.  Click **Edit Bootstrap.ini** and modify using the following information:
+
     ``` syntax
     [Settings]
     Priority=Default
@@ -630,7 +633,7 @@ Follow these steps to create a bootable USB stick from the offline media content
 
 ## <a href="" id="sec11"></a>Unified Extensible Firmware Interface (UEFI)-based deployments
 
-As referenced in [Windows 10 deployment tools](http://go.microsoft.com/fwlink/p/?LinkId=619546), Unified Extensible Firmware Interface (UEFI)-based deployments are becoming more common. In fact, when you create a generation 2 virtual machine in Hyper-V, you get a UEFI-based computer. During deployment, MDT automatically detects that you have an UEFI-based machine and creates the partitions UEFI requires. You do not need to update or change your task sequences in any way to accommodate UFEI.
+As referenced in [Windows 10 deployment tools](https://go.microsoft.com/fwlink/p/?LinkId=619546), Unified Extensible Firmware Interface (UEFI)-based deployments are becoming more common. In fact, when you create a generation 2 virtual machine in Hyper-V, you get a UEFI-based computer. During deployment, MDT automatically detects that you have an UEFI-based machine and creates the partitions UEFI requires. You do not need to update or change your task sequences in any way to accommodate UFEI.
 
 ![figure 14](images/mdt-07-fig16.png)
 
diff --git a/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
index 2bc874cf8b..1a6a52fffb 100644
--- a/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deploy/deploy-windows-10-using-pxe-and-configuration-manager.md
@@ -5,6 +5,7 @@ ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa
 keywords: deployment, image, UEFI, task sequence
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
index e3e558c24b..37ca1c3630 100644
--- a/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
+++ b/windows/deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md
@@ -4,6 +4,7 @@ description: If you have Microsoft System Center 2012 R2 Configuration Manager
 ms.assetid: eacd7b7b-dde0-423d-97cd-29bde9e8b363
 keywords: deployment, custom, boot
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
@@ -81,7 +82,7 @@ Operating system deployment with Configuration Manager is part of the normal sof
 ## See also
 
 
--   [Microsoft Deployment Toolkit downloads and resources](http://go.microsoft.com/fwlink/p/?LinkId=618117)
+-   [Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117)
 
 -   [Windows deployment tools](windows-deployment-scenarios-and-tools.md)
 
@@ -93,7 +94,7 @@ Operating system deployment with Configuration Manager is part of the normal sof
 
 -   [Sideload Windows Store apps](http://technet.microsoft.com/library/dn613831.aspx)
 
--   [Windows ADK for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526803)
+-   [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803)
 
  
 
diff --git a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
index 93028930c5..4963952ab4 100644
--- a/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/deploy-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -5,7 +5,9 @@ ms.assetid: 837f009c-617e-4b3f-9028-2246067ee0fb
 keywords: deploy, tools, configure, script
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
+localizationpriority: high
 author: mtniehaus
 ms.pagetype: mdt
 ---
@@ -20,7 +22,7 @@ This guide will walk you through the process of deploying Windows 10 in an ente
 The Microsoft Deployment Toolkit is a unified collection of tools, processes, and guidance for automating desktop and server deployment. In addition to reducing deployment time and standardizing desktop and server images, MDT enables you to more easily manage security and ongoing configurations. MDT builds on top of the core deployment tools in the Windows Assessment and Deployment Kit (Windows ADK) with additional guidance and features designed to reduce the complexity and time required for deployment in an enterprise environment.
 MDT 2013 Update 2 supports the deployment of Windows 10, as well as Windows 7, Windows 8, Windows 8.1, and Windows Server 2012 R2. It also includes support for zero-touch installation (ZTI) with Microsoft System Center 2012 R2 Configuration Manager.
 
-To download the latest version of MDT, visit the [MDT resource page](http://go.microsoft.com/fwlink/p/?LinkId=618117).
+To download the latest version of MDT, visit the [MDT resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117).
 
 ## In this section
 
@@ -71,13 +73,13 @@ Figure 2. The organizational unit (OU) structure used in this guide.
 ## Sample files
 
 The information in this guide is designed to help you deploy Windows 10. In order to help you put the information you learn into practice more quickly, we recommend that you download a small set of sample files for the fictitious Contoso Corporation:
--   [Gather.ps1](http://go.microsoft.com/fwlink/p/?LinkId=619361). This sample Windows PowerShell script performs the MDT Gather process in a simulated MDT environment. This allows you to test the MDT gather process and check to see if it is working correctly without performing a full Windows deployment.
--   [Set-OUPermissions.ps1](http://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU.
--   [MDTSample.zip](http://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT.
+-   [Gather.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619361). This sample Windows PowerShell script performs the MDT Gather process in a simulated MDT environment. This allows you to test the MDT gather process and check to see if it is working correctly without performing a full Windows deployment.
+-   [Set-OUPermissions.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU.
+-   [MDTSample.zip](https://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT.
 
 ## Related topics
 
-[Microsoft Deployment Toolkit downloads and resources](http://go.microsoft.com/fwlink/p/?LinkId=618117)
+[Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117)
 
 [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
 
diff --git a/windows/deploy/deploy-windows-to-go.md b/windows/deploy/deploy-windows-to-go.md
index b4e13c5b8c..4b8717343e 100644
--- a/windows/deploy/deploy-windows-to-go.md
+++ b/windows/deploy/deploy-windows-to-go.md
@@ -19,156 +19,139 @@ author: mtniehaus
 
 This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](../plan/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](../plan/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment.
 
-**Note**  
-This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see [Using Cmdlets](http://go.microsoft.com/fwlink/p/?linkid=230693).
-
- 
+>[!NOTE]
+>This topic includes sample Windows PowerShell cmdlets that you can use to automate some of the procedures described. For more information, see [Using Cmdlets](http://go.microsoft.com/fwlink/p/?linkid=230693).
 
 ## Deployment tips
 
-
 The following is a list of items that you should be aware of before you start the deployment process:
 
--   Only use recommended USB drives for Windows To Go. Use of other drives is not supported. Check the list at [Windows To Go: feature overview](../plan/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
+* Only use recommended USB drives for Windows To Go. Use of other drives is not supported. Check the list at [Windows To Go: feature overview](../plan/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
 
--   After you provision a new workspace, always eject a Windows To Go drive using the **Safely Remove Hardware and Eject Media** control that can be found in the notification area or in Windows Explorer. Removing the drive from the USB port without ejecting it first can cause the drive to become corrupted.
+* After you provision a new workspace, always eject a Windows To Go drive using the **Safely Remove Hardware and Eject Media** control that can be found in the notification area or in Windows Explorer. Removing the drive from the USB port without ejecting it first can cause the drive to become corrupted.
 
--   When running a Windows To Go workspace, always shutdown the workspace before unplugging the drive.
+* When running a Windows To Go workspace, always shutdown the workspace before unplugging the drive.
 
--   System Center 2012 Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](http://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=619148).
+-   System Center 2012 Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. You can download Configuration Manager for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkId=618746). For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=619148).
 
--   If you are planning on using a USB drive duplicator to duplicate Windows To Go drives, do not configure offline domain join or BitLocker on the drive.
+* If you are planning on using a USB drive duplicator to duplicate Windows To Go drives, do not configure offline domain join or BitLocker on the drive.
 
 ## Basic deployment steps
 
-
 Unless you are using a customized operating system image, your initial Windows To Go workspace will not be domain joined and will not contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The following steps are used in both small-scale and large-scale Windows To Go deployment scenarios.
 
-Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For additional information, see [Windows Deployment Options](http://go.microsoft.com/fwlink/p/?LinkId=619149).
+Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For additional information, see [Windows Deployment Options](https://go.microsoft.com/fwlink/p/?LinkId=619149).
 
-**Warning**  
-If you are planning to use the generic Windows To Go drive as the master drive in a USB duplicator, the drive should not be booted. If the drive has been booted inadvertently it should be reprovisioned prior to duplication.
-
- 
+>[!WARNING]
+>If you plan to use the generic Windows To Go drive as the master drive in a USB duplicator, the drive should not be booted. If the drive has been booted inadvertently it should be reprovisioned prior to duplication.
 
 ### Create the Windows To Go workspace
 
-In this step we are creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](http://go.microsoft.com/fwlink/p/?LinkId=619174) using a combination of Windows PowerShell and command-line tools.
+In this step we are creating the operating system image that will be used on the Windows To Go drives. You can use the Windows To Go Creator Wizard or you can [do this manually](https://go.microsoft.com/fwlink/p/?LinkId=619174) using a combination of Windows PowerShell and command-line tools.
 
-**Warning**  
-The preferred method for creating a single Windows To Go drive is to use the Windows To Go Creator Wizard included in Windows 10 Enterprise and Windows 10 Education.
+>[!WARNING]  
+>The preferred method to create a single Windows To Go drive is to use the Windows To Go Creator Wizard included in Windows 10 Enterprise and Windows 10 Education.
 
- 
+#### To create a Windows To Go workspace with the Windows To Go Creator Wizard
 
-**To create a Windows To Go workspace with the Windows To Go Creator Wizard**
+1. Sign into your Windows PC using an account with Administrator privileges.
 
-1.  Sign into your Windows PC using an account with Administrator privileges.
+2. Insert the USB drive that you want to use as your Windows To Go drive into your PC.
 
-2.  Insert the USB drive that you want to use as your Windows To Go drive into your PC.
+3. Verify that the .wim file location (which can be a network share, a DVD , or a USB drive) is accessible and that it contains a valid Windows 10 Enterprise or Windows 10 Education image that has been generalized using sysprep. Many environments can use the same image for both Windows To Go and desktop deployments.
 
-3.  Verify that the .wim file location (which can be a network share, a DVD , or a USB drive) is accessible and that it contains a valid Windows 10 Enterprise or Windows 10 Education image that has been generalized using sysprep. Many environments can use the same image for both Windows To Go and desktop deployments.
+    >[!NOTE]  
+    >For more information about .wim files, see [Windows System Image Manager (Windows SIM) Technical Reference](http://go.microsoft.com/fwlink/p/?LinkId=619150). For more information about using sysprep, see [Sysprep Overview](http://go.microsoft.com/fwlink/p/?LinkId=619151).
 
-    **Note**  
-    For more information about .wim files, see [Windows System Image Manager (Windows SIM) Technical Reference](http://go.microsoft.com/fwlink/p/?LinkId=619150). For more information about using sysprep, see [Sysprep Overview](http://go.microsoft.com/fwlink/p/?LinkId=619151).
+4. Using Cortana, search for **Windows To Go** and then press **Enter**. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. The **Windows To Go Creator Wizard** opens.
 
-     
+5. On the **Choose the drive you want to use** page select the drive that represents the USB drive you inserted previously, then click **Next.**
 
-4.  Using Cortana, search for **Windows To Go** and then press **Enter**. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. The **Windows To Go Creator Wizard** opens.
+6. On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**.
 
-5.  On the **Choose the drive you want to use** page select the drive that represents the USB drive you inserted previously, then click **Next.**
+7.  (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you do not wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](https://go.microsoft.com/fwlink/p/?LinkId=619152) for instructions.
+r
 
-6.  On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**.
-
-7.  (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you do not wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](http://go.microsoft.com/fwlink/p/?LinkId=619152) for instructions.
-
-    **Warning**  
-    If you are planning to use a USB-Duplicator to create multiple Windows To Go drives, do not enable BitLocker. Drives protected with BitLocker should not be duplicated.
-
-     
+    >[!WARNING]  
+    >If you plan to use a USB-Duplicator to create multiple Windows To Go drives, do not enable BitLocker. Drives protected with BitLocker should not be duplicated.
 
     If you choose to encrypt the Windows To Go drive now:
 
-    -   Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware does not support non-ASCII characters.
+    - Type a password that is at least eight characters long and conforms to your organizations password complexity policy. This password will be provided before the operating system is started so any characters you use must be able to be interpreted by the firmware. Some firmware does not support non-ASCII characters.
 
-    -   Retype the password, and then click Next.
 
-        **Important**  
-        The BitLocker recovery password will be saved in the documents library of the computer used to create the workspace automatically. If your organization is using Active Directory Domain Services (AD DS) to store recovery passwords it will also be saved in AD DS under the computer account of the computer used to create the workspace. This password will be used only if you need to recover access to the drive because the BitLocker password specified in the previous step is not available, such as if a password is lost or forgotten. For more information about BitLocker and AD DS, see [Active Directory Domain Services considerations](http://go.microsoft.com/fwlink/p/?LinkId=619157).
+        >[!IMPORTANT]  
+        >The BitLocker recovery password will be saved in the documents library of the computer used to create the workspace automatically. If your organization is using Active Directory Domain Services (AD DS) to store recovery passwords it will also be saved in AD DS under the computer account of the computer used to create the workspace. This password will be used only if you need to recover access to the drive because the BitLocker password specified in the previous step is not available, such as if a password is lost or forgotten. For more information about BitLocker and AD DS, see [Active Directory Domain Services considerations](https://go.microsoft.com/fwlink/p/?LinkId=619157).    
 
-         
+8. Verify that the USB drive inserted is the one you want to provision for Windows To Go and then click **Create** to start the Windows To Go workspace creation process.
 
-8.  Verify that the USB drive inserted is the one you want to provision for Windows To Go and then click **Create** to start the Windows To Go workspace creation process.
+    >[!WARNING]  
+    >The USB drive identified will be reformatted as part of the Windows To Go provisioning process and any data on the drive will be erased.  
 
-    **Warning**  
-    The USB drive identified will be reformatted as part of the Windows To Go provisioning process and any data on the drive will be erased.
+9. Wait for the creation process to complete, which can take 20 to 30 minutes. A completion page will be displayed that tells you when your Windows To Go workspace is ready to use. From the completion page you can configure the Windows To Go startup options to configure the current computer as a Windows To Go host computer.
 
-     
+Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](https://go.microsoft.com/fwlink/p/?LinkId=619159) using the Windows To Go startup options and boot your Windows To Go drive.
 
-9.  Wait for the creation process to complete, which can take 20 to 30 minutes. A completion page will be displayed that tells you when your Windows To Go workspace is ready to use. From the completion page you can configure the Windows To Go startup options to configure the current computer as a Windows To Go host computer.
-
-Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](http://go.microsoft.com/fwlink/p/?LinkId=619159) using the Windows To Go startup options and boot your Windows To Go drive.
-
-**Windows PowerShell equivalent commands**
+#### Windows PowerShell equivalent commands
 
 The following Windows PowerShell cmdlet or cmdlets perform the same function as the preceding procedure. Enter each cmdlet on a single line, even though they may appear word-wrapped across several lines here because of formatting constraints. This procedure can only be used on PCs that are running Windows 10. Before starting, ensure that only the USB drive that you want to provision as a Windows To Go drive is connected to the PC.
 
-1.  Using Cortana, search for **powershell**, right-click **Windows PowerShell**, and then select **Run as administrator**.
+1. Using Cortana, search for **powershell**, right-click **Windows PowerShell**, and then select **Run as administrator**.
 
-2.  In the Windows PowerShell session type the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
+2. In the Windows PowerShell session type the following commands to partition a master boot record (MBR) disk for use with a FAT32 system partition and an NTFS-formatted operating system partition. This disk layout can support computers that use either UEFI or BIOS firmware:
 
     ``` syntax
-# The following command will set $Disk to all USB drives with >20 GB of storage
+   # The following command will set $Disk to all USB drives with >20 GB of storage
 
     $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
 
-#Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
-# 
-# To skip the confirmation prompt, append –confirm:$False
+   #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
+   # 
+   # To skip the confirmation prompt, append –confirm:$False
     Clear-Disk –InputObject $Disk[0] -RemoveData 
 
-# This command initializes a new MBR disk 
+   # This command initializes a new MBR disk 
     Initialize-Disk –InputObject $Disk[0] -PartitionStyle MBR
 
-# This command creates a 350 MB system partition
+   # This command creates a 350 MB system partition
     $SystemPartition = New-Partition –InputObject $Disk[0] -Size (350MB) -IsActive 
 
-# This formats the volume with a FAT32 Filesystem
-# To skip the confirmation dialog, append –Confirm:$False
+   # This formats the volume with a FAT32 Filesystem
+   # To skip the confirmation dialog, append –Confirm:$False
     Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
     -Partition $SystemPartition
 
-# This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
+   # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
     $OSPartition = New-Partition –InputObject $Disk[0] -UseMaximumSize
     Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
     -Partition $OSPartition
 
-# This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
+   # This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
     Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
     Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
 
-# This command sets the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
+   # This command sets the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
     Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
     ```
 
-3.  Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](http://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
-
-    **Tip**  
-    The index number must be set correctly to a valid Enterprise image in the .WIM file.
-
-     
+3. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](https://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
 
+    >[!TIP]  
+    >The index number must be set correctly to a valid Enterprise image in the .WIM file.
+    
     ``` syntax
-#The WIM file must contain a sysprep generalized image.
+    #The WIM file must contain a sysprep generalized image.
     dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\ 
     ```
 
-4.  Now use the [bcdboot](http://go.microsoft.com/fwlink/p/?LinkId=619163) command line tool to move the necessary boot components to the system partition on the disk. This helps ensure that the boot components, operating system versions, and architectures match. The `/f ALL` parameter indicates that boot components for UEFI and BIOS should be placed on the system partition of the disk. The following example illustrates this step:
+4.  Now use the [bcdboot](https://go.microsoft.com/fwlink/p/?LinkId=619163) command line tool to move the necessary boot components to the system partition on the disk. This helps ensure that the boot components, operating system versions, and architectures match. The `/f ALL` parameter indicates that boot components for UEFI and BIOS should be placed on the system partition of the disk. The following example illustrates this step:
+
 
     ``` syntax
     W:\Windows\System32\bcdboot W:\Windows /f ALL /s S:
     ```
 
-5.  Apply SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. This is done by creating and saving a **san\_policy.xml** file on the disk. The following example illustrates this step:
+5. Apply SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. This is done by creating and saving a **san\_policy.xml** file on the disk. The following example illustrates this step:
 
     ``` syntax
     <?xml version='1.0' encoding='utf-8' standalone='yes'?>
@@ -200,13 +183,13 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
     </unattend>
     ```
 
-6.  Place the **san\_policy.xml** file created in the previous step into the root directory of the Windows partition on the Windows To Go drive (W: from the previous examples) and run the following command:
+6. Place the **san\_policy.xml** file created in the previous step into the root directory of the Windows partition on the Windows To Go drive (W: from the previous examples) and run the following command:
 
     ``` syntax
     Dism.exe /Image:W:\ /Apply-Unattend:W:\san_policy.xml
     ```
 
-7.  Create an answer file (unattend.xml) that disables the use of Windows Recovery Environment with Windows To Go. You can use the following code sample to create a new answer file or you can paste it into an existing answer file:
+7. Create an answer file (unattend.xml) that disables the use of Windows Recovery Environment with Windows To Go. You can use the following code sample to create a new answer file or you can paste it into an existing answer file:
 
     ``` syntax
     <?xml version="1.0" encoding="utf-8"?>
@@ -232,38 +215,38 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
     </unattend>
     ```
 
-    Once the answer file has been saved, copy unattend.xml into the sysprep folder on the Windows To Go drive (for example, W:\\Windows\\System32\\sysprep\)
+    After the answer file has been saved, copy unattend.xml into the sysprep folder on the Windows To Go drive (for example, W:\\Windows\\System32\\sysprep\)
 
-    **Important**  
-    Setup unattend files are processed based on their location. Setup will place a temporary unattend file into the **%systemroot%\\panther** folder which is the first location that setup will check for installation information. You should make sure that folder does not contain a previous version of an unattend.xml file to ensure that the one you just created is used.
+    >[!IMPORTANT]  
+    >Setup unattend files are processed based on their location. Setup will place a temporary unattend file into the **%systemroot%\\panther** folder which is the first location that setup will check for installation information. You should make sure that folder does not contain a previous version of an unattend.xml file to ensure that the one you just created is used.
 
     If you do not wish to boot your Windows To Go device on this computer and want to remove it to boot it on another PC, be sure to use the **Safely Remove Hardware and Eject Media** option to safely disconnect the drive before physically removing it from the PC.
 
-     
 
-Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](http://go.microsoft.com/fwlink/p/?LinkId=619165) using the Windows To Go startup options to test your workspace configuration, [configure the workspace for offline domain join](http://go.microsoft.com/fwlink/p/?LinkId=619166), or [enable BitLocker protection for your Windows To Go drive](http://go.microsoft.com/fwlink/p/?LinkId=619167).
+Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](https://go.microsoft.com/fwlink/p/?LinkId=619165) using the Windows To Go startup options to test your workspace configuration, [configure the workspace for offline domain join](https://go.microsoft.com/fwlink/p/?LinkId=619166), or [enable BitLocker protection for your Windows To Go drive](https://go.microsoft.com/fwlink/p/?LinkId=619167).
+
 
 ### To prepare a host computer
 
 Computers running Windows 8 and later can be configured as host computers that use Windows To Go automatically whenever a Windows To Go workspace is available at startup. When the Windows To Go startup options are enabled on a host computer, Windows will divert startup to the Windows To Go drive whenever it is attached to the computer. This makes it easy to switch from using the host computer to using the Windows To Go workspace.
 
-**Tip**  
-If you will be using a PC running Windows 7 as your host computer, see [Tips for configuring your BIOS settings to work with Windows To Go](http://go.microsoft.com/fwlink/p/?LinkId=618951) for information to help you prepare the host computer.
+>[!TIP]  
+>If you will be using a PC running Windows 7 as your host computer, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) for information to help you prepare the host computer.
 
- 
 
 If you want to use the Windows To Go workspace, simply shut down the computer, plug in the Windows To Go drive, and turn on the computer. To use the host computer, shut down the Windows To Go workspace, unplug the Windows To Go drive, and turn on the computer.
 
 To set the Windows To Go Startup options for host computers running Windows 10:
 
-1.  Using Cortana, search for **Windows To Go startup options** and then press **Enter**.
+1. Using Cortana, search for **Windows To Go startup options** and then press **Enter**.
 
-2.  In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB
+2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB
 
 For host computers running Windows 8 or Windows 8.1:
 
-1.  Press **Windows logo key+W**, search for **Windows To Go startup options**, and then press **Enter**.
-2.  In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB.
+1. Press **Windows logo key+W**, search for **Windows To Go startup options**, and then press **Enter**.
+
+2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB.
 
 You can configure your organization's computers to automatically start from the USB drive by enabling the following Group Policy setting:
 
@@ -271,7 +254,7 @@ You can configure your organization's computers to automatically start from the
 
 After this policy setting is enabled, automatic starting of a Windows To Go workspace will be attempted when a USB drive is connected to the computer when it is started. Users will not be able to use the Windows To Go Startup Options to change this behavior. If you disable this policy setting, booting to Windows To Go when a USB drive is connected will not occur unless a user configures the option manually in the firmware. If you do not configure this policy setting, users who are members of the Administrators group can enable or disable booting from a USB drive using the Windows To Go Startup Options.
 
-Your host computer is now ready to boot directly into Windows To Go workspace when it is inserted prior to starting the computer. Optionally you can perform [Configure Windows To Go workspace for offline domain join](http://go.microsoft.com/fwlink/p/?LinkId=619169) and [Enable BitLocker protection for your Windows To Go drive](http://go.microsoft.com/fwlink/p/?LinkId=619152).
+Your host computer is now ready to boot directly into Windows To Go workspace when it is inserted prior to starting the computer. Optionally you can perform [Configure Windows To Go workspace for offline domain join](https://go.microsoft.com/fwlink/p/?LinkId=619169) and [Enable BitLocker protection for your Windows To Go drive](https://go.microsoft.com/fwlink/p/?LinkId=619152).
 
 ### Booting your Windows To Go workspace
 
@@ -302,80 +285,77 @@ Making sure that Windows To Go workspaces are effective when used off premises i
 
 -   A domain user account with rights to add computer accounts to the domain and is a member of the Administrator group on the Windows To Go host computer
 
--   [DirectAccess](http://go.microsoft.com/fwlink/p/?LinkId=619170) configured on the domain
+-   [DirectAccess](https://go.microsoft.com/fwlink/p/?LinkId=619170) configured on the domain
 
 **To configure your Windows To Go workspace for remote access**
 
-1.  Start the host computer and sign in using a user account with privileges to add workstations to the domain and then run the following command from an elevated command prompt replacing the example placeholder parameters (denoted by &lt;&gt;) with the ones applicable for your environment:
+1. Start the host computer and sign in using a user account with privileges to add workstations to the domain and then run the following command from an elevated command prompt replacing the example placeholder parameters (denoted by &lt;&gt;) with the ones applicable for your environment:
 
     ``` syntax
     djoin /provision /domain <exampledomain.com> /machine <examplewindowstogo_workspace_name> /certtemplate <WorkstationAuthentication_template> /policynames <DirectAccess Client Policy: {GUID}> /savefile <C:\example\path\domainmetadatafile> /reuse   
     ```
 
-    **Note**  
-    The /certtemplate parameter supports the use of certificate templates for distributing certificates for DirectAccess, if your organization is not using certificate templates you can omit this parameter. Additionally, if are using djoin.exe with Windows Server 2008-based Domain Controllers, append the /downlevel switch during provisioning. For more information see the [Offline Domain Join Step-by-Step guide](http://go.microsoft.com/fwlink/p/?LinkId=619171).
+    >[!NOTE]  
+    >The **/certtemplate** parameter supports the use of certificate templates for distributing certificates for DirectAccess, if your organization is not using certificate templates you can omit this parameter. Additionally, if are using djoin.exe with Windows Server 2008-based Domain Controllers, append the /downlevel switch during provisioning. For more information see the [Offline Domain Join Step-by-Step guide](https://go.microsoft.com/fwlink/p/?LinkId=619171).
 
-     
+2. Insert the Windows To Go drive.
 
-2.  Insert the Windows To Go drive.
+3. Launch an elevated Windows PowerShell prompt by right-clicking the Windows PowerShell shortcut in the taskbar, and then clicking **Run as Administrator**.
 
-3.  Launch an elevated Windows PowerShell prompt by right-clicking the Windows PowerShell shortcut in the taskbar, and then clicking **Run as Administrator**.
-
-4.  From the Windows PowerShell command prompt run:
+4. From the Windows PowerShell command prompt run:
 
     ``` syntax
-# The following command will set $Disk to all USB drives with >20 GB of storage
+   # The following command will set $Disk to all USB drives with >20 GB of storage
 
     $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
 
-#Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
-# 
-# To skip the confirmation prompt, append –confirm:$False
+   #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
+   # 
+   # To skip the confirmation prompt, append –confirm:$False
     Clear-Disk –InputObject $Disk[0] -RemoveData 
 
-# This command initializes a new MBR disk 
+   # This command initializes a new MBR disk 
     Initialize-Disk –InputObject $Disk[0] -PartitionStyle MBR
 
-# This command creates a 350 MB system partition
+   # This command creates a 350 MB system partition
     $SystemPartition = New-Partition –InputObject $Disk[0] -Size (350MB) -IsActive 
 
-# This formats the volume with a FAT32 Filesystem
-# To skip the confirmation dialog, append –Confirm:$False
+   # This formats the volume with a FAT32 Filesystem
+   # To skip the confirmation dialog, append –Confirm:$False
     Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
     -Partition $SystemPartition
 
-# This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
+   # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
     $OSPartition = New-Partition –InputObject $Disk[0] -UseMaximumSize
     Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
     -Partition $OSPartition
 
-# This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
+   # This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
     Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
     Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
 
-# This command toggles the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
+   # This command toggles the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
     Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
     ```
 
-5.  Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](http://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
+5. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](https://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
 
-    **Tip**  
-    The index number must be set correctly to a valid Enterprise image in the .WIM file.
-
-     
 
+    >[!TIP]  
+    >The index number must be set correctly to a valid Enterprise image in the .WIM file.
+    
     ``` syntax
-#The WIM file must contain a sysprep generalized image.
+    #The WIM file must contain a sysprep generalized image.
     dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\ 
     ```
 
-6.  Once those commands have completed, run the following command:
+6.  After those commands have completed, run the following command:
 
     ``` syntax
     djoin /requestodj /loadfile C:\example\path\domainmetadatafile /windowspath W:\Windows   
     ```
 
-7.  Next, we will need to edit the unattend.xml file to configure the first run (OOBE) settings. In this example we are hiding the Microsoft Software License Terms (EULA) page, configuring automatic updates to install important and recommended updates automatically, and identifying this workspace as part of a private office network. You can use other OOBE settings that you have configured for your organization if desired. For more information about the OOBE settings, see [OOBE](http://go.microsoft.com/fwlink/p/?LinkId=619172):
+7.  Next, we will need to edit the unattend.xml file to configure the first run (OOBE) settings. In this example we are hiding the Microsoft Software License Terms (EULA) page, configuring automatic updates to install important and recommended updates automatically, and identifying this workspace as part of a private office network. You can use other OOBE settings that you have configured for your organization if desired. For more information about the OOBE settings, see [OOBE](https://go.microsoft.com/fwlink/p/?LinkId=619172):
 
     ``` syntax
     <?xml version="1.0" encoding="utf-8"?>
@@ -415,14 +395,12 @@ Making sure that Windows To Go workspaces are effective when used off premises i
 
 9.  From a host computer, either on or off premises, start the computer and boot the Windows To Go workspace.
 
-    1.  If on premises using a host computer with a direct network connection, sign on using your domain credentials.
+    * If on premises using a host computer with a direct network connection, sign on using your domain credentials.
 
-    2.  If off premises, join a wired or wireless network with internet access and then sign on again using your domain credentials.
+    * If off premises, join a wired or wireless network with internet access and then sign on again using your domain credentials.
 
-    **Note**  
-    Depending on your DirectAccess configuration you might be asked to insert your smart card to logon to the domain.
-
-     
+    >[!NOTE]  
+    >Depending on your DirectAccess configuration you might be asked to insert your smart card to log on to the domain.
 
 You should now be able to access your organization’s network resources and work from your Windows To Go workspace as you would normally work from your standard desktop computer on premises.
 
@@ -430,13 +408,13 @@ You should now be able to access your organization’s network resources and wor
 
 Enabling BitLocker on your Windows To Go drive will help ensure that your data is protected from unauthorized use and that if your Windows To Go drive is lost or stolen it will not be easy for an unauthorized person to obtain confidential data or use the workspace to gain access to protected resources in your organization. When BitLocker is enabled, each time you boot your Windows To Go drive, you will be asked to provide the BitLocker password to unlock the drive. The following procedure provides the steps for enabling BitLocker on your Windows To Go drive:
 
-**Prerequisites for enabling BitLocker scenario**
+#### Prerequisites for enabling BitLocker scenario
 
--   A Windows To Go drive that can be successfully provisioned.
+* A Windows To Go drive that can be successfully provisioned.
 
--   A computer running Windows 8 configured as a Windows To Go host computer
+* A computer running Windows 8 configured as a Windows To Go host computer
 
--   Review the following Group Policy settings for BitLocker Drive Encryption and modify the configuration as necessary:
+* Review the following Group Policy settings for BitLocker Drive Encryption and modify the configuration as necessary:
 
     **\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Require additional authentication at startup**. This policy allows the use of a password key protector with an operating system drive; this policy must be enabled to configure BitLocker from within the Windows To Go workspace. This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). You must enable this setting and select the **Allow BitLocker without a compatible TPM** check box and then enable the **Configure use of passwords for operating system drives** setting.
 
@@ -448,9 +426,9 @@ You can choose to enable BitLocker protection on Windows To Go drives before dis
 
 Enabling BitLocker during provisioning ensures that your operating system image is always protected by BitLocker. When enabling BitLocker during the provisioning process you can significantly reduce the time required for encrypting the drive by enabling BitLocker after configuring the disk and just prior to applying the image. If you use this method, you will need to give users their BitLocker password when you give then their Windows To Go workspace. Also, you should instruct your users to boot their workspace and change their BitLocker password as soon as possible (this can be done with standard user privileges).
 
-Enabling BitLocker after distribution requires that your users turn on BitLocker. This means that your Windows To Go workspaces are unprotected until the user enables BitLocker. Administrative rights on the Windows To Go workspace are required to enable BitLocker. For more information about BitLocker see the [BitLocker Overview](http://go.microsoft.com/fwlink/p/?LinkId=619173).
+Enabling BitLocker after distribution requires that your users turn on BitLocker. This means that your Windows To Go workspaces are unprotected until the user enables BitLocker. Administrative rights on the Windows To Go workspace are required to enable BitLocker. For more information about BitLocker see the [BitLocker Overview](https://go.microsoft.com/fwlink/p/?LinkId=619173).
 
-**BitLocker recovery keys**
+#### BitLocker recovery keys
 
 BitLocker recovery keys are the keys that can be used to unlock a BitLocker protected drive if the standard unlock method fails. It is recommended that your BitLocker recovery keys be backed up to Active Directory Domain Services (AD DS). If you do not want to use AD DS to store recovery keys you can save recovery keys to a file or print them. How BitLocker recovery keys are managed differs depending on when BitLocker is enabled.
 
@@ -459,134 +437,122 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
 -   **Warning**  
     If BitLocker is enabled after distribution, the recovery key will be backed up to AD DS under the computer account of the workspace. If backing up recovery keys to AD DS is not used, they can be printed or saved to a file by the user. If the IT administrator wants a central record of recovery keys, a process by which the user provides the key to the IT department must be put in place.
 
-     
+#### To enable BitLocker during provisioning
 
-**To enable BitLocker during provisioning**
+1. Start the host computer that is running Windows 8.
 
-1.  Start the host computer that is running Windows 8.
+2. Insert your Windows To Go drive.
 
-2.  Insert your Windows To Go drive.
+3. Launch an elevated Windows PowerShell prompt by right-clicking the Windows PowerShell shortcut in the taskbar, and then clicking **Run as Administrator**.
 
-3.  Launch an elevated Windows PowerShell prompt by right-clicking the Windows PowerShell shortcut in the taskbar, and then clicking **Run as Administrator**.
+4. Provision the Windows To Go drive using the following cmdlets:
 
-4.  Provision the Windows To Go drive using the following cmdlets:
+    >[!NOTE]  
+    >If you used the [manual method for creating a workspace](https://go.microsoft.com/fwlink/p/?LinkId=619174) you should have already provisioned the Windows To Go drive. If so, you can continue on to the next step.
 
-    **Note**  
-    If you used the [manual method for creating a workspace](http://go.microsoft.com/fwlink/p/?LinkId=619174) you should have already provisioned the Windows To Go drive. If so, you can continue on to the next step.
-
-     
-
-    ``` syntax
-# The following command will set $Disk to all USB drives with >20 GB of storage
+   ``` syntax
+   # The following command will set $Disk to all USB drives with >20 GB of storage
 
     $Disk = Get-Disk | Where-Object {$_.Path -match "USBSTOR" -and $_.Size -gt 20Gb -and -not $_.IsBoot }
 
-#Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
-# 
-# To skip the confirmation prompt, append –confirm:$False
+   #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with ‘New-Partition…) Validate that this is the correct disk that you want to completely erase.
+   # 
+   # To skip the confirmation prompt, append –confirm:$False
     Clear-Disk –InputObject $Disk[0] -RemoveData 
 
-# This command initializes a new MBR disk 
+   # This command initializes a new MBR disk 
     Initialize-Disk –InputObject $Disk[0] -PartitionStyle MBR
 
-# This command creates a 350 MB system partition
+   # This command creates a 350 MB system partition
     $SystemPartition = New-Partition –InputObject $Disk[0] -Size (350MB) -IsActive 
 
-# This formats the volume with a FAT32 Filesystem
-# To skip the confirmation dialog, append –Confirm:$False
+   # This formats the volume with a FAT32 Filesystem
+   # To skip the confirmation dialog, append –Confirm:$False
     Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
     -Partition $SystemPartition
 
-# This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
+   # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
     $OSPartition = New-Partition –InputObject $Disk[0] -UseMaximumSize
     Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
     -Partition $OSPartition
 
-# This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
+   # This command assigns drive letters to the new drive, the drive letters chosen should not already be in use.
     Set-Partition -InputObject $SystemPartition -NewDriveLetter "S"
     Set-Partition -InputObject $OSPartition -NewDriveLetter "W"
 
-# This command toggles the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
+   # This command toggles the NODEFAULTDRIVELETTER flag on the partition which prevents drive letters being assigned to either partition when inserted into a different computer.
     Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
     ```
+    
+   Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](https://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
+   
+   >[!TIP]  
+   >The index number must be set correctly to a valid Enterprise image in the .WIM file.
+   
+   ``` syntax
+   #The WIM file must contain a sysprep generalized image.
+   dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\ 
+   ```
 
-    Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](http://go.microsoft.com/fwlink/p/?LinkId=619161) command-line tool (DISM):
+5. In the same PowerShell session use the following cmdlet to add a recovery key to the drive:
 
-    **Tip**  
-    The index number must be set correctly to a valid Enterprise image in the .WIM file.
+   ``` syntax
+   $BitlockerRecoveryProtector = Add-BitLockerKeyProtector W: -RecoveryPasswordProtector
+   ```
 
-     
+6. Next, use the following cmdlets to save the recovery key to a file:
 
-    ``` syntax
-#The WIM file must contain a sysprep generalized image.
-    dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\ 
-    ```
+   ``` syntax
+   #The BitLocker Recovery key is essential if for some reason you forget the BitLocker password
+   #This recovery key can also be backed up into Active Directory using manage-bde.exe or the
+   #PowerShell cmdlet Backup-BitLockerKeyProtector.
+   $RecoveryPassword = $BitlockerRecoveryProtector.KeyProtector.RecoveryPassword
+   $RecoveryPassword > WTG-Demo_Bitlocker_Recovery_Password.txt
+   ```
 
-5.  In the same PowerShell session use the following cmdlet to add a recovery key to the drive:
+7. Then, use the following cmdlets to add the password as a secure string. If you omit the password the cmdlet will prompt you for the password before continuing the operation:
 
-    ``` syntax
-    $BitlockerRecoveryProtector = Add-BitLockerKeyProtector W: -RecoveryPasswordProtector
-    ```
+   ``` syntax
+   # Create a variable to store the password
+   $spwd = ConvertTo-SecureString -String <password> -AsplainText –Force 
+   Enable-BitLocker W: -PasswordProtector $spwd 
+   ```
+   
+   >[!WARNING]  
+   >To have BitLocker only encrypt used space on the disk append the parameter `–UsedSpaceOnly` to the `Enable-BitLocker` cmdlet. As data is added to the drive BitLocker will encrypt additional space. Using this parameter will speed up the preparation process as a smaller percentage of the disk will require encryption. If you are in a time critical situation where you cannot wait for encryption to complete you can also safely remove the Windows To Go drive during the encryption process. The next time the drive is inserted in a computer it will request the BitLocker password. Once the password is supplied, the encryption process will continue. If you do this, make sure your users know that BitLocker encryption is still in process and that they will be able to use the workspace while the encryption completes in the background.
 
-6.  Next, use the following cmdlets to save the recovery key to a file:
+8. Copy the numerical recovery password and save it to a file in a safe location. The recovery password will be required if the password is lost or forgotten.
 
-    ``` syntax
-#The BitLocker Recovery key is essential if for some reason you forget the BitLocker password
-#This recovery key can also be backed up into Active Directory using manage-bde.exe or the
-#PowerShell cmdlet Backup-BitLockerKeyProtector.
-    $RecoveryPassword = $BitlockerRecoveryProtector.KeyProtector.RecoveryPassword
-    $RecoveryPassword > WTG-Demo_Bitlocker_Recovery_Password.txt
-    ```
+   >[!WARNING]  
+   >If the **Choose how BitLocker-protected removable data drives can be recovered** Group Policy setting has been configured to back up recovery information to Active Directory Domain Services, the recovery information for the drive will be stored under the account of the host computer used to apply the recovery key.
+   
+   If you want to have the recovery information stored under the account of the Windows To Go workspace you can turn BitLocker from within the Windows To Go workspace using the BitLocker Setup Wizard from the BitLocker Control Panel item as described in [To enable BitLocker after distribution](#enable-bitlocker). 
 
-7.  Then, use the following cmdlets to add the password as a secure string. If you omit the password the cmdlet will prompt you for the password before continuing the operation:
-
-    ``` syntax
-# Create a variable to store the password
-    $spwd = ConvertTo-SecureString -String <password> -AsplainText –Force 
-    Enable-BitLocker W: -PasswordProtector $spwd 
-    ```
-
-    **Warning**  
-    To have BitLocker only encrypt used space on the disk append the parameter `–UsedSpaceOnly` to the `Enable-BitLocker` cmdlet. As data is added to the drive BitLocker will encrypt additional space. Using this parameter will speed up the preparation process as a smaller percentage of the disk will require encryption. If you are in a time critical situation where you cannot wait for encryption to complete you can also safely remove the Windows To Go drive during the encryption process. The next time the drive is inserted in a computer it will request the BitLocker password. Once the password is supplied, the encryption process will continue. If you do this, make sure your users know that BitLocker encryption is still in process and that they will be able to use the workspace while the encryption completes in the background.
-
-     
-
-8.  Copy the numerical recovery password and save it to a file in a safe location. The recovery password will be required if the password is lost or forgotten.
-
-    **Warning**  
-    If the **Choose how BitLocker-protected removable data drives can be recovered** Group Policy setting has been configured to back up recovery information to Active Directory Domain Services, the recovery information for the drive will be stored under the account of the host computer used to apply the recovery key.
-
-    If you want to have the recovery information stored under the account of the Windows To Go workspace you can turn BitLocker from within the Windows To Go workspace using the BitLocker Setup Wizard from the BitLocker Control Panel item as described in [To enable BitLocker after distribution](#enable-bitlocker).
-
-     
-
-9.  Safely remove the Windows To Go drive.
+9. Safely remove the Windows To Go drive.
 
 The Windows To Go drives are now ready to be distributed to users and are protected by BitLocker. When you distribute the drives, make sure the users know the following:
 
--   Initial BitLocker password that they will need to boot the drives.
+* Initial BitLocker password that they will need to boot the drives.
 
--   Current encryption status.
+* Current encryption status.
 
--   Instructions to change the BitLocker password after the initial boot.
+* Instructions to change the BitLocker password after the initial boot.
 
--   Instructions for how to retrieve the recovery password if necessary. This may be a help desk process, an automated password retrieval site, or a person to contact.
+* Instructions for how to retrieve the recovery password if necessary. This may be a help desk process, an automated password retrieval site, or a person to contact.
 
 <a href="" id="enable-bitlocker"></a>
-**To enable BitLocker after distribution**
+#### To enable BitLocker after distribution
 
-1.  Insert your Windows To Go drive into your host computer (that is currently shut down) and then turn on the computer and boot into your Windows To Go workspace
+1. Insert your Windows To Go drive into your host computer (that is currently shut down) and then turn on the computer and boot into your Windows To Go workspace
 
-2.  Press **Windows logo key+W** to open **Search Settings**, type BitLocker and then select the item for BitLocker Drive Encryption.
+2. Press **Windows logo key+W** to open **Search Settings**, type BitLocker and then select the item for BitLocker Drive Encryption.
 
-3.  The drives on the workspace are displayed, click **Turn BitLocker On** for the C: drive. The **BitLocker Setup Wizard** appears.
+3. The drives on the workspace are displayed, click **Turn BitLocker On** for the C: drive. The **BitLocker Setup Wizard** appears.
 
-4.  Complete the steps in the **BitLocker Setup Wizard** selecting the password protection option.
+4. Complete the steps in the **BitLocker Setup Wizard** selecting the password protection option.
 
-**Note**  
-If you have not configured the Group Policy setting **\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Require additional authentication at startup** to specify **Allow BitLocker without a compatible TPM** you will not be able to enable BitLocker from within the Windows To Go workspace.
-
- 
+>[!NOTE]  
+>If you have not configured the Group Policy setting **\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Require additional authentication at startup** to specify **Allow BitLocker without a compatible TPM** you will not be able to enable BitLocker from within the Windows To Go workspace.
 
 ### Advanced deployment sample script
 
@@ -594,38 +560,36 @@ The following sample script supports the provisioning of multiple Windows To Go
 
 The sample script creates an unattend file that streamlines the deployment process so that the initial use of the Windows To Go drive does not prompt the end user for any additional configuration information before starting up.
 
-**Prerequisites for running the advanced deployment sample script**
+#### Prerequisites for running the advanced deployment sample script
 
--   To run this sample script you must open a Windows PowerShell session as an administrator from a domain-joined computer using an account that has permission to create domain accounts.
+* To run this sample script you must open a Windows PowerShell session as an administrator from a domain-joined computer using an account that has permission to create domain accounts.
 
--   Using offline domain join is required by this script, since the script does not create a local administrator user account. However, domain membership will automatically put “Domain admins” into the local administrators group. Review your domain policies. If you are using DirectAccess you will need to modify the djoin.exe command to include the `policynames` and potentially the `certtemplate` parameters.
+* Using offline domain join is required by this script, since the script does not create a local administrator user account. However, domain membership will automatically put “Domain admins” into the local administrators group. Review your domain policies. If you are using DirectAccess you will need to modify the djoin.exe command to include the `policynames` and potentially the `certtemplate` parameters.
 
--   The script needs to use drive letters, so you can only provision half as many drives as you have free drive letters.
+* The script needs to use drive letters, so you can only provision half as many drives as you have free drive letters.
 
-**To run the advanced deployment sample script**
+#### To run the advanced deployment sample script
 
-1.  Copy entire the code sample titled “Windows To Go multiple drive provisioning sample script” into a PowerShell script (.ps1) file.
+1. Copy entire the code sample titled “Windows To Go multiple drive provisioning sample script” into a PowerShell script (.ps1) file.
 
-2.  Make the modifications necessary for it to be appropriate to your deployment and save the file.
+2. Make the modifications necessary for it to be appropriate to your deployment and save the file.
 
-3.  Configure the PowerShell execution policy. By default PowerShell’s execution policy is set to Restricted; that means that scripts won’t run until you have explicitly given them permission to. To configure PowerShell’s execution policy to allow the script to run, use the following command from an elevated PowerShell prompt:
+3. Configure the PowerShell execution policy. By default PowerShell’s execution policy is set to Restricted; that means that scripts won’t run until you have explicitly given them permission to. To configure PowerShell’s execution policy to allow the script to run, use the following command from an elevated PowerShell prompt:
 
     ``` syntax
     Set-ExecutionPolicy RemoteSigned
     ```
 
-    The RemoteSigned execution policy will prevent unsigned scripts from the internet from running on the computer, but will allow locally created scripts to run. For more information on execution policies, see [Set-ExecutionPolicy](http://go.microsoft.com/fwlink/p/?LinkId=619175).
+    The RemoteSigned execution policy will prevent unsigned scripts from the internet from running on the computer, but will allow locally created scripts to run. For more information on execution policies, see [Set-ExecutionPolicy](https://go.microsoft.com/fwlink/p/?LinkId=619175).
 
-    **Tip**  
-    To get online help for any Windows PowerShell cmdlet, whether or not it is installed locally type the following cmdlet, replacing &lt;cmdlet-name&gt; with the name of the cmdlet you want to see the help for:
+    >[!TIP]  
+    >To get online help for any Windows PowerShell cmdlet, whether or not it is installed locally type the following cmdlet, replacing &lt;cmdlet-name&gt; with the name of the cmdlet you want to see the help for:
+    
+    >`Get-Help <cmdlet-name> -Online`
+    
+    >This command causes Windows PowerShell to open the online version of the help topic in your default Internet browser.
 
-    `Get-Help <cmdlet-name> -Online`
-
-    This command causes Windows PowerShell to open the online version of the help topic in your default Internet browser.
-
-     
-
-**Windows To Go multiple drive provisioning sample script**
+#### Windows To Go multiple drive provisioning sample script
 
 ``` syntax
 <#
@@ -998,7 +962,7 @@ write-output "" "Provisioning script complete."
 ## Considerations when using different USB keyboard layouts with Windows To Go
 
 
-Before provisioning your Windows To Go drive you need to consider if your workspace will boot on a computer with a non-English USB keyboard attached. As described in [KB article 927824](http://go.microsoft.com/fwlink/p/?LinkId=619176) there is a known issue where the plug and play ID causes the keyboard to be incorrectly identified as an English 101 key keyboard. To avoid this problem, you can modify the provisioning script to set the override keyboard parameters.
+Before provisioning your Windows To Go drive you need to consider if your workspace will boot on a computer with a non-English USB keyboard attached. As described in [KB article 927824](https://go.microsoft.com/fwlink/p/?LinkId=619176) there is a known issue where the plug and play ID causes the keyboard to be incorrectly identified as an English 101 key keyboard. To avoid this problem, you can modify the provisioning script to set the override keyboard parameters.
 
 In the PowerShell provisioning script, after the image has been applied, you can add the following commands that will correctly set the keyboard settings. The following example uses the Japanese keyboard layout:
 
@@ -1016,7 +980,7 @@ In the PowerShell provisioning script, after the image has been applied, you can
 
 [Windows To Go: feature overview](../plan/windows-to-go-overview.md)
 
-[Windows 10 forums](http://go.microsoft.com/fwlink/p/?LinkId=618949)
+[Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
 
 [Prepare your organization for Windows To Go](../plan/prepare-your-organization-for-windows-to-go.md)
 
@@ -1024,7 +988,7 @@ In the PowerShell provisioning script, after the image has been applied, you can
 
 [Security and data protection considerations for Windows To Go](../plan/security-and-data-protection-considerations-for-windows-to-go.md)
 
-[BitLocker overview](http://go.microsoft.com/fwlink/p/?LinkId=619173)
+[BitLocker overview](https://go.microsoft.com/fwlink/p/?LinkId=619173)
 
  
 
diff --git a/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
index 2ed9de7378..635e1c0291 100644
--- a/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deploy/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@@ -4,6 +4,7 @@ description: This topic walks you through the steps to finalize the configuratio
 ms.assetid: 38b55fa8-e717-4689-bd43-8348751d493e
 keywords: configure, deploy, upgrade
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
@@ -27,19 +28,19 @@ This section will walk you through the process of creating the E:\\MDTProduction
 
 1.  On CM01, using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**. Use the following settings for the New Deployment Share Wizard:
 
-    1.  Deployment share path: E:\\MDTProduction
+    * Deployment share path: E:\\MDTProduction
 
-    2.  Share name: MDTProduction$
+    * Share name: MDTProduction$
 
-    3.  Deployment share description: MDT Production
+    * Deployment share description: MDT Production
 
-    4.  Options: &lt;default settings&gt;
+    * Options: &lt;default settings&gt;
 
 2.  Right-click the **MDT Production** deployment share, and select **Properties**. In the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box, and click **OK**.
 
-![figure 26](images/mdt-06-fig31.png)
+    ![Enable MDT monitoring for Configuration Manager](images/mdt-06-fig31.png)
 
-Figure 26. Enabling MDT monitoring for Configuration Manager.
+    *Figure 26. Enable MDT monitoring for Configuration Manager*
 
 ## <a href="" id="sec02"></a>Create and share the Logs folder
 
@@ -81,14 +82,14 @@ This section will show you how to configure the rules (the Windows 10 x64 Settin
     ApplyGPOPack=NO
     ```
 
-    ![figure 27](images/fig30-settingspack.png)
+    ![Settings package during deployment](images/fig30-settingspack.png)
 
-    Figure 27. The Settings package, holding the rules and the Unattend.xml template used during deployment
+    *Figure 27. The Settings package, holding the rules and the Unattend.xml template used during deployment*
 
 3.  Update the distribution point for the **Windows 10 x64 Settings** package by right-clicking the **Windows 10 x64 Settings** package and selecting **Update Distribution Points**.
 
-**Note**  
-Although you have not yet added a distribution point, you still need to select Update Distribution Points. That process also updates the Configuration Manager 2012 content library with changes.
+  >[!NOTE]  
+  >Although you have not yet added a distribution point, you still need to select Update Distribution Points. That process also updates the Configuration Manager 2012 content library with changes.
 
  
 
@@ -114,13 +115,13 @@ This sections provides steps to help you create a deployment for the task sequen
 
 3.  On the **Deployment Settings** page, use the following settings and then click **Next**:
 
-    1.  Purpose: Available
+    * Purpose: Available
 
-    2.  Make available to the following: Only media and PXE
+    * Make available to the following: Only media and PXE
 
-    ![figure 28](images/mdt-06-fig33.png)
-
-    Figure 28. Configure the deployment settings.
+    ![Configure the deployment settings](images/mdt-06-fig33.png)
+    
+    *Figure 28. Configure the deployment settings*
 
 4.  On the **Scheduling** page, accept the default settings and click **Next**.
 
@@ -130,9 +131,9 @@ This sections provides steps to help you create a deployment for the task sequen
 
 7.  On the **Distribution Points** page, accept the default settings, click **Next** twice, and then click **Close**.
 
-![figure 29](images/fig32-deploywiz.png)
+   ![Task sequence deployed](images/fig32-deploywiz.png)
 
-Figure 29. The Windows 10 Enterprise x64 RTM task sequence deployed to the All Unknown Computers collections available for media and PXE.
+   *Figure 29. The Windows 10 Enterprise x64 RTM task sequence deployed to the All Unknown Computers collections available for media and PXE*
 
 ## <a href="" id="sec06"></a>Configure Configuration Manager to prompt for the computer name during deployment (optional)
 
@@ -145,20 +146,18 @@ This section provides steps to help you configure the All Unknown Computers coll
 
 2.  In the **Collection Variables** tab, create a new variable with the following settings:
 
-    1.  Name: OSDComputerName
+    * Name: OSDComputerName
 
-    2.  Clear the **Do not display this value in the Configuration Manager console** check box.
+    * Clear the **Do not display this value in the Configuration Manager console** check box.
 
 3.  Click **OK**.
 
-**Note**  
-Configuration Manager can prompt for information in many ways. Using a collection variable with an empty value is just one of them. Another option is the User-Driven Installation (UDI) wizard.
-
- 
-
-![figure 30](images/mdt-06-fig35.png)
-
-Figure 30. Configure a collection variable.
+   >[!NOTE]  
+   >Configuration Manager can prompt for information in many ways. Using a collection variable with an empty value is just one of them. Another option is the User-Driven Installation (UDI) wizard.
+   
+   ![Configure a collection variable](images/mdt-06-fig35.png)
+   
+   *Figure 30. Configure a collection variable*
 
 ## Related topics
 
diff --git a/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
index 85ad95c548..33998a9cbe 100644
--- a/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/get-started-with-the-microsoft-deployment-toolkit.md
@@ -5,6 +5,7 @@ ms.assetid: a256442c-be47-4bb9-a105-c831f58ce3ee
 keywords: deploy, image, feature, install, tools
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -34,7 +35,7 @@ Figure 1. The machines used in this topic.
 
 ## Related topics
 
-[Microsoft Deployment Toolkit downloads and documentation](http://go.microsoft.com/fwlink/p/?LinkId=618117)
+[Microsoft Deployment Toolkit downloads and documentation](https://go.microsoft.com/fwlink/p/?LinkId=618117)
 
 [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
 
diff --git a/windows/deploy/images/adk-install.png b/windows/deploy/images/adk-install.png
new file mode 100644
index 0000000000..c087d3bae5
Binary files /dev/null and b/windows/deploy/images/adk-install.png differ
diff --git a/windows/deploy/images/azureadjoined.png b/windows/deploy/images/azureadjoined.png
new file mode 100644
index 0000000000..e1babffb8d
Binary files /dev/null and b/windows/deploy/images/azureadjoined.png differ
diff --git a/windows/deploy/images/check_blu.png b/windows/deploy/images/check_blu.png
new file mode 100644
index 0000000000..d5c703760f
Binary files /dev/null and b/windows/deploy/images/check_blu.png differ
diff --git a/windows/deploy/images/convert.png b/windows/deploy/images/convert.png
new file mode 100644
index 0000000000..224e763bc0
Binary files /dev/null and b/windows/deploy/images/convert.png differ
diff --git a/windows/deploy/images/download_vhd.png b/windows/deploy/images/download_vhd.png
new file mode 100644
index 0000000000..248a512040
Binary files /dev/null and b/windows/deploy/images/download_vhd.png differ
diff --git a/windows/deploy/images/e3-activated.png b/windows/deploy/images/e3-activated.png
new file mode 100644
index 0000000000..7cca73443e
Binary files /dev/null and b/windows/deploy/images/e3-activated.png differ
diff --git a/windows/deploy/images/enterprise-e3-ad-connect.png b/windows/deploy/images/enterprise-e3-ad-connect.png
new file mode 100644
index 0000000000..195058f6f6
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-ad-connect.png differ
diff --git a/windows/deploy/images/enterprise-e3-choose-how.png b/windows/deploy/images/enterprise-e3-choose-how.png
new file mode 100644
index 0000000000..8e84535bfd
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-choose-how.png differ
diff --git a/windows/deploy/images/enterprise-e3-connect-to-work-or-school.png b/windows/deploy/images/enterprise-e3-connect-to-work-or-school.png
new file mode 100644
index 0000000000..90e1b1131f
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-connect-to-work-or-school.png differ
diff --git a/windows/deploy/images/enterprise-e3-lets-get-2.png b/windows/deploy/images/enterprise-e3-lets-get-2.png
new file mode 100644
index 0000000000..ef523d4af8
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-lets-get-2.png differ
diff --git a/windows/deploy/images/enterprise-e3-lets-get.png b/windows/deploy/images/enterprise-e3-lets-get.png
new file mode 100644
index 0000000000..582da1ab2d
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-lets-get.png differ
diff --git a/windows/deploy/images/enterprise-e3-set-up-work-or-school.png b/windows/deploy/images/enterprise-e3-set-up-work-or-school.png
new file mode 100644
index 0000000000..cebd87cff8
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-set-up-work-or-school.png differ
diff --git a/windows/deploy/images/enterprise-e3-sign-in.png b/windows/deploy/images/enterprise-e3-sign-in.png
new file mode 100644
index 0000000000..3029d3ef2b
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-sign-in.png differ
diff --git a/windows/deploy/images/enterprise-e3-who-owns.png b/windows/deploy/images/enterprise-e3-who-owns.png
new file mode 100644
index 0000000000..c3008869d2
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-who-owns.png differ
diff --git a/windows/deploy/images/enterprise-e3-win-10-activated-enterprise-subscription-active.png b/windows/deploy/images/enterprise-e3-win-10-activated-enterprise-subscription-active.png
new file mode 100644
index 0000000000..eb888b23b5
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-win-10-activated-enterprise-subscription-active.png differ
diff --git a/windows/deploy/images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png b/windows/deploy/images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png
new file mode 100644
index 0000000000..e4ac7398be
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png differ
diff --git a/windows/deploy/images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png b/windows/deploy/images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png
new file mode 100644
index 0000000000..5fedfe5d06
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png differ
diff --git a/windows/deploy/images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png b/windows/deploy/images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png
new file mode 100644
index 0000000000..84e39071db
Binary files /dev/null and b/windows/deploy/images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png differ
diff --git a/windows/deploy/images/installing-drivers.png b/windows/deploy/images/installing-drivers.png
new file mode 100644
index 0000000000..22d7808fad
Binary files /dev/null and b/windows/deploy/images/installing-drivers.png differ
diff --git a/windows/deploy/images/svr_mgr2.png b/windows/deploy/images/svr_mgr2.png
new file mode 100644
index 0000000000..dd2e6737c6
Binary files /dev/null and b/windows/deploy/images/svr_mgr2.png differ
diff --git a/windows/deploy/images/upgrade-analytics-apps-known-issues.png b/windows/deploy/images/upgrade-analytics-apps-known-issues.png
new file mode 100644
index 0000000000..ec99ac92cf
Binary files /dev/null and b/windows/deploy/images/upgrade-analytics-apps-known-issues.png differ
diff --git a/windows/deploy/images/upgrade-analytics-apps-no-known-issues.png b/windows/deploy/images/upgrade-analytics-apps-no-known-issues.png
new file mode 100644
index 0000000000..9fb09ffd65
Binary files /dev/null and b/windows/deploy/images/upgrade-analytics-apps-no-known-issues.png differ
diff --git a/windows/deploy/images/upgrade-analytics-architecture.png b/windows/deploy/images/upgrade-analytics-architecture.png
new file mode 100644
index 0000000000..93d3acba0b
Binary files /dev/null and b/windows/deploy/images/upgrade-analytics-architecture.png differ
diff --git a/windows/deploy/images/upgrade-analytics-deploy-eligible.png b/windows/deploy/images/upgrade-analytics-deploy-eligible.png
new file mode 100644
index 0000000000..8da91cebc4
Binary files /dev/null and b/windows/deploy/images/upgrade-analytics-deploy-eligible.png differ
diff --git a/windows/deploy/images/upgrade-analytics-drivers-known.png b/windows/deploy/images/upgrade-analytics-drivers-known.png
new file mode 100644
index 0000000000..35d61f87c7
Binary files /dev/null and b/windows/deploy/images/upgrade-analytics-drivers-known.png differ
diff --git a/windows/deploy/images/upgrade-analytics-overview.png b/windows/deploy/images/upgrade-analytics-overview.png
new file mode 100644
index 0000000000..ba02ee0a8c
Binary files /dev/null and b/windows/deploy/images/upgrade-analytics-overview.png differ
diff --git a/windows/deploy/images/upgrade-analytics-pilot.png b/windows/deploy/images/upgrade-analytics-pilot.png
new file mode 100644
index 0000000000..1c1de328ea
Binary files /dev/null and b/windows/deploy/images/upgrade-analytics-pilot.png differ
diff --git a/windows/deploy/images/upgrade-analytics-prioritize.png b/windows/deploy/images/upgrade-analytics-prioritize.png
new file mode 100644
index 0000000000..d6227694c1
Binary files /dev/null and b/windows/deploy/images/upgrade-analytics-prioritize.png differ
diff --git a/windows/deploy/images/upgrade-analytics-telemetry.png b/windows/deploy/images/upgrade-analytics-telemetry.png
new file mode 100644
index 0000000000..bf60935616
Binary files /dev/null and b/windows/deploy/images/upgrade-analytics-telemetry.png differ
diff --git a/windows/deploy/index.md b/windows/deploy/index.md
index f8687fd31a..504b8b4dc8 100644
--- a/windows/deploy/index.md
+++ b/windows/deploy/index.md
@@ -16,6 +16,7 @@ Learn about deploying Windows 10 for IT professionals.
 |Topic |Description |
 |------|------------|
 |[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) |To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. |
+|[Manage Windows upgrades with Upgrade Analytics](manage-windows-upgrades-with-upgrade-analytics.md) |With Upgrade Analytics, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | 
 |[Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT), and MDT 2013 Update 2 specifically. |
 |[Deploy Windows 10 with System Center 2012 R2 Configuration Manager](deploy-windows-10-with-system-center-2012-r2-configuration-manager.md) |If you have Microsoft System Center 2012 R2 Configuration Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or, more specifically, MDT 2013 Update 2. |
 |[Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md) |The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Deployment Toolkit (MDT) 2013 Update 2 task sequence to completely automate the process. |
diff --git a/windows/deploy/install-configure-vamt.md b/windows/deploy/install-configure-vamt.md
index 49b3f8ec44..eb904768ad 100644
--- a/windows/deploy/install-configure-vamt.md
+++ b/windows/deploy/install-configure-vamt.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Install and Configure VAMT
diff --git a/windows/deploy/install-kms-client-key-vamt.md b/windows/deploy/install-kms-client-key-vamt.md
index 9605053d6a..f1774ca7c8 100644
--- a/windows/deploy/install-kms-client-key-vamt.md
+++ b/windows/deploy/install-kms-client-key-vamt.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Install a KMS Client Key
diff --git a/windows/deploy/install-product-key-vamt.md b/windows/deploy/install-product-key-vamt.md
index 71817b7b80..eed5461a87 100644
--- a/windows/deploy/install-product-key-vamt.md
+++ b/windows/deploy/install-product-key-vamt.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Install a Product Key
@@ -30,7 +31,7 @@ You can use the Volume Activation Management Tool (VAMT) to install retail, Mult
 
     **Note**  
     Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct MAK or KMS Host key (CSVLK), see [How to Choose the Right 
-    Volume License Key for Windows](http://go.microsoft.com/fwlink/p/?linkid=238382).
+    Volume License Key for Windows](https://go.microsoft.com/fwlink/p/?linkid=238382).
 
 ## Related topics
 
diff --git a/windows/deploy/install-vamt.md b/windows/deploy/install-vamt.md
index 07a9a72b5b..e88d197a83 100644
--- a/windows/deploy/install-vamt.md
+++ b/windows/deploy/install-vamt.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Install VAMT
@@ -15,7 +16,7 @@ This topic describes how to install the Volume Activation Management Tool (VAMT)
 
 ## Install VAMT
 
-You can install VAMT as part of the [Windows Assessment and Deployment Kit (ADK)](http://go.microsoft.com/fwlink/p/?LinkId=526740) for Windows 10.
+You can install VAMT as part of the [Windows Assessment and Deployment Kit (ADK)](https://go.microsoft.com/fwlink/p/?LinkId=526740) for Windows 10.
 
 **Important**  
 VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products’ license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For Active Directory-Based Activation use, for best results we recommend running VAMT while logged on as a domain administrator. 
diff --git a/windows/deploy/integrate-configuration-manager-with-mdt-2013.md b/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
index 4a30f0f74c..149ba5e250 100644
--- a/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
+++ b/windows/deploy/integrate-configuration-manager-with-mdt-2013.md
@@ -5,6 +5,7 @@ ms.assetid: 3bd1cf92-81e5-48dc-b874-0f5d9472e5a5
 ms.pagetype: mdt
 keywords: deploy, image, customize, task sequence
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: mtniehaus
@@ -28,6 +29,7 @@ When MDT is integrated with Configuration Manager, the task sequence takes addit
 
 The task sequence uses instructions that allow you to reduce the number of task sequences in Configuration Manager and instead store settings outside the task sequence. Here are a few examples:
 -   The following settings instruct the task sequence to install the HP Hotkeys package, but only if the hardware is a HP EliteBook 8570w. Note that you don't have to add the package to the task sequence.
+
     ``` syntax
     [Settings] 
     Priority=Model
@@ -35,6 +37,7 @@ The task sequence uses instructions that allow you to reduce the number of task
     Packages001=PS100010:Install HP Hotkeys
     ```
 -   The following settings instruct the task sequence to put laptops and desktops in different organizational units (OUs) during deployment, assign different computer names, and finally have the task sequence install the Cisco VPN client, but only if the machine is a laptop.
+
     ``` syntax
     [Settings]
     Priority= ByLaptopType, ByDesktopType
diff --git a/windows/deploy/key-features-in-mdt-2013.md b/windows/deploy/key-features-in-mdt-2013.md
index 03f562ac8e..0264a106c0 100644
--- a/windows/deploy/key-features-in-mdt-2013.md
+++ b/windows/deploy/key-features-in-mdt-2013.md
@@ -5,6 +5,7 @@ ms.assetid: 858e384f-e9db-4a93-9a8b-101a503e4868
 keywords: deploy, feature, tools, upgrade, migrate, provisioning
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -50,7 +51,7 @@ MDT 2013 has many useful features, the most important of which are:
 -   **Support for Office 2013.** Provides added support for deploying Microsoft Office Professional Plus 2013.
 -   **Support for Modern UI app package provisioning.** Provisions applications based on the new Windows app package standard, which is used in Windows 8 and later.
 -   **Extensibility.** Provides the capability to extend MDT far beyond the built-in features by adding custom scripts, web services, System Center Orchestrator runbooks, PowerShell scripts, and VBScripts.
--   **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, refer to the [Microsoft Deployment Toolkit resource page](http://go.microsoft.com/fwlink/p/?LinkId=618117).
+-   **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, refer to the [Microsoft Deployment Toolkit resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117).
 
 ## Related topics
 
diff --git a/windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md b/windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md
new file mode 100644
index 0000000000..b75fb8989c
--- /dev/null
+++ b/windows/deploy/manage-windows-upgrades-with-upgrade-analytics.md
@@ -0,0 +1,57 @@
+---
+title: Manage Windows upgrades with Upgrade Analytics (Windows 10)
+description: Provides an overview of the process of managing Windows upgrades with Upgrade Analytics.
+ms.prod: w10
+author: MaggiePucciEvans
+---
+
+# Manage Windows upgrades with Upgrade Analytics
+
+Upgrading to new operating systems has traditionally been a challenging, complex, and slow process for many enterprises. Discovering applications and drivers and then testing them for potential compatibility issues have been among the biggest pain points.
+
+With the release of Upgrade Analytics, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released.  
+
+Microsoft developed Upgrade Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. 
+
+With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
+
+Use Upgrade Analytics to get:
+
+-   A visual workflow that guides you from pilot to production
+
+-   Detailed computer and application inventory
+
+-   Powerful computer level search and drill-downs
+
+-   Guidance and insights into application and driver compatibility issues, with suggested fixes
+
+-   Data driven application rationalization tools
+
+-   Application usage information, allowing targeted validation; workflow to track validation progress and decisions
+
+-   Data export to commonly used software deployment tools, including System Center Configuration Manager
+
+The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
+
+**Important**  For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
+
+- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
+
+- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+
+- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
+
+##**Related topics**
+
+[Upgrade Analytics architecture](upgrade-analytics-architecture.md)
+
+[Upgrade Analytics requirements](upgrade-analytics-requirements.md)
+
+[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
+
+[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
+
+[Use Upgrade Analytics to manage Windows upgrades](use-upgrade-analytics-to-manage-windows-upgrades.md)
+
+[Troubleshoot Upgrade Analytics](troubleshoot-upgrade-analytics.md)
+
diff --git a/windows/deploy/mdt-2013-lite-touch-components.md b/windows/deploy/mdt-2013-lite-touch-components.md
index 48f1a250ad..2234092338 100644
--- a/windows/deploy/mdt-2013-lite-touch-components.md
+++ b/windows/deploy/mdt-2013-lite-touch-components.md
@@ -5,6 +5,7 @@ ms.assetid: 7d6fc159-e338-439e-a2e6-1778d0da9089
 keywords: deploy, install, deployment, boot, log, monitor
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -33,7 +34,7 @@ The rules (CustomSettings.ini and Bootstrap.ini) make up the brain of MDT. The r
 -   Domain to join, and organizational unit (OU) in Active Directory to hold the computer object
 -   Whether to enable BitLocker
 -   Regional settings
-You can manage hundreds of settings in the rules. For more information, see the [Microsoft Deployment Toolkit resource center](http://go.microsoft.com/fwlink/p/?LinkId=618117).
+You can manage hundreds of settings in the rules. For more information, see the [Microsoft Deployment Toolkit resource center](https://go.microsoft.com/fwlink/p/?LinkId=618117).
 
 ![figure 5](images/mdt-05-fig05.png)
 
@@ -103,7 +104,7 @@ Selection profiles, which are available in the Advanced Configuration node, prov
 MDT uses many log files during operating system deployments. By default the logs are client side, but by configuring the deployment settings, you can have MDT store them on the server, as well.
 
 **Note**  
-The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [System Center 2012 R2 Configuration Manager Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=734717).
+The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717).
  
 ## <a href="" id="sec12"></a>Monitoring
 
diff --git a/windows/deploy/migrate-application-settings.md b/windows/deploy/migrate-application-settings.md
index 6a8ffdc612..bdcb63af32 100644
--- a/windows/deploy/migrate-application-settings.md
+++ b/windows/deploy/migrate-application-settings.md
@@ -63,7 +63,7 @@ Next, you should go through the user interface and make a list of all of the ava
 
 **How To Determine Where Each Setting is Stored**
 
-1.  Download a file and registry monitoring tool, such as the Regmon and Filemon tools, from the [Windows Sysinternals Web site](http://go.microsoft.com/fwlink/p/?linkid=36109).
+1.  Download a file and registry monitoring tool, such as the Regmon and Filemon tools, from the [Windows Sysinternals Web site](https://go.microsoft.com/fwlink/p/?linkid=36109).
 
 2.  Shut down as many applications as possible to limit the registry and file system activity on the computer.
 
diff --git a/windows/deploy/monitor-activation-client.md b/windows/deploy/monitor-activation-client.md
index 26c8257cc3..215c706ab1 100644
--- a/windows/deploy/monitor-activation-client.md
+++ b/windows/deploy/monitor-activation-client.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: greg-lindsay
+localizationpriority: medium
 ---
 
 # Monitor activation
@@ -23,7 +24,7 @@ author: greg-lindsay
 
 **Looking for retail activation?**
 
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 You can monitor the success of the activation process for a computer running Windows 8.1 in several ways. The most popular methods include:
 -   Using the Volume Licensing Service Center website to track use of MAK keys.
diff --git a/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md b/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
index 12aae5a28c..a2caee8ea8 100644
--- a/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deploy/monitor-windows-10-deployment-with-configuration-manager.md
@@ -5,6 +5,7 @@ ms.assetid: 4863c6aa-6369-4171-8e1a-b052ca195fce
 keywords: deploy, upgrade
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
@@ -24,32 +25,28 @@ To monitor an operating system deployment conducted through System Center 2012 R
 
 1.  On CM01, using the Deployment Workbench, expand **MDT Production**, and use the **Monitoring** node to view the deployment process (press **F5** to refresh).
 
-    **Note**  
-    It takes a little while for the task sequence to start reporting monitor information, so if PC0001 does not appear when you press F5 the first time, wait 20 seconds and try again.
+    >[!NOTE]
+    >It takes a little while for the task sequence to start reporting monitor information, so if PC0001 does not appear when you press F5 the first time, wait 20 seconds and try again.
 
-     
-
-    ![figure 33](images/mdt-06-fig39.png)
-
-    Figure 33. PC0001 being deployed by Configuration Manager.
+    ![PC0001 being deployed by Configuration Manager](images/mdt-06-fig39.png)
+    
+    *Figure 33. PC0001 being deployed by Configuration Manager*
 
 2.  When you see the PC0001 entry, double-click **PC0001**, and then click **DaRT Remote Control** and review the **Remote Control** option.
 
 3.  The task sequence will now run and do the following:
 
-    1.  Install the Windows 10 operating system.
+    * Install the Windows 10 operating system.
 
-    2.  Install the Configuration Manager client and the client hotfix.
+    * Install the Configuration Manager client and the client hotfix.
 
-    3.  Join the machine to the domain.
-
-    4.  Install the application added to the task sequence.
-
-    **Note**  
-    You also can use the built-in reports to get information about ongoing deployments. For example, a task sequence report gives you a quick overview of the task sequence progress.
-
-     
+    * Join the machine to the domain.
 
+    * Install the application added to the task sequence.
+    
+    >[!NOTE]
+    >You also can use the built-in reports to get information about ongoing deployments. For example, a task sequence report gives you a quick overview of the task sequence progress.
+  
 4.  If time permits, allow the deployment of PC0001 to complete. Then log in as Administrator in the CONTOSO domain and verify that Adobe Reader XI was installed.
 
 ## Related topics
diff --git a/windows/deploy/offline-migration-reference.md b/windows/deploy/offline-migration-reference.md
index f54d3b4c7b..c7c6c03af0 100644
--- a/windows/deploy/offline-migration-reference.md
+++ b/windows/deploy/offline-migration-reference.md
@@ -90,7 +90,7 @@ The following table defines the supported combination of online and offline oper
  
 
 **Note**  
-It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](http://go.microsoft.com/fwlink/p/?LinkId=190314).
+It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](https://go.microsoft.com/fwlink/p/?LinkId=190314).
 
  
 
diff --git a/windows/deploy/plan-for-volume-activation-client.md b/windows/deploy/plan-for-volume-activation-client.md
index d5ed360f3e..1a00e837a8 100644
--- a/windows/deploy/plan-for-volume-activation-client.md
+++ b/windows/deploy/plan-for-volume-activation-client.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: medium
 ---
 
 # Plan for volume activation
@@ -23,7 +24,7 @@ author: jdeckerMS
 
 **Looking for retail activation?**
 
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 *Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and has not been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation.
 
@@ -83,7 +84,7 @@ allows permanent activation of computers that are isolated from the KMS or are p
 To use a MAK, the computers to be activated must have a MAK installed. The MAK is used for one-time activation with the Microsoft online hosted activation services, by telephone, or by using VAMT proxy activation.
 In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can assist in tracking the number of activations that have been performed with each key and how many remain.
 
-Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](http://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases; however, you can increase the number of activations that are available with your MAK by calling Microsoft.
+Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases; however, you can increase the number of activations that are available with your MAK by calling Microsoft.
 
 ### Key Management Service
 
@@ -177,8 +178,8 @@ Now it’s time to assemble the pieces into a working solution. By evaluating yo
 ## Choosing and acquiring keys
 
 When you know which keys you need, you must obtain them. Generally speaking, volume licensing keys are collected in two ways:
--   Go to the **Product Keys** section of the [Volume Licensing Service Center](http://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License.
--   Contact your [Microsoft Activation Center](http://go.microsoft.com/fwlink/p/?LinkId=618264).
+-   Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License.
+-   Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264).
 
 ### KMS host keys
 
diff --git a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
index 8f2bbad1b9..637b6aaaca 100644
--- a/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
+++ b/windows/deploy/prepare-for-windows-deployment-with-mdt-2013.md
@@ -5,6 +5,7 @@ ms.assetid: 5103c418-0c61-414b-b93c-a8e8207d1226
 keywords: deploy, system requirements
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -36,7 +37,7 @@ MDT 2013 Update 2 requires the following components:
 
 ## <a href="" id="sec02"></a>Install Windows ADK for Windows 10
 
-These steps assume that you have the MDT01 member server installed and configured and that you have downloaded [Windows ADK for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526803) to the E:\\Downloads\\ADK folder.
+These steps assume that you have the MDT01 member server installed and configured and that you have downloaded [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803) to the E:\\Downloads\\ADK folder.
 1.  On MDT01, log on as Administrator in the CONTOSO domain using a password of **P@ssw0rd**.
 2.  Start the **ADK Setup** (E:\\Downloads\\ADK\\adksetup.exe), and on the first wizard page, click **Continue**.
 3.  On the **Select the features you want to change** page, select the features below and complete the wizard using the default settings:
@@ -46,7 +47,7 @@ These steps assume that you have the MDT01 member server installed and configure
 
 ## <a href="" id="sec03"></a>Install MDT 2013 Update 2
 
-These steps assume that you have downloaded [MDT 2013 Update 2](http://go.microsoft.com/fwlink/p/?LinkId=618117 ) to the E:\\Downloads\\MDT 2013 folder on MDT01.
+These steps assume that you have downloaded [MDT 2013 Update 2](https://go.microsoft.com/fwlink/p/?LinkId=618117 ) to the E:\\Downloads\\MDT 2013 folder on MDT01.
 
 1.  On MDT01, log on as Administrator in the CONTOSO domain using a password of **P@ssw0rd**.
 2.  Install **MDT** (E:\\Downloads\\MDT 2013\\MicrosoftDeploymentToolkit2013\_x64.msi) with the default settings.
@@ -103,7 +104,7 @@ Figure 7. The Sharing tab of the E:\\Logs folder after sharing it with PowerShel
 
 ## <a href="" id="sec07"></a>Use CMTrace to read log files (optional)
 
-The log files in MDT Lite Touch are formatted to be read by Configuration Manager Trace (CMTrace), which is available as part [of Microsoft System Center 2012 R2 Configuration Manager Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=734717). You can use Notepad, but CMTrace formatting makes the logs easier to read.
+The log files in MDT Lite Touch are formatted to be read by Configuration Manager Trace (CMTrace), which is available as part [of Microsoft System Center 2012 R2 Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717). You can use Notepad, but CMTrace formatting makes the logs easier to read.
 
 ![figure 8](images/mdt-05-fig09.png)
 
diff --git a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 88a8cac968..499573e6a0 100644
--- a/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deploy/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -4,7 +4,9 @@ description: This topic will walk you through the process of integrating Microso
 ms.assetid: 06e3a221-31ef-47a5-b4da-3b927cb50d08
 keywords: install, configure, deploy, deployment
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
@@ -75,7 +77,7 @@ Figure 6. The Configuration Manager service accounts used for operating system d
 ## <a href="" id="sec02"></a>Configure Active Directory permissions
 
 
-In order for the Configuration Manager Join Domain Account (CM\_JD) to join machines into the contoso.com domain you need to configure permissions in Active Directory. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](http://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01.
+In order for the Configuration Manager Join Domain Account (CM\_JD) to join machines into the contoso.com domain you need to configure permissions in Active Directory. These steps assume you have downloaded the sample [Set-OUPermissions.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619362) and copied it to C:\\Setup\\Scripts on DC01.
 
 1.  On DC01, log on as Administrator in the CONTOSO domain using the password **P@ssw0rd**.
 
diff --git a/windows/deploy/provision-pcs-for-initial-deployment.md b/windows/deploy/provision-pcs-for-initial-deployment.md
index 9183f2f9cd..fe8b805133 100644
--- a/windows/deploy/provision-pcs-for-initial-deployment.md
+++ b/windows/deploy/provision-pcs-for-initial-deployment.md
@@ -7,9 +7,10 @@ ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
 
-# Provision PCs with common settings for initial deployment
+# Provision PCs with common settings for initial deployment (simple provisioning)
 
 
 **Applies to**
@@ -43,13 +44,14 @@ In a simple provisioning package, you can configure:
 
 Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more. To learn about provisioning packages that include more than the settings in a simple provisioning package, see [Provision PCs with apps and certificates](provision-pcs-with-apps-and-certificates.md). 
 
-> **Tip!**  Use simple provisioning to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc.
+> [!TIP]
+> Use simple provisioning to create a package with the common settings, then switch to the advanced editor to add other settings, apps, policies, etc.
 
 ![open advanced editor](images/icd-simple-edit.png)
 
 ## Create the provisioning package
 
-Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK and select **Configuration Designer**.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
 
 1. Open Windows ICD (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).
 
@@ -63,7 +65,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 
 4. In the **Set up device** step, enter a unique 15-character name for the device. For help generating a unique name, you can use %SERIAL%, which includes a hardware-specific serial number, or you can use %RAND:x%, which generates random characters of x length.
 
-5. (Optional) You can upgrade the following editions of Windows 10 by providing a product key for the edition to upgrade to.
+5. (*Optional*) You can upgrade the following editions of Windows 10 by providing a product key for the edition to upgrade to.
     - Pro to Education
     - Pro to Enterprise
     - Enterprise to Education
@@ -74,7 +76,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 
 8. Click **Enroll into Active Directory**.
 
-9. Toggle **Yes** or **No** for Active Directory enrollment. If you select **Yes**, enter the credentials for an account with permissions to enroll the device. (Optional) Enter a user name and password to create a local administrator account.
+9. Toggle **Yes** or **No** for Active Directory enrollment. If you select **Yes**, enter the credentials for an account with permissions to enroll the device. (*Optional*) Enter a user name and password to create a local administrator account.
 
     > **Warning**: If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you will have to reimage the device and start over. As a best practice, we recommend:
       - Use a least-privileged domain account to join the device to the domain.
@@ -87,7 +89,8 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 
 12. Click **Create**.
 
-> **Important**  When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
+> [!IMPORTANT]
+> When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
 ## Apply package
 
@@ -95,7 +98,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 
     ![The first screen to set up a new PC](images/oobe.jpg)
 
-2. Insert the USB drive and press the Windows key five times. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
+2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
 
     ![Set up device?](images/setupmsg.jpg)
 
@@ -111,32 +114,14 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 
     ![Do you trust this package?](images/trust-package.png)
     
-6. Read and accept the Microsoft Software License Terms.  
 
-    ![Sign in](images/license-terms.png)
-    
-7. Select **Use Express settings**.
-
-    ![Get going fast](images/express-settings.png)
-
-8. If the PC doesn't use a volume license, you'll see the **Who owns this PC?** screen. Select **My work or school owns it** and tap **Next**.
-
-    ![Who owns this PC?](images/who-owns-pc.png)
-
-9. On the **Choose how you'll connect** screen, select **Join Azure AD** or **Join a domain** and tap **Next**.
-
-    ![Connect to Azure AD](images/connect-aad.png)
-
-10. Sign in with  your domain, Azure AD,  or Office 365 account and password. When you see the progress ring, you can remove the USB drive.
-
-    ![Sign in](images/sign-in-prov.png)
 
 ## Learn more
--   [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=629651)
+-   [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=629651)
 
--   Watch the video: [Provisioning Windows 10 Devices with New Tools](http://go.microsoft.com/fwlink/p/?LinkId=615921)
+-   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](http://go.microsoft.com/fwlink/p/?LinkId=615922)
+-   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
 
  
 
diff --git a/windows/deploy/provision-pcs-with-apps-and-certificates.md b/windows/deploy/provision-pcs-with-apps-and-certificates.md
index 5feeef0cf4..2a918f8202 100644
--- a/windows/deploy/provision-pcs-with-apps-and-certificates.md
+++ b/windows/deploy/provision-pcs-with-apps-and-certificates.md
@@ -7,14 +7,16 @@ ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
 
-# Provision PCs with apps and certificates for initial deployment
+# Provision PCs with apps and certificates for initial deployment (advanced provisioning)
 
 
 **Applies to**
 
--   Windows 10
+- Windows 10
+
 
 This topic explains how to create and apply a provisioning package that contains apps and certificates to a device running all desktop editions of Windows 10 except Windows 10 Home. Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more.
 
@@ -33,7 +35,7 @@ You can apply a provisioning package on a USB drive to off-the-shelf devices dur
 
 ## Create the provisioning package
 
-Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK and select **Configuration Designer**.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
 
 1. Open Windows ICD (by default, %windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe).
 
@@ -54,7 +56,8 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 
 3. Go to **Runtime settings** > **ProvisioningCommands** > **DeviceContext** > **CommandLine** and specify the command line that needs to be executed to install the app. This is a single command line (such as a script, executable, or msi) that triggers a silent install of your CommandFiles. Note that the install must execute silently (without displaying any UI). For MSI installers use, the `msiexec /quiet` option. 
 
-> **Note**: If you are installing more than one app, then use CommandLine to invoke the script or batch file that orchestrates installation of the files. For more information, see [Install a Win32 app using a provisioning package](https://msdn.microsoft.com/en-us/library/windows/hardware/mt703295%28v=vs.85%29.aspx). 
+> [!NOTE]
+> If you are installing more than one app, then use CommandLine to invoke the script or batch file that orchestrates installation of the files. For more information, see [Install a Win32 app using a provisioning package](https://msdn.microsoft.com/library/windows/hardware/mt703295%28v=vs.85%29.aspx). 
 
 
 ### Add a universal app to your package
@@ -73,13 +76,22 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
     ![required frameworks for offline app package](images/uwp-dependencies.png)
 
-5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. In Windows Store for Business, you generate the license for the app on the app's download page.
+5. For **DeviceContextAppLicense**, enter the **LicenseProductID**. 
 
-    ![generate license for offline app](images/uwp-license.png)
+    - In Windows Store for Business, generate the unencoded license for the app on the app's download page, and change the extension of the license file from **.xml** to **.ms-windows-store-license**.
+
+        ![generate license for offline app](images/uwp-license.png)
+        
+    - Open the license file and search for **LicenseID=** to get the GUID, enter the GUID in the **LicenseProductID** field and click **Add**.
+    
+6. In the **Available customizations** pane, click the **LicenseProductId** that you just added. 
+
+7. For **LicenseInstall**, click **Browse**, navigate to the license file that you renamed *<file name>*.**ms-windows-store-license**, and select the license file.
 
 [Learn more about distributing offline apps from the Windows Store for Business.](../manage/distribute-offline-apps.md)
 
-> **Note:** Removing a provisioning package will not remove any apps installed by device context in that provisioning package.
+> [!NOTE]
+> Removing a provisioning package will not remove any apps installed by device context in that provisioning package.
 
 
 
@@ -100,7 +112,7 @@ Universal apps that you can distribute in the provisioning package can be line-o
 
 ### Add other settings to your package 
 
-For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( http://go.microsoft.com/fwlink/p/?LinkId=619012).
+For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
 ### Build your package
 
@@ -115,8 +127,8 @@ For details about the settings you can customize in provisioning packages, see [
 
 10. Set a value for **Package Version**.
 
-    **Tip**  
-    You can make changes to existing packages and change the version number to update previously applied packages.
+    > [!TIP]  
+    > You can make changes to existing packages and change the version number to update previously applied packages.
 
 11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
 
@@ -160,13 +172,13 @@ If your build is successful, the name of the provisioning package, output direct
 
 ## Apply package
 
-**During initial setup, from a USB drive**
+### During initial setup, from a USB drive
 
 1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
 
     ![The first screen to set up a new PC](images/oobe.jpg)
 
-2. Insert the USB drive and press the Windows key five times. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
+2. Insert the USB drive. Windows Setup will recognize the drive and ask if you want to set up the device. Select **Set up**.
 
     ![Set up device?](images/setupmsg.jpg)
 
@@ -203,18 +215,18 @@ If your build is successful, the name of the provisioning package, output direct
     ![Sign in](images/sign-in-prov.png)
     
 
-**After setup, from a USB drive, network folder, or SharePoint site**
+### After setup, from a USB drive, network folder, or SharePoint site
 
 On a desktop computer, navigate to **Settings** &gt; **Accounts** &gt; **Work access** &gt; **Add or remove a management package** &gt; **Add a package**, and select the package to install. 
 
 ![add a package option](images/package.png)
 
 ## Learn more
--   [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=629651)
+-   [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=629651)
 
--   Watch the video: [Provisioning Windows 10 Devices with New Tools](http://go.microsoft.com/fwlink/p/?LinkId=615921)
+-   Watch the video: [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](http://go.microsoft.com/fwlink/p/?LinkId=615922)
+-   Watch the video: [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
  
 
 
diff --git a/windows/deploy/provisioning-packages.md b/windows/deploy/provisioning-packages.md
index 8d5d6141d3..47223a7427 100644
--- a/windows/deploy/provisioning-packages.md
+++ b/windows/deploy/provisioning-packages.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: mobile
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Provisioning packages for Windows 10
@@ -46,7 +47,8 @@ Windows ICD in Windows 10, Version 1607, supports the following scenarios for IT
     * Mobile Iron (password-string based enrollment) 
     * Other MDMs (cert-based enrollment) 
 
-> **Note:** Windows ICD in Windows 10, Version 1607, also provides a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](https://technet.microsoft.com/edu/windows/index).
+> [!NOTE]
+> Windows ICD in Windows 10, Version 1607, also provides a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](https://technet.microsoft.com/edu/windows/index).
 
 ## Benefits of provisioning packages
 
@@ -88,30 +90,33 @@ The following table provides some examples of what can be configured using provi
 \* Using a provisioning package for auto-enrollment to System Center Configuration Manager or Configuration Manager/Intune hybrid is not supported. Use the Configuration Manager console to enroll devices.
  
 
-For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( http://go.microsoft.com/fwlink/p/?LinkId=619012).
+For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
 ## Creating a provisioning package
 
 
-With Windows 10, you can use the Windows Imaging and Configuration Designer (ICD) tool to create provisioning packages. To install Windows ICD and create provisioning packages, you must [install the Windows Assessment and Deployment Kit (ADK) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526740).
+With Windows 10, you can use the Windows Imaging and Configuration Designer (ICD) tool to create provisioning packages. To install Windows ICD and create provisioning packages, you must [install the Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
 
-While running ADKsetup.exe for Windows 10, version 1607, select the following feature from the **Select the features you want to install** dialog box:
+When you run ADKsetup.exe for Windows 10, version 1607, select the following feature from the **Select the features you want to install** dialog box:
 
--   Configuration Designer
+-   **Configuration Designer**
 
-> **Note:** In previous versions of the Windows 10 ADK, you had to install additional features for Windows ICD to run. Starting in version 1607, you can install Windows ICD without other ADK features.
+![Choose Configuration Designer](images/adk-install.png)
 
-After you install Windows ICD, you can use it to create a provisioning package. For detailed instructions on how to create a provisioning package, see [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=629651).
+> [!NOTE]
+> In previous versions of the Windows 10 ADK, you had to install additional features for Windows ICD to run. Starting in version 1607, you can install Windows ICD without other ADK features.
+
+After you install Windows ICD, you can use it to create a provisioning package. For detailed instructions on how to create a provisioning package, see [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=629651).
 
 ## Applying a provisioning package to a device
 
 
-Provisioning packages can be applied both during image deployment and during runtime. For information on how to apply a provisioning package to a Windows 10-based device, see [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=629651).
+Provisioning packages can be applied both during image deployment and during runtime. For information on how to apply a provisioning package to a Windows 10-based device, see [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=629651).
 
 ## Learn more
 
 
-[Windows 10: Deployment](http://go.microsoft.com/fwlink/p/?LinkId=533708)
+[Windows 10: Deployment](https://go.microsoft.com/fwlink/p/?LinkId=533708)
 
 ## Related topics
 
@@ -122,7 +127,7 @@ Provisioning packages can be applied both during image deployment and during run
 - [Configure devices without MDM](../manage/configure-devices-without-mdm.md)
 - [Set up a device for anyone to use (kiosk mode)](../manage/set-up-a-device-for-anyone-to-use.md)
 - [Customize Windows 10 Start and taskbar with ICD and provisioning packages](../manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Set up student PCs to join domain](https://technet.microsoft.com/en-us/edu/windows/set-up-students-pcs-to-join-domain)
+- [Set up student PCs to join domain](https://technet.microsoft.com/edu/windows/set-up-students-pcs-to-join-domain)
 
 
 
diff --git a/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 68b0a74563..fe8e875c6b 100644
--- a/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -5,6 +5,7 @@ ms.assetid: 57c81667-1019-4711-b3de-15ae9c5387c7
 keywords: upgrade, install, installation, computer refresh
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md b/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
index f6ea4a2125..450e831b33 100644
--- a/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
+++ b/windows/deploy/refresh-a-windows-7-computer-with-windows-10.md
@@ -5,6 +5,7 @@ ms.assetid: 2866fb3c-4909-4c25-b083-6fc1f7869f6f
 keywords: reinstallation, customize, template, script, restore
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -57,15 +58,16 @@ In this section, you learn to migrate additional data using a custom template. Y
 1.  Back up the **C:\\Data** folder (including all files and folders).
 2.  Scan the local disk for PDF documents (\*.pdf files) and restore them into the **C:\\Data\\PDF Documents** folder on the destination machine.
 The custom USMT template is named MigContosoData.xml, and you can find it in the sample files for this documentation, which include:
--   [Gather script](http://go.microsoft.com/fwlink/p/?LinkId=619361)
--   [Set-OUPermissions](http://go.microsoft.com/fwlink/p/?LinkId=619362) script
--   [MDT Sample Web Service](http://go.microsoft.com/fwlink/p/?LinkId=619363)
+-   [Gather script](https://go.microsoft.com/fwlink/p/?LinkId=619361)
+-   [Set-OUPermissions](https://go.microsoft.com/fwlink/p/?LinkId=619362) script
+-   [MDT Sample Web Service](https://go.microsoft.com/fwlink/p/?LinkId=619363)
 
 ### Add the custom XML template
 
 In order to use the custom MigContosoData.xml USMT template, you need to copy it to the MDT Production deployment share and update the CustomSettings.ini file. In these steps, we assume you have downloaded the MigContosoData.xml file.
 1.  Using File Explorer, copy the MigContosoData.xml file to the **E:\\MDTProduction\\Tools\\x64\\USMT5** folder.
 2.  Using Notepad, edit the E:\\MDTProduction\\Control\\CustomSettings.ini file. After the USMTMigFiles002=MigUser.xml line add the following line:
+
     ``` syntax
     USMTMigFiles003=MigContosoData.xml
     ```
@@ -76,7 +78,7 @@ In order to use the custom MigContosoData.xml USMT template, you need to copy it
 After adding the additional USMT template and configuring the CustomSettings.ini file to use it, you are now ready to refresh a Windows 7 SP1 client to Windows 10. In these steps, we assume you have a Windows 7 SP1 client named PC0001 in your environment that is ready for a refresh to Windows 10.
 
 **Note**  
-MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property in the [MDT resource page](http://go.microsoft.com/fwlink/p/?LinkId=618117).
+MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property in the [MDT resource page](https://go.microsoft.com/fwlink/p/?LinkId=618117).
  
 ### Upgrade (refresh) a Windows 7 SP1 client
 
diff --git a/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index b9f521531f..5691f94681 100644
--- a/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deploy/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -5,6 +5,7 @@ ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36
 keywords: upgrade, install, installation, replace computer, setup
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
index a862edf501..9a3311910e 100644
--- a/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deploy/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -5,7 +5,9 @@ ms.assetid: acf091c9-f8f4-4131-9845-625691c09a2a
 keywords: deploy, deployment, replace
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
+localizationpriority: high
 ms.pagetype: mdt
 author: mtniehaus
 ---
diff --git a/windows/deploy/scenario-online-activation-vamt.md b/windows/deploy/scenario-online-activation-vamt.md
index 41dda833ac..a5c448c186 100644
--- a/windows/deploy/scenario-online-activation-vamt.md
+++ b/windows/deploy/scenario-online-activation-vamt.md
@@ -110,7 +110,7 @@ To collect the status from select computers in the database, you can select comp
     The same status appears under the **Status of Last Action** column in the product list view in the center pane.
     **Note**  
 
-    Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](http://go.microsoft.com/fwlink/p/?linkid=238382)
+    Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](https://go.microsoft.com/fwlink/p/?linkid=238382)
 
 ## <a href="" id="bkmk-partnine"></a>Step 9: Activate the client products
 
diff --git a/windows/deploy/scenario-proxy-activation-vamt.md b/windows/deploy/scenario-proxy-activation-vamt.md
index 2e475d02b4..8059e34cae 100644
--- a/windows/deploy/scenario-proxy-activation-vamt.md
+++ b/windows/deploy/scenario-proxy-activation-vamt.md
@@ -93,7 +93,7 @@ To collect the status from select computers in the database, you can select comp
     The same status appears under the **Status of Last Action** column in the product list view in the center pane.
 
     **Note**  
-    Product key installation will fail if VAMT finds mismatched key types or editions. VAMT displays the failure status and continues the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](http://go.microsoft.com/fwlink/p/?linkid=238382)
+    Product key installation will fail if VAMT finds mismatched key types or editions. VAMT displays the failure status and continues the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](https://go.microsoft.com/fwlink/p/?linkid=238382)
 
     **Note**  
     Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM.
diff --git a/windows/deploy/set-up-mdt-2013-for-bitlocker.md b/windows/deploy/set-up-mdt-2013-for-bitlocker.md
index 7a76f8cdf7..16b405ad57 100644
--- a/windows/deploy/set-up-mdt-2013-for-bitlocker.md
+++ b/windows/deploy/set-up-mdt-2013-for-bitlocker.md
@@ -5,6 +5,7 @@ description:
 keywords: disk, encryption, TPM, configure, secure, script
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -24,7 +25,7 @@ To configure your environment for BitLocker, you will need to do the following:
 4.  Configure the rules (CustomSettings.ini) for BitLocker.
 
 **Note**  
-Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For additional information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](http://go.microsoft.com/fwlink/p/?LinkId=619548). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
+Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For additional information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](https://go.microsoft.com/fwlink/p/?LinkId=619548). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
  
 For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md#proof).
 
@@ -81,9 +82,10 @@ If you consistently get the error "Windows BitLocker Drive Encryption Informatio
  
 ### Set permissions in Active Directory for BitLocker
 
-In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the [Add-TPMSelfWriteACE.vbs script](http://go.microsoft.com/fwlink/p/?LinkId=167133) from Microsoft to C:\\Setup\\Scripts on DC01.
+In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the [Add-TPMSelfWriteACE.vbs script](https://go.microsoft.com/fwlink/p/?LinkId=167133) from Microsoft to C:\\Setup\\Scripts on DC01.
 1.  On DC01, start an elevated PowerShell prompt (run as Administrator).
 2.  Configure the permissions by running the following command:
+
     ``` syntax
     cscript C:\Setup\Scripts\Add-TPMSelfWriteACE.vbs
     ```
@@ -105,10 +107,12 @@ cctk.exe --tpm=on --valsetuppwd=Password1234
 ### Add tools from HP
 
 The HP tools are part of HP System Software Manager. The executable file from HP is named BiosConfigUtility.exe. This utility uses a configuration file for the BIOS settings. Here is a sample command to enable TPM and set a BIOS password using the BiosConfigUtility.exe tool:
+
 ``` syntax
 BIOSConfigUtility.EXE /SetConfig:TPMEnable.REPSET /NewAdminPassword:Password1234
 ```
 And the sample content of the TPMEnable.REPSET file:
+
 ``` syntax
 English
 Activate Embedded Security On Next Boot
@@ -128,7 +132,7 @@ cscript.exe SetConfig.vbs SecurityChip Active
 ```
 ## <a href="" id="sec03"></a>Configure the Windows 10 task sequence to enable BitLocker
 
-When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In this task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](http://go.microsoft.com/fwlink/p/?LinkId=619549). In the following task sequence, we have added five actions:
+When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In this task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](https://go.microsoft.com/fwlink/p/?LinkId=619549). In the following task sequence, we have added five actions:
 -   **Check TPM Status.** Runs the ZTICheckforTPM.wsf script to determine if TPM is enabled. Depending on the status, the script will set the TPMEnabled and TPMActivated properties to either true or false.
 -   **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip is not already activated. Use the properties from the ZTICheckforTPM.wsf.
     **Note**  
diff --git a/windows/deploy/sideload-apps-in-windows-10.md b/windows/deploy/sideload-apps-in-windows-10.md
index 6265950f08..060edd4c87 100644
--- a/windows/deploy/sideload-apps-in-windows-10.md
+++ b/windows/deploy/sideload-apps-in-windows-10.md
@@ -69,7 +69,7 @@ You can sideload apps on managed or unmanaged devices.
 
     -OR-
 
-    You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package to a Windows 10 device, see runtime instructions on [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=619162).
+    You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package to a Windows 10 device, see runtime instructions on [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=619162).
 
 **To install the app**
 -   From the folder with the appx package, run the PowerShell `Add-AppxPackage` command to install the appx package.
@@ -99,7 +99,7 @@ You can sideload apps on managed or unmanaged devices.
 
 **To import the security certificate for unmanaged devices**
 
--   You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package to a Windows 10 mobile device, see runtime instructions on [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=619164).
+-   You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package to a Windows 10 mobile device, see runtime instructions on [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=619164).
 
 **To install the app**
 
diff --git a/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
index a6c8789efb..3677031293 100644
--- a/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
+++ b/windows/deploy/simulate-a-windows-10-deployment-in-a-test-environment.md
@@ -5,6 +5,7 @@ ms.assetid: 2de86c55-ced9-4078-b280-35e0329aea9c
 keywords: deploy, script
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -13,7 +14,7 @@ author: mtniehaus
 # Simulate a Windows 10 deployment in a test environment
 
 This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT. When working with advanced settings and rules, especially those like database calls, it is most efficient to be able to test the settings without having to run through a complete deployment. Luckily, MDT enables you to perform a simulated deployment by running the Gather process by itself. The simulation works best when you are using a domain-joined machine (client or server). In the following example, you use the PC0001 Windows 10 client.
-For the purposes of this topic, you already will have either downloaded and installed the free Microsoft System Center 2012 R2 Configuration Manager Toolkit, or copied Configuration Manager Trace (CMTrace) if you have access to the System Center 2012 R2 Configuration Manager media. We also assume that you have downloaded the [sample Gather.ps1 script](http://go.microsoft.com/fwlink/p/?LinkId=619361) from the TechNet gallery.
+For the purposes of this topic, you already will have either downloaded and installed the free Microsoft System Center 2012 R2 Configuration Manager Toolkit, or copied Configuration Manager Trace (CMTrace) if you have access to the System Center 2012 R2 Configuration Manager media. We also assume that you have downloaded the [sample Gather.ps1 script](https://go.microsoft.com/fwlink/p/?LinkId=619361) from the TechNet gallery.
 
 1.  On PC0001, log on as **CONTOSO\\Administrator** using the password **P@ssw0rd**.
 2.  Using Computer Management, add the **CONTOSO\\MDT\_BA** user account to the local **Administrators** group.
diff --git a/windows/deploy/troubleshoot-upgrade-analytics.md b/windows/deploy/troubleshoot-upgrade-analytics.md
new file mode 100644
index 0000000000..b6c6f5d87b
--- /dev/null
+++ b/windows/deploy/troubleshoot-upgrade-analytics.md
@@ -0,0 +1,33 @@
+---
+title: Troubleshoot Upgrade Analytics (Windows 10)
+description: Provides troubleshooting information for Upgrade Analytics.
+ms.prod: w10
+author: MaggiePucciEvans
+---
+
+# Troubleshoot Upgrade Analytics
+
+If you’re having issues seeing data in Upgrade Analytics after running the Upgrade Analytics Deployment script, make sure it completes successfully without any errors. Check the output of the script in the command window and/or log UA_dateTime_machineName.txt to ensure all steps were completed successfully. In addition, we recommend that you wait at least 48 hours before checking OMS for data after the script first completes without reporting any error. 
+
+If you still don’t see data in Upgrade Analytics, follow these steps:
+
+1.  Download and extract UpgradeAnalytics.zip. Ensure the “Diagnostics” folder is included.
+
+2.  Edit the script as described in [Run the Upgrade Analytics deployment script](upgrade-analytics-get-started.md#run-the-upgrade-analytics-deployment-script).
+
+3.  Check that isVerboseLogging is set to $true.
+
+4.  Run the script again. Log files will be saved to the directory specified in the script.
+
+5.  Open a support case with Microsoft Support through your regular channel and provide this information.
+
+## Disable Upgrade Analytics
+
+If you want to stop using Upgrade Analytics and stop sending telemetry data to Microsoft, follow these steps:
+
+1.  Unsubscribe from the Upgrade Analytics solution in the OMS portal.
+
+2.  Disable the Customer Experience Improvement Program on computers running Windows 7 SP1 or 8.1. On computers running Windows 10, set the telemetry level to Security.
+
+3.  Delete the CommercialDataOptin key in *HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\DataCollection*
+
diff --git a/windows/deploy/update-windows-10-images-with-provisioning-packages.md b/windows/deploy/update-windows-10-images-with-provisioning-packages.md
index 0fbf772bbb..d292a6cba0 100644
--- a/windows/deploy/update-windows-10-images-with-provisioning-packages.md
+++ b/windows/deploy/update-windows-10-images-with-provisioning-packages.md
@@ -26,7 +26,7 @@ You can also put a provisioning package on a USB drive or SD card to apply to of
 
 Rather than wiping a device and applying a new system image when you need to change configuration, you can reset the device to its original state and then apply a new provisioning package.
 
-For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( http://go.microsoft.com/fwlink/p/?LinkId=619012).
+For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
 ## Advantages
 -   You can configure new devices without reimaging.
@@ -40,7 +40,7 @@ For details about the settings you can customize in provisioning packages, see [
 -   Ensure compliance and security before a device is enrolled in MDM.
 
 ## Create package
-Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a runtime provisioning package. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a runtime provisioning package. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740)
 
 1.  Open Windows ICD (by default, `%windir%\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Imaging and Configuration Designer\x86\ICD.exe`).
 
@@ -52,7 +52,7 @@ Use the Windows Imaging and Configuration Designer (ICD) tool included in the Wi
 
 5.  On **New project**, click **Finish**. The workspace for your package opens.
 
-6.  Configure settings. [Learn more about specific settings in provisioning packages.]( http://go.microsoft.com/fwlink/p/?LinkId=615916)
+6.  Configure settings. [Learn more about specific settings in provisioning packages.]( https://go.microsoft.com/fwlink/p/?LinkId=615916)
 
 7.  On the **File** menu, select **Save.**
 
@@ -106,19 +106,19 @@ If your build is successful, the name of the provisioning package, output direct
 ## Add package to image
 **To add a provisioning package to Windows 10 for desktop editions (Home, Pro, Enterprise, and Education)**
 
--   Follow the steps in the "To build an image for Windows 10 for desktop editions" section in [Use the Windows ICD command-line interface]( http://go.microsoft.com/fwlink/p/?LinkId=617371).
+-   Follow the steps in the "To build an image for Windows 10 for desktop editions" section in [Use the Windows ICD command-line interface]( https://go.microsoft.com/fwlink/p/?LinkId=617371).
 
 **To add a provisioning package to a Windows 10 Mobile image**
 
--   Follow the steps in the "To build an image for Windows 10 Mobile or Windows 10 IoT Core (IoT Core)" section in [Use the Windows ICD command-line interface]( http://go.microsoft.com/fwlink/p/?LinkId=617371).<p>
+-   Follow the steps in the "To build an image for Windows 10 Mobile or Windows 10 IoT Core (IoT Core)" section in [Use the Windows ICD command-line interface]( https://go.microsoft.com/fwlink/p/?LinkId=617371).<p>
 The provisioning package is placed in the FFU image and is flashed or sector written to the device. During device setup time, the provisioning engine starts and consumes the packages.
 
 ## Learn more
--   [Build and apply a provisioning package]( http://go.microsoft.com/fwlink/p/?LinkId=629651)
+-   [Build and apply a provisioning package]( https://go.microsoft.com/fwlink/p/?LinkId=629651)
 
--   [Provisioning Windows 10 Devices with New Tools](http://go.microsoft.com/fwlink/p/?LinkId=615921)
+-   [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](http://go.microsoft.com/fwlink/p/?LinkId=615922)
+-   [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
 
 ## Related topics
 - [Configure devices without MDM](../manage/configure-devices-without-mdm.md)
\ No newline at end of file
diff --git a/windows/deploy/upgrade-analytics-architecture.md b/windows/deploy/upgrade-analytics-architecture.md
new file mode 100644
index 0000000000..cd153c1420
--- /dev/null
+++ b/windows/deploy/upgrade-analytics-architecture.md
@@ -0,0 +1,34 @@
+---
+title: Upgrade Analytics architecture (Windows 10)
+description: Describes Upgrade Analytics architecture.
+ms.prod: w10
+author: MaggiePucciEvans
+---
+
+# Upgrade Analytics architecture
+
+Microsoft analyzes system, application, and driver telemetry data to help you determine when computers are upgrade-ready, allowing you to simplify and accelerate Windows upgrades in your organization. The diagram below illustrates how Upgrade Analytics components work together in a typical installation. 
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE 
+<img src="media/image1.png" width="624" height="401" />
+-->
+
+![Upgrade Analytics architecture](images/upgrade-analytics-architecture.png)
+
+After you enable Windows telemetry on user computers and install the compatibility update KB (1), user computers send computer, application and driver telemetry data to a secure Microsoft data center through the Microsoft Data Management Service (2). After you configure Upgrade Analytics, telemetry data is analyzed by the Upgrade Analytics Service (3) and pushed to your OMS workspace (4). You can then use the Upgrade Analytics solution (5) to plan and manage Windows upgrades.
+
+For more information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
+
+[Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
+
+[Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+
+[Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
+
+##**Related topics**
+
+[Upgrade Analytics requirements](upgrade-analytics-requirements.md)
+
+[Upgrade Analytics release notes](upgrade-analytics-release-notes.md)
+
+[Get started with Upgrade Analytics](upgrade-analytics-get-started.md)
diff --git a/windows/deploy/upgrade-analytics-deploy-windows.md b/windows/deploy/upgrade-analytics-deploy-windows.md
new file mode 100644
index 0000000000..18ee3ac68d
--- /dev/null
+++ b/windows/deploy/upgrade-analytics-deploy-windows.md
@@ -0,0 +1,26 @@
+---
+title: Upgrade Analytics - Get a list of computers that are upgrade-ready (Windows 10)
+description: Describes how to get a list of computers that are ready to be upgraded in Upgrade Analytics.
+ms.prod: w10
+author: MaggiePucciEvans
+---
+
+# Upgrade Analytics - Get a list of computers that are upgrade ready
+
+All of your work up to now involved reviewing and resolving application and driver issues. Along the way, as you’ve resolved issues and decided which applications and drivers are ready to upgrade, you’ve been building a list of computers that are upgrade ready.
+
+The blades in the **Deploy** section are:
+
+## Deploy eligible computers
+
+Computers grouped by deployment decision are listed.
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image9.png" width="195" height="316" />
+-->
+
+![Deploy eligible computers](images/upgrade-analytics-deploy-eligible.png)
+
+Select **Export computers** for more details, including computer name, manufacturer and model, and Windows edition currently running on the computer. Sort or further query the data and then select **Export** to generate and save a comma-separated value (csv) list of upgrade-ready computers.
+
+>**Important**<br> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.
diff --git a/windows/deploy/upgrade-analytics-get-started.md b/windows/deploy/upgrade-analytics-get-started.md
new file mode 100644
index 0000000000..d80f83c9d3
--- /dev/null
+++ b/windows/deploy/upgrade-analytics-get-started.md
@@ -0,0 +1,161 @@
+---
+title: Get started with Upgrade Analytics (Windows 10)
+description: Explains how to get started with Upgrade Analytics.
+ms.prod: w10
+author: MaggiePucciEvans
+---
+
+# Get started with Upgrade Analytics
+
+Use Upgrade Analytics to plan and manage your upgrade project end to end. After you’ve established communications between user computers and Microsoft, Upgrade Analytics collects computer, application, and driver data for analysis. We use this data to identify compatibility issues that can block your upgrade and suggest fixes that are known to Microsoft.
+
+For system, application, and driver data to be shared with Microsoft, you must configure user computers to send data. For information about what telemetry data Microsoft collects and how that data is used and protected by Microsoft, see:
+
+- [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization)
+
+- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+
+- [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965)
+
+
+This topic explains how to obtain and set up Upgrade Analytics components. If you haven’t done so already, see [Upgrade Analytics requirements](https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements) for information about requirements for using Upgrade Analytics.
+
+To configure Upgrade Analytics, you’ll need to:
+
+-   Add the Upgrade Analytics solution to a workspace in the Operations Management Suite portal
+
+-   Establish communications and enable data sharing between your organization and Microsoft
+
+Each task is explained in detail in the following sections.
+
+
+## Add Upgrade Analytics to Operations Management Suite
+
+Upgrade Analytics is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing your on-premises and cloud environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/documentation/articles/operations-management-suite-overview/).
+
+If you are already using OMS, you’ll find Upgrade Analytics in the Solutions Gallery. Select the **Upgrade Analytics** tile in the gallery and then click **Add** on the solution's details page. Upgrade Analytics is now visible in your workspace.
+
+If you are not using OMS:
+
+1.  Go to the [Upgrade Analytics page on Microsoft.com](https://go.microsoft.com/fwlink/?LinkID=799190&clcid=0x409) and click **Sign up** to kick off the onboarding process.
+
+2.  Sign in to Operations Management Suite (OMS). You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory (Azure AD), use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
+
+3.  Create a new OMS workspace. Enter a name for the workspace, select the workspace region, and provide the email address that you want associated with this workspace. Select **Create**.
+
+4.  If your organization already has an Azure subscription, you can link it to your workspace. Note that you may need to request access from your organization’s Azure administrator.
+
+    > If your organization does not have an Azure subscription, create a new one or select the default OMS Azure subscription from the list. Your workspace opens.
+
+1.  To add the Upgrade Analytics solution to your workspace, go to the **Solutions Gallery**. Select the **Upgrade Analytics** tile in the gallery and then select **Add** on the solution’s details page. The solution is now visible on your workspace. Note that you may need to scroll to find Upgrade Analytics.
+
+2.  Click the **Upgrade Analytics** tile to configure the solution. The **Settings Dashboard** opens.
+
+## Enable data sharing between your organization and Upgrade Analytics
+
+After you’ve signed in to Operations Management Suite and added the Upgrade Analytics solution to your workspace, complete the following tasks to establish communication and enable data sharing between user computers, Microsoft secure data centers, and Upgrade Analytics.
+
+## Generate your commercial ID key 
+
+Microsoft uses a unique commercial ID to map information from user computers to your OMS workspace. Generate your commercial ID key in OMS and then deploy it to user computers.
+
+1.  On the Settings Dashboard, navigate to the **Windows telemetry** panel.
+
+    ![upgrade-analytics-telemetry](images/upgrade-analytics-telemetry.png)
+
+2. On the Windows telemetry panel, copy and save your commercial ID key. You’ll need to insert this key into the Upgrade Analytics deployment script later so it can be deployed to user computers.
+
+    >**Important**<br> Regenerate a commercial ID key only if your original ID key can no longer be used. Regenerating a commercial ID key resets the data in your workspace for all solutions that use the ID. Additionally, you’ll need to deploy the new commercial ID key to user computers again.
+
+## Subscribe to Upgrade Analytics
+
+For Upgrade Analytics to receive and display upgrade readiness data from Microsoft, subscribe your OMS workspace to Upgrade Analytics.
+
+1.  On the **Windows telemetry** panel, click **Subscribe**. The button changes to **Unsubscribe**. Unsubscribe from the Upgrade Analytics solution if you no longer want to receive upgrade-readiness information from Microsoft. Note that user computer data will continue to be shared with Microsoft for as long as the opt-in keys are set on user computers and the proxy allows the traffic.
+
+1.  Click **Overview** on the Settings Dashboard to return to your OMS workspace portal. The Upgrade Analytics tile now displays summary data. Click the tile to open Upgrade Analytics.
+
+## Whitelist select endpoints
+
+To enable data sharing, whitelist the following endpoints. Note that you may need to get approval from your security group to do this.
+
+Note: The compatibility update KB runs under the computer’s system account and does not support user authenticated proxies.
+
+| **Endpoint**  | **Function**  |
+|---------------------------------------------------------|-----------|
+| `https://v10.vortex-win.data.microsoft.com/collect/v1`                                                                                                                             | Connected User Experience and Telemetry component endpoint. User computers send data to Microsoft through this endpoint.             |
+| `https://settings-win.data.microsoft.com/settings`                                                                                                                                 | Enables the compatibility update KB to send data to Microsoft.                                                                       |
+| `https://go.microsoft.com/fwlink/?LinkID=544713`<br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended`                                        | This service provides driver information about whether there will be a driver available post-upgrade for the hardware on the system. |
+| `https://vortex.data.microsoft.com/health/keepalive` <br>`https://settings.data.microsoft.com/qos` <br>`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc` | These endpoints are used to validate that user computers are sharing data with Microsoft.                                            |
+
+## Deploy the compatibility update and related KBs
+
+The compatibility update KB scans your computers and enables application usage tracking. If you don’t already have these KBs installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
+
+| **Operating System** | **KBs** |
+|----------------------|-----------------------------------------------------------------------------|
+| Windows 8.1          | [KB 2976978](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2976978)<br>Performs diagnostics on the Windows 8.1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2976978><br>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2976978 must be installed before you can download and install KB3150513.   |
+| Windows 7 SP1        | [KB2952664](http://catalog.update.microsoft.com/v7/site/Search.aspx?q=KB2952664) <br>Performs diagnostics on the Windows 7 SP1 systems that participate in the Windows Customer Experience Improvement Program. These diagnostics help determine whether compatibility issues may be encountered when the latest Windows operating system is installed. <br>For more information about this KB, see <https://support.microsoft.com/kb/2952664><br>[KB 3150513](https://catalog.update.microsoft.com/v7/site/Search.aspx?q=3150513)<br>Provides updated configuration and definitions for compatibility diagnostics performed on the system.<br>For more information about this KB, see <https://support.microsoft.com/kb/3150513><br>NOTE: KB2976978 must be installed before you can download and install KB3150513. |
+
+IMPORTANT: Restart user computers after you install the compatibility update KBs for the first time.
+
+### Automate data collection
+
+To ensure that user computers are receiving the most up to date data from Microsoft, we recommend that you establish the following data sharing and analysis processes.
+
+-   Enable automatic updates for the compatibility update and related KBs. These KBs are updated frequently to include the latest application and driver issue information as we discover it during testing.
+
+-   Schedule the Upgrade Analytics deployment script to automatically run so that you don’t have to manually initiate an inventory scan each time the compatibility update KBs are updated. Computers are re-scanned only when the compatibility KBs are updated, so if your inventory changes significantly between KB releases you won’t see the changes in Upgrade Analytics until you run the script again.
+
+-   Schedule monthly user computer scans to view monthly active computer and usage information.
+
+## Run the Upgrade Analytics deployment script
+
+To automate many of the steps outlined above and to troubleshoot data sharing issues, you can run the Upgrade Analytics deployment script, developed by Microsoft.
+
+The Upgrade Analytics deployment script does the following:
+
+1.  Sets commercial ID key + CommercialDataOptIn + RequestAllAppraiserVersions keys.
+
+2.  Verifies that user computers can send data to Microsoft.
+
+3.  Checks whether the computer has a pending restart.  
+
+4.  Verifies that the latest version of KB package 10.0.x is installed (requires 10.0.14348 or subsequent releases).
+
+5.  If enabled, turns on verbose mode for troubleshooting.
+
+6.  Initiates the collection of the telemetry data that Microsoft needs to assess your organization’s upgrade readiness.
+
+7.  If enabled, displays the script’s progress in a cmd window, providing you immediate visibility into issues (success or fail for each step) and/or writes to log file.
+
+To run the Upgrade Analytics deployment script:
+
+1.  Download the [Upgrade Analytics deployment script](https://go.microsoft.com/fwlink/?LinkID=822966&clcid=0x409) and extract UpgradeAnalytics.zip. The files in the Diagnostics folder are necessary only if you plan to run the script in troubleshooting mode.
+
+2.  Edit the following parameters in RunConfig.bat:
+
+    1.  Provide a storage location for log information. Example: %SystemDrive%\\UADiagnostics
+
+    2.  You can store log information on a remote file share or a local directory. If the script is blocked from creating the log file for the given path, it creates the log files in the drive with the Windows directory.
+
+    3.  Input your commercial ID key.
+
+    4.  By default, the script sends log information to both the console and the log file. To change the default behavior, use one of the following options:
+
+        > *logMode = 0 log to console only*
+>
+        > *logMode = 1 log to file and console*
+>
+        > *logMode = 2 log to file only*
+
+3.  For troubleshooting, set isVerboseLogging to $true to generate log information that can help with diagnosing issues. By default, isVerboseLogging is set to $false. Ensure the Diagnostics folder is installed in the same directory as the script to use this mode.
+
+4.  Notify users if they need to restart their computers. By default, this is set to off.
+
+5.  After you finish editing the parameters in RunConfig.bat, run the script as an administrator.
+
+## Seeing data from computers in Upgrade Analytics
+
+After data is sent from computers to Microsoft, it generally takes 48 hours for the data to populate in Upgrade Analytics. The compatibility update KB takes several minutes to run. If the KB does not get a chance to finish running or if the computers are inaccessible (turned off or sleeping for example), data will take longer to populate in Upgrade Analytics. For this reason, you can expect most your computers to be populated in OMS in about 1-2 weeks after deploying the KB and configuration to user computers.
+
diff --git a/windows/deploy/upgrade-analytics-prepare-your-environment.md b/windows/deploy/upgrade-analytics-prepare-your-environment.md
new file mode 100644
index 0000000000..a73829de5b
--- /dev/null
+++ b/windows/deploy/upgrade-analytics-prepare-your-environment.md
@@ -0,0 +1,116 @@
+---
+title: Upgrade Analytics - Prepare your environment (Windows 10)
+description: Describes how to prepare your environment so that you can use Upgrade Analytics to manage Windows upgrades.
+ms.prod: w10
+author: MaggiePucciEvans
+---
+
+# Upgrade Analytics - Prepare your environment
+
+This section of the Upgrade Analytics workflow reports your computer and application inventory and lists computers that you can use in a pilot with no known issues or with fixable driver issues. Additionally, you can determine the priority level of applications to indicate which applications the team should focus on to get them upgrade ready.
+
+The blades in the **Prepare your environment** section are:
+
+## Upgrade overview
+
+Displays the total count of computers sharing data with Microsoft and the count of computers upgraded. As you successfully upgrade computers, the count of computers upgraded increases.
+
+Check this blade for data refresh status, including the date and time of the most recent data update and whether user changes are reflected. If a user change is pending when changing the upgrade assessment or importance level of an application or driver, **Data refresh pending** is displayed in orange. User changes are processed once every 24 hours and read **Up to date** in green when there are no pending changes.
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image3.png" width="214" height="345" />
+-->
+
+![Upgrade overview](images/upgrade-analytics-overview.png)
+
+Select **Total computers** for a list of computers and details about them, including:
+
+-   Computer ID and computer name
+
+-   Computer manufacturer
+
+-   Computer model
+
+-   Operating system version and build
+
+-   Count of system requirement, application, and driver issues per computer
+
+-   Upgrade assessment based on analysis of computer telemetry data
+
+-   Upgrade decision status
+
+Select **Total applications** for a list of applications discovered on user computers and details about them, including:
+
+-   Application vendor
+
+-   Application version
+
+-   Count of computers the application is installed on
+
+-   Count of computers that opened the application at least once in the past 30 days
+
+-   Percentage of computers in your total computer inventory that opened the application in the past 30 days
+
+-   Issues detected, if any
+
+-   Upgrade assessment based on analysis of application data
+   
+-   Roll up level
+
+## Run a pilot
+
+Computers with no known issues and computers with fixable driver issues are listed, grouped by upgrade assessment. We recommend that you use these computers to test the impact of upgrading.
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image4.png" width="203" height="326" />
+-->
+
+![Run a pilot](images/upgrade-analytics-pilot.png)
+
+Before you start your pilot project, be sure to review upgrade assessment and guidance details, explained in more detail in the table below.
+
+| Upgrade assessment    | Action required before or after upgrade pilot? | Issue    | What it means   | Guidance      |
+|-----------------------|------------------------------------------------|----------|-----------------|---------------|
+| No known issues                                 | No                                             | None                                             | Computers will upgrade seamlessly.<br>                                                                                                                                         | OK to use as-is in pilot.                                                                                                                                                                                                                                                                                                                 |
+| OK to pilot, fixed during upgrade               | No, for awareness only                         | Application or driver will not migrate to new OS | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system. | OK to use as-is in pilot.                                                                                                                                                                                                                                                                                                                 |
+| OK to pilot with new driver from Windows Update | Yes                                            | Driver will not migrate to new OS                | The currently installed version of a driver won’t migrate to the new operating system; however, a newer, compatible version is available from Windows Update.                    | Although a compatible version of the driver is installed during upgrade, a newer version is available from Windows Update. <br><br>If the computer automatically receives updates from Windows Update, no action is required. Otherwise, replace the new in-box driver with the Windows Update version after upgrading. <br> <br> |
+
+Select **Export computers** to view pilot-ready computers organized by operating system. After you select the computers you want to use in a pilot, click Export to generate and save a comma-separated value (csv) file.
+
+>**Important**> When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export fewer items at a time.
+
+See [Plan for Windows 10 deployment](http://technet.microsoft.com/itpro/windows/plan/index) for more information about ways to deploy Windows in your organization. Read about [how Microsoft IT deployed Windows as an in-place upgrade](https://www.microsoft.com/itshowcase/Article/Content/668/Deploying-Windows-10-at-Microsoft-as-an-inplace-upgrade) for best practices using the in-place upgrade method.
+
+## Prioritize applications
+
+Applications are listed, grouped by importance level. Prioritizing your applications allows you to identify the ones that you will focus on preparing for upgrade.
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image5.png" width="213" height="345" />
+-->
+
+![Prioritize applications](images/upgrade-analytics-prioritize.png)
+
+Select **Assign importance** to change an application’s importance level. By default, applications are marked **Not reviewed** or **Low install count** until you assign a different importance level to them.
+
+To change an application’s importance level:
+
+1.  Select **Not reviewed** or **Low install count** on the **Prioritize applications** blade to view the list of applications with that importance level. Select **Table** to view the list in a table.
+
+2.  Select **User changes** to enable user input.
+
+3.  Select the applications you want to change to a specific importance level and then select the appropriate option from the **Select importance level** list.
+
+4.  Click **Save** when finished.
+
+Importance levels include:
+
+| Importance level   | When to use it   | Recommendation   |
+|--------------------|------------------|------------------|
+| Low install count  | We give you a head start by identifying applications that are installed on 2% or less of your total computer inventory. \[Number of computers application is installed on/total number of computers in your inventory.\]<br><br>Low install count applications are automatically marked as **Ready to upgrade** in the **UpgradeDecision** column unless they have issues that need attention.<br> | Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. <br><br>                                                                                                                                                                                                 |
+| Not reviewed       | Applications that are installed on more than 2% of your total computer inventory are marked not reviewed until you change the importance level.<br><br>These applications are also marked as **Not reviewed** in the **UpgradeDecision** column. <br>                                                                                                                                              | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.                                                                                                                                                                      |
+| Business critical  | By default, no applications are marked as business critical because only you can make that determination. If you know that an application is critical to your organization’s functioning, mark it **Business critical**. <br><br>                                                                                                                                                                    | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this business critical application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br> |
+| Important          | By default, no applications are marked as important because only you can make that determination. If the application is important but not critical to your organization’s functioning, mark it **Important**.                                                                                                                                                                          | You may also want to change the application’s status to **Review in progress** in the **UpgradeDecision** column to let other team members know that you’re working on getting this important application upgrade-ready. Once you’ve fixed any issues and validated that the application will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br>         |
+| Ignore             | By default, no applications are marked as ignore because only you can make that determination. If the application is not important to your organization’s functioning, such as user-installed applications and games, you may not want to spend time and money validating that these applications will migrate successfully. Mark these applications **Ignore**. <br>                                  | Set the application’s importance level to **Ignore** to let other team members know that it can be left as-is with no further investigation or testing.<br><br>You may also want to change the application’s status to **Not reviewed** or **Ready to upgrade** in the **UpgradeDecision** column. <br>                                                                           |
+| Review in progress | Once you’ve started to investigate an application to determine its importance level and upgrade readiness, change its status to **Review in progress** in both the **Importance** and **UpgradeDecision** columns.<br>                                                                                                                                                                                 | As you learn more about the application’s importance to your organization’s functioning, change the importance level to **Business critical**, **Important**, or **Ignore**.<br><br>Until you’ve determined that priority applications will migrate successfully, leave the upgrade decision status as **Review in progress**. <br>                                               |
+
diff --git a/windows/deploy/upgrade-analytics-release-notes.md b/windows/deploy/upgrade-analytics-release-notes.md
new file mode 100644
index 0000000000..dbf92527d7
--- /dev/null
+++ b/windows/deploy/upgrade-analytics-release-notes.md
@@ -0,0 +1,5 @@
+---
+title: Upgrade Analytics release notes (Windows 10)
+description: Provides tips and limitations about Upgrade Analytics.
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/upgrade-analytics-requirements#important-information-about-this-release
+---
\ No newline at end of file
diff --git a/windows/deploy/upgrade-analytics-requirements.md b/windows/deploy/upgrade-analytics-requirements.md
new file mode 100644
index 0000000000..3d55cd49a6
--- /dev/null
+++ b/windows/deploy/upgrade-analytics-requirements.md
@@ -0,0 +1,88 @@
+---
+title: Upgrade Analytics requirements (Windows 10)
+description: Provides requirements for Upgrade Analytics.
+ms.prod: w10
+author: MaggiePucciEvans
+---
+
+# Upgrade Analytics requirements
+
+This article introduces concepts and steps needed to get up and running with Upgrade Analytics. We recommend that you review this list of requirements before getting started as you may need to collect information, such as account credentials, and get approval from internal IT groups, such as your network security group, before you can start using Upgrade Analytics.
+
+## Supported upgrade paths 
+
+To perform an in-place upgrade, user computers must be running the latest version of either Windows 7 SP1 or Windows 8.1. After you enable Windows telemetry, Upgrade Analytics performs a full inventory of computers so that you can see which version of Windows is installed on each computer.
+
+The compatibility update KB that sends telemetry data from user computers to Microsoft data centers works with Windows 7 SP1 and Windows 8.1 only. Upgrade Analytics cannot evaluate Windows XP or Windows Vista for upgrade eligibility.
+
+<!--With Windows 10, edition 1607, the compatibility update KB is installed automatically.-->
+
+If you need to update user computers to Windows 7 SP1 or Windows 8.1, use Windows Update or download and deploy the applicable package from the Microsoft Download Center.
+
+Note: Upgrade Analytics is designed to best support in-place upgrades. In-place upgrades do not support migrations from BIOS to UEFI or from 32-bit to 64-bit architecture. If you need to migrate computers in these scenarios, use the wipe-and-reload method. Upgrade Analytics insights are still valuable in this scenario, however, you can ignore in-place upgrade specific guidance.
+
+See [Windows 10 Specifications](http://www.microsoft.com/en-US/windows/windows-10-specifications) for additional information about computer system requirements.
+
+## Operations Management Suite
+
+Upgrade Analytics is offered as a solution in the Microsoft Operations Management Suite (OMS), a collection of cloud based services for managing on premise and cloud computing environments. For more information about OMS, see [Operations Management Suite overview](http://azure.microsoft.com/en-us/documentation/articles/operations-management-suite-overview/).
+
+If you’re already using OMS, you’ll find Upgrade Analytics in the Solutions Gallery. Click the Upgrade Analytics tile in the gallery and then click Add on the solution’s details page. Upgrade Analytics is now visible in your workspace.
+
+If you are not using OMS, go to [the Upgrade Analytics page on Microsoft.com](https://www.microsoft.com/en-us/WindowsForBusiness/upgrade-analytics) and select **Sign up** to kick off the OMS onboarding process. During the onboarding process, you’ll create an OMS workspace and add the Upgrade Analytics solution to it.
+
+Important: You can use either a Microsoft Account or a Work or School account to create a workspace. If your company is already using Azure Active Directory, use a Work or School account when you sign in to OMS. Using a Work or School account allows you to use identities from your Azure AD to manage permissions in OMS.
+
+## Telemetry and data sharing 
+
+After you’ve signed in to Operations Management Suite and added the Upgrade Analytics solution to your workspace, you’ll need to complete the following tasks to allow user computer data to be shared with and assessed by Upgrade Analytics.
+
+See [Windows 7, Windows 8, and Windows 8.1 appraiser telemetry events and fields](https://go.microsoft.com/fwlink/?LinkID=822965) for more information about what user computer data Upgrade Analytics collects and assesses. See [Configure Windows telemetry in your organization](https://technet.microsoft.com/itpro/windows/manage/configure-windows-telemetry-in-your-organization) for more information about how Microsoft uses Windows telemetry data.
+
+**Whitelist telemetry endpoints.** To enable telemetry data to be sent to Microsoft, you’ll need to whitelist the following Microsoft telemetry endpoints on your proxy server or firewall. You may need to get approval from your security group to do this.
+
+`https://v10.vortex-win.data.microsoft.com/collect/v1`
+
+`https://settings-win.data.microsoft.com/settings`
+
+`https://vortex.data.microsoft.com/health/keepalive`
+
+`https://settings.data.microsoft.com/qos`
+
+`https://go.microsoft.com/fwlink/?LinkID=544713`
+
+`https://compatexchange1.trafficmanager.net/CompatibilityExchangeService.svc/extended`
+
+>**Note** The compatibility update KB runs under the computer’s system account and does not support user authentication in this release.
+
+**Generate your commercial ID key.** Microsoft uses a unique commercial ID GUID to map data from your computers to your OMS workspace. You’ll need to generate your commercial ID key in OMS. We recommend that you save your commercial ID key as you’ll need it later.
+
+**Subscribe your OMS workspace to Upgrade Analytics.** For Upgrade Analytics to receive and display upgrade readiness data from Microsoft, you’ll need to subscribe your OMS workspace to Upgrade Analytics.
+
+**Enable telemetry and connect data sources.** To allow Upgrade Analytics to collect system, application, and driver data and assess your organization’s upgrade readiness, communication must be established between Upgrade Analytics and user computers. You’ll need to connect Upgrade Analytics to your data sources and enable telemetry to establish communication.
+
+**Deploy compatibility update and related KBs.** The compatibility update KB scans your systems and enables application usage tracking. If you don’t already have this KB installed, you can download the applicable version from the Microsoft Update Catalog or deploy it using Windows Server Update Services (WSUS) or your software distribution solution, such as System Center Configuration Manager.
+
+>**Important**<br> The compatibility update and related KBs are updated frequently to include new compatibility issues as they become known to Microsoft. We recommend that you use a deployment system that allows for automatic updates of these KBs. The compatibility update KB collects inventory information from computers only when it is updated. 
+
+**Configure and deploy Upgrade Analytics deployment script.** Configure and deploy the Upgrade Analytics deployment script to user computers to finish setting up.
+
+## Important information about this release
+
+Before you get started configuring Upgrade Anatlyics, review the following tips and limitations about this release.
+
+**User authenticated proxies are not supported in this release.** User computers communicate with Microsoft through Windows telemetry. The Windows telemetry client runs in System context and requires a connection to various Microsoft telemetry endpoints. User authenticated proxies are not supported at this time. Work with your Network Administrator to ensure that user computers can communicate with telemetry endpoints.
+
+**Upgrade Analytics does not support on-premises Windows deployments.** Upgrade Analytics is built as a cloud service, which allows Upgrade Analytics to provide you with insights based on the data from user computers and other Microsoft compatibility services. Cloud services are easy to get up and running and are cost-effective because there is no requirement to physically implement and maintain services on-premises.
+
+**In-region data storage requirements.** Windows telemetry data from user computers is encrypted, sent to, and processed at Microsoft-managed secure data centers located in the US. Our analysis of the upgrade readiness-related data is then provided to you through the Upgrade Analytics solution in the Microsoft Operations Management Suite (OMS) portal. At the time this topic is being published, only OMS workspaces created in the East US and West Europe are supported. We’re adding support for additional regions and we’ll update this information when new international regions are supported.
+
+### Tips
+
+- When viewing inventory items in table view, the maximum number of rows that can be viewed and exported is limited to 5,000. If you need to view or export more than 5,000 items, reduce the scope of the query so you can export a list with fewer items.
+
+- Sorting data by clicking a column heading may not sort your complete list of items. For information about how to sort data in OMS, see [Sorting DocumentDB data using Order By](https://azure.microsoft.com/documentation/articles/documentdb-orderby).
+
+## Get started
+
+See [Get started with Upgrade Analytics](upgrade-analytics-get-started.md) for detailed, step-by-step instructions for configuring Upgrade Analytics and getting started on your Windows upgrade project.
diff --git a/windows/deploy/upgrade-analytics-resolve-issues.md b/windows/deploy/upgrade-analytics-resolve-issues.md
new file mode 100644
index 0000000000..31bd19b03a
--- /dev/null
+++ b/windows/deploy/upgrade-analytics-resolve-issues.md
@@ -0,0 +1,122 @@
+---
+title: Upgrade Analytics - Resolve application and driver issues (Windows 10)
+description: Describes how to resolve application and driver issues that can occur during an upgrade with Upgrade Analytics.
+ms.prod: w10
+author: MaggiePucciEvans
+---
+
+# Upgrade Analytics - Resolve application and driver issues
+
+This section of the Upgrade Analytics workflow reports application and driver inventory and shows you which applications have known issues, which applications have no known issues, and which drivers have issues. We identify applications and drivers that need attention and suggest fixes when we know about them.
+
+You can change an application’s upgrade decision and a driver’s upgrade decision from the blades in this section. To change an application’s or a driver’s importance level, select **User changes**. Select the item you want to change and then select the appropriate option from the **Select upgrade decision** list.
+
+Upgrade decisions include:
+
+| Upgrade decision   | When to use it    | Guidance    |
+|--------------------|-------------------|-------------|
+| Not reviewed       | When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress.** <br><br> <br>                                                                                                                                                                                      | Some applications are automatically assigned upgrade decisions based on information known to Microsoft. <br><br>All drivers are marked not reviewed by default.<br><br>                                                                                                                                                                                           |
+| Review in progress | When you start to investigate an application or a driver to determine upgrade readiness, change their upgrade decision to **Review in progress**.<br><br>Until you’ve determined that applications and drivers will migrate successfully or you’ve resolved blocking issues, leave the upgrade decision status as **Review in progress**. <br><br> | Once you’ve fixed any issues and validated that the application or driver will migrate successfully, change the upgrade decision to **Ready to upgrade**. <br>                                                                                                                                                                                                          |
+| Ready to upgrade   | Mark applications and drivers **Ready to upgrade** once you’ve resolved all blocking issues and you’re confident that they will upgrade successfully, or if you’ve decided to upgrade them as-is.                                                                                                                                                          | Applications with no known issues or with low installation rates are marked **Ready to upgrade** by default.<br><br>Be sure to review low install count applications for any business critical or important applications that are not yet upgrade-ready, despite their low installation rates. <br><br>All drivers are marked **Not reviewed** by default. <br> |
+| Won’t upgrade      | By default, no applications or drivers are marked **Won’t upgrade** because only you can make that determination. <br><br>Use **Won’t upgrade** for computers you don’t want to upgrade. <br>                                                                                                                                                        | If, during your investigation into an application or driver, you determine that they should not be upgraded, mark them **Won’t upgrade**. <br><br>                                                                                                                                                                                                                    |
+
+The blades in the **Resolve issues** section are:
+
+## Review applications with known issues
+
+Applications with issues known to Microsoft are listed, grouped by upgrade assessment into **Attention needed** or **Fix available**.
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image6.png" width="192" height="321" />
+-->
+
+![Review applications with known issues](images/upgrade-analytics-apps-known-issues.png)
+
+To change an application's upgrade decision:
+
+1. Select **Decide upgrade readiness** to view applications with issues. 
+
+2. In the table view, sort on **UpgradeAssessment** to group applications into **Attention needed** and **Fix available**. 
+
+3. Select **User changes** to change the upgrade decision for each application.
+
+4. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
+
+5. Click **Save** when finished.  
+
+IMORTANT: Ensure that you have the most recent versions of the compatibility update and related KBs installed to get the most up-to-date compatibility information.
+
+For applications assessed as **Attention needed**, review the table below for details about known issues and for guidance about how to resolve them, when possible.
+
+| Upgrade Assessment | Action required prior to upgrade? | Issue     | What it means   | Guidance   |
+|--------------------|-----------------------------------|-----------|-----------------|------------|
+| Attention needed   | No                                | Application is removed during upgrade              | Compatibility issues were detected and the application will not migrate to the new operating system. <br>                                                                                                                                             | No action is required for the upgrade to proceed.                                                                                                                                                                                                                                                                                                                                         |
+| Attention needed   | Yes                               | Blocking upgrade                                   | Blocking issues were detected and Upgrade Analytics is not able to remove the application during upgrade. <br><br>The application may work on the new operating system.<br>                                                                       | Remove the application before upgrading, and reinstall and test on new operating system.                                                                                                                                                                                                                                                                                                  |
+| Attention needed   | No                                | Evaluate application on new OS                     | The application will migrate, but issues were detected that may impact its performance on the new operating system.                                                                                                                                     | No action is required for the upgrade to proceed, but be sure to test the application on the new operating system.<br>                                                                                                                                                                                                                                                                  |
+| Attention needed   | No                                | Does not work with new OS, but won’t block upgrade | The application is not compatible with the new operating system, but won’t block the upgrade.                                                                                                                                                           | No action is required for the upgrade to proceed, however, you’ll have to install a compatible version of the application on the new operating system.<br>                                                                                                                                                                                                                              |
+| Attention needed   | Yes                               | Does not work with new OS, and will block upgrade  | The application is not compatible with the new operating system and will block the upgrade.                                                                                                                                                             | Remove the application before upgrading. <br><br>A compatible version of the application may be available.<br>                                                                                                                                                                                                                                                                      |
+| Attention needed   | Yes                               | May block upgrade, test application                | Issues were detected that may interfere with the upgrade, but need to be investigated further.<br>                                                                                                                                                    | Test the application’s behavior during upgrade. If it blocks the upgrade, remove it before upgrading and reinstall and test it on the new operating system.<br>                                                                                                                                                                                                                         |
+| Attention needed   | Maybe                             | Multiple                                           | Multiple issues are affecting the application. See detailed view for more information.| When you see Multiple in the query detailed view, click **Query** to see details about what issues were detected with the different versions of the application. |
+
+For applications assessed as **Fix available**, review the table below for details about known issues and ways to fix them that are known to Microsoft.
+
+| Upgrade Assessment | Action required prior to upgrade? | Issue    | What it means   | Guidance    |
+|--------------------|-----------------------------------|----------|-----------------|-------------|
+| Fix available      | Yes                               | Blocking upgrade, update application to newest version   | The existing version of the application is not compatible with the new operating system and won’t migrate. A compatible version of the application is available.   | Update the application before upgrading.                                                             |
+| Fix available      | No                                | Reinstall application after upgrading                    | The application is compatible with the new operating system, but must be reinstalled after upgrading. The application is removed during the upgrade process.<br> | No action is required for the upgrade to proceed. Reinstall application on the new operating system. |
+| Fix available      | Yes                               | Blocking upgrade, but can be reinstalled after upgrading | The application is compatible with the new operating system, but won’t migrate.                                                                                    | Remove the application before upgrading and reinstall on the new operating system.<br>             |
+| Fix available      | Yes                               | Disk encryption blocking upgrade                         | The application’s encryption features are blocking the upgrade.                                                                                                    | Disable the encryption feature before upgrading and enable it again after upgrading.<br>           |
+
+## Review applications with no known issues
+
+Applications with no issues known to Microsoft are listed, grouped by upgrade decision.
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image7.png" width="197" height="336" />
+-->
+
+![Review applications with no known issues](images/upgrade-analytics-apps-no-known-issues.png)
+
+Applications with no known issues that are installed on 2% or less of your total computer inventory \[number of computers application is installed on/total number of computers in your inventory\] are automatically marked **Ready to upgrade** and included in the applications reviewed count. Applications with no known issues that are installed on more than 2% of your total computer inventory are automatically marked **Not reviewed**.
+
+Be sure to review low install count applications for any business critical or important applications that may not yet be upgrade-ready, despite their low installation rates. 
+
+To change an application's upgrade decision:
+
+1. Select **Decide upgrade readiness** to view applications with issues. Select **Table** to view the list in a table. 
+
+2. Select **User changes** to change the upgrade decision for each application.
+
+3. Select the applications you want to change to a specific upgrade decision and then then select the appropriate option from the **Select upgrade decision** list.
+
+4. Click **Save** when finished.  
+
+## Review drivers with known issues
+
+Drivers that won’t migrate to the new operating system are listed, grouped by availability.
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image8.png" width="197" height="316" />
+-->
+
+![Review drivers with known issues](images/upgrade-analytics-drivers-known.png)
+
+Availability categories are explained in the table below.
+
+| Driver availability   | Action required before or after upgrade? | What it means  | Guidance     |
+|-----------------------|------------------------------------------|----------------|--------------|
+| Available in-box                         | No, for awareness only                   | The currently installed version of an application or driver won’t migrate to the new operating system; however, a compatible version is installed with the new operating system.<br>                         | No action is required for the upgrade to proceed.                                                                                                                     |
+| Import from Windows Update               | Yes                                      | The currently installed version of a driver won’t migrate to the new operating system; however, a compatible version is available from Windows Update.<br>                                                   | If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading. <br> |
+| Available in-box and from Windows Update | Yes                                      | The currently installed version of a driver won’t migrate to the new operating system. <br><br>Although a new driver is installed during upgrade, a newer version is available from Windows Update. <br> | If the computer automatically receives updates from Windows Update, no action is required. Otherwise, import a new driver from Windows Update after upgrading. <br> |
+| Check with vendor                        | Yes                                      | The driver won’t migrate to the new operating system and we are unable to locate a compatible version. <br>                                                                                                  | Check with the independent hardware vendor (IHV) who manufactures the driver for a solution.                                                                          |
+
+To change a driver’s upgrade decision:
+
+1.  Select **Decide upgrade readiness** and then select the group of drivers you want to review. Select **Table** to view the list in a table.
+
+2.  Select **User changes** to enable user input.
+
+3.  Select the drivers you want to change to a specific upgrade decision and then select the appropriate option from the **Select upgrade decision** list.
+
+4.  Click **Save** when finished.
+
diff --git a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
index 0f66363610..1739910931 100644
--- a/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
+++ b/windows/deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md
@@ -4,6 +4,7 @@ description: The simplest path to upgrade PCs currently running Windows 7, Wind
 ms.assetid: F8DF6191-0DB0-4EF5-A9B1-6A11D5DE4878
 keywords: upgrade, update, task sequence, deploy
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: deploy
 author: mtniehaus
 ---
@@ -34,9 +35,9 @@ System Center 2012 R2 Configuration Manager SP1 adds support to manage and dep
 ## Create the task sequence
 
 
-To help with this process, the Configuration Manager team has published [a blog](http://go.microsoft.com/fwlink/p/?LinkId=620179) that provides a sample task sequence, as well as the [original blog that includes the instructions for setting up the task sequence](http://go.microsoft.com/fwlink/p/?LinkId=620180). To summarize, here are the tasks you need to perform:
+To help with this process, the Configuration Manager team has published [a blog](https://go.microsoft.com/fwlink/p/?LinkId=620179) that provides a sample task sequence, as well as the [original blog that includes the instructions for setting up the task sequence](https://go.microsoft.com/fwlink/p/?LinkId=620180). To summarize, here are the tasks you need to perform:
 
-1.  Download the [Windows10Upgrade1506.zip](http://go.microsoft.com/fwlink/p/?LinkId=620182) file that contains the sample task sequence and related scripts. Extract the contents onto a network share.
+1.  Download the [Windows10Upgrade1506.zip](https://go.microsoft.com/fwlink/p/?LinkId=620182) file that contains the sample task sequence and related scripts. Extract the contents onto a network share.
 2.  Copy the Windows 10 Enterprise RTM x64 media into the extracted but empty **Windows vNext Upgrade Media** folder.
 3.  Using the Configuration Manager Console, right-click the **Task Sequences** node, and then choose **Import Task Sequence**. Select the **Windows-vNextUpgradeExport.zip** file that you extracted in Step 1.
 4.  Distribute the two created packages (one contains the Windows 10 Enterprise x64 media, the other contains the related scripts) to the Configuration Manager distribution point.
@@ -111,7 +112,7 @@ After the task sequence finishes, the computer will be fully upgraded to Windows
 With the next release of System Center Configuration Manager (currently planned for Q4 of 2015), new built-in functionality will be provided to make it even easier to upgrade existing Windows 7, Windows 8, and Windows 8.1 PCs to Windows 10.
 
 **Note**  
-For more details about the next version of Configuration Manager, see the [Configuration Manager Team blog](http://go.microsoft.com/fwlink/p/?LinkId=620205). An [evaluation version is currently available](http://go.microsoft.com/fwlink/p/?LinkId=620206) for you to try. The instructions below are specific to the Technical Preview 2 release and may change after the next version of Configuration Manager is released.
+For more details about the next version of Configuration Manager, see the [Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620205). An [evaluation version is currently available](https://go.microsoft.com/fwlink/p/?LinkId=620206) for you to try. The instructions below are specific to the Technical Preview 2 release and may change after the next version of Configuration Manager is released.
 
  
 
@@ -199,7 +200,7 @@ After the task sequence completes, the computer will be fully upgraded to Window
 
 [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
 
-[Configuration Manager Team blog](http://go.microsoft.com/fwlink/p/?LinkId=620109)
+[Configuration Manager Team blog](https://go.microsoft.com/fwlink/p/?LinkId=620109)
 
  
 
diff --git a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
index 18dfaf7fdf..a57de8573f 100644
--- a/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -5,6 +5,7 @@ ms.assetid: B8993151-3C1E-4F22-93F4-2C5F2771A460
 keywords: upgrade, update, task sequence, deploy
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -100,5 +101,5 @@ After the task sequence completes, the computer will be fully upgraded to Window
 
 [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)
 
-[Microsoft Deployment Toolkit downloads and resources](http://go.microsoft.com/fwlink/p/?LinkId=618117)
+[Microsoft Deployment Toolkit downloads and resources](https://go.microsoft.com/fwlink/p/?LinkId=618117)
  
\ No newline at end of file
diff --git a/windows/deploy/upgrade-windows-phone-8-1-to-10.md b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
index f79c20d4ba..8270ef2a4e 100644
--- a/windows/deploy/upgrade-windows-phone-8-1-to-10.md
+++ b/windows/deploy/upgrade-windows-phone-8-1-to-10.md
@@ -4,6 +4,7 @@ description: This article describes how to upgrade eligible Windows Phone 8.1 de
 keywords: upgrade, update, windows, phone, windows 10, mdm, mobile
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: Jamiejdt
diff --git a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
index 64e70ced04..65fb7d646b 100644
--- a/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
+++ b/windows/deploy/use-orchestrator-runbooks-with-mdt-2013.md
@@ -5,6 +5,7 @@ ms.assetid: 68302780-1f6f-4a9c-9407-b14371fdce3f
 keywords: web services, database
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mdt
 author: mtniehaus
@@ -16,7 +17,7 @@ This topic will show you how to integrate Microsoft System Center 2012 R2 Orches
 MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required.
 
 **Note**  
-If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](http://go.microsoft.com/fwlink/p/?LinkId=619553) website.
+If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website.
  
 ## <a href="" id="sec01"></a>Orchestrator terminology
 
@@ -30,7 +31,7 @@ Before diving into the core details, here is a quick course in Orchestrator term
 -   **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few.
 
 **Note**  
-To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](http://go.microsoft.com/fwlink/p/?LinkId=619554).
+To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](https://go.microsoft.com/fwlink/p/?LinkId=619554).
  
 ## <a href="" id="sec02"></a>Create a sample runbook
 
@@ -135,10 +136,11 @@ Figure 31. The ready-made task sequence.
 
 Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment.
 **Note**  
-Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](http://go.microsoft.com/fwlink/p/?LinkId=619555).
+Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](https://go.microsoft.com/fwlink/p/?LinkId=619555).
  
 1.  On PC0001, log on as **CONTOSO\\MDT\_BA**.
 2.  Using an elevated command prompt (run as Administrator), type the following command:
+
     ``` syntax
     cscript \\MDT01\MDTProduction$\Scripts\Litetouch.vbs
     ```
diff --git a/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
index 32208d3e25..38ae49c0e7 100644
--- a/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
+++ b/windows/deploy/use-the-mdt-database-to-stage-windows-10-deployment-information.md
@@ -6,6 +6,7 @@ ms.pagetype: mdt
 keywords: database, permissions, settings, configure, deploy
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
diff --git a/windows/deploy/use-the-volume-activation-management-tool-client.md b/windows/deploy/use-the-volume-activation-management-tool-client.md
index 1e4f5c32b2..e6b415238b 100644
--- a/windows/deploy/use-the-volume-activation-management-tool-client.md
+++ b/windows/deploy/use-the-volume-activation-management-tool-client.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Use the Volume Activation Management Tool
@@ -22,14 +23,14 @@ author: jdeckerMS
 -   Windows Server 2008 R2
 
 **Looking for retail activation?**
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys.
 
 By using the VAMT, you can automate and centrally manage the volume, retail, and MAK activation process for Windows, Office, and select other Microsoft products. The VAMT can manage volume activation by using MAKs or KMS. It is a standard Microsoft Management Console snap-in, and it can be 
 installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2.
 
-The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526740).
+The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740).
 
 In Windows Server 2012 R2, you can install the VAMT directly from Server Manager without downloading the Windows ADK by selecting the Volume Activation Services role or the Remote Server Administration Tools/Role Administration Tools/Volume Activation Tools feature.
 
@@ -64,8 +65,8 @@ The VAMT stores information in a Microsoft SQL Server database for performance
 -   **Managing activation data**. The VAMT stores activation data in a SQL Server database. The tool can export this data in XML format to other VAMT hosts or to an archive.
 
 For more information, see:
--   [Volume Activation Management Tool (VAMT) Overview](http://go.microsoft.com/fwlink/p/?LinkId=618266)
--   [VAMT Step-by-Step Scenarios](http://go.microsoft.com/fwlink/p/?LinkId=618267)
+-   [Volume Activation Management Tool (VAMT) Overview](https://go.microsoft.com/fwlink/p/?LinkId=618266)
+-   [VAMT Step-by-Step Scenarios](https://go.microsoft.com/fwlink/p/?LinkId=618267)
 
 ## See also
 -   [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md b/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md
new file mode 100644
index 0000000000..0f14199f76
--- /dev/null
+++ b/windows/deploy/use-upgrade-analytics-to-manage-windows-upgrades.md
@@ -0,0 +1,26 @@
+---
+title: Use Upgrade Analytics to manage Windows upgrades (Windows 10)
+description: Describes how to use Upgrade Analytics to manage Windows upgrades.
+ms.prod: w10
+author: MaggiePucciEvans
+---
+
+# Use Upgrade Analytics to manage Windows upgrades
+
+This topic explains how to use the Upgrade Analytics solution to plan, manage, and deploy Windows upgrades.
+
+Based on telemetry data from user computers, Upgrade Analytics identifies application and driver compatibility issues that may block Windows upgrades, allowing you to make data-driven decisions about your organization’s upgrade readiness.
+
+You and your IT team can use the Upgrade Analytics workflow to prioritize and work through application and driver issues, assign and track issue resolution status, and identify computers that are ready to upgrade. You can then export the list of upgrade-ready computers and start deploying Windows with confidence, knowing that you’ve addressed potential blocking issues.
+
+Information is refreshed daily so you can monitor upgrade progress. Any changes your team makes, such as assigning application importance and marking applications as ready to upgrade, are reflected 24 hours after you make them.
+
+The Upgrade Analytics workflow gives you compatibility and usage information about computers, applications, and drivers and walks you through these high-level tasks. Each task is described in more detail in the topics that follow.
+
+1.  [Preparing your environment](upgrade-analytics-prepare-your-environment.md)
+
+2.  [Resolving application and driver issues](upgrade-analytics-resolve-issues.md)
+
+3.  [Identifying computers that are upgrade ready](upgrade-analytics-deploy-windows.md)
+
+
diff --git a/windows/deploy/use-vamt-in-windows-powershell.md b/windows/deploy/use-vamt-in-windows-powershell.md
index 01de72d0a6..3d285f1e56 100644
--- a/windows/deploy/use-vamt-in-windows-powershell.md
+++ b/windows/deploy/use-vamt-in-windows-powershell.md
@@ -13,7 +13,7 @@ author: jdeckerMS
 
 The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to perform the same functions as the Vamt.exe command-line tool.
 **To install PowerShell 3.0**
--   VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](http://go.microsoft.com/fwlink/p/?LinkId=218356).
+-   VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](https://go.microsoft.com/fwlink/p/?LinkId=218356).
 **To install the Windows Assessment and Deployment Kit**
 -   In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK).
 **To prepare the VAMT PowerShell environment**
@@ -48,7 +48,7 @@ get-help get-VamtProduct -all
 ```
 
 **Warning**  
-The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](http://go.microsoft.com/fwlink/p/?LinkId=242278).
+The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](https://go.microsoft.com/fwlink/p/?LinkId=242278).
 
 **To view VAMT PowerShell Help sections**
 
diff --git a/windows/deploy/use-web-services-in-mdt-2013.md b/windows/deploy/use-web-services-in-mdt-2013.md
index 1d8755df14..33f1c9a3a7 100644
--- a/windows/deploy/use-web-services-in-mdt-2013.md
+++ b/windows/deploy/use-web-services-in-mdt-2013.md
@@ -5,6 +5,7 @@ ms.assetid: 8f47535e-0551-4ccb-8f02-bb97539c6522
 keywords: deploy, web apps
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.pagetype: mdt
 ms.sitesec: library
 author: mtniehaus
@@ -17,7 +18,7 @@ Using a web service in MDT is straightforward, but it does require that you have
 
 ## <a href="" id="sec01"></a>Create a sample web service
 
-In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](http://go.microsoft.com/fwlink/p/?LinkId=619363) from the Microsoft Download Center and extracted it to C:\\Projects.
+In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://go.microsoft.com/fwlink/p/?LinkId=619363) from the Microsoft Download Center and extracted it to C:\\Projects.
 1.  On PC0001, using Visual Studio Express 2013 for Web, open the C:\\Projects\\MDTSample\\ MDTSample.sln solution file.
 2.  On the ribbon bar, verify that Release is selected.
 3.  In the **Debug** menu, select the **Build MDTSample** action.
diff --git a/windows/deploy/usmt-best-practices.md b/windows/deploy/usmt-best-practices.md
index 8da6b08353..6e06f8c3d9 100644
--- a/windows/deploy/usmt-best-practices.md
+++ b/windows/deploy/usmt-best-practices.md
@@ -42,7 +42,7 @@ This topic discusses general and security-related best practices when using User
 
 -   **Chkdsk.exe**
 
-    We recommend that you run Chkdsk.exe before running the ScanState and LoadState tools. Chkdsk.exe creates a status report for a hard disk drive and lists and corrects common errors. For more information about the Chkdsk.exe tool, see [Chkdsk](http://go.microsoft.com/fwlink/p/?LinkId=140244).
+    We recommend that you run Chkdsk.exe before running the ScanState and LoadState tools. Chkdsk.exe creates a status report for a hard disk drive and lists and corrects common errors. For more information about the Chkdsk.exe tool, see [Chkdsk](https://go.microsoft.com/fwlink/p/?LinkId=140244).
 
 -   **Migrate in groups**
 
@@ -55,7 +55,7 @@ As the authorized administrator, it is your responsibility to protect the privac
 
 -   **Encrypting File System (EFS)**
 
-    Take extreme caution when migrating encrypted files, because the end user does not need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For more information about EFS best practices, see this article in the [Microsoft Knowledge Base](http://go.microsoft.com/fwlink/p/?linkid=163). For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
+    Take extreme caution when migrating encrypted files, because the end user does not need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For more information about EFS best practices, see this article in the [Microsoft Knowledge Base](https://go.microsoft.com/fwlink/p/?linkid=163). For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
 
     **Important**  
     If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration.
@@ -72,7 +72,7 @@ As the authorized administrator, it is your responsibility to protect the privac
 
 -   **Maintain security of the file server and the deployment server**
 
-    We recommend that you manage the security of the file and deployment servers. It is important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files is not exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](http://go.microsoft.com/fwlink/p/?LinkId=215657).
+    We recommend that you manage the security of the file and deployment servers. It is important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files is not exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://go.microsoft.com/fwlink/p/?LinkId=215657).
 
 -   **Password Migration**
 
diff --git a/windows/deploy/usmt-common-issues.md b/windows/deploy/usmt-common-issues.md
index 88980d6d7b..118d52b056 100644
--- a/windows/deploy/usmt-common-issues.md
+++ b/windows/deploy/usmt-common-issues.md
@@ -165,7 +165,7 @@ The following sections describe common XML file problems. Expand the section to
 
 ### I am having problems with a custom .xml file that I authored, and I cannot verify that the syntax is correct.
 
-**Resolution:** You can load the XML schema (MigXML.xsd), included with USMT, into your XML authoring tool. For examples, see the [Visual Studio Development Center](http://go.microsoft.com/fwlink/p/?LinkId=74513). Then, load your .xml file in the authoring tool to see if there is a syntax error. In addition, see [USMT XML Reference](usmt-xml-reference.md) for more information about using the XML elements.
+**Resolution:** You can load the XML schema (MigXML.xsd), included with USMT, into your XML authoring tool. For examples, see the [Visual Studio Development Center](https://go.microsoft.com/fwlink/p/?LinkId=74513). Then, load your .xml file in the authoring tool to see if there is a syntax error. In addition, see [USMT XML Reference](usmt-xml-reference.md) for more information about using the XML elements.
 
 ### <a href="" id="i-am-using-a-migxml-helper-function--but-the-migration-isn-t-working-the-way-i-expected-it-to---how-do-i-troubleshoot-this-issue-"></a>I am using a MigXML helper function, but the migration isn’t working the way I expected it to.  How do I troubleshoot this issue?
 
@@ -251,7 +251,7 @@ Scanstate /ui:S1-5-21-124525095-708259637-1543119021*
 
 The wild card (\*) at the end of the SID will migrate the *SID*\_Classes key as well.
 
-You can also use patterns for SIDs that identify generic users or groups. For example, you can use the */ue:\*-500* option to exclude the local administrator accounts. For more information about Windows SIDs, see [this Microsoft Web site](http://go.microsoft.com/fwlink/p/?LinkId=190277).
+You can also use patterns for SIDs that identify generic users or groups. For example, you can use the */ue:\*-500* option to exclude the local administrator accounts. For more information about Windows SIDs, see [this Microsoft Web site](https://go.microsoft.com/fwlink/p/?LinkId=190277).
 
 ### My script to wipe the disk fails after running the ScanState tool on a 64-bit system.
 
diff --git a/windows/deploy/usmt-hard-link-migration-store.md b/windows/deploy/usmt-hard-link-migration-store.md
index e65487a0bd..699fe76632 100644
--- a/windows/deploy/usmt-hard-link-migration-store.md
+++ b/windows/deploy/usmt-hard-link-migration-store.md
@@ -67,7 +67,7 @@ A hard link can only be created for a file on the same volume. If you copy a har
 
  
 
-For more information about hard links, please see [Hard Links and Junctions](http://go.microsoft.com/fwlink/p/?LinkId=132934)
+For more information about hard links, please see [Hard Links and Junctions](https://go.microsoft.com/fwlink/p/?LinkId=132934)
 
 In most aspects, a hard-link migration store is identical to an uncompressed migration store. It is located where specified by the Scanstate command-line tool and you can view the contents of the store by using Windows® Explorer. Once created, it can be deleted or copied to another location without changing user state. Restoring a hard-link migration store is similar to restoring any other migration store; however, as with creating the store, the same hard-link functionality is used to keep files in-place.
 
diff --git a/windows/deploy/usmt-overview.md b/windows/deploy/usmt-overview.md
index 928044a3cf..9f6a18384a 100644
--- a/windows/deploy/usmt-overview.md
+++ b/windows/deploy/usmt-overview.md
@@ -35,7 +35,7 @@ USMT provides the following benefits to businesses that are deploying Windows op
 -   Increases employee satisfaction with the migration experience.
 
 ## Limitations
-USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [Windows Easy Transfer](http://go.microsoft.com/fwlink/p/?LinkId=140248).
+USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [Windows Easy Transfer](https://go.microsoft.com/fwlink/p/?LinkId=140248).
 
 There are some scenarios in which the use of USMT is not recommended. These include:
 
diff --git a/windows/deploy/usmt-resources.md b/windows/deploy/usmt-resources.md
index cc268ff816..e77c799af7 100644
--- a/windows/deploy/usmt-resources.md
+++ b/windows/deploy/usmt-resources.md
@@ -22,13 +22,13 @@ author: greg-lindsay
 
         For more information about how to use the schema with your XML authoring environment, see the environment’s documentation.
 
--   [Ask the Directory Services Team blog](http://go.microsoft.com/fwlink/p/?LinkId=226365)
+-   [Ask the Directory Services Team blog](https://go.microsoft.com/fwlink/p/?LinkId=226365)
 
 -   Forums:
 
-    -   [Microsoft Deployment Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=226386)
+    -   [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=226386)
 
-    -   [Configuration Manager Operating System Deployment](http://go.microsoft.com/fwlink/p/?LinkId=226388)
+    -   [Configuration Manager Operating System Deployment](https://go.microsoft.com/fwlink/p/?LinkId=226388)
 
 ## Related topics
 
diff --git a/windows/deploy/usmt-return-codes.md b/windows/deploy/usmt-return-codes.md
index 365b49b5c7..001654314d 100644
--- a/windows/deploy/usmt-return-codes.md
+++ b/windows/deploy/usmt-return-codes.md
@@ -48,7 +48,7 @@ As a best practice, we recommend that you set verbosity level to 5, **/v***:5*,
 
 Error messages provide more detailed information about the migration problem than the associated return code. For example, the **ScanState**, **LoadState**, or **USMTUtils** tool might return a code of "11” (for “USMT\_INVALID\_PARAMETERS") and a related error message that reads "/key and /keyfile both specified". The error message is displayed at the command prompt and is identified in the **ScanState**, **LoadState**, or **USMTUtils** log files to help you determine why the return code was received.
 
-You can obtain more information about any listed Windows application programming interface (API) system error codes by typing **net helpmsg** on the command line and, then typing the error code number. For more information about System Error Codes, see [this Microsoft Web site](http://go.microsoft.com/fwlink/p/?LinkId=147060).
+You can obtain more information about any listed Windows application programming interface (API) system error codes by typing **net helpmsg** on the command line and, then typing the error code number. For more information about System Error Codes, see [this Microsoft Web site](https://go.microsoft.com/fwlink/p/?LinkId=147060).
 
 ## <a href="" id="bkmk-tscodeserrors"></a>Troubleshooting Return Codes and Error Messages
 
diff --git a/windows/deploy/usmt-technical-reference.md b/windows/deploy/usmt-technical-reference.md
index 17380ccbb3..c3d796217c 100644
--- a/windows/deploy/usmt-technical-reference.md
+++ b/windows/deploy/usmt-technical-reference.md
@@ -1,6 +1,6 @@
 ---
 title: User State Migration Tool (USMT) Technical Reference (Windows 10)
-description: The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals.
+description: The User State Migration Tool (USMT) is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals.
 ms.assetid: f90bf58b-5529-4520-a9f8-b6cb4e4d3add
 ms.prod: w10
 ms.mktglfcycl: deploy
@@ -9,31 +9,29 @@ author: greg-lindsay
 ---
 
 # User State Migration Tool (USMT) Technical Reference
-The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals.
+The User State Migration Tool (USMT) is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals.
 
-Download the Windows ADK [from this website](http://go.microsoft.com/fwlink/p/?LinkID=526803).
+Download the Windows ADK [from this website](https://go.microsoft.com/fwlink/p/?LinkID=526803).
 
-**Note**: USMT version 10.1.10586 supports migration of user settings for installations of Microsoft Office 2003, 2007, 2010, and 2013.
+**USMT support for Microsoft Office**
+>USMT in the Windows ADK for Windows 10, version 1511 (10.1.10586.0) supports migration of user settings for installations of Microsoft Office 2003, 2007, 2010, and 2013.<BR>
+>USMT in the Windows ADK for Windows 10, version 1607 (10.1.14393.0) adds support for migration of user settings for installations of Microsoft Office 2016.
 
-USMT 10.0 includes three command-line tools:
-
--   ScanState.exe
-
--   LoadState.exe
+USMT includes three command-line tools:
 
+-   ScanState.exe<BR>
+-   LoadState.exe<BR>
 -   UsmtUtils.exe
 
-USMT 10.0 also includes a set of three modifiable .xml files:
-
--   MigApp.xml
-
--   MigDocs.xml
+USMT also includes a set of three modifiable .xml files:
 
+-   MigApp.xml<BR>
+-   MigDocs.xml<BR>
 -   MigUser.xml
 
 Additionally, you can create custom .xml files to support your migration needs. You can also create a Config.xml file to specify files or settings to exclude from the migration.
 
-USMT 10.0 tools can be used on several versions of Windows operating systems, for more information, see [USMT Requirements](usmt-requirements.md). For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User’s Guide](http://go.microsoft.com/fwlink/p/?LinkId=246564).
+USMT tools can be used on several versions of Windows operating systems, for more information, see [USMT Requirements](usmt-requirements.md). For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User’s Guide](https://go.microsoft.com/fwlink/p/?LinkId=246564).
 
 ## In This Section
 |Topic |Description|
diff --git a/windows/deploy/usmt-test-your-migration.md b/windows/deploy/usmt-test-your-migration.md
index e460f17de8..39297b3207 100644
--- a/windows/deploy/usmt-test-your-migration.md
+++ b/windows/deploy/usmt-test-your-migration.md
@@ -24,7 +24,7 @@ Running the ScanState and LoadState tools with the **/v***:5* option creates a d
 
  
 
-After you have determined that the pilot migration successfully migrated the specified files and settings, you are ready to add USMT to the server that is running Microsoft® System Center Configuration Manager (SCCM), or a non-Microsoft management technology. For more information, see [Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=140246).
+After you have determined that the pilot migration successfully migrated the specified files and settings, you are ready to add USMT to the server that is running Microsoft® System Center Configuration Manager (SCCM), or a non-Microsoft management technology. For more information, see [Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=140246).
 
 **Note**  
 For testing purposes, you can create an uncompressed store using the **/hardlink /nocompress** option. When compression is disabled, the ScanState tool saves the files and settings to a hidden folder named "File" at *StorePath*\\USMT. You can use the uncompressed store to view what USMT has stored or to troubleshoot a problem, or you can run an antivirus utility against the files. Additionally, you can also use the **/listfiles** command-line option and the diagnostic log to list the files that were gathered and to troubleshoot problems with your migration.
diff --git a/windows/deploy/usmt-xml-elements-library.md b/windows/deploy/usmt-xml-elements-library.md
index f4f412fc2a..4257b3e9d6 100644
--- a/windows/deploy/usmt-xml-elements-library.md
+++ b/windows/deploy/usmt-xml-elements-library.md
@@ -3056,7 +3056,7 @@ Syntax:
 <tr class="odd">
 <td align="left"><p>urlid</p></td>
 <td align="left"><p>Yes</p></td>
-<td align="left"><p><em>UrlID</em> is a string identifier that uniquely identifies this .xml file. This parameter must be a no-colon-name as defined by the XML Namespaces specification. Each migration .xml file must have a unique urlid. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. For more information about XML Namespaces, see [Use XML Namespaces](http://go.microsoft.com/fwlink/p/?LinkId=220938).</p></td>
+<td align="left"><p><em>UrlID</em> is a string identifier that uniquely identifies this .xml file. This parameter must be a no-colon-name as defined by the XML Namespaces specification. Each migration .xml file must have a unique urlid. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. For more information about XML Namespaces, see [Use XML Namespaces](https://go.microsoft.com/fwlink/p/?LinkId=220938).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Name</p></td>
@@ -3945,7 +3945,7 @@ The following scripts have no return value. You can use the following errors wit
          </processing>
     ```
 
--   **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see [this Microsoft Web site](http://go.microsoft.com/fwlink/p/?LinkId=267898).
+-   **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see [this Microsoft Web site](https://go.microsoft.com/fwlink/p/?LinkId=267898).
 
 -   **StopService (ServiceName)**. Stops the service that is identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service.
 
diff --git a/windows/deploy/vamt-known-issues.md b/windows/deploy/vamt-known-issues.md
index 4aa2185e8f..2e9ac12d08 100644
--- a/windows/deploy/vamt-known-issues.md
+++ b/windows/deploy/vamt-known-issues.md
@@ -13,7 +13,7 @@ author: jdeckerMS
 
 The following list contains the current known issues with the Volume Activation Management Tool (VAMT) 3.0.
 -   The VAMT Windows Management Infrastructure (WMI) remote operations may take longer to execute if the target computer is in a sleep or standby state.
--   Recovery of Non-Genuine computers is a two-step process. VAMT can be used to install a new product key and activate the computer. However, the computer itself must visit the [Windows Genuine Advantage](http://go.microsoft.com/fwlink/p/?linkid=182914) Web site to revalidate the computer's Genuine status. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering Non-Genuine Windows computers, go to [Windows Volume Activation](http://go.microsoft.com/fwlink/p/?linkid=184668).
+-   Recovery of Non-Genuine computers is a two-step process. VAMT can be used to install a new product key and activate the computer. However, the computer itself must visit the [Windows Genuine Advantage](https://go.microsoft.com/fwlink/p/?linkid=182914) Web site to revalidate the computer's Genuine status. Upon successfully completing this step, the computer will be restored to full functionality. For more information on recovering Non-Genuine Windows computers, go to [Windows Volume Activation](https://go.microsoft.com/fwlink/p/?linkid=184668).
 -   When opening a Computer Information List (.cil file) saved in a previous version of VAMT, the edition information is not shown for each product in the center pane. Users must update the product status again to obtain the edition information.
 -   The remaining activation count can only be retrieved for MAKs.
  
diff --git a/windows/deploy/vamt-requirements.md b/windows/deploy/vamt-requirements.md
index 06a8615669..99379424ef 100644
--- a/windows/deploy/vamt-requirements.md
+++ b/windows/deploy/vamt-requirements.md
@@ -19,7 +19,7 @@ The Volume Activation Management Tool (VAMT) can be used to perform activations
 
 |Product key type |Where to obtain |
 |-----------------|----------------|
-|<ul><li>Multiple Activation Key (MAK)</li><li>Key Management Service (KMS) host key (CSVLK)</li><li>KMS client setup keys (GVLK)</li></ul> |Volume licensing keys can only be obtained with a signed contract from Microsoft. For more info, see the [Microsoft Volume Licensing portal](http://go.microsoft.com/fwlink/p/?LinkId=227282). |
+|<ul><li>Multiple Activation Key (MAK)</li><li>Key Management Service (KMS) host key (CSVLK)</li><li>KMS client setup keys (GVLK)</li></ul> |Volume licensing keys can only be obtained with a signed contract from Microsoft. For more info, see the [Microsoft Volume Licensing portal](https://go.microsoft.com/fwlink/p/?LinkId=227282). |
 |Retail product keys |Obtained at time of product purchase. |
 
 ## System Requirements
@@ -36,7 +36,7 @@ The following table lists the system requirements for the VAMT host computer.
 |Network |Connectivity to remote computers via Windows® Management Instrumentation (TCP/IP) and Microsoft® Activation Web Service on the Internet via HTTPS |
 |Operating System |Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, or Windows Server 2012. |
 |Additional Requirements |<ul><li>Connection to a SQL Server database. For more info, see [Install VAMT](install-vamt.md).</li><li>PowerShell 3.0: For Windows 8, Windows 8.1, Windows 10, and Windows Server® 2012, PowerShell is included in the installation. For previous versions of Windows and 
-Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](http://go.microsoft.com/fwlink/p/?LinkId=218356).</li><li>If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.</li></ul> |
+Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](https://go.microsoft.com/fwlink/p/?LinkId=218356).</li><li>If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.</li></ul> |
 
 ## Related topics
 - [Install and Configure VAMT](install-configure-vamt.md)
diff --git a/windows/deploy/volume-activation-windows-10.md b/windows/deploy/volume-activation-windows-10.md
index eda56e2651..2ed015e7ba 100644
--- a/windows/deploy/volume-activation-windows-10.md
+++ b/windows/deploy/volume-activation-windows-10.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: activation
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Volume Activation for Windows 10
@@ -22,10 +23,10 @@ author: jdeckerMS
 -   Windows Server 2008 R2
 
 **Looking for volume licensing information?**
--   [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](http://go.microsoft.com/fwlink/p/?LinkId=620104)
+-   [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://go.microsoft.com/fwlink/p/?LinkId=620104)
 
 **Looking for retail activation?**
--   [Get Help Activating Microsoft Windows](http://go.microsoft.com/fwlink/p/?LinkId=618644)
+-   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows.
 *Volume activation* is the process that Microsoft volume licensing customers use to automate and manage the activation of Windows operating systems, Microsoft Office, and other Microsoft products across large organizations. Volume licensing is available to customers who purchase software under various volume programs (such as Open and Select) and to participants in programs such as the Microsoft Partner Program and MSDN Subscriptions.
@@ -37,9 +38,9 @@ This guide provides information and step-by-step guidance to help you choose a v
 Because most organizations will not immediately switch all computers to Windows 10, practical volume activation strategies must also take in to account how to work with the Windows 8, Windows 7, Windows Server 2012, and Windows Server 2008 R2Windows Server 2008 R2 operating systems. This guide 
 discusses how the new volume activation tools can support earlier operating systems, but it does not discuss the tools that are provided with earlier operating system versions.
 
-Volume activation—and the need for activation itself—is not new, and this guide does not review all of its concepts and history. You can find additional background in the appendices of this guide. For more information, see [Volume Activation Overview](http://go.microsoft.com/fwlink/p/?LinkId=618209) in the TechNet Library.
+Volume activation—and the need for activation itself—is not new, and this guide does not review all of its concepts and history. You can find additional background in the appendices of this guide. For more information, see [Volume Activation Overview](https://go.microsoft.com/fwlink/p/?LinkId=618209) in the TechNet Library.
 
-If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, please see the [Volume Activation Planning Guide for Windows 7](http://go.microsoft.com/fwlink/p/?LinkId=618210).
+If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, please see the [Volume Activation Planning Guide for Windows 7](https://go.microsoft.com/fwlink/p/?LinkId=618210).
 
 To successfully plan and implement a volume activation strategy, you must:
 -   Learn about and understand product activation.
diff --git a/windows/deploy/windows-10-deployment-scenarios.md b/windows/deploy/windows-10-deployment-scenarios.md
index e76d648bb0..b33db65cc8 100644
--- a/windows/deploy/windows-10-deployment-scenarios.md
+++ b/windows/deploy/windows-10-deployment-scenarios.md
@@ -5,6 +5,7 @@ ms.assetid: 7A29D546-52CC-482C-8870-8123C7DC04B5
 keywords: upgrade, in-place, configuration, deploy
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
@@ -59,7 +60,7 @@ There are two primary dynamic provisioning scenarios:
 
 -   **Azure Active Directory (Azure AD) Join with automatic mobile device management (MDM) enrollment.** In this scenario, the organization member just needs to provide their work or school user ID and password; the device can then be automatically joined to Azure Active Directory and enrolled in a mobile device management (MDM) solution with no additional user interaction. Once done, the MDM solution can finish configuring the device as needed.
 
--   **Provisioning package configuration.** Using the [Windows Imaging and Configuration Designer (ICD)](http://go.microsoft.com/fwlink/p/?LinkId=619358), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a machine. These packages can then be deployed to new PCs through a variety of means, typically by IT professionals. For more information, see [Configure devices without MDM](../manage/configure-devices-without-mdm.md).
+-   **Provisioning package configuration.** Using the [Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/p/?LinkId=619358), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a machine. These packages can then be deployed to new PCs through a variety of means, typically by IT professionals. For more information, see [Configure devices without MDM](../manage/configure-devices-without-mdm.md).
 
 Either way, these scenarios can be used to enable “choose your own device” (CYOD) programs where the organization’s users can pick their own PC and not be restricted to a small list of approved or certified models (programs that are difficult to implement using traditional deployment scenarios).
 
@@ -126,8 +127,8 @@ The deployment process for the replace scenario is as follows:
 ## Related topics
 - [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
 - [Upgrade to Windows 10 with System Center Configuration Manager](upgrade-to-windows-10-with-system-center-configuraton-manager.md)
-- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=620230)
+- [Deploy Windows 10 with System Center 2012 R2 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=620230)
 - [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md)
-- [Windows setup technical reference](http://go.microsoft.com/fwlink/p/?LinkId=619357)
-- [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=619358)
-- [UEFI firmware](http://go.microsoft.com/fwlink/p/?LinkId=619359)
\ No newline at end of file
+- [Windows setup technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619357)
+- [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=619358)
+- [UEFI firmware](https://go.microsoft.com/fwlink/p/?LinkId=619359)
\ No newline at end of file
diff --git a/windows/deploy/windows-10-edition-upgrades.md b/windows/deploy/windows-10-edition-upgrades.md
index cbc6ee73c5..5a17250306 100644
--- a/windows/deploy/windows-10-edition-upgrades.md
+++ b/windows/deploy/windows-10-edition-upgrades.md
@@ -4,6 +4,7 @@ description: With Windows 10, you can quickly upgrade from one edition of Windo
 ms.assetid: A7642E90-A3E7-4A25-8044-C4E402DC462A
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 ms.pagetype: mobile
 author: greg-lindsay
@@ -15,33 +16,38 @@ author: greg-lindsay
 -   Windows 10
 -   Windows 10 Mobile
 
-With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](http://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md).
+With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported. For information on what edition of Windows 10 is right for you, see [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkID=690882). For a comprehensive list of all possible upgrade paths to Windows 10, see [Windows 10 upgrade paths](windows-10-upgrade-paths.md).
+
+The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer. **Note**: The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607. 
+
+X = unsupported <BR>
+✔ (green) = supported; reboot required<BR>
+✔ (blue) = supported; no reboot required. 
 
-The following table shows the methods and paths available to change the edition of Windows 10 that is running on your computer.
 
 |Method |Home > Pro |Home > Education |Pro > Education |Pro > Enterprise |Ent > Education |Mobile > Mobile Enterprise |
 |-------|-----------|-----------------|----------------|-----------------|----------------|--------|
-| Using mobile device management (MDM) |![unsupported](images/x_blk.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |
-| Using a provisioning package |![unsupported](images/x_blk.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |
-| Using a command-line tool |![unsupported](images/x_blk.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![unsupported](images/x_blk.png) |
-| Entering a product key manually |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![unsupported](images/x_blk.png) |
+| Using mobile device management (MDM) |![unsupported](images/x_blk.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_blu.png) |![supported](images/check_grn.png) |![supported](images/check_blu.png) |
+| Using a provisioning package |![unsupported](images/x_blk.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_blu.png) |
+| Using a command-line tool |![unsupported](images/x_blk.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_blu.png) |![supported](images/check_grn.png) |![unsupported](images/x_blk.png) |
+| Entering a product key manually |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_grn.png) |![supported](images/check_blu.png) |![supported](images/check_grn.png) |![unsupported](images/x_blk.png) |
 | Purchasing a license from the Windows Store |![supported](images/check_grn.png) |![unsupported](images/x_blk.png) |![unsupported](images/x_blk.png) |![unsupported](images/x_blk.png) |![unsupported](images/x_blk.png) |![unsupported](images/x_blk.png) |
 
-**Note**<br>Each desktop edition in the table also has an N and KN edition. These editions have had media-related functionality removed. Devices with N or KN editions installed can be upgraded to corresponding N or KN editions using the same methods.
+>**Note**: Each desktop edition in the table also has an N and KN edition. These editions have had media-related functionality removed. Devices with N or KN editions installed can be upgraded to corresponding N or KN editions using the same methods.
 
 ## Upgrade using mobile device management (MDM)
-- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](http://go.microsoft.com/fwlink/p/?LinkID=690907).
+- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
 
-- To upgrade mobile editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithLicense** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](http://go.microsoft.com/fwlink/p/?LinkID=690907).
+- To upgrade mobile editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithLicense** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkID=690907).
 
 ## Upgrade using a provisioning package
-The Windows Imaging and Configuration Designer (ICD) tool is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+The Windows Imaging and Configuration Designer (ICD) tool is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740)
 
 - To use Windows ICD to create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
 
 - To use Windows ICD to create a provisioning package for upgrading mobile editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithLicense** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
 
-For more info on creating and applying a provisioning package using Windows ICD, see [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=533700).
+For more info on creating and applying a provisioning package using Windows ICD, see [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=533700).
 
 ## Upgrade using a command-line tool
 You can run the changepk.exe command-line tool to upgrade devices to a supported edition of Windows 10:
diff --git a/windows/deploy/windows-10-enterprise-e3-overview.md b/windows/deploy/windows-10-enterprise-e3-overview.md
new file mode 100644
index 0000000000..c3861f8fe5
--- /dev/null
+++ b/windows/deploy/windows-10-enterprise-e3-overview.md
@@ -0,0 +1,396 @@
+---
+title: Windows 10 Enterprise E3 in CSP Overview
+description: Describes Windows 10 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10 Enterprise edition.
+keywords: upgrade, update, task sequence, deploy
+ms.prod: w10
+ms.mktglfcycl: deploy
+localizationpriority: high
+ms.sitesec: library
+ms.pagetype: mdt
+author: greg-lindsay
+---
+
+# Windows 10 Enterprise E3 in CSP Overview
+
+Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. Windows 10 Enterprise E3 in CSP is a new offering that delivers, by subscription, exclusive features reserved for Windows 10 Enterprise edition. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
+
+-   Windows 10 Pro, version 1607 (also known as Windows 10 Anniversary Update) or later installed on the devices to be upgraded
+
+-   Azure Active Directory (Azure AD) available for identity management
+
+Starting with Windows 10, version 1607 (Windows 10 Anniversary Update), you can move from Windows 10 Pro to Windows 10 Enterprise more easily than ever before—no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise and all the appropriate Windows 10 Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Windows 10 Enterprise device seamlessly steps back down to Windows 10 Pro.
+
+Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise to their users. Now, with Windows 10 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Windows 10 Enterprise features.
+
+When you purchase Windows 10 Enterprise E3 via a partner, you get the following benefits:
+
+-   **Windows 10 Enterprise edition**. Devices currently running Windows 10 Pro, version 1607 can get Windows 10 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit does not include Long Term Service Branch (LTSB).
+
+-   **Support from one to hundreds of users**. Although the Windows 10 Enterprise E3 in CSP program does not have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
+
+-   **Deploy on up to five devices**. For each user covered by the license, you can deploy Windows 10 Enterprise edition on up to five devices.
+
+-   **Roll back to Windows 10 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10 Enterprise device reverts seamlessly to Windows 10 Pro edition (after a grace period of up to 90 days).
+
+-   **Monthly, per-user pricing model**. This makes Windows 10 Enterprise E3 affordable for any organization.
+
+-   **Move licenses between users**. Licenses can be quickly and easily reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
+
+How does the Windows 10 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
+
+-   [Microsoft Volume Licensing](http://www.microsoft.com/en-us/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products.
+
+-   [Software Assurance](http://www.microsoft.com/en-us/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits:
+
+    -   **Deployment and management**. These benefits include planning services, Microsoft Desktop Optimization (MDOP), Windows Virtual Desktop Access Rights, Windows-To-Go Rights, Windows Roaming Use Rights, Windows Thin PC, Windows RT Companion VDA Rights, and other benefits.
+
+    -   **Training**. These benefits include training vouchers, online e-learning, and a home use program.
+
+    -   **Support**. These benefits include 24x7 problem resolution support, backup capabilities for disaster recovery, System Center Global Service Monitor, and a passive secondary instance of SQL Server.
+
+    -   **Specialized**. These benefits include step-up licensing availability (which enables you to migrate software from an earlier edition to a higher-level edition) and to spread license and Software Assurance payments across three equal, annual sums.
+
+    In addition, in Windows 10 Enterprise E3 in CSP, a partner can manage your licenses for you. With Software Assurance, you, the customer, manage your own licenses.
+
+In summary, the Windows 10 Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows 10 Enterprise edition, whereas Microsoft Volume Licensing programs and Software Assurance are broader in scope and provide benefits beyond access to Windows 10 Enterprise edition.
+
+## Compare Windows 10 Pro and Enterprise editions
+
+Windows 10 Enterprise edition has a number of features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
+
+*Table 1. Windows 10 Enterprise features not found in Windows 10 Pro*
+
+<table>
+<colgroup>
+<col width="20%" />
+<col width="80%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Feature</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Credential Guard<strong>\*</strong></p></td>
+<td align="left"><p>This feature uses virtualization-based security to help protect security secrets (for example, NTLM password hashes, Kerberos Ticket Granting Tickets) so that only privileged system software can access them. This helps prevent Pass-the-Hash or Pass-the-Ticket attacks.</p>
+<p>Credential Guard has the following features:</p>
+<ul>
+<li><p>**Hardware-level security**.&nbsp;&nbsp;Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets.</p></li>
+<li><p>**Virtualization-based security**.&nbsp;&nbsp;Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated.</p></li>
+<li><p>**Improved protection against persistent threats**.&nbsp;&nbsp;Credential Guard works with other technologies (e.g., Device Guard) to help provide further protection against attacks, no matter how persistent.</p></li>
+<li><p>**Improved manageability**.&nbsp;&nbsp;Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.</p></li>
+</ul>
+<p>For more information, see [Protect derived domain credentials with Credential Guard](http://technet.microsoft.com/itpro/windows/keep-secure/credential-guard).</p>
+<p>\* <i>Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)</i></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Device Guard</p></td>
+<td align="left"><p>This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.</p>
+<p>Device Guard does the following:</p>
+<ul>
+<li><p>Helps protect against malware</p></li>
+<li><p>Helps protect the Windows system core from vulnerability and zero-day exploits</p></li>
+<li><p>Allows only trusted apps to run</p></li>
+</ul>
+<p>For more information, see [Introduction to Device Guard](https://technet.microsoft.com/itpro/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies).</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>AppLocker management</p></td>
+<td align="left"><p>This feature helps IT pros determine which applications and files users can run on a device (also known as “whitelisting”). The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.</p>
+<p>For more information, see [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Application Virtualization (App-V)</p></td>
+<td align="left"><p>This feature makes applications available to end users without installing the applications directly on users’ devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.</p>
+<p>For more information, see [Getting Started with App-V for Windows 10](https://technet.microsoft.com/itpro/windows/manage/appv-getting-started).</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>User Experience Virtualization (UE-V)</p></td>
+<td align="left"><p>With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.</p>
+<p>UE-V provides the ability to do the following:</p>
+<ul>
+<li><p>Specify which application and Windows settings synchronize across user devices</p></li>
+<li><p>Deliver the settings anytime and anywhere users work throughout the enterprise</p></li>
+<li><p>Create custom templates for your third-party or line-of-business applications</p></li>
+<li><p>Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state</p></li>
+</ul>
+<p>For more information, see [User Experience Virtualization (UE-V) for Windows 10 overview](https://technet.microsoft.com/itpro/windows/manage/uev-for-windows).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Managed User Experience</p></td>
+<td align="left"><p>This feature helps customize and lock down a Windows device’s user interface to restrict it to a specific task. For example, you can configure a device for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. You can also restrict access to services including Cortana or the Windows Store, and manage Start layout options, such as:</p>
+<ul>
+<li><p>Removing and preventing access to the Shut Down, Restart, Sleep, and Hibernate commands</p></li>
+<li><p>Removing Log Off (the User tile) from the Start menu</p></li>
+<li><p>Removing frequent programs from the Start menu</p></li>
+<li><p>Removing the All Programs list from the Start menu</p></li>
+<li><p>Preventing users from customizing their Start screen</p></li>
+<li><p>Forcing Start menu to be either full-screen size or menu size</p></li>
+<li><p>Preventing changes to Taskbar and Start menu settings</p></li>
+</ul>
+</tr>
+</tbody>
+</table>
+
+## Preparing for deployment of Windows 10 Enterprise E3 licenses
+
+You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10 Enterprise E3 licenses to users, you need to synchronize the identities in the on-premises AD DS domain with Azure AD.
+
+You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10 Enterprise E3). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
+
+**Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](http://www.microsoft.com/en-us/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure.
+
+![Illustration of Azure Active Directory Connect](images/enterprise-e3-ad-connect.png)
+
+**Figure 1. On-premises AD DS integrated with Azure AD**
+
+For more information about integrating on-premises AD DS domains with Azure AD, see the following resources:
+
+-   [Integrating your on-premises identities with Azure Active Directory](http://azure.microsoft.com/en-us/documentation/articles/active-directory-aadconnect/)
+-   [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/)
+
+### Preparing for deployment: reviewing requirements
+
+Devices must be running Windows 10 Pro, version 1607, and be Azure Active Directory joined, or domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. For more information, see [Review requirements on devices](#review-requirements-on-devices), later in this topic.
+
+<!-- Watch the preceding link if you divide this into multiple topics. -->
+
+## Explore the upgrade experience
+
+Now that your subscription has been established (by the partner who you work with) and Windows 10 Enterprise E3 licenses have been assigned to users, the users are ready to upgrade their devices running Windows 10 Pro, version 1607 edition to Windows 10 Enterprise edition. So what will the users experience? How will they upgrade their devices?
+
+### Step 1: Join users’ devices to Azure AD
+
+Users can join a device to Azure AD the first time they start the device (during setup), or they can join a device that they already use running Windows 10 Pro, version 1607.
+
+**To join a device to Azure AD the first time the device is started**
+
+1.  During the initial setup, on the **Who owns this PC?** page, select **My organization**, and then click **Next**, as illustrated in **Figure 2**.
+
+    <img src="images/enterprise-e3-who-owns.png" alt="Who owns this PC? page in Windows 10 setup" width="624" height="351" />
+    
+    **Figure 2. The “Who owns this PC?” page in initial Windows 10 setup**
+
+2.  On the **Choose how you’ll connect** page, select **Join Azure AD**, and then click **Next**, as illustrated in **Figure 3**.
+
+    <img src="images/enterprise-e3-choose-how.png" alt="Choose how you'll connect - page in Windows 10 setup" width="624" height="351" />
+    
+    **Figure 3. The “Choose how you’ll connect” page in initial Windows 10 setup**
+
+3.  On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 4**.
+
+    <img src="images/enterprise-e3-lets-get.png" alt="Let's get you signed in - page in Windows 10 setup" width="624" height="351" />
+    
+    **Figure 4. The “Let’s get you signed in” page in initial Windows 10 setup**
+
+Now the device is Azure AD joined to the company’s subscription.
+
+**To join a device to Azure AD when the device already has Windows 10 Pro, version 1607 installed and set up**
+
+1.  Go to **Settings &gt; Accounts &gt; Access work or school**, as illustrated in **Figure 5**.
+
+    <img src="images/enterprise-e3-connect-to-work-or-school.png" alt="Connect to work or school configuration" width="624" height="482" />
+    
+    **Figure 5. Connect to work or school configuration in Settings**
+
+2.  In **Set up a work or school account**, click **Join this device to Azure Active Directory**, as illustrated in **Figure 6**.
+
+    <img src="images/enterprise-e3-set-up-work-or-school.png" alt="Set up a work or school account" width="624" height="603" />
+    
+    **Figure 6. Set up a work or school account**
+
+3.  On the **Let’s get you signed in** page, enter the Azure AD credentials, and then click **Sign in**, as illustrated in **Figure 7**.
+
+    <img src="images/enterprise-e3-lets-get-2.png" alt="Let's get you signed in - dialog box" width="624" height="603" />
+    
+    **Figure 7. The “Let’s get you signed in” dialog box**
+
+Now the device is Azure AD joined to the company’s subscription.
+
+### Step 2: Sign in using Azure AD account
+
+Once the device is joined to your Azure AD subscription, the user will sign in by using his or her Azure AD account, as illustrated in **Figure 8**. The Windows 10 Enterprise E3 license associated with the user will enable Windows 10 Enterprise edition capabilities on the device.
+
+<img src="images/enterprise-e3-sign-in.png" alt="Sign in, Windows 10" width="624" height="351" />
+
+**Figure 8. Sign in by using Azure AD account**
+
+### Step 3: Verify that Enterprise edition is enabled
+
+You can verify the Windows 10 Enterprise E3 subscription in **Settings &gt; Update & Security &gt; Activation**, as illustrated in **Figure 9**.
+
+<span id="win-10-activated-subscription-active"/>
+#### Figure 9 - Windows 10 Enterprise E3 subscription in Settings 
+
+<img src="images/enterprise-e3-win-10-activated-enterprise-subscription-active.png" alt="Windows 10 activated and subscription active" width="624" height="407" />
+
+If there are any problems with the Windows 10 Enterprise E3 license or the activation of the license, the **Activation** panel will display the appropriate error message or status. You can use this information to help you diagnose the licensing and activation process.
+
+## Troubleshoot the user experience
+
+In some instances, users may experience problems with the Windows 10 Enterprise E3 subscription. The most common problems that users may experience are as follows:
+
+-   The existing Windows 10 Pro, version 1607 operating system is not activated.
+
+-   The Windows 10 Enterprise E3 subscription has lapsed or has been removed.
+
+Use the following figures to help you troubleshoot when users experience these common problems:
+
+- [Figure 9](#win-10-activated-subscription-active) illustrates a device in a healthy state, where Windows 10 Pro, version 1607 is activated and the Windows 10 Enterprise E3 subscription is active.
+
+- [Figure 10](#win-10-not-activated) illustrates a device on which Windows 10 Pro, version 1607 is not activated, but the Windows 10 Enterprise E3 subscription is active.
+
+- [Figure 11](#subscription-not-active) illustrates a device on which Windows 10 Pro, version 1607 is activated, but the Windows 10 Enterprise E3 subscription is lapsed or removed.
+
+- [Figure 12](#win-10-not-activated-subscription-not-active) illustrates a device on which Windows 10 Pro, version 1607 license is not activated and the Windows 10 Enterprise E3 subscription is lapsed or removed.
+
+<span id="win-10-not-activated"/>
+### Figure 10 - Windows 10 Pro, version 1607 edition not activated in Settings
+
+<img src="images/enterprise-e3-win-10-not-activated-enterprise-subscription-active.png" alt="Windows 10 not activated and subscription active" width="624" height="407" /><br><br>
+
+<span id="subscription-not-active"/>
+### Figure 11 - Windows 10 Enterprise E3 subscription lapsed or removed in Settings
+
+<img src="images/enterprise-e3-win-10-activated-enterprise-subscription-not-active.png" alt="Windows 10 activated and subscription not active" width="624" height="407" /><br><br>
+
+<span id="win-10-not-activated-subscription-not-active"/>
+### Figure 12 - Windows 10 Pro, version 1607 edition not activated and Windows 10 Enterprise E3 subscription lapsed or removed in Settings
+
+<img src="images/enterprise-e3-win-10-not-activated-enterprise-subscription-not-active.png" alt="Windows 10 not activated and subscription not active" width="624" height="407" /><br><br>
+
+### Review requirements on devices
+
+Devices must be running Windows 10 Pro, version 1607, and be Azure Active Directory joined, or domain joined with Azure AD Connect. Customers who are federated with Azure Active Directory are also eligible. You can use the following procedures to review whether a particular device meets requirements.
+
+**To determine if a device is Azure Active Directory joined:**
+
+1.  Open a command prompt and type **dsregcmd /status**.
+
+2.  Review the output under Device State. If the **AzureAdJoined** status is YES, the device is Azure Active Directory joined.
+
+**To determine the version of Windows 10:**
+
+-   At a command prompt, type:
+    **winver**
+
+    A popup window will display the Windows 10 version number and detailed OS build information.
+
+    If a device is running a previous version of Windows 10 Pro (for example, version 1511), it will not be upgraded to Windows 10 Enterprise when a user signs in, even if the user has been assigned a subscription in the CSP portal.
+
+## Deploy Windows 10 Enterprise features
+
+Now that you have Windows 10 Enterprise edition running on devices, how do you take advantage of the Enterprise edition features and capabilities? What are the next steps that need to be taken for each of the features discussed in [Table 1](#compare-windows-10-pro-and-enterprise-editions)?
+
+The following sections provide you with the high-level tasks that need to be performed in your environment to help users take advantage of the Windows 10 Enterprise edition features.
+
+### Credential Guard\*
+
+You can implement Credential Guard on Windows 10 Enterprise devices by turning on Credential Guard on these devices. Credential Guard uses Windows 10 virtualization-based security features (Hyper-V features) that must be enabled on each device before you can turn on Credential Guard. You can turn on Credential Guard by using one of the following methods:
+
+-   **Automated**. You can automatically turn on Credential Guard for one or more devices by using Group Policy. The Group Policy settings automatically add the virtualization-based security features and configure the Credential Guard registry settings on managed devices.
+
+-   **Manual**. You can manually turn on Credential Guard by doing the following:
+
+    -   Add the virtualization-based security features by using Programs and Features or Deployment Image Servicing and Management (DISM).
+
+    -   Configure Credential Guard registry settings by using the Registry Editor or the [Device Guard and Credential Guard hardware readiness tool](http://www.microsoft.com/download/details.aspx?id=53337).
+
+    You can automate these manual steps by using a management tool such as System Center Configuration Manager.
+
+For more information about implementing Credential Guard, see the following resources:
+
+-   [Protect derived domain credentials with Credential Guard](http://technet.microsoft.com/itpro/windows/keep-secure/credential-guard)
+-   [PC OEM requirements for Device Guard and Credential Guard](http://msdn.microsoft.com/library/windows/hardware/mt767514(v=vs.85).aspx)
+-   [Device Guard and Credential Guard hardware readiness tool](http://www.microsoft.com/download/details.aspx?id=53337)
+
+\* *Requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)*
+
+### Device Guard
+
+Now that the devices have Windows 10 Enterprise, you can implement Device Guard on the Windows 10 Enterprise devices by performing the following steps:
+
+1.  **Optionally, create a signing certificate for code integrity policies**. As you deploy code integrity policies, you might need to sign catalog files or code integrity policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal certificate authority (CA). If you choose to use an internal CA, you will need to create a code signing certificate.
+
+2.  **Create code integrity policies from “golden” computers**. When you have identified departments or roles that use distinctive or partly distinctive sets of hardware and software, you can set up “golden” computers containing that software and hardware. In this respect, creating and managing code integrity policies to align with the needs of roles or departments can be similar to managing corporate images. From each “golden” computer, you can create a code integrity policy and decide how to manage that policy. You can merge code integrity policies to create a broader policy or a master policy, or you can manage and deploy each policy individually.
+
+3.  **Audit the code integrity policy and capture information about applications that are outside the policy**. We recommend that you use “audit mode” to carefully test each code integrity policy before you enforce it. With audit mode, no application is blocked—the policy just logs an event whenever an application outside the policy is started. Later, you can expand the policy to allow these applications, as needed.
+
+4.  **Create a “catalog file” for unsigned line-of-business (LOB) applications**. Use the Package Inspector tool to create and sign a catalog file for your unsigned LOB applications. In later steps, you can merge the catalog file's signature into your code integrity policy so that applications in the catalog will be allowed by the policy.
+
+5.  **Capture needed policy information from the event log, and merge information into the existing policy as needed**. After a code integrity policy has been running for a time in audit mode, the event log will contain information about applications that are outside the policy. To expand the policy so that it allows for these applications, use Windows PowerShell commands to capture the needed policy information from the event log, and then merge that information into the existing policy. You can merge code integrity policies from other sources also, for flexibility in how you create your final code integrity policies.
+
+6.  **Deploy code integrity policies and catalog files**. After you confirm that you have completed all the preceding steps, you can begin deploying catalog files and taking code integrity policies out of audit mode. We strongly recommend that you begin this process with a test group of users. This provides a final quality-control validation before you deploy the catalog files and code integrity policies more broadly.
+
+7.  **Enable desired hardware security features**. Hardware-based security features—also called virtualization-based security (VBS) features—strengthen the protections offered by code integrity policies.
+
+For more information about implementing Device Guard, see:
+
+- [Planning and getting started on the Device Guard deployment process](https://technet.microsoft.com/itpro/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process)
+- [Device Guard deployment guide](http://technet.microsoft.com/itpro/windows/keep-secure/device-guard-deployment-guide)
+
+### AppLocker management
+
+You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that the you have AD DS and that the Windows 10 Enterprise devices are joined to the your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
+
+For more information about AppLocker management by using Group Policy, see [AppLocker deployment guide](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-policies-deployment-guide).
+
+### App-V
+
+App-V requires an App-V server infrastructure to support App-V clients. The primary App-V components that the you must have are as follows:
+
+-   **App-V server**. The App-V server provides App-V management, virtualized app publishing, app streaming, and reporting services. Each of these services can be run on one server or can be run individually on multiple servers. For example, you could have multiple streaming servers. App-V clients contact App-V servers to determine which apps are published to the user or device, and then run the virtualized app from the server.
+
+-   **App-V sequencer**. The App-V sequencer is a typical client device that is used to sequence (capture) apps and prepare them for hosting from the App-V server. You install apps on the App-V sequencer, and the App-V sequencer software determines the files and registry settings that are changed during app installation. Then the sequencer captures these settings to create a virtualized app.
+
+-   **App-V client**. The App-V client must be enabled on any client device on which apps will be run from the App-V server. These will be the Windows 10 Enterprise E3 devices.
+
+For more information about implementing the App-V server, App-V sequencer, and App-V client, see the following resources:
+
+-   [Getting Started with App-V for Windows 10](https://technet.microsoft.com/itpro/windows/manage/appv-getting-started)
+-   [Deploying the App-V server](https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-server)
+-   [Deploying the App-V Sequencer and Configuring the Client](https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-sequencer-and-client)
+
+### UE-V
+UE-V requires server- and client-side components that you you’ll need to download, activate, and install. These components include:
+
+- **UE-V service**. The UE-V service (when enabled on devices) monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices.
+
+- **Settings packages**. Settings packages created by the UE-V service store application settings and Windows settings. Settings packages are built, locally stored, and copied to the settings storage location.
+
+- **Settings storage location**. This location is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings.
+
+- **Settings location templates**. Settings location templates are XML files that UE-V uses to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by using the UE-V template generator. Settings location templates are not required for Windows applications.
+
+- **Universal Windows applications list**. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications.
+
+For more information about deploying UE-V, see the following resources:
+
+- [User Experience Virtualization (UE-V) for Windows 10 overview](https://technet.microsoft.com/itpro/windows/manage/uev-for-windows)
+- [Get Started with UE-V](https://technet.microsoft.com/itpro/windows/manage/uev-getting-started)
+- [Prepare a UE-V Deployment](https://technet.microsoft.com/itpro/windows/manage/uev-prepare-for-deployment) 
+
+### Managed User Experience
+
+The Managed User Experience feature is a set of Windows 10 Enterprise edition features and corresponding settings that you can use to manage user experience. Table 2 describes the Managed User Experience settings (by category), which are only available in Windows 10 Enterprise edition. The management methods used to configure each feature depend on the feature. Some features are configured by using Group Policy, while others are configured by using Windows PowerShell, Deployment Image Servicing and Management (DISM), or other command-line tools. For the Group Policy settings, you must have AD DS with the Windows 10 Enterprise devices joined to your AD DS domain.
+
+*Table 2. Managed User Experience features*
+
+| Feature          | Description     |
+|------------------|-----------------|
+| Start layout customization | You can deploy a customized Start layout to users in a domain. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.<br>For more information on these settings, see [Customize Windows 10 Start and taskbar with Group Policy](http://technet.microsoft.com/itpro/windows/manage/customize-windows-10-start-screens-by-using-group-policy). |
+| Unbranded boot             | You can suppress Windows elements that appear when Windows starts or resumes and can suppress the crash screen when Windows encounters an error from which it cannot recover.<br>For more information on these settings, see [Unbranded Boot](http://msdn.microsoft.com/library/windows/hardware/mt571997(v=vs.85).aspx).       |
+| Custom logon               | You can use the Custom Logon feature to suppress Windows 10 UI elements that relate to the Welcome screen and shutdown screen. For example, you can suppress all elements of the Welcome screen UI and provide a custom logon UI. You can also suppress the Blocked Shutdown Resolver (BSDR) screen and automatically end applications while the OS waits for applications to close before a shutdown.<br>For more information on these settings, see [Custom Logon](http://msdn.microsoft.com/library/windows/hardware/mt571990(v=vs.85).aspx).                        |
+| Shell launcher             | Enables Assigned Access to run only a classic Windows app via Shell Launcher to replace the shell.<br>For more information on these settings, see [Shell Launcher](http://msdn.microsoft.com/library/windows/hardware/mt571994(v=vs.85).aspx).     |
+| Keyboard filter            | You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, users can use certain Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to control a device by locking the screen or using Task Manager to close a running application. This is not desirable on devices intended for a dedicated purpose.<br>For more information on these settings, see [Keyboard Filter](http://msdn.microsoft.com/library/windows/hardware/mt587088(v=vs.85).aspx).    |
+| Unified write filter       | You can use Unified Write Filter (UWF) on your device to help protect your physical storage media, including most standard writable storage types that are supported by Windows, such as physical hard disks, solid-state drives, internal USB devices, external SATA devices, and so on. You can also use UWF to make read-only media appear to the OS as a writable volume.<br>For more information on these settings, see [Unified Write Filter](http://msdn.microsoft.com/library/windows/hardware/mt572001(v=vs.85).aspx).    |
+
+## Related topics
+
+[Connect domain-joined devices to Azure AD for Windows 10 experiences](https://azure.microsoft.com/en-us/documentation/articles/active-directory-azureadjoin-devices-group-policy/)
+
+[Compare Windows 10 editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare)
+
+[Windows for business](https://www.microsoft.com/en-us/windowsforbusiness/default.aspx)
diff --git a/windows/deploy/windows-10-poc-mdt.md b/windows/deploy/windows-10-poc-mdt.md
deleted file mode 100644
index 04cb2496e2..0000000000
--- a/windows/deploy/windows-10-poc-mdt.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: Placeholder (Windows 10)
-description: Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit 
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-author: greg-lindsay
----
-
-# Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit
-
-**Applies to**
-
--   Windows 10
-
-## In this guide
-
-## Related Topics
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/deploy/windows-10-poc-sccm.md b/windows/deploy/windows-10-poc-sccm.md
deleted file mode 100644
index 3e43d7c402..0000000000
--- a/windows/deploy/windows-10-poc-sccm.md
+++ /dev/null
@@ -1,28 +0,0 @@
----
-title: Placeholder (Windows 10)
-description: Deploy Windows 10 in a test lab using System Center Configuration Manager 
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: deploy
-author: greg-lindsay
----
-
-# Deploy Windows 10 in a test lab using System Center Configuration Manager
-
-**Applies to**
-
--   Windows 10
-
-## In this guide
-
-## Related Topics
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/deploy/windows-10-upgrade-paths.md b/windows/deploy/windows-10-upgrade-paths.md
index 2503ea6a25..b6c196f4d1 100644
--- a/windows/deploy/windows-10-upgrade-paths.md
+++ b/windows/deploy/windows-10-upgrade-paths.md
@@ -4,6 +4,7 @@ description: You can upgrade to Windows 10 from a previous version of Windows if
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
+localizationpriority: high
 ms.pagetype: mobile
 author: greg-lindsay
 ---
@@ -31,6 +32,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td>Windows 10 Home</td>
         <td>Windows 10 Pro</td>
+        <td>Windows 10 Pro for Education</td>
         <td>Windows 10 Education</td>
         <td>Windows 10 Enterprise</td>
         <td>Windows 10 Mobile</td>
@@ -44,6 +46,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
         <td></td>
@@ -53,6 +56,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
         <td></td>
@@ -62,6 +66,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
         <td></td>
@@ -72,6 +77,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
     </tr>
@@ -81,6 +87,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
     </tr>
@@ -88,6 +95,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>Enterprise</td>
         <td></td>
         <td></td>
+        <td></td>
         <td>✔</td>
         <td>✔</td>
         <td></td>
@@ -101,6 +109,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
         <td></td>
@@ -111,6 +120,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
     </tr>
@@ -120,6 +130,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
     </tr>
@@ -127,6 +138,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>Enterprise</td>
         <td></td>
         <td></td>
+        <td></td>
         <td>✔</td>
         <td>✔</td>
         <td></td>
@@ -137,6 +149,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
+        <td></td>
         <td>✔</td>
         <td></td>
         <td></td>
@@ -149,6 +162,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
+        <td></td>
     </tr>
     <tr>
         <td>Windows Phone 8</td>
@@ -158,6 +172,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
+        <td></td>
     </tr>
     <tr>
         <td rowspan="10" nowrap="nowrap">Windows 8.1</td>
@@ -167,6 +182,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
         <td></td>
@@ -176,6 +192,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
         <td></td>
@@ -186,6 +203,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
     </tr>
@@ -195,6 +213,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
     </tr>
@@ -204,6 +223,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
     </tr>
@@ -211,6 +231,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>Enterprise</td>
         <td></td>
         <td></td>
+        <td></td>
         <td>✔</td>
         <td>✔</td>
         <td></td>
@@ -221,6 +242,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
+        <td></td>
         <td>✔</td>
         <td></td>
         <td></td>
@@ -233,6 +255,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
+        <td></td>
     </tr>
     <tr>
         <td>Windows Phone 8.1</td>
@@ -240,6 +263,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
+        <td></td>
         <td>✔</td>
         <td></td>
     </tr>
@@ -251,6 +275,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
         <td></td>
@@ -261,6 +286,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>✔</td>
         <td>✔</td>
         <td>✔</td>
+        <td>✔</td>
         <td></td>
         <td></td>
     </tr>
@@ -268,6 +294,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>Education</td>
         <td></td>
         <td></td>
+        <td></td>
         <td>✔</td>
         <td>D</td>
         <td></td>
@@ -277,6 +304,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td>Enterprise</td>
         <td></td>
         <td></td>
+        <td></td>
         <td>✔</td>
         <td>✔</td>
         <td></td>
@@ -288,6 +316,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
+        <td></td>
         <td>✔</td>
         <td>✔</td>
     </tr>
@@ -297,6 +326,7 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
         <td></td>
         <td></td>
         <td></td>
+        <td></td>
         <td>D</td>
         <td>✔</td>
     </tr>
diff --git a/windows/deploy/windows-adk-scenarios-for-it-pros.md b/windows/deploy/windows-adk-scenarios-for-it-pros.md
index 456d2786a0..89c15460f6 100644
--- a/windows/deploy/windows-adk-scenarios-for-it-pros.md
+++ b/windows/deploy/windows-adk-scenarios-for-it-pros.md
@@ -4,6 +4,7 @@ description: The Windows Assessment and Deployment Kit (Windows ADK) contains to
 ms.assetid: FC4EB39B-29BA-4920-87C2-A00D711AE48B
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 ms.sitesec: library
 author: greg-lindsay
 ---
@@ -11,7 +12,7 @@ author: greg-lindsay
 # Windows ADK for Windows 10 scenarios for IT Pros
 
 
-The [Windows Assessment and Deployment Kit](http://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. For an overview of what's new in the Windows ADK for Windows 10, see [What's new in kits and tools](http://msdn.microsoft.com/library/windows/hardware/dn927348.aspx).
+The [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. For an overview of what's new in the Windows ADK for Windows 10, see [What's new in kits and tools](http://msdn.microsoft.com/library/windows/hardware/dn927348.aspx).
 
 In previous releases of Windows, the Windows ADK docs were published on both TechNet and the MSDN Hardware Dev Center. Starting with the Windows 10 release, Windows ADK documentation is available on the MSDN Hardware Dev Center. For the Windows 10 ADK reference content, see [Desktop manufacturing](http://msdn.microsoft.com/library/windows/hardware/dn938361.aspx).
 
diff --git a/windows/deploy/windows-deployment-scenarios-and-tools.md b/windows/deploy/windows-deployment-scenarios-and-tools.md
index a970f1b56f..1a431a3040 100644
--- a/windows/deploy/windows-deployment-scenarios-and-tools.md
+++ b/windows/deploy/windows-deployment-scenarios-and-tools.md
@@ -21,7 +21,7 @@ In this topic, you also learn about different types of reference images that you
 ## <a href="" id="sec06"></a>Windows Assessment and Deployment Kit
 
 
-Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more details, see [Windows ADK for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526803  ) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
+Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more details, see [Windows ADK for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526803  ) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
 
 ![figure 1](images/win-10-adk-select.png)
 
@@ -48,7 +48,7 @@ Enable-WindowsOptionalFeature -Online -FeatureName NetFx3 -All
 
 Figure 2. Using DISM functions in PowerShell.
 
-For more information on DISM, see [DISM technical reference](http://go.microsoft.com/fwlink/p/?LinkId=619161).
+For more information on DISM, see [DISM technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619161).
 
 ### User State Migration Tool (USMT)
 
@@ -96,7 +96,7 @@ By default USMT migrates many settings, most of which are related to the user pr
 
 -   Application settings
 
-These are the settings migrated by the default MigUser.xml and MigApp.xml templates. For more details on what USMT migrates, see [What does USMT migrate?](http://go.microsoft.com/fwlink/p/?LinkId=619227) For more information on the USMT overall, see the [USMT technical reference](http://go.microsoft.com/fwlink/p/?LinkId=619228).
+These are the settings migrated by the default MigUser.xml and MigApp.xml templates. For more details on what USMT migrates, see [What does USMT migrate?](https://go.microsoft.com/fwlink/p/?LinkId=619227) For more information on the USMT overall, see the [USMT technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619228).
 
 ### Windows Imaging and Configuration Designer
 
@@ -106,7 +106,7 @@ Windows Imaging and Configuration Designer (Windows ICD) is a tool designed to a
 
 Figure 4. Windows Imaging and Configuration Designer.
 
-For more information, see [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkID=525483).
+For more information, see [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkID=525483).
 
 ### Windows System Image Manager (Windows SIM)
 
@@ -116,7 +116,7 @@ Windows SIM is an authoring tool for Unattend.xml files. When using MDT and/or C
 
 Figure 5. Windows answer file opened in Windows SIM.
 
-For more information, see [Windows System Image Manager Technical Reference]( http://go.microsoft.com/fwlink/p/?LinkId=619906).
+For more information, see [Windows System Image Manager Technical Reference]( https://go.microsoft.com/fwlink/p/?LinkId=619906).
 
 ### Volume Activation Management Tool (VAMT)
 
@@ -132,7 +132,7 @@ VAMT also can be used to create reports, switch from MAK to KMS, manage Active D
 Get-VamtProduct
 ```
 
-For more information on the VAMT, see [VAMT technical reference](http://go.microsoft.com/fwlink/p/?LinkId=619230).
+For more information on the VAMT, see [VAMT technical reference](https://go.microsoft.com/fwlink/p/?LinkId=619230).
 
 ### Windows Preinstallation Environment (Windows PE)
 
@@ -144,7 +144,7 @@ The key thing to know about Windows PE is that, like the operating system, it ne
 
 Figure 7. A machine booted with the Windows ADK default Windows PE boot image.
 
-For more details on Windows PE, see [Windows PE (WinPE)](http://go.microsoft.com/fwlink/p/?LinkId=619233).
+For more details on Windows PE, see [Windows PE (WinPE)](https://go.microsoft.com/fwlink/p/?LinkId=619233).
 
 ## <a href="" id="sec07"></a>Windows Recovery Environment
 
@@ -155,7 +155,7 @@ Windows Recovery Environment (Windows RE) is a diagnostics and recovery toolset
 
 Figure 8. A Windows 10 client booted into Windows RE, showing Advanced options.
 
-For more information on Windows RE, see [Windows Recovery Environment](http://go.microsoft.com/fwlink/p/?LinkId=619236).
+For more information on Windows RE, see [Windows Recovery Environment](https://go.microsoft.com/fwlink/p/?LinkId=619236).
 
 ## <a href="" id="sec08"></a>Windows Deployment Services
 
@@ -166,7 +166,7 @@ Windows Deployment Services (WDS) has been updated and improved in several ways
 
 Figure 9. Windows Deployment Services using multicast to deploy three machines.
 
-In Windows Server 2012 R2, [Windows Deployment Services](http://go.microsoft.com/fwlink/p/?LinkId=619245) can be configured for stand-alone mode or for Active Directory integration. In most scenarios, the Active Directory integration mode is the best option. WDS also has the capability to manage drivers; however, driver management through MDT and Configuration Manager is more suitable for deployment due to the flexibility offered by both solutions, so you will use them instead. In WDS, it is possible to pre-stage devices in Active Directory, but here, too, Configuration Manager has that capability built in, and MDT has the ability to use a SQL Server database for pre-staging. In most scenarios, those solutions are better than the built-in pre-staging function as they allow greater control and management.
+In Windows Server 2012 R2, [Windows Deployment Services](https://go.microsoft.com/fwlink/p/?LinkId=619245) can be configured for stand-alone mode or for Active Directory integration. In most scenarios, the Active Directory integration mode is the best option. WDS also has the capability to manage drivers; however, driver management through MDT and Configuration Manager is more suitable for deployment due to the flexibility offered by both solutions, so you will use them instead. In WDS, it is possible to pre-stage devices in Active Directory, but here, too, Configuration Manager has that capability built in, and MDT has the ability to use a SQL Server database for pre-staging. In most scenarios, those solutions are better than the built-in pre-staging function as they allow greater control and management.
 
 ### Trivial File Transfer Protocol (TFTP) configuration
 
@@ -200,12 +200,12 @@ Lite Touch and Zero Touch are marketing names for the two solutions that MDT 201
 
 Figure 11. The Deployment Workbench in MDT 2013, showing a task sequence.
 
-For more information on MDT 2013 Update 1, see the [Microsoft Deployment Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=618117) resource center.
+For more information on MDT 2013 Update 1, see the [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=618117) resource center.
 
 ## <a href="" id="sec10"></a>Microsoft Security Compliance Manager 2013
 
 
-[Microsoft SCM](http://go.microsoft.com/fwlink/p/?LinkId=619246) is a free utility used to create baseline security settings for the Windows client and server environment. The baselines can be exported and then deployed via Group Policy, local policies, MDT, or Configuration Manager. The current version of Security Compliance Manager includes baselines for Windows 8.1 and several earlier versions of Windows, Windows Server, and Internet Explorer.
+[Microsoft SCM](https://go.microsoft.com/fwlink/p/?LinkId=619246) is a free utility used to create baseline security settings for the Windows client and server environment. The baselines can be exported and then deployed via Group Policy, local policies, MDT, or Configuration Manager. The current version of Security Compliance Manager includes baselines for Windows 8.1 and several earlier versions of Windows, Windows Server, and Internet Explorer.
 
 ![figure 12](images/mdt-11-fig14.png)
 
@@ -228,7 +228,7 @@ The following components are included in the MDOP suite:
 
 -   **Microsoft BitLocker Administration and Monitoring (MBAM).** MBAM is an administrator interface used to manage BitLocker drive encryption. It allows you to configure your enterprise with the correct BitLocker encryption policy options, as well as monitor compliance with these policies.
 
-For more information on the benefits of an MDOP subscription, see [Microsoft Desktop Optimization Pack](http://go.microsoft.com/fwlink/p/?LinkId=619247).
+For more information on the benefits of an MDOP subscription, see [Microsoft Desktop Optimization Pack](https://go.microsoft.com/fwlink/p/?LinkId=619247).
 
 ## <a href="" id="sec12"></a>Internet Explorer Administration Kit 11
 
@@ -239,7 +239,7 @@ There has been a version of IEAK for every version of Internet Explorer since 3.
 
 Figure 13. The User Experience selection screen in IEAK 11.
 
-To download IEAK 11, see the [Internet Explorer Administration Kit (IEAK) Information and Downloads](http://go.microsoft.com/fwlink/p/?LinkId=619248) page.
+To download IEAK 11, see the [Internet Explorer Administration Kit (IEAK) Information and Downloads](https://go.microsoft.com/fwlink/p/?LinkId=619248) page.
 
 ## <a href="" id="sec13"></a>Windows Server Update Services
 
@@ -250,7 +250,7 @@ WSUS is a server role in Windows Server 2012 R2 that enables you to maintain a l
 
 Figure 14. The Windows Server Update Services console.
 
-For more information on WSUS, see the [Windows Server Update Services Overview](http://go.microsoft.com/fwlink/p/?LinkId=619249).
+For more information on WSUS, see the [Windows Server Update Services Overview](https://go.microsoft.com/fwlink/p/?LinkId=619249).
 
 ## <a href="" id="sec14"></a>Unified Extensible Firmware Interface
 
@@ -323,7 +323,7 @@ There are many things that affect operating system deployment as soon as you run
 
 -   UEFI does not support cross-platform booting; therefore, you need to have the correct boot media (32- or 64-bit).
 
-For more information on UEFI, see the [UEFI firmware](http://go.microsoft.com/fwlink/p/?LinkId=619251) overview and related resources.
+For more information on UEFI, see the [UEFI firmware](https://go.microsoft.com/fwlink/p/?LinkId=619251) overview and related resources.
 
 ## Related topics
 
diff --git a/windows/deploy/windows-upgrade-and-migration-considerations.md b/windows/deploy/windows-upgrade-and-migration-considerations.md
index fc4c69a980..910efb0f39 100644
--- a/windows/deploy/windows-upgrade-and-migration-considerations.md
+++ b/windows/deploy/windows-upgrade-and-migration-considerations.md
@@ -17,7 +17,7 @@ You can upgrade from an earlier version of Windows, which means you can install
 ## Migrate files and settings
 Migration tools are available to transfer settings from one computer that is running Windows to another. These tools transfer only the program settings, not the programs themselves.
 
-For more information about application compatibility, see the [Application Compatibility Toolkit (ACT)](http://go.microsoft.com/fwlink/p/?LinkId=131349).
+For more information about application compatibility, see the [Application Compatibility Toolkit (ACT)](https://go.microsoft.com/fwlink/p/?LinkId=131349).
 
 The User State Migration Tool (USMT) 10.0 is an application intended for administrators who are performing large-scale automated deployments. For deployment to a small number of computers or for individually customized deployments, you can use Windows Easy Transfer.
 
@@ -33,7 +33,7 @@ You can use USMT to automate migration during large deployments of the Windows o
 Whether you are upgrading or migrating to a new version of Windows, you must be aware of the following issues and considerations:
 
 ### Application compatibility
-For more information about application compatibility in Windows, see the [Application Compatibility Toolkit (ACT)](http://go.microsoft.com/fwlink/p/?LinkId=131349).
+For more information about application compatibility in Windows, see the [Application Compatibility Toolkit (ACT)](https://go.microsoft.com/fwlink/p/?LinkId=131349).
 
 ### Multilingual Windows image upgrades
 When performing multilingual Windows upgrades, cross-language upgrades are not supported by USMT. If you are upgrading or migrating an operating system with multiple language packs installed, you can upgrade or migrate only to the system default user interface (UI) language. For example, if English is the default but you have a Spanish language pack installed, you can upgrade or migrate only to English.
diff --git a/windows/docfx.json b/windows/docfx.json
index 4d4f037a4c..4b2035530d 100644
--- a/windows/docfx.json
+++ b/windows/docfx.json
@@ -3,7 +3,7 @@
     "content":
       [
         {
-          "files": ["**/**.md"],
+          "files": ["**/**.md", "**/**.yml"],
           "exclude": ["**/obj/**"]
         }
       ],
@@ -14,7 +14,8 @@
         }
     ],
     "globalMetadata": {
-        "ROBOTS": "INDEX, FOLLOW"
+        "ROBOTS": "INDEX, FOLLOW",
+        "breadcrumb_path": "/itpro/windows/breadcrumb/toc.json"
     },
     "externalReference": [
     ],
diff --git a/windows/index.md b/windows/index.md
index ec5ecb7a39..d5e7f92b8a 100644
--- a/windows/index.md
+++ b/windows/index.md
@@ -27,7 +27,7 @@ This library provides the core content that IT pros need to evaluate, plan, depl
 ## Related topics
 
 
-[Windows 10 TechCenter](http://go.microsoft.com/fwlink/?LinkId=620009)
+[Windows 10 TechCenter](https://go.microsoft.com/fwlink/?LinkId=620009)
 
  
 
diff --git a/windows/keep-secure/.vscode/settings.json b/windows/keep-secure/.vscode/settings.json
new file mode 100644
index 0000000000..96b19b0418
--- /dev/null
+++ b/windows/keep-secure/.vscode/settings.json
@@ -0,0 +1,4 @@
+// Place your settings in this file to overwrite default and user settings.
+{
+    "update.channel": "none",
+}
\ No newline at end of file
diff --git a/windows/keep-secure/TOC.md b/windows/keep-secure/TOC.md
index a0f4c9ecd3..57a7d44fcf 100644
--- a/windows/keep-secure/TOC.md
+++ b/windows/keep-secure/TOC.md
@@ -1,8 +1,5 @@
 # [Keep Windows 10 secure](index.md)
 ## [Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md)
-## [Device Guard certification and compliance](device-guard-certification-and-compliance.md)
-### [Get apps to run on Device Guard-protected devices](getting-apps-to-run-on-device-guard-protected-devices.md)
-### [Create a Device Guard code integrity policy based on a reference device](creating-a-device-guard-policy-for-signed-apps.md)
 ## [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
 ### [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)
 ### [Enable phone sign-in to PC or VPN](enable-phone-signin-to-pc-and-vpn.md)
@@ -25,18 +22,21 @@
 #### [Deploy catalog files to support code integrity policies](deploy-catalog-files-to-support-code-integrity-policies.md)
 ### [Deploy Device Guard: enable virtualization-based security](deploy-device-guard-enable-virtualization-based-security.md)
 ## [Protect derived domain credentials with Credential Guard](credential-guard.md)
-## [Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md)
-### [Create an enterprise data protection (EDP) policy](overview-create-edp-policy.md)
-#### [Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md)
-##### [Add multiple apps to your enterprise data protection (EDP) Protected Apps list](add-apps-to-protected-list-using-custom-uri.md)
-##### [Deploy your enterprise data protection (EDP) policy](deploy-edp-policy-using-intune.md)
-##### [Create and deploy a VPN policy for enterprise data protection (EDP) using Microsoft Intune](create-vpn-and-edp-policy-using-intune.md)
-#### [Create and deploy an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md)
-### [General guidance and best practices for enterprise data protection (EDP)](guidance-and-best-practices-edp.md)
+## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md)
+## [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md)
+### [Create a Windows Information Protection (WIP) policy](overview-create-wip-policy.md)
+#### [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md)
+##### [Add apps to your Windows Information Protection (WIP) policy by using the Microsoft Intune custom URI functionality](add-apps-to-protected-list-using-custom-uri.md)
+##### [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md)
+##### [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md)
+#### [Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md)
+#### [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md)
+### [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
 #### [Mandatory tasks and settings required to turn on Windows Information Protection (WIP)](mandatory-settings-for-wip.md)
-#### [Enlightened apps for use with enterprise data protection (EDP)](enlightened-microsoft-apps-and-edp.md)
-#### [Testing scenarios for enterprise data protection (EDP)](testing-scenarios-for-edp.md)
+#### [Enlightened apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md)
+#### [Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md)
 ## [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md)
+## [Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md)
 ## [VPN profile options](vpn-profile-options.md)
 ## [Windows security baselines](windows-security-baselines.md)
 ## [Security technologies](security-technologies.md)
@@ -711,12 +711,22 @@
 ##### [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md)
 ##### [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md)
 #### [Windows Defender ATP settings](settings-windows-defender-advanced-threat-protection.md)
+#### [Configure SIEM tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md)
+##### [Configure an Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md)
+##### [Configure Splunk to consume Windows Defender ATP alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
+##### [Configure HP ArcSight to consume Windows Defender ATP alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
 #### [Troubleshoot Windows Defender ATP](troubleshoot-windows-defender-advanced-threat-protection.md)
 #### [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)
+#### [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md)
 ### [Windows Defender in Windows 10](windows-defender-in-windows-10.md)
 #### [Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)
 #### [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md)
+#### [Windows Defender Offline in Windows 10](windows-defender-offline.md)
 #### [Use PowerShell cmdlets for Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md)
+#### [Enable the Block at First Sight feature in Windows 10](windows-defender-block-at-first-sight.md)
+#### [Configure enhanced notifications for Windows Defender in Windows 10](windows-defender-enhanced-notifications.md)
+#### [Run a Windows Defender scan from the command line](run-cmd-scan-windows-defender-for-windows-10.md)
+#### [Detect and block Potentially Unwanted Applications with Windows Defender](enable-pua-windows-defender-for-windows-10.md)
 #### [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)
 ### [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md)
 #### [Isolating Windows Store Apps on Your Network](isolating-apps-on-your-network.md)
diff --git a/windows/keep-secure/active-directory-security-groups.md b/windows/keep-secure/active-directory-security-groups.md
index 630308945a..552c86b75a 100644
--- a/windows/keep-secure/active-directory-security-groups.md
+++ b/windows/keep-secure/active-directory-security-groups.md
@@ -172,10 +172,10 @@ The following tables provide descriptions of the default groups that are located
 <thead>
 <tr class="header">
 <th>Default Security Group</th>
+<th>Windows Server 2016</th>
 <th>Windows Server 2012 R2</th>
 <th>Windows Server 2012</th>
 <th>Windows Server 2008 R2</th>
-<th>Windows Server 2008</th>
 </tr>
 </thead>
 <tbody>
@@ -183,7 +183,7 @@ The following tables provide descriptions of the default groups that are located
 <td><p>[Access Control Assistance Operators](#bkmk-acasstops)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
-<td><p></p></td>
+<td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
 <tr class="even">
@@ -232,7 +232,7 @@ The following tables provide descriptions of the default groups that are located
 <td><p>[Cloneable Domain Controllers](#bkmk-cloneabledomaincontrollers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
-<td><p></p></td>
+<td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
 <tr class="odd">
@@ -327,7 +327,7 @@ The following tables provide descriptions of the default groups that are located
 <td><p>Yes</p></td>
 </tr>
 <tr class="even">
-<td><p>[Group Policy Creators Owners](#bkmk-gpcreatorsowners)</p></td>
+<td><p>[Group Policy Creator Owners](#bkmk-gpcreatorsowners)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
@@ -344,7 +344,7 @@ The following tables provide descriptions of the default groups that are located
 <td><p>[Hyper-V Administrators](#bkmk-hypervadministrators)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
-<td><p></p></td>
+<td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
 <tr class="odd">
@@ -362,143 +362,164 @@ The following tables provide descriptions of the default groups that are located
 <td><p>Yes</p></td>
 </tr>
 <tr class="odd">
+<td><p>[Key Admins](#key-admins)</p></td>
+<td><p>Yes</p></td>
+<td><p></p></td>
+<td><p></p></td>
+<td><p></p></td>
+</tr>
+<tr class="even">
 <td><p>[Network Configuration Operators](#bkmk-networkcfgoperators)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Performance Log Users](#bkmk-perflogusers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Performance Monitor Users](#bkmk-perfmonitorusers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Pre–Windows 2000 Compatible Access](#bkmk-pre-ws2kcompataccess)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Print Operators](#bkmk-printoperators)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Protected Users](#bkmk-protectedusers)</p></td>
 <td><p>Yes</p></td>
+<td><p>Yes</p></td>
 <td><p></p></td>
 <td><p></p></td>
-<td><p></p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[RAS and IAS Servers](#bkmk-rasandias)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[RDS Endpoint Servers](#bkmk-rdsendpointservers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
-<td><p></p></td>
-<td><p></p></td>
-</tr>
-<tr class="odd">
-<td><p>[RDS Management Servers](#bkmk-rdsmanagementservers)</p></td>
 <td><p>Yes</p></td>
-<td><p>Yes</p></td>
-<td><p></p></td>
 <td><p></p></td>
 </tr>
 <tr class="even">
-<td><p>[RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)</p></td>
+<td><p>[RDS Management Servers](#bkmk-rdsmanagementservers)</p></td>
+<td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
-<td><p></p></td>
 <td><p></p></td>
 </tr>
 <tr class="odd">
+<td><p>[RDS Remote Access Servers](#bkmk-rdsremoteaccessservers)</p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
+<td><p></p></td>
+</tr>
+<tr class="even">
 <td><p>[Read-only Domain Controllers](#bkmk-rodc)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Remote Desktop Users](#bkmk-remotedesktopusers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Remote Management Users](#bkmk-remotemanagementusers)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
-<td><p></p></td>
+<td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Replicator](#bkmk-replicator)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Schema Admins](#bkmk-schemaadmins)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Server Operators](#bkmk-serveroperators)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
+<tr class="even">
+<td><p>[Storage Replica Administrators](#storage-replica-administrators)</p></td>
+<td><p>Yes</p></td>
+<td><p></p></td>
+<td><p></p></td>
+<td><p></p></td>
+</tr>
 <tr class="odd">
+<td><p>[System Managed Accounts Group](#system-managed-accounts-group)</p></td>
+<td><p>Yes</p></td>
+<td><p></p></td>
+<td><p></p></td>
+<td><p></p></td>
+</tr>
+<tr class="even">
 <td><p>[Terminal Server License Servers](#bkmk-terminalserverlic)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[Users](#bkmk-users)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td><p>[Windows Authorization Access Group](#bkmk-winauthaccess)</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 <td><p>Yes</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td><p>[WinRMRemoteWMIUsers_](#bkmk-winrmremotewmiusers-)</p></td>
-<td><p>Yes</p></td>
-<td><p>Yes</p></td>
 <td><p></p></td>
+<td><p>Yes</p></td>
+<td><p>Yes</p></td>
 <td><p></p></td>
 </tr>
 </tbody>
@@ -2196,7 +2217,25 @@ This security group has not changed since Windows Server 2008.
 </tbody>
 </table>
 
- 
+### Key Admins
+
+Members of this group can perform administrative actions on key objects within the domain.
+
+The Key Admins group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
+
+| Attribute | Value |
+|-----------|-------|
+| Well-Known SID/RID | S-1-5-21-4195037842-338827918-94892514-526 |
+| Type | Global |
+| Default container | CN=Users, DC=&lt;domain&gt;, DC= |
+| Default members | None |
+| Default member of | None |
+| Protected by ADMINSDHOLDER? | No |
+| Safe to move out of default container? | Yes |
+| Safe to delegate management of this group to non-Service admins? | No |
+| Default User Rights | None |
+
+<!-- WHEN MORE INFO IS AVAILABLE, ADD LINES to the above table -- a line under the ADMINSDHOLDER line, "Safe to move out of default container?" -->
 
 ### <a href="" id="bkmk-networkcfgoperators"></a>Network Configuration Operators
 
@@ -2588,11 +2627,11 @@ Members of the Protected Users group are afforded additional protection against
 
 This security group is designed as part of a strategy to effectively protect and manage credentials within the enterprise. Members of this group automatically have non-configurable protection applied to their accounts. Membership in the Protected Users group is meant to be restrictive and proactively secure by default. The only method to modify the protection for an account is to remove the account from the security group.
 
-This domain-related, global group triggers non-configurable protection on devices and host computers running Windows Server 2012 R2 and Windows 8.1, and on domain controllers in domains with a primary domain controller running Windows Server 2012 R2. This greatly reduces the memory footprint of credentials when users sign in to computers on the network from a non-compromised computer.
+This domain-related, global group triggers non-configurable protection on devices and host computers, starting with the Windows Server 2012 R2 and Windows 8.1 operating systems. It also triggers non-configurable protection on domain controllers in domains with a primary domain controller running Windows Server 2012 R2 or Windows Server 2016. This greatly reduces the memory footprint of credentials when users sign in to computers on the network from a non-compromised computer.
 
 Depending on the account’s domain functional level, members of the Protected Users group are further protected due to behavior changes in the authentication methods that are supported in Windows.
 
--   Members of the Protected Users group cannot authenticate by using the following Security Support Providers (SSPs): NTLM, Digest Authentication, or CredSSP. Passwords are not cached on a device running Windows 8.1, so the device fails to authenticate to a domain when the account is a member of the Protected User group.
+-   Members of the Protected Users group cannot authenticate by using the following Security Support Providers (SSPs): NTLM, Digest Authentication, or CredSSP. Passwords are not cached on a device running Windows 8.1 or Windows 10, so the device fails to authenticate to a domain when the account is a member of the Protected User group.
 
 -   The Kerberos protocol will not use the weaker DES or RC4 encryption types in the preauthentication process. This means that the domain must be configured to support at least the AES cipher suite.
 
@@ -3299,7 +3338,46 @@ This security group has not changed since Windows Server 2008.
 </tbody>
 </table>
 
- 
+### Storage Replica Administrators
+
+Members of this group have complete and unrestricted access to all features of Storage Replica.
+
+The Storage Replica Administrators group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
+
+| Attribute | Value |
+|-----------|-------|
+| Well-Known SID/RID | S-1-5-32-582 |
+| Type | BuiltIn Local |
+| Default container | CN=BuiltIn, DC=&lt;domain&gt;, DC= |
+| Default members | None |
+| Default member of | None |
+| Protected by ADMINSDHOLDER? | No |
+| Safe to move out of default container? | Yes |
+| Safe to delegate management of this group to non-Service admins? | No |
+| Default User Rights | None |
+
+<!-- WHEN MORE INFO IS AVAILABLE, ADD LINES to the above table -- a line under the ADMINSDHOLDER line, "Safe to move out of default container?" -->
+
+### System Managed Accounts Group
+
+Members of this group are managed by the system.
+
+The System Managed Accounts group applies to versions of the Windows Server operating system listed in the [Active Directory Default Security Groups table](#bkmk-groupstable).
+
+
+| Attribute | Value |
+|-----------|-------|
+| Well-Known SID/RID | S-1-5-32-581 |
+| Type | BuiltIn Local |
+| Default container | CN=BuiltIn, DC=&lt;domain&gt;, DC= |
+| Default members | Users |
+| Default member of | None |
+| Protected by ADMINSDHOLDER? | No |
+| Safe to move out of default container? | Yes |
+| Safe to delegate management of this group to non-Service admins? | No |
+| Default User Rights | None |
+
+<!-- WHEN MORE INFO IS AVAILABLE, ADD LINES to the above table -- a line under the ADMINSDHOLDER line, "Safe to move out of default container?" -->
 
 ### <a href="" id="bkmk-terminalserverlic"></a>Terminal Server License Servers
 
diff --git a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
index 8e62ff36b5..9ce1e76918 100644
--- a/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
+++ b/windows/keep-secure/ad-ds-schema-extensions-to-support-tpm-backup.md
@@ -12,13 +12,17 @@ author: brianlic-msft
 # AD DS schema extensions to support TPM backup
 
 **Applies to**
--   Windows 10
+-   Windows 10, version 1511
+-   Windows 10, version 1507
+
+**Does not apply to**
+- Windows 10, version 1607 or later
 
 This topic provides more details about this change and provides template schema extensions that you can incorporate into your organization.
 
 ## Why a schema extension is needed
 
-The TPM owner authorization value is now stored in a separate object which is linked to the Computer object. This value was stored as a property in the Computer object itself for the default Windows Server 2008 R2 schemas. Windows Server 2012 domain controllers have the default schema to backup TPM owner authorization information in the separate object. If you are not upgrading your domain controller to Windows Server 2012 you need to extend the schema to support this change. If Active Directory backup of the TPM owner authorization value is enabled in a Windows Server 2008 R2 environment without extending the schema, the TPM provisioning will fail and the TPM will remain in a Not Ready state for computers running Windows 8. The following are the two schema extensions that you can use to bring your Windows Server 2008 R2 domain to parity with Windows Server 2012:
+The TPM owner authorization value is now stored in a separate object which is linked to the Computer object. This value was stored as a property in the Computer object itself for the default Windows Server 2008 R2 schema. Windows Server 2012 domain controllers have the default schema to backup TPM owner authorization information in the separate object. If you are not upgrading your domain controller to Windows Server 2012, you need to extend the schema to support this change. If Active Directory backup of the TPM owner authorization value is enabled in a Windows Server 2008 R2 environment without extending the schema, the TPM provisioning will fail and the TPM will remain in a Not Ready state for computers running Windows 8. The following are the two schema extensions that you can use to bring your Windows Server 2008 R2 domain to parity with Windows Server 2012:
 
 ### <a href="" id="tpmschemaextension-ldf-"></a>TpmSchemaExtension.ldf
 
diff --git a/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md b/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
index 56525c8a4e..3565476277 100644
--- a/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
+++ b/windows/keep-secure/add-apps-to-protected-list-using-custom-uri.md
@@ -1,26 +1,25 @@
 ---
-title: Add apps to your enterprise data protection (EDP) policy by using Microsoft Intune and custom URI functionality (Windows 10)
-description: Add apps to your enterprise data protection (EDP) allowed app list, by using the Microsoft Intune custom URI functionality and AppLocker.
+title: Add apps to your Windows Information Protection (WIP) policy by using Microsoft Intune custom URI functionality (Windows 10)
+description: Add apps to your Windows Information Protection (WIP) allowed app list, by using the Microsoft Intune custom URI functionality and AppLocker.
 ms.assetid: b50db35d-a2a9-4b78-a95d-a1b066e66880
-keywords: EDP, Enterprise Data Protection, protected apps, protected app list
+keywords: WIP, Enterprise Data Protection, protected apps, protected app list
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.pagetype: security
 ms.sitesec: library
 author: eross-msft
+localizationpriority: high
 ---
 
-# Add apps to your enterprise data protection (EDP) policy by using the Microsoft Intune custom URI functionality
+# Add apps to your Windows Information Protection (WIP) policy by using the Microsoft Intune custom URI functionality
 **Applies to:**
 
--   Windows 10 Insider Preview
--   Windows 10 Mobile Preview
+-   Windows 10, version 1607
+-   Windows 10 Mobile
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
+You can add apps to your Windows Information Protection (WIP) protected app list using the Microsoft Intune custom URI functionality and AppLocker. For more info about how to create a custom URI using Intune, [Windows 10 custom policy settings in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkID=691330).
 
-You can add apps to your enterprise data protection (EDP) protected app list using the Microsoft Intune custom URI functionality and AppLocker. For more info about how to create a custom URI using Intune, [Windows 10 custom policy settings in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkID=691330).
-
->**Important**  
+>**Important**<br>
 Results can be unpredictable if you configure your policy using both the UI and the Custom URI method together. We recommend using a single method for each policy.
 
 ## Add Store apps
@@ -28,15 +27,15 @@ Results can be unpredictable if you configure your policy using both the UI and
 
 2. In the left pane, expand **Application Control Policies**, expand **AppLocker**, right-click **Packaged app Rules**, and then click **Automatically Generate Rules**.
 
-    The **Automatically Generate Packaged app Rules** wizard opens, letting you create EDP-protected app polices for all of the installed apps on the device or for packaged apps within a specific folder.
+    The **Automatically Generate Packaged app Rules** wizard opens, letting you create WIP-protected app polices for all of the installed apps on the device or for packaged apps within a specific folder.
 
 3.  In the **Folder and Permissions** screen, keep the default value of **Everyone** in the **User or security group that the rules will apply to** box.
 
-    You want to keep this value because your EDP policy needs to apply to the device being managed, not a single user or group of users.
+    You want to keep this value because your WIP policy needs to apply to the device being managed, not a single user or group of users.
 
 4.  Type the name you’ll use to tag the rules into the **Name to identify this set of rules** box, and then click **Next**.
 
-    This name should be easily recognizable, such as *EDP_StoreApps_Rules*.
+    This name should be easily recognizable, such as *WIP_StoreApps_Rules*.
 
 5.  In the **Rules Preferences** screen, keep the default settings, and then click **Next** to start generating the rules.
 
@@ -67,29 +66,29 @@ Results can be unpredictable if you configure your policy using both the UI and
     ```
 
 15. Click **OK** to close the **Add or edit OMA-URI Setting** box, and then click **Save Policy**.<p>
-After saving the policy, you’ll need to deploy it to your employee’s devices. For more info, see the [Deploy your enterprise data protection (EDP) policy](deploy-edp-policy-using-intune.md) topic.
+After saving the policy, you’ll need to deploy it to your employee’s devices. For more info, see the [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md) topic.
 
 ## Add Desktop apps
 1.  Open the Local Security Policy snap-in (SecPol.msc).
 
 2.  In the left pane, expand **Application Control Policies**, expand **AppLocker**, right-click **Executable Rules**, and then click **Automatically Generate Rules**.
 
-    The **Automatically Generate Executable Rules** wizard opens, letting you create EDP-protected app polices by analyzing the files within a specific folder.
+    The **Automatically Generate Executable Rules** wizard opens, letting you create WIP-protected app polices by analyzing the files within a specific folder.
 
 3.  In the **Folder and Permissions** screen, keep the default value of **Everyone** in the **User or security group that the rules will apply to** box.
 
-    You want to keep this value because your EDP policy needs to apply to the device being managed, not a single user or group of users.
+    You want to keep this value because your WIP policy needs to apply to the device being managed, not a single user or group of users.
 
 4.  Type the name you’ll use to tag the rules into the **Name to identify this set of rules** box, and then click **Next**.
 
-    This name should be easily recognizable, such as *EDP_DesktopApps_Rules*.
+    This name should be easily recognizable, such as *WIP_DesktopApps_Rules*.
 
 5.  In the **Rules Preferences** screen, keep the default settings, and then click **Next** to start generating the rules.
 
     >**Important**<br>You can also use **Path** rules instead of the **File hash** if you have concerns about unsigned files potentially changing the hash value if they're updated in the future.
     
     <p>
-    >**Note**<br>We recommend that you use **Publisher** rules because they only work with apps you've specifically defined and they can be configured to not require updating simply because a new version came out.<p>If you can't use **Publisher** rules, we then recommend that you use **File hash** rules. **File hash** rules are a secure alternative that can be used on unsigned code. The primary disadvantage to **File hash** is that every time a binary changes (such as, through servicing updates or upgrades), you'll need to create a new rule.<p>Finally, there's **Path** rules. **Path** rules are easier to set up and maintain, but can let apps bypass enterprise data protection (EDP) by simply renaming and moving an unallowed file to match one of the apps on the **Protected App** list. For example, if your **Path** rule says to allow `%PROGRAMFILES%/NOTEPAD.EXE`, it becomes possible to rename DisallowedApp.exe to Notepad.exe, move it into the specified path above, and have it suddenly be allowed.
+    >**Note**<br>We recommend that you use **Publisher** rules because they only work with apps you've specifically defined and they can be configured to not require updating simply because a new version came out.<p>If you can't use **Publisher** rules, we then recommend that you use **File hash** rules. **File hash** rules are a secure alternative that can be used on unsigned code. The primary disadvantage to **File hash** is that every time a binary changes (such as, through servicing updates or upgrades), you'll need to create a new rule.<p>Finally, there's **Path** rules. **Path** rules are easier to set up and maintain, but can let apps bypass Windows Information Protection (WIP) by simply renaming and moving an unallowed file to match one of the apps on the **Protected App** list. For example, if your **Path** rule says to allow `%PROGRAMFILES%/NOTEPAD.EXE`, it becomes possible to rename DisallowedApp.exe to Notepad.exe, move it into the specified path above, and have it suddenly be allowed.
 
 6.  In the **Review Rules** screen, look over your rules to make sure they’re right, and then click **Create** to add them to your collection of rules.
 
@@ -117,12 +116,12 @@ After saving the policy, you’ll need to deploy it to your employee’s devices
 
 15. Click **OK** to close the **Add or edit OMA-URI Setting** box, and then click **Save Policy**.
 
-    After saving the policy, you’ll need to deploy it to your employee’s devices. For more info, see the [Deploy your enterprise data protection (EDP) policy](deploy-edp-policy-using-intune.md) topic.
+    After saving the policy, you’ll need to deploy it to your employee’s devices. For more info, see the [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md) topic.
 
 ##Related topics
-- [Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md)
-- [Deploy your enterprise data protection (EDP) policy](deploy-edp-policy-using-intune.md)
-- [Create and deploy a VPN policy for enterprise data protection (EDP) using Microsoft Intune](create-vpn-and-edp-policy-using-intune.md)
+- [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md)
+- [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md)
+- [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md)
 
 
  
diff --git a/windows/keep-secure/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/keep-secure/add-production-devices-to-the-membership-group-for-a-zone.md
index fc07133c99..69108c1fcc 100644
--- a/windows/keep-secure/add-production-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/keep-secure/add-production-devices-to-the-membership-group-for-a-zone.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 
 After you test the GPOs for your design on a small set of devices, you can deploy them to the production devices.
diff --git a/windows/keep-secure/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/keep-secure/add-test-devices-to-the-membership-group-for-a-zone.md
index f5f2edf9d6..11b782d3f8 100644
--- a/windows/keep-secure/add-test-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/keep-secure/add-test-devices-to-the-membership-group-for-a-zone.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Before you deploy your rules to large numbers of devices, you must thoroughly test the rules to make sure that communications are working as expected. A misplaced WMI filter or an incorrectly typed IP address in a filter list can easily block communications between devices. Although we recommend that you set your rules to request mode until testing and deployment is complete, we also recommend that you initially deploy the rules to a small number of devices only to be sure that the correct GPOs are being processed by each device.
 
diff --git a/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md
new file mode 100644
index 0000000000..1f2d6310fd
--- /dev/null
+++ b/windows/keep-secure/additional-configuration-windows-advanced-threat-protection.md
@@ -0,0 +1,7 @@
+ ---
+ redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection
+ ---
+
+# Additional Windows Defender ATP configuration settings
+
+This page has been redirected to [Configure endpoints](https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection)
\ No newline at end of file
diff --git a/windows/keep-secure/advanced-security-auditing-faq.md b/windows/keep-secure/advanced-security-auditing-faq.md
index 3bfa640035..9ccd526c9d 100644
--- a/windows/keep-secure/advanced-security-auditing-faq.md
+++ b/windows/keep-secure/advanced-security-auditing-faq.md
@@ -125,7 +125,7 @@ Often it is not enough to know simply that an object such as a file or folder wa
 
 ## <a href="" id="bkmk-8"></a>How do I know when changes are made to access control settings, by whom, and what the changes were?
 
-To track access control changes on computers running Windows Server 2016 Technical Preview, Windows Server 2012 R2, Windows Server 2012 Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, you need to enable the following settings, which track changes to DACLs:
+To track access control changes on computers running Windows Server 2016, Windows Server 2012 R2, Windows Server 2012 Windows 7, Windows Server 2008 R2, Windows Vista, or Windows Server 2008, you need to enable the following settings, which track changes to DACLs:
 -   **Audit File System** subcategory: Enable for success, failure, or success and failure
 -   **Audit Authorization Policy Change** setting: Enable for success, failure, or success and failure
 -   A SACL with **Write** and **Take ownership** permissions: Apply to the object that you want to monitor
@@ -170,8 +170,8 @@ In addition, there are a number of computer management products, such as the Aud
 Users who examine the security event log for the first time can be a bit overwhelmed by the number of audit events that are stored there (which can quickly number in the thousands) and by the structured information that is included for each audit event. Additional information about these events, and the settings used to generate them, can be obtained from the following resources:
 
 -   [Windows 8 and Windows Server 2012 Security Event Details](http://www.microsoft.com/download/details.aspx?id=35753)
--   [Security Audit Events for Windows 7 and Windows Server 2008 R2](http://go.microsoft.com/fwlink/p/?linkid=157780)
--   [Security Audit Events for Windows Server 2008 and Windows Vista](http://go.microsoft.com/fwlink/p/?linkid=121868)
+-   [Security Audit Events for Windows 7 and Windows Server 2008 R2](https://go.microsoft.com/fwlink/p/?linkid=157780)
+-   [Security Audit Events for Windows Server 2008 and Windows Vista](https://go.microsoft.com/fwlink/p/?linkid=121868)
 -   [Advanced security audit policy settings](advanced-security-audit-policy-settings.md)
 
 ## <a href="" id="bkmk-18"></a>Where can I find more detailed information?
@@ -180,7 +180,7 @@ To learn more about security audit policies, see the following resources:
 
 -   [Planning and deploying advanced security audit policies](planning-and-deploying-advanced-security-audit-policies.md)
 -   [Security Monitoring and Attack Detection Planning Guide](http://social.technet.microsoft.com/wiki/contents/articles/325.advanced-security-auditing-in-windows-7-and-windows-server-2008-r2.aspx)
--   [Security Audit Events for Windows 7 and Windows Server 2008 R2](http://go.microsoft.com/fwlink/p/?linkid=157780)
--   [Security Audit Events for Windows Server 2008 and Windows Vista](http://go.microsoft.com/fwlink/p/?LinkId=121868)
+-   [Security Audit Events for Windows 7 and Windows Server 2008 R2](https://go.microsoft.com/fwlink/p/?linkid=157780)
+-   [Security Audit Events for Windows Server 2008 and Windows Vista](https://go.microsoft.com/fwlink/p/?LinkId=121868)
  
  
diff --git a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
index 46dddb36a1..09000d467d 100644
--- a/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/alerts-queue-windows-defender-advanced-threat-protection.md
@@ -8,26 +8,29 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # View and organize the Windows Defender Advanced Threat Protection Alerts queue
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
 As a security operations team member, you can manage Windows Defender ATP alerts as part of your routine activities. Alerts will appear in queues according to their current status.
 
 To see a list of alerts, click any of the queues under the **Alerts queue** option in the navigation pane.
 
-> **Note**&nbsp;&nbsp;By default, the queues are sorted from newest to oldest.
+> [!NOTE]
+> By default, the queues are sorted from newest to oldest.
 
 The following table and screenshot demonstrate the main areas of the **Alerts queue**.
 
-![Screenshot of the Dashboard showing the New Alerts list and navigation bar](images/alertsq.png)
+![Screenshot of the Dashboard showing the New Alerts list and navigation bar](images/alertsq2.png)
 
 Highlighted area|Area name|Description
 :---|:---|:---
@@ -59,7 +62,8 @@ There are three mechanisms to pivot the queue against:
   - **30 days**
   - **6 months**
 
-  > **Note**&nbsp;&nbsp;You can change the sort order (for example, from most recent to least recent) by clicking the sort order icon ![the sort order icon looks like two arrows on top of each other](images/sort-order-icon.png)
+  > [!NOTE]
+  > You can change the sort order (for example, from most recent to least recent) by clicking the sort order icon ![the sort order icon looks like two arrows on top of each other](images/sort-order-icon.png)
 
 ### Related topics
 - [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/keep-secure/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
index f72093bb1e..f567285c1b 100644
--- a/windows/keep-secure/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
+++ b/windows/keep-secure/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 You can import an XML file containing customized registry preferences into a Group Policy Object (GPO) by using the Preferences feature of the Group Policy Management Console (GPMC).
 
diff --git a/windows/keep-secure/applocker-functions.md b/windows/keep-secure/applocker-functions.md
index eaad056c7a..cd1534c55b 100644
--- a/windows/keep-secure/applocker-functions.md
+++ b/windows/keep-secure/applocker-functions.md
@@ -20,14 +20,14 @@ This topic for the IT professional lists the functions and security levels for t
 
 The following list includes the SRP functions beginning with Windows Server 2003 and AppLocker functions beginning with Windows Server 2008 R2 and links to current documentation on MSDN:
 
--   [SaferGetPolicyInformation Function](http://go.microsoft.com/fwlink/p/?LinkId=159781)
--   [SaferCreateLevel Function](http://go.microsoft.com/fwlink/p/?LinkId=159782)
--   [SaferCloseLevel Function](http://go.microsoft.com/fwlink/p/?LinkId=159783)
--   [SaferIdentifyLevel Function](http://go.microsoft.com/fwlink/p/?LinkId=159784)
--   [SaferComputeTokenFromLevel Function](http://go.microsoft.com/fwlink/p/?LinkId=159785)
--   [SaferGetLevelInformation Function](http://go.microsoft.com/fwlink/p/?LinkId=159787)
--   [SaferRecordEventLogEntry Function](http://go.microsoft.com/fwlink/p/?LinkId=159789)
--   [SaferiIsExecutableFileType Function](http://go.microsoft.com/fwlink/p/?LinkId=159790)
+-   [SaferGetPolicyInformation Function](https://go.microsoft.com/fwlink/p/?LinkId=159781)
+-   [SaferCreateLevel Function](https://go.microsoft.com/fwlink/p/?LinkId=159782)
+-   [SaferCloseLevel Function](https://go.microsoft.com/fwlink/p/?LinkId=159783)
+-   [SaferIdentifyLevel Function](https://go.microsoft.com/fwlink/p/?LinkId=159784)
+-   [SaferComputeTokenFromLevel Function](https://go.microsoft.com/fwlink/p/?LinkId=159785)
+-   [SaferGetLevelInformation Function](https://go.microsoft.com/fwlink/p/?LinkId=159787)
+-   [SaferRecordEventLogEntry Function](https://go.microsoft.com/fwlink/p/?LinkId=159789)
+-   [SaferiIsExecutableFileType Function](https://go.microsoft.com/fwlink/p/?LinkId=159790)
 
 ## Security level ID
 
diff --git a/windows/keep-secure/applocker-overview.md b/windows/keep-secure/applocker-overview.md
index 954c093d80..d8194a1caa 100644
--- a/windows/keep-secure/applocker-overview.md
+++ b/windows/keep-secure/applocker-overview.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: high
 author: brianlic-msft
 ---
 
diff --git a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
index eb788e5359..129b49f08e 100644
--- a/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/assign-portal-access-windows-defender-advanced-threat-protection.md
@@ -1,6 +1,6 @@
 ---
 title: Assign user access to the Windows Defender Advanced Threat Protection portal
-description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal. 
+description: Assign read and write or read only access to the Windows Defender Advanced Threat Protection portal.
 keywords: assign user roles, assign read and write access, assign read only access, user, user roles, roles
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
@@ -8,32 +8,48 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Assign user access to the Windows Defender ATP portal
-
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Azure Active Directory
 - Office 365
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-Windows Defender ATP users and access permissions are managed in Azure Active Directory (AAD). User can be assigned one of the following levels of permissions:
+Windows Defender ATP users and access permissions are managed in Azure Active Directory (AAD). You can assign users with one of the following levels of permissions:
 - Full access (Read and Write)
 - Read only access
 
 **Full access** <br>
-Users with full access can log in, view all system information as well as resolve alerts, submit files for deep analysis, and download the onboarding package.
+Users with full access can log in, view all system information and resolve alerts, submit files for deep analysis, and download the onboarding package.
 Assigning full access rights requires adding the users to the “Security Administrator” or “Global Administrator” AAD built-in roles.
 
 **Read only access** <br>
-Users with read only access can log in, view all alerts, and related information. 
+Users with read only access can log in, view all alerts, and related information.
 They will not be able to change alert states, submit files for deep analysis or perform any state changing operations.
 Assigning read only access rights requires adding the users to the “Security Reader” AAD built-in role.
 
-Your administrator can assign roles using the Office 365 portal, or in the Azure classic portal, or by using the AAD module for Windows PowerShell. 
-For more information, see [Assigning admin roles in Office 365](https://support.office.com/en-us/article/Assigning-admin-roles-in-Office-365-eac4d046-1afd-4f1a-85fc-8219c79e1504?ui=en-US&rs=en-US&ad=US) and [Assigning administrator roles in Azure Active Directory](https://azure.microsoft.com/en-us/documentation/articles/active-directory-assign-admin-roles/).
+Use the following steps to assign security roles:
+- Preparations:
+    - Install Azure PowerShell. For more information see, [How to install and configure Azure PowerShell](https://azure.microsoft.com/documentation/articles/powershell-install-configure/).<br>
 
+        > [!NOTE]
+        > You need to run the PowerShell cmdlets in an elevated command-line.
+
+- Connect to your Azure Active Directory. For more information see, [Connect-MsolService](https://msdn.microsoft.com/library/dn194123.aspx).
+- For **read and write** access, assign users to the security administrator role by using the following command:
+```text
+Add-MsolRoleMember -RoleName "Security Administrator" -RoleMemberEmailAddress "secadmin@Contoso.onmicrosoft.com"
+```
+- For **read only** access, assign users to the security reader role by using the following command:
+```text
+Add-MsolRoleMember -RoleName "Security Reader" -RoleMemberEmailAddress “reader@Contoso.onmicrosoft.com”
+```
+
+For more information see, [Manage Azure AD group and role membership](https://technet.microsoft.com/library/321d532e-407d-4e29-a00a-8afbe23008dd#BKMK_ManageGroups).
diff --git a/windows/keep-secure/assign-security-group-filters-to-the-gpo.md b/windows/keep-secure/assign-security-group-filters-to-the-gpo.md
index f6dcdfddf4..d70e138887 100644
--- a/windows/keep-secure/assign-security-group-filters-to-the-gpo.md
+++ b/windows/keep-secure/assign-security-group-filters-to-the-gpo.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To make sure that your GPO is applied to the correct computers, use the Group Policy Management MMC snap-in to assign security group filters to the GPO.
 
diff --git a/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md b/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
index 3bd9ddd1b8..d66a9e0a4e 100644
--- a/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
+++ b/windows/keep-secure/audit-audit-the-use-of-backup-and-restore-privilege.md
@@ -74,7 +74,7 @@ When the backup and restore function is used, it creates a copy of the file syst
 ### Countermeasure
 
 Enable the **Audit: Audit the use of Backup and Restore privilege** setting. Alternatively, implement automatic log backup by configuring the **AutoBackupLogFiles** registry key. If you enable this option when the [Audit privilege use](basic-audit-privilege-use.md) setting is also enabled, an audit event is generated for every file that is backed up or restored. This information could help you to identify an account that was used to accidentally or maliciously restore data in an unauthorized manner.
-For more information about configuring this key, see Microsoft Knowledge Base article [100879](http://go.microsoft.com/fwlink/p/?LinkId=100879).
+For more information about configuring this key, see Microsoft Knowledge Base article [100879](https://go.microsoft.com/fwlink/p/?LinkId=100879).
 
 ### Potential impact
 
diff --git a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
index aee1050952..0beb5a8932 100644
--- a/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/keep-secure/backup-tpm-recovery-information-to-ad-ds.md
@@ -12,7 +12,11 @@ author: brianlic-msft
 # Backup the TPM recovery Information to AD DS
 
 **Applies to**
--   Windows 10
+-   Windows 10, version 1511
+-   Windows 10, version 1507
+
+**Does not apply to**
+- Windows 10, version 1607 or later
 
 This topic for the IT professional describes how to back up a computer’s Trusted Platform Module (TPM) information to Active Directory Domain Services (AD DS) so that you can use AD DS to administer the TPM from a remote computer.
 
diff --git a/windows/keep-secure/basic-firewall-policy-design.md b/windows/keep-secure/basic-firewall-policy-design.md
index 3863b0cf74..bbc34eda26 100644
--- a/windows/keep-secure/basic-firewall-policy-design.md
+++ b/windows/keep-secure/basic-firewall-policy-design.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Many organizations have a network perimeter firewall that is designed to prevent the entry of malicious traffic in to the organization's network, but do not have a host-based firewall enabled on each device in the organization.
 
diff --git a/windows/keep-secure/bitlocker-frequently-asked-questions.md b/windows/keep-secure/bitlocker-frequently-asked-questions.md
index 23dc64932f..c329ed5d14 100644
--- a/windows/keep-secure/bitlocker-frequently-asked-questions.md
+++ b/windows/keep-secure/bitlocker-frequently-asked-questions.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: high
 author: brianlic-msft
 ---
 
@@ -138,7 +139,7 @@ The following table lists what action you need to take before you perform an upg
 
 ### <a href="" id="bkmk-automate"></a>Can BitLocker deployment be automated in an enterprise environment?
 
-Yes, you can automate the deployment and configuration of BitLocker and the TPM using either WMI or Windows PowerShell scripts. How you choose to implement the scripts depends on your environment. You can also use Manage-bde.exe to locally or remotely configure BitLocker. For more info about writing scripts that use the BitLocker WMI providers, see [BitLocker Drive Encryption Provider](http://go.microsoft.com/fwlink/p/?LinkId=80600). For more info about using Windows PowerShell cmdlets with BitLocker Drive Encryption, see [BitLocker Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj649829.aspx).
+Yes, you can automate the deployment and configuration of BitLocker and the TPM using either WMI or Windows PowerShell scripts. How you choose to implement the scripts depends on your environment. You can also use Manage-bde.exe to locally or remotely configure BitLocker. For more info about writing scripts that use the BitLocker WMI providers, see [BitLocker Drive Encryption Provider](https://go.microsoft.com/fwlink/p/?LinkId=80600). For more info about using Windows PowerShell cmdlets with BitLocker Drive Encryption, see [BitLocker Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj649829.aspx).
 
 ### <a href="" id="bkmk-os"></a>Can BitLocker encrypt more than just the operating system drive?
 
diff --git a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
index 16e0aa12b2..0155f5ed15 100644
--- a/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/keep-secure/bitlocker-how-to-enable-network-unlock.md
@@ -141,20 +141,29 @@ To enroll a certificate from an existing certification authority (CA), do the fo
     2.  Select **Yes, export the private key**.
     3.  Complete the wizard to create the .pfx file.
 
-To create a self-signed certificate, do the following:
+To create a self-signed certificate, you can either use the New-SelfSignedCertificate cmdlet in Windows PowerShell or use Certreq.
 
-1.  Create a text file with an .inf extension. For example, notepad.exe BitLocker-NetworkUnlock.inf
+Windows PowerShell example:
+
+```syntax
+New-SelfSignedCertificate -CertStoreLocation Cert:\LocalMachine\My -Subject "CN=BitLocker Network Unlock certificate" -Provider "Microsoft Software Key Storage Provider" -KeyUsage KeyEncipherment -KeyUsageProperty Decrypt,Sign -KeyLength 2048 -HashAlgorithm sha512 -TextExtension @("1.3.6.1.4.1.311.21.10={text}OID=1.3.6.1.4.1.311.67.1.1","2.5.29.37={text}1.3.6.1.4.1.311.67.1.1")
+```
+
+Certreq example:
+
+1.  Create a text file with an .inf extension. For example, notepad.exe BitLocker-NetworkUnlock.inf.
 2.  Add the following contents to the previously created file:
 
     ``` syntax
     [NewRequest]
     Subject="CN=BitLocker Network Unlock certificate"
+    ProviderType=0
+    MachineKeySet=True
     Exportable=true
     RequestType=Cert
     KeyUsage="CERT_KEY_ENCIPHERMENT_KEY_USAGE"
-    KeyUsageProperty="NCRYPT_ALLOW_DECRYPT_FLAG"
+    KeyUsageProperty="NCRYPT_ALLOW_DECRYPT_FLAG | NCRYPT_ALLOW_SIGNING_FLAG"
     KeyLength=2048
-    Keyspec="AT_KEYEXCHANGE"
     SMIME=FALSE
     HashAlgorithm=sha512
     [Extensions]
@@ -170,40 +179,40 @@ To create a self-signed certificate, do the following:
     certreq -new BitLocker-NetworkUnlock.inf BitLocker-NetworkUnlock.cer
     ```
 
-4.  Verify the previous command properly created the certificate by confirming the .cer file exists
-5.  Launch the Certificate Manager by running **certmgr.msc**
-6.  Create a .pfx file by opening the **Certificates – Current User\\Personal\\Certificates** path in the navigation pane, right-clicking the previously imported certificate, selecting **All Tasks**, then **Export**. Follow through the wizard to create the .pfx file.
+4.  Verify the previous command properly created the certificate by confirming the .cer file exists.
+5.  Launch Certificates - Local Machine by running **certlm.msc**.
+6.  Create a .pfx file by opening the **Certificates – Local Computer\\Personal\\Certificates** path in the navigation pane, right-clicking the previously imported certificate, selecting **All Tasks**, then **Export**. Follow through the wizard to create the .pfx file.
 
 ### <a href="" id="bkmk-stepfive"></a>Step Five: Deploy the private key and certificate to the WDS server
 
 With the certificate and key created, deploy them to the infrastructure to properly unlock systems. To deploy the certificates, do the following:
 
 1.  On the WDS server, open a new MMC and add the certificates snap-in. Select the computer account and local computer when given the options.
-2.  Right-click the Certificates (Local Computer) - BitLocker Drive Encryption Network Unlock item, choose All Tasks, then **Import**
+2.  Right-click the Certificates (Local Computer) - BitLocker Drive Encryption Network Unlock item, choose All Tasks, then **Import**.
 3.  In the **File to Import** dialog, choose the .pfx file created previously.
 4.  Enter the password used to create the .pfx and complete the wizard.
 
-### Step Six: Configure Group Policy settings for Network Unlock
+### <a href="" id="bkmk-stepsix"></a>Step Six: Configure Group Policy settings for Network Unlock
 
 With certificate and key deployed to the WDS server for Network Unlock, the final step is to use Group Policy settings to deploy the public key certificate to computers that you want to be able to unlock using the Network Unlock key. Group Policy settings for BitLocker can be found under **\\Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption** using the Local Group Policy Editor or the Microsoft Management Console.
 
 The following steps describe how to enable the Group Policy setting that is a requirement for configuring Network Unlock.
 
-1.  Open Group Policy Management Console (gpmc.msc)
-2.  Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** option
-3.  Turn on BitLocker with TPM+PIN protectors on all domain-joined computers
+1.  Open Group Policy Management Console (gpmc.msc).
+2.  Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** option.
+3.  Turn on BitLocker with TPM+PIN protectors on all domain-joined computers.
 
 The following steps describe how to deploy the required Group Policy setting:
 
 >**Note:**  The Group Policy settings **Allow network unlock at startup** and **Add Network Unlock Certificate** were introduced in Windows Server 2012.
  
-1.  Copy the .cer file created for Network Unlock to the domain controller
-2.  On the domain controller, launch Group Policy Management Console (gpmc.msc)
+1.  Copy the .cer file created for Network Unlock to the domain controller.
+2.  On the domain controller, launch Group Policy Management Console (gpmc.msc).
 3.  Create a new Group Policy Object or modify an existing object to enable the **Allow network unlock at startup** setting.
-4.  Deploy the public certificate to clients
+4.  Deploy the public certificate to clients:
 
-    1.  Within Group Policy Management Console, navigate to the following location: **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate**
-    2.  Right-click the folder and choose **Add Network Unlock Certificate**
+    1.  Within Group Policy Management Console, navigate to the following location: **Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Public Key Policies\\BitLocker Drive Encryption Network Unlock Certificate**.
+    2.  Right-click the folder and choose **Add Network Unlock Certificate**.
     3.  Follow the wizard steps and import the .cer file that was copied earlier.
 
 >**Note:**  Only one network unlock certificate can be available at a time. If a new certificate is required, delete the current certificate before deploying a new one. The Network Unlock certificate is located in the **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\SystemCertificates\\FVE\_NKP** key on the client computer.
@@ -212,16 +221,16 @@ The following steps describe how to deploy the required Group Policy setting:
 
 An additional step is for enterprises to use TPM+PIN protectors for an extra level of security. To require TPM+PIN protectors in an environment, do the following:
 
-1.  Open Group Policy Management Console (gpmc.msc)
-2.  Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** option
-3.  Turn on BitLocker with TPM+PIN protectors on all domain-joined computers
+1.  Open Group Policy Management Console (gpmc.msc).
+2.  Enable the policy **Require additional authentication at startup** and select the **Require startup PIN with TPM** option.
+3.  Turn on BitLocker with TPM+PIN protectors on all domain-joined computers.
 
 ### <a href="" id="bkmk-createcerttmpl"></a>Create the certificate template for Network Unlock
 
 The following steps detail how to create a certificate template for use with BitLocker Network Unlock. A properly configured Active Directory Services Certification Authority can use this certificate to create and issue Network Unlock certificates.
 
 1.  Open the Certificates Template snap-in (certtmpl.msc).
-2.  Locate the User template. Right-click the template name and select **Duplicate Template**
+2.  Locate the User template. Right-click the template name and select **Duplicate Template**.
 3.  On the **Compatibility** tab, change the **Certification Authority** and **Certificate recipient** fields to Windows Server 2012 and Windows 8respectively. Ensure the **Show resulting changes** dialog box is selected.
 4.  Select the **General** tab of the template. The **Template display name** and **Template name** should clearly identify that the template will be used for Network Unlock. Clear the checkbox for the **Publish certificate in Active Directory** option.
 5.  Select the **Request Handling** tab. Select **Encryption** from the **Purpose** drop down menu. Ensure the **Allow private key to be exported** option is selected.
@@ -237,9 +246,9 @@ The following steps detail how to create a certificate template for use with Bit
     -   **Name:** **BitLocker Network Unlock**
     -   **Object Identifier:** **1.3.6.1.4.1.311.67.1.1**
 
-14. Select the newly created **BitLocker Network Unlock** application policy and select **OK**
+14. Select the newly created **BitLocker Network Unlock** application policy and select **OK**.
 15. With the **Extensions** tab still open, select the **Edit Key Usage Extension** dialog, select the **Allow key exchange only with key encryption (key encipherment)** option. Select the **Make this extension critical** option.
-16. Select the **Security** tab. Confirm that the **Domain Admins** group has been granted **Enroll** permission
+16. Select the **Security** tab. Confirm that the **Domain Admins** group has been granted **Enroll** permission.
 17. Select **OK** to complete configuration of the template.
 
 To add the Network Unlock template to the Certification Authority, open the Certification Authority snap-in (certsrv.msc). Right-click the **Certificate Templates** item and choose **New, Certificate Template to issue**. Select the previously created BitLocker Network Unlock certificate.
@@ -319,8 +328,8 @@ Files to gather when troubleshooting BitLocker Network Unlock include:
         In the right pane, click **Enable Log**.
 
 2.  The DHCP subnet configuration file (if one exists).
-3.  The output of the BitLocker status on the volume, this can be gathered into a text file using **manage-bde -status** or **Get-BitLockerVolume** in Windows PowerShell
-4.  Network Monitor capture on the server hosting the WDS role, filtered by client IP address
+3.  The output of the BitLocker status on the volume, this can be gathered into a text file using **manage-bde -status** or **Get-BitLockerVolume** in Windows PowerShell.
+4.  Network Monitor capture on the server hosting the WDS role, filtered by client IP address.
 
 ## <a href="" id="bkmk-unsupportedsystems"></a>Configure Network Unlock Group Policy settings on earlier versions
 
@@ -337,7 +346,7 @@ The following steps can be used to configure Network Unlock on these older syste
 3.  [Step Three: Install the Network Unlock feature](#bkmk-stepthree)
 4.  [Step Four: Create the Network Unlock certificate](#bkmk-stepfour)
 5.  [Step Five: Deploy the private key and certificate to the WDS server](#bkmk-stepfive)
-6.  **Step Six: Configure registry settings for Network Unlock**
+6.  [Step Six: Configure registry settings for Network Unlock](#bkmk-stepsix)
 
     Apply the registry settings by running the following certutil script on each computer running any of the client operating systems designated in the **Applies To** list at the beginning of this topic.
         certutil -f -grouppolicy -addstore FVE_NKP BitLocker-NetworkUnlock.cer
diff --git a/windows/keep-secure/bitlocker-overview.md b/windows/keep-secure/bitlocker-overview.md
index 18c4baf5b6..2921e55f01 100644
--- a/windows/keep-secure/bitlocker-overview.md
+++ b/windows/keep-secure/bitlocker-overview.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: high
 author: brianlic-msft
 ---
 
diff --git a/windows/keep-secure/bitlocker-recovery-guide-plan.md b/windows/keep-secure/bitlocker-recovery-guide-plan.md
index 61d362d1a3..1005d019ad 100644
--- a/windows/keep-secure/bitlocker-recovery-guide-plan.md
+++ b/windows/keep-secure/bitlocker-recovery-guide-plan.md
@@ -410,10 +410,10 @@ You can use the following sample script to create a VBScript file to retrieve th
 ' Usage
 ' --------------------------------------------------------------------------------
 Sub ShowUsage
-   Wscript.Echo "USAGE: GetBitLockerKeyPackageAD [Path To Saved Key Package] [Optional Computer Name]"
+   Wscript.Echo "USAGE: GetBitLockerKeyPackageADDS [Path To Save Key Package] [Optional Computer Name]"
    Wscript.Echo "If no computer name is specified, the local computer is assumed."
    Wscript.Echo 
-   Wscript.Echo "Example: GetBitLockerKeyPackageAD E:\bitlocker-ad-key-package mycomputer"
+   Wscript.Echo "Example: GetBitLockerKeyPackageADDS E:\bitlocker-ad-key-package mycomputer"
    WScript.Quit
 End Sub
 ' --------------------------------------------------------------------------------
@@ -541,13 +541,23 @@ Function BinaryToString(Binary)
   BinaryToString = S
 End Function
 WScript.Quit
+```
+
 The following sample script exports a new key package from an unlocked, encrypted volume.
-To run this script, start by saving the code into a VBS file (for example, GetBitLockerKeyPackage.vbs). Then, open an administrator command prompt and use “cscript” to run the saved file (for example, type "cscript GetBitLockerKeyPackage.vbs  -?").
+
+**To run the sample key package retrieval script**
+
+1. Save the following sample script in a VBScript file. For example: GetBitLockerKeyPackage.vbs
+2. Open an administrator command prompt, type a command similar to the following:
+
+    **cscript GetBitLockerKeyPackage.vbs  -?**
+
+``` syntax
 ' --------------------------------------------------------------------------------
 ' Usage
 ' --------------------------------------------------------------------------------
 Sub ShowUsage
-   Wscript.Echo "USAGE: GetBitLockerKeyPackage [VolumeLetter/DriveLetter:] [Path To Saved Key Package]"
+   Wscript.Echo "USAGE: GetBitLockerKeyPackage [VolumeLetter/DriveLetter:] [Path To Save Key Package]"
    Wscript.Echo 
    Wscript.Echo "Example: GetBitLockerKeyPackage C: E:\bitlocker-backup-key-package"
    WScript.Quit
diff --git a/windows/keep-secure/block-untrusted-fonts-in-enterprise.md b/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
index 83a3f113a9..8343d2c59e 100644
--- a/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
+++ b/windows/keep-secure/block-untrusted-fonts-in-enterprise.md
@@ -8,9 +8,16 @@ ms.mktglfcycl: deploy
 ms.pagetype: security
 ms.sitesec: library
 author: eross-msft
+localizationpriority: high
 ---
 
 # Block untrusted fonts in an enterprise
+**Applies to:**
+
+-   Windows 10
+
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 To help protect your company from attacks which may originate from untrusted or attacker controlled font files, we’ve created the Blocking Untrusted Fonts feature. Using this feature, you can turn on a global setting that stops your employees from loading untrusted fonts processed using the Graphics Device Interface (GDI) onto your network. Untrusted fonts are any font installed outside of the `%windir%/Fonts` directory. Blocking untrusted fonts helps prevent both remote (web-based or email-based) and local EOP attacks that can happen during the font file-parsing process.
 
 ## What does this mean for me?
@@ -30,7 +37,7 @@ After you turn this feature on, your employees might experience reduced function
 
 -   Sending a print job to a remote printer server that uses this feature and where the spooler process hasn’t been specifically excluded. In this situation, any fonts that aren’t already available in the server’s %windir%/Fonts folder won’t be used.
 
--   Printing using fonts provided by the installed printer’s graphics .dll file, outside of the %windir%/Fonts folder. For more information, see [Introduction to Printer Graphics DLLs](http://go.microsoft.com/fwlink/p/?LinkId=522302).
+-   Printing using fonts provided by the installed printer’s graphics .dll file, outside of the %windir%/Fonts folder. For more information, see [Introduction to Printer Graphics DLLs](https://go.microsoft.com/fwlink/p/?LinkId=522302).
 
 -   Using first or third-party apps that use memory-based fonts.
 
diff --git a/windows/keep-secure/boundary-zone-gpos.md b/windows/keep-secure/boundary-zone-gpos.md
index 66865b93a6..550aa7e934 100644
--- a/windows/keep-secure/boundary-zone-gpos.md
+++ b/windows/keep-secure/boundary-zone-gpos.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 All the devices in the boundary zone are added to the group CG\_DOMISO\_Boundary. You must create multiple GPOs to align with this group, one for each operating system that you have in your boundary zone. This group is granted Read and Apply permissions in Group Policy on the GPOs described in this section.
 
diff --git a/windows/keep-secure/boundary-zone.md b/windows/keep-secure/boundary-zone.md
index b44e15fdc1..da0878002d 100644
--- a/windows/keep-secure/boundary-zone.md
+++ b/windows/keep-secure/boundary-zone.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 In most organizations, some devices must be able to receive network traffic from devices that are not part of the isolated domain, and therefore cannot authenticate. To accept communications from untrusted devices, create a boundary zone within your isolated domain.
 
@@ -60,4 +60,4 @@ The boundary zone GPO for devices running at least Windows Server 2008 should i
 
     >**Note:**  For a sample template for these registry settings, see [Appendix A: Sample GPO Template Files for Settings Used in this Guide](appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
 
-**Next: **[Encryption Zone](encryption-zone.md)
+**Next:**[Encryption Zone](encryption-zone.md)
diff --git a/windows/keep-secure/bypass-traverse-checking.md b/windows/keep-secure/bypass-traverse-checking.md
index 60df8885da..5c32eaf5e4 100644
--- a/windows/keep-secure/bypass-traverse-checking.md
+++ b/windows/keep-secure/bypass-traverse-checking.md
@@ -14,6 +14,8 @@ author: brianlic-msft
 **Applies to**
 -   Windows 10
 
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 Describes the best practices, location, values, policy management, and security considerations for the **Bypass traverse checking** security policy setting.
 
 ## Reference
@@ -78,7 +80,7 @@ The default configuration for the **Bypass traverse checking** setting is to all
 
 ### Countermeasure
 
-Organizations that are extremely concerned about security may want to remove the Everyone group, and perhaps the Users group, from the list of groups that have the **Bypass traverse checking** user right. Taking explicit control over traversal assignments can be an effective way to limit access to sensitive information. Access–based enumeration can also be used. If you use access–based enumeration, users cannot see any folder or file to which they do not have access. For more info about this feature, see [Access-based Enumeration](http://go.microsoft.com/fwlink/p/?LinkId=100745).
+Organizations that are extremely concerned about security may want to remove the Everyone group, and perhaps the Users group, from the list of groups that have the **Bypass traverse checking** user right. Taking explicit control over traversal assignments can be an effective way to limit access to sensitive information. Access–based enumeration can also be used. If you use access–based enumeration, users cannot see any folder or file to which they do not have access. For more info about this feature, see [Access-based Enumeration](https://go.microsoft.com/fwlink/p/?LinkId=100745).
 
 ### Potential impact
 
diff --git a/windows/keep-secure/certificate-based-isolation-policy-design-example.md b/windows/keep-secure/certificate-based-isolation-policy-design-example.md
index 8b5e59db2e..0c3612bef6 100644
--- a/windows/keep-secure/certificate-based-isolation-policy-design-example.md
+++ b/windows/keep-secure/certificate-based-isolation-policy-design-example.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This design example continues to use the fictitious company Woodgrove Bank, as described in the sections [Firewall Policy Design Example](firewall-policy-design-example.md), [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md), and [Server Isolation Policy Design Example](server-isolation-policy-design-example.md).
 
diff --git a/windows/keep-secure/certificate-based-isolation-policy-design.md b/windows/keep-secure/certificate-based-isolation-policy-design.md
index 8d0483f776..6a1a244f5c 100644
--- a/windows/keep-secure/certificate-based-isolation-policy-design.md
+++ b/windows/keep-secure/certificate-based-isolation-policy-design.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 In the certificate-based isolation policy design, you provide the same types of protections to your network traffic as described in the [Domain Isolation Policy Design](domain-isolation-policy-design.md) and [Server Isolation Policy Design](server-isolation-policy-design.md) sections. The only difference is the method used to share identification credentials during the authentication of your network traffic.
 
diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index 58a9cc9fd8..5de6b76a7a 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -12,20 +12,47 @@ author: brianlic-msft
 # Change history for Keep Windows 10 secure
 This topic lists new and updated topics in the [Keep Windows 10 secure](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+## September 2016
+
+| New or changed topic | Description |
+| --- | --- |
+| [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md) | Clarified how convenience PIN works in Windows 10, version 1607, on domain-joined PCs |
+| [BitLocker: How to enable Network Unlock](bitlocker-how-to-enable-network-unlock.md) | Corrected certreq ezxample and added a new Windows PowerShell example for creating a self-signed certficate |
+
+## August 2016
+|New or changed topic | Description |
+|----------------------|-------------|
+|[Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |New |
+|[Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md) |Updated and added additional scenarios for testing |
+|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Updated to include info from the original What's New and Overview topics |
+
 ## RELEASE: Windows 10, version 1607
 
-The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: 
+The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added:
 
 - [Enable phone sign-in to PC or VPN](enable-phone-signin-to-pc-and-vpn.md)
-- Remote Credential Guard change to link when ready (remote-credential-guard.md)
+- [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md)
+- [Windows Defender Offline in Windows 10](windows-defender-offline.md)
+- [Use PowerShell cmdlets to configure and run Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md)
+- [Enable the Block at First Sight feature in Windows 10](windows-defender-block-at-first-sight.md)
+- [Configure enhanced notifications for Windows Defender in Windows 10](windows-defender-enhanced-notifications.md)
+- [Run a Windows Defender scan from the command line](run-cmd-scan-windows-defender-for-windows-10.md)
+- [Detect and block Potentially Unwanted Applications with Windows Defender](enable-pua-windows-defender-for-windows-10.md)
+- [Assign user access to the Windows Defender ATP portal](assign-portal-access-windows-defender-advanced-threat-protection.md)
+- [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
+- [Configure security information and events management (SIEM) tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md)
+- [Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md)
+
 
 ## July 2016
 
 |New or changed topic | Description |
 |----------------------|-------------|
+|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |New |
 |[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |New |
-|[Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md) |New |
-|[Create an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md) |New |
+|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |New |
+|[Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) |New |
 |[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (multiple topics) | Updated |
 |[Device Guard deployment guide](device-guard-deployment-guide.md) (multiple topics) | Updated |
 
@@ -34,7 +61,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 
 |New or changed topic | Description |
 |----------------------|-------------|
-|[Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md) |Added an update about needing to reconfigure your enterprise data protection app rules after delivery of the June service update. |
+|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Added an update about needing to reconfigure your enterprise data protection app rules after delivery of the June service update. |
 | [Windows Firewall with Advanced Security](windows-firewall-with-advanced-security.md) (multiple topics) | New |
 | [Advanced security audit policy settings](advanced-security-audit-policy-settings.md) (mutiple topics) | New security monitoring reference topics |
 | [Windows security baselines](windows-security-baselines.md) | New |
@@ -46,8 +73,8 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 | [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) | Changed Internet Explorer to Microsoft Edge |
 | [Microsoft Passport errors during PIN creation](microsoft-passport-errors-during-pin-creation.md) | Added errors 0x80090029 and 0x80070057, and merged entries for error 0x801c03ed. |
 | [Microsoft Passport guide](microsoft-passport-guide.md) | Updated Roadmap section content |
-|[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md) |Updated info based on changes to the features and functionality.|
-| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 Technical Preview |
+|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Updated info based on changes to the features and functionality.|
+| [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Updated for Windows 10 and Windows Server 2016 |
 |[Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) (mutiple topics) | New |
 
 ## April 2016
@@ -61,8 +88,8 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 
 |New or changed topic | Description |
 |----------------------|-------------|
-|[Requirements to use AppLocker](requirements-to-use-applocker.md) |Added that MDM can be used to manage any edition of Windows 10. Windows 10 Enterprise or Windows Server 2016 Technical Preview is required to manage AppLocker by using Group Policy.|
-|[Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md) |Added pre-release content about how to set up and deploy enterprise data protection (EDP) in an enterprise environment.|
+|[Requirements to use AppLocker](requirements-to-use-applocker.md) |Added that MDM can be used to manage any edition of Windows 10. Windows 10 Enterprise or Windows Server 2016 is required to manage AppLocker by using Group Policy.|
+|[Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) |Added pre-release content about how to set up and deploy Windows Information Protection (WIP) in an enterprise environment.|
 
 ## February 2016
 
diff --git a/windows/keep-secure/change-rules-from-request-to-require-mode.md b/windows/keep-secure/change-rules-from-request-to-require-mode.md
index 156957d053..747345df41 100644
--- a/windows/keep-secure/change-rules-from-request-to-require-mode.md
+++ b/windows/keep-secure/change-rules-from-request-to-require-mode.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 After you confirm that network traffic is being correctly protected by using IPsec, you can change the rules for the domain isolation and encryption zones to require, instead of request, authentication. Do not change the rules for the boundary zone; they must stay in request mode so that devices in the boundary zone can continue to accept connections from devices that are not part of the isolated domain.
 
diff --git a/windows/keep-secure/change-the-tpm-owner-password.md b/windows/keep-secure/change-the-tpm-owner-password.md
index ba11bc7a8c..50d9175eb2 100644
--- a/windows/keep-secure/change-the-tpm-owner-password.md
+++ b/windows/keep-secure/change-the-tpm-owner-password.md
@@ -17,11 +17,13 @@ author: brianlic-msft
 This topic for the IT professional describes how to change the password or PIN for the owner of the Trusted Platform Module (TPM) that is installed on your system.
 
 ## About the TPM owner password
-The owner of the TPM is the user who possesses the owner password and is able to set it and change it. Only one owner password exists per TPM. The owner of the TPM can make full use of TPM capabilities. When an owner is set, no other user or software can claim ownership of the TPM. Only the TPM owner can enable, disable, or clear the TPM without having physical access to the computer, for example, by using the command-line tools remotely. Taking ownership of the TPM can be performed as part of the initialization process. Ownership can change when you share the password or clear your ownership of the TPM so someone else can initialize it.
+Starting with Windows 10, version 1607 , Windows will not retain the TPM owner password when provisioning the TPM.  The password will be set to a random high entropy value and then discarded.
 
-Applications, including BitLocker Drive Encryption, can automatically start the initialization process. If you enable BitLocker without manually initializing the TPM, the TPM owner password is automatically created and saved in the same location as the BitLocker recovery password.
-The TPM owner password can be saved as a file on a removable storage device, or on another computer. The password can also be printed. The TPM MMC gives the TPM owner the sole ability to choose the appropriate option to type the password or to use the saved password.
-As with any password, you should change your TPM owner password if you suspect that it has become compromised and is no longer a secret.
+In order to retain the TPM owner password, you will need to set the registry key 'HKLM\Software\Policies\Microsoft\TPM' [REG_DWORD] 'OSManagedAuthLevel' to 4.  The default value for this key is 2, and unless it is changed to 4 before the TPM is provisioned, the owner password will not be saved.  Microsoft strongly recommends that you do not change the default value of this registry key in order to retain the owner password.
+
+Only one owner password exists for each TPM. The TPM owner password allows the ability to enable, disable, or clear the TPM without having physical access to the computer, for example, by using the command-line tools remotely. The TPM owner password also allows manipulation of the TPM dictionary attack logic.  Taking ownership of the TPM is performed by Windows as part of the provisioning process on each boot. Ownership can change when you share the password or clear your ownership of the TPM so someone else can initialize it.
+
+Without the owner password you can still perform all the preceding actions by means of a physical presence confirmation from UEFI.
 
 **Other TPM management options**
 
@@ -31,7 +33,7 @@ Instead of changing your owner password, you can also use the following options
 
     >**Important:**  Clearing the TPM can result in the loss of data. To avoid data loss, make sure you have a backup or recovery method for any data protected or encrypted by the TPM.
      
--   **Turn off the TPM**   If you want to keep all existing keys and data intact, and you want to disable the services that are provided by the TPM, you can turn it off. For more info, see [Initialize and Configure Ownership of the TPM](initialize-and-configure-ownership-of-the-tpm.md#bkmk-onoff).
+-   **Turn off the TPM**   If you want to keep all existing keys and data intact, and you want to disable the services that are provided by the TPM, you can turn it off. For more info, see [Initialize and Configure Ownership of the TPM](initialize-and-configure-ownership-of-the-tpm.md#bkmk-onoff). This option is only available for TPM 1.2.
 
 ## Change the TPM owner password
 
@@ -39,6 +41,8 @@ The following procedure provides the steps that are necessary to change the TPM
 
 **To change the TPM owner password**
 
+If you have opted specifically to preserve the TPM owner password, you can use the saved password to change to a new password.
+
 1.  Open the TPM MMC (tpm.msc). If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**.
 2.  In the **Actions** pane, click **Change Owner Password**.
 3.  In the **Manage the TPM security hardware** dialog box, select a method to enter your current TPM owner password.
diff --git a/windows/keep-secure/checklist-configuring-basic-firewall-settings.md b/windows/keep-secure/checklist-configuring-basic-firewall-settings.md
index 979ef0e243..af8be53831 100644
--- a/windows/keep-secure/checklist-configuring-basic-firewall-settings.md
+++ b/windows/keep-secure/checklist-configuring-basic-firewall-settings.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This checklist includes tasks for configuring a GPO with firewall defaults and settings that are separate from the rules.
 
diff --git a/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md
index a3cd9303ca..5385c20f4d 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-an-isolated-server-zone.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs for servers in an isolated server zone that are part of an isolated domain. For information about creating a standalone isolated server zone that is not part of an isolated domain, see [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md).
 
diff --git a/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
index f954a6f45e..996a84ad21 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs for servers in a standalone isolated server zone that is not part of an isolated domain. In addition to requiring authentication and optionally encryption, servers in a server isolation zone are accessible only by users or devices that are authenticated as members of a network access group (NAG). The GPOs described here apply only to the isolated servers, not to the client devices that connect to them. For the GPOs for the client devices, see [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md).
 
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md b/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
index 898aff61c0..93506e5368 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-boundary-zone.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the boundary zone in an isolated domain.
 
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md b/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
index 8bf35ebe8e..aba8c91407 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-encryption-zone.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs to implement the encryption zone in an isolated domain.
 
diff --git a/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md b/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
index 41375ddbad..4533b51003 100644
--- a/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
+++ b/windows/keep-secure/checklist-configuring-rules-for-the-isolated-domain.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain.
 
diff --git a/windows/keep-secure/checklist-creating-group-policy-objects.md b/windows/keep-secure/checklist-creating-group-policy-objects.md
index b846638c4e..207e94a1a5 100644
--- a/windows/keep-secure/checklist-creating-group-policy-objects.md
+++ b/windows/keep-secure/checklist-creating-group-policy-objects.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To deploy firewall or IPsec settings or firewall or connection security rules, we recommend that you use Group Policy in AD DS. This section describes a tested, efficient method that requires some up-front work, but serves an administrator well in the long run by making GPO assignments as easy as dropping a device into a membership group.
 
diff --git a/windows/keep-secure/checklist-creating-inbound-firewall-rules.md b/windows/keep-secure/checklist-creating-inbound-firewall-rules.md
index 16681cba2a..bf0e277be4 100644
--- a/windows/keep-secure/checklist-creating-inbound-firewall-rules.md
+++ b/windows/keep-secure/checklist-creating-inbound-firewall-rules.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This checklist includes tasks for creating firewall rules in your GPOs.
 
diff --git a/windows/keep-secure/checklist-creating-outbound-firewall-rules.md b/windows/keep-secure/checklist-creating-outbound-firewall-rules.md
index 22b8d892c8..9187d83a88 100644
--- a/windows/keep-secure/checklist-creating-outbound-firewall-rules.md
+++ b/windows/keep-secure/checklist-creating-outbound-firewall-rules.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This checklist includes tasks for creating outbound firewall rules in your GPOs.
 
diff --git a/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
index bd5a21cdb8..febc811262 100644
--- a/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
+++ b/windows/keep-secure/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This checklist includes tasks for configuring connection security rules and IPsec settings in the GPOs for client devices that must connect to servers in an isolated server zone.
 
diff --git a/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md b/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md
index f72a945895..0e170e2c53 100644
--- a/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-basic-firewall-policy-design.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This parent checklist includes cross-reference links to important concepts about the basic firewall policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
 
@@ -26,7 +26,7 @@ The procedures in this section use the Group Policy MMC snap-in interfaces to co
 | Task | Reference |
 | - | - |
 | Review important concepts and examples for the basic firewall policy design to determine if this design meets the needs of your organization. | [Identifying Your Windows Firewall with Advanced Security Deployment Goals](identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)<br/>[Basic Firewall Policy Design](basic-firewall-policy-design.md)<br/>[Firewall Policy Design Example](firewall-policy-design-example.md)<br/>[Planning Settings for a Basic Firewall Policy](planning-settings-for-a-basic-firewall-policy.md)| 
-| Create the membership group and a GPO for each set of devices that require different firewall rules. Where GPOs will be similar, such as for Windows 10 and Windows Server 2016 Technical Preview, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other version of Windows. For example, create and configure the GPO for Windows 10, make a copy of it for Windows Server 2016 Technical Preview, and then follow the steps in this checklist to make the few required changes to the copy. | [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)<br/>[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)| 
+| Create the membership group and a GPO for each set of devices that require different firewall rules. Where GPOs will be similar, such as for Windows 10 and Windows Server 2016, create one GPO, configure it by using the tasks in this checklist, and then make a copy of the GPO for the other version of Windows. For example, create and configure the GPO for Windows 10, make a copy of it for Windows Server 2016, and then follow the steps in this checklist to make the few required changes to the copy. | [Checklist: Creating Group Policy Objects](checklist-creating-group-policy-objects.md)<br/>[Copy a GPO to Create a New GPO](copy-a-gpo-to-create-a-new-gpo.md)| 
 | If you are working on a GPO that was copied from another, modify the group membership and WMI filters so that they are correct for the devices for which this GPO is intended.| [Modify GPO Filters to Apply to a Different Zone or Version of Windows](modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)| 
 | Configure the GPO with firewall default settings appropriate for your design.| [Checklist: Configuring Basic Firewall Settings](checklist-configuring-basic-firewall-settings.md)| 
 | Create one or more inbound firewall rules to allow unsolicited inbound network traffic.| [Checklist: Creating Inbound Firewall Rules](checklist-creating-inbound-firewall-rules.md)| 
diff --git a/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 1cab0a3744..6a65e70ac2 100644
--- a/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This parent checklist includes cross-reference links to important concepts about using certificates as an authentication option in either a domain isolation or server isolation design.
 
diff --git a/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
index a57af52e9a..1c370cc0c7 100644
--- a/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-domain-isolation-policy-design.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
 
diff --git a/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
index e4ed2e3d00..533859a661 100644
--- a/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/keep-secure/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This checklist contains procedures for creating a server isolation policy design that is not part of an isolated domain. For the steps required to create an isolated server zone within an isolated domain, see [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md).
 
diff --git a/windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..65dcdf6805
--- /dev/null
+++ b/windows/keep-secure/configure-aad-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,88 @@
+---
+title: Configure an Azure Active Directory application for SIEM integration
+description: Configure an Azure Active Directory application so that it can communicate with supported SIEM tools.
+keywords: configure aad for siem integration, siem integration, application, oauth 2
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Configure an Azure Active Directory application for SIEM integration
+
+**Applies to:**
+
+- Azure Active Directory
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+You need to add an application in your Azure Active Directory (AAD) tenant then authorize the Windows Defender ATP Alerts Export application  to communicate with it so that your security information and events management (SIEM) tool can consume alerts from Windows Defender ATP portal.
+
+1. Login to the [Azure management portal](https://manage.windowsazure.com).
+
+2. Select **Active Directory**.
+
+3. Select your tenant.
+
+4. Click **Applications**, then select **Add** to create a new application.
+
+5. Click **Add an application my organization is developing**.
+
+6. Choose a client name for the application, for example, *Alert Export Client*.
+
+7. Select **WEB APPLICATION AND/OR WEB API** in the Type section.
+
+8. Assign a sign-on URL and app ID URI to the application, for example, `https://alertexportclient`.
+
+9. Confirm the request details and verify that you have successfully added the app.
+
+10. Select the application you've just created from the directory application list and click the **Configure** tab.
+
+11. Scroll down to the **keys** section and select a duration for the application key.
+
+12. Type the following URLs in the **Reply URL** field:
+
+  - `https://DataAccess-PRD.trafficmanager.net:444/api/FetchAccessTokenFromAuthCode`
+  - `https://localhost:44300/WDATPconnector`
+
+13. Click **Save** and copy the key in a safe place. You'll need this key to authenticate the client application on Azure Active Directory.
+
+14. Open a web browser and connect to the following URL: <br>
+```text
+https://DataAccess-PRD.trafficmanager.net:444/api/FetchToken?clientId=f7c1acd8-0458-48a0-a662-dba6de049d1c&tenantId=<tenant ID>&clientSecret=1234
+```
+An Azure login page appears.
+> [!NOTE]
+> - Replace *tenant ID* with your actual tenant ID.
+> - Keep the client secret as is. This is a dummy value, but the parameter must appear.
+
+15. Sign in with the credentials of a user from your tenant.
+
+16. Click **Accept** to provide consent. Ignore the error.
+
+17. Click **Application configuration** under your tenant.
+
+18. Click **Permissions to other applications**, then select **Add application**.
+
+19. Click **All apps** from the **SHOW** field and submit.
+
+20. Click **WDATPAlertExport**, then select **+** to add the application. You should see it on the **SELECTED** panel.
+
+21. Submit your changes.
+
+22. On the **WDATPAlertExport** record, in the **Delegated Permissions** field, select **Access WDATPAlertExport**.
+
+23. Save the application changes.
+
+After configuring the application in AAD, you can continue to configure the SIEM tool that you want to use.
+
+## Related topics
+- [Configure security information and events management (SIEM) tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md)
+- [Configure Splunk to consume alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
+- [Configure HP ArcSight to consume alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..614004d2dc
--- /dev/null
+++ b/windows/keep-secure/configure-arcsight-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,94 @@
+---
+title: Configure HP ArcSight to consume Windows Defender ATP alerts
+description: Configure HP ArcSight to receive and consume alerts from the Windows Defender ATP portal.
+keywords: configure hp arcsight, security information and events management tools, arcsight
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Configure HP ArcSight to consume Windows Defender ATP alerts
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+You'll need to configure HP ArcSight so that it can consume Windows Defender ATP alerts.
+
+## Before you begin
+
+- Get the following information from your Azure Active Directory (AAD) application by selecting the **View Endpoint** on the application configuration page:
+    - OAuth 2 Token refresh URL
+    - OAuth 2 Client ID
+    - OAuth 2 Client secret
+- Create your OAUth 2 Client properties file or get it from your Windows Defender ATP contact. For more information, see the ArcSight FlexConnector Developer's guide.
+
+  > [!NOTE]
+  > **For the authorization URL**: Append the following to the value you got from the AAD app: ```?resource=https%3A%2F%2FWDATPAlertExport.Seville.onmicrosoft.com``` <br>
+  > **For the redirect_uri value use**: ```https://localhost:44300/wdatpconnector```
+  >
+- Get the *wdatp-connector.properties* file from your Windows Defender ATP contact. This file is used to parse the information from Windows Defender ATP to HP ArcSight consumable format.
+- Install the HP ArcSight REST FlexConnector package on a server that has access to the Internet.
+- Contact the Windows Defender ATP team to get your refresh token or follow the steps in the section "Run restutil to Obtain a Refresh Token for Connector Appliance/ArcSight Management Center" in the ArcSight FlexConnector Developer's guide.
+
+## Configure HP ArcSight
+The following steps assume that you have completed all the required steps in [Before you begin](#before-you-begin).
+
+1. Copy the *wdatp-connector.jsonparser.properties* file into the `<root>\current\user\agent\flexagent` folder of the connector installation folder.
+
+2. Save the *wdatp-connector.properties* file into a folder of your choosing.
+
+3. Open an elevated command-line:
+
+    a. Go to **Start** and type **cmd**.
+
+    b. Right-click **Command prompt** and select **Run as administrator**.
+
+4. Enter the following command and press **Enter**: ```runagentsetup.bat```. The Connector Setup pop-up window appears.
+
+5. In the form fill in the following required fields with these values:
+    >[!NOTE]
+    >All other values in the form are optional and can be left blank.
+
+    <table>
+    <tbody style="vertical-align:top;">
+    <tr>
+    <th>Field</th>
+    <th>Value</th>
+    </tr>
+    <tr>
+    <td>Configuration File</td>
+    <td>Type in the name of the client property file. It must match the client property file.</td>
+    </tr>
+    <td>Events URL</td>
+    <td>`https://DataAccess-PRD.trafficmanager.net:444/api/alerts`</td>
+    <tr>
+    <td>Authentication Type</td>
+    <td>OAuth 2</td>
+    </tr>
+    <td>OAuth 2 Client Properties file</td>
+    <td>Select *wdatp-connector.properties*.</td>
+    <tr>
+    <td>Refresh Token</td>
+    <td>Paste the refresh token that your Windows Defender ATP contact provided, or run the `restutil` tool to get it.</td>
+    </tr>
+    </tr>
+    </table>
+6. Select **Next**, then **Save**.
+
+7. Run the connector. You can choose to run in Service mode or Application mode.
+
+8. In the HP ArcSight console, create a **Windows Defender ATP** channel with intervals and properties suitable to your enterprise needs. Windows Defender ATP alerts will appear as discrete events, with “Microsoft” as the vendor and “Windows Defender ATP” as the device name.  
+
+## Related topics
+- [Configure security information and events management (SIEM) tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md)
+- [Configure Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md)
+- [Configure Splunk to consume alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-authentication-methods.md b/windows/keep-secure/configure-authentication-methods.md
index c637681093..cee5bff4da 100644
--- a/windows/keep-secure/configure-authentication-methods.md
+++ b/windows/keep-secure/configure-authentication-methods.md
@@ -14,7 +14,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This procedure shows you how to configure the authentication methods that can be used by computers in an isolated domain or standalone isolated server zone.
 
diff --git a/windows/keep-secure/configure-data-protection-quick-mode-settings.md b/windows/keep-secure/configure-data-protection-quick-mode-settings.md
index 1b0e5489ab..4c7f4c94ea 100644
--- a/windows/keep-secure/configure-data-protection-quick-mode-settings.md
+++ b/windows/keep-secure/configure-data-protection-quick-mode-settings.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This procedure shows you how to configure the data protection (quick mode) settings for connection security rules in an isolated domain or a standalone isolated server zone.
 
diff --git a/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
index d8db5694c4..731d00b2c5 100644
--- a/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-gp-windows-defender-advanced-threat-protection.md
@@ -8,20 +8,24 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure endpoints using Group Policy
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Group Policy
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
+> [!NOTE]
+> To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later.
 
-> **Note**&nbsp;&nbsp;To use Group Policy (GP) updates to deploy the package, you must be on Windows Server 2008 R2 or later. 
-
-### Onboard endpoints
+## Onboard endpoints
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a.  Click **Endpoint Management** on the **Navigation pane**.
@@ -30,7 +34,7 @@ author: mjcaparas
 
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a folder called *OptionalParamsPolicy* and the file *WindowsDefenderATPOnboardingScript.cmd*.
 
-3. Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
+3. Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
 
 4. In the **Group Policy Management Editor**, go to **Computer configuration**, then **Preferences**, and then **Control panel settings**.
 
@@ -45,10 +49,11 @@ author: mjcaparas
 9. Click **OK** and close any open GPMC windows.
 
 ## Additional Windows Defender ATP configuration settings
+For each endpoint, you can state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
 
 You can use Group Policy (GP) to configure settings, such as settings for the sample sharing used in the deep analysis feature.
 
-### Configure sample collection settings 
+### Configure sample collection settings
 1.  On your GP management machine, copy the following files from the
     configuration package:
 
@@ -56,7 +61,7 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa
 
     b.  Copy _AtpConfiguration.adml_ into _C:\\Windows\\PolicyDefinitions\\en-US_
 
-2.  Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx), right-click the GPO you want to configure and click **Edit**.
+2.  Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the GPO you want to configure and click **Edit**.
 
 3.  In the **Group Policy Management Editor**, go to **Computer configuration**.
 
@@ -66,20 +71,24 @@ You can use Group Policy (GP) to configure settings, such as settings for the sa
 
 6.  Choose to enable or disable sample sharing from your endpoints.
 
+>[!NOTE]
+> If you don't set a value, the default value is to enable sample collection.
+
 ### Offboard endpoints
 For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
 
-> **Note**&nbsp;&nbsp;Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
+> [!NOTE]
+> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
 
 1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a. Click **Endpoint Management** on the **Navigation pane**.
-    
+
     b. Under **Endpoint offboarding** section, select **Group Policy**, click **Download package** and save the .zip file.
-    
+
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
 
-3.	Open the [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click Edit.
+3.	Open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx) (GPMC), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
 
 4.	In the **Group Policy Management Editor**, go to **Computer configuration,** then **Preferences**, and then **Control panel settings**.
 
@@ -93,15 +102,16 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 
 9.	Click **OK** and close any open GPMC windows.
 
-## Monitor endpoint configuration 
+## Monitor endpoint configuration
 With Group Policy there isn’t an option to monitor deployment of policies on the endpoints. Monitoring can be done directly on the portal, or by using the different deployment tools.
 
-## Monitor endpoints using the portal 
+## Monitor endpoints using the portal
 1.	Go to the [Windows Defender ATP portal](https://securitycenter.windows.com/).
 2.	Click **Machines view**.
 3.	Verify that endpoints are appearing.
 
-> **Note**&nbsp;&nbsp;It can take several days for endpoints to start showing on the **Machines view**. This includes the time it takes for the policies to be distributed to the endpoint, the time it takes before the user logs on, and the time it takes for the endpoint to start reporting.
+> [!NOTE]
+> It can take several days for endpoints to start showing on the **Machines view**. This includes the time it takes for the policies to be distributed to the endpoint, the time it takes before the user logs on, and the time it takes for the endpoint to start reporting.
 
 
 ## Related topics
diff --git a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
index 22692ee168..3b4fddffaf 100644
--- a/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-mdm-windows-defender-advanced-threat-protection.md
@@ -8,34 +8,36 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure endpoints using Mobile Device Management tools
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14379 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
+You can use mobile device management (MDM) solutions to configure endpoints. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage endpoints.
 
-You can use mobile device management (MDM) solutions to configure endpoints. Windows Defender ATP supports MDMs by providing OMA-URIs to create policies to manage endpoints. 
-
-For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723297(v=vs.85).aspx).
+For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
 
 ## Configure endpoints using Microsoft Intune
 
-For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723297(v=vs.85).aspx).
+For more information on using Windows Defender ATP CSP see, [WindowsAdvancedThreatProtection CSP](https://msdn.microsoft.com/library/windows/hardware/mt723296(v=vs.85).aspx) and [WindowsAdvancedThreatProtection DDF file](https://msdn.microsoft.com/library/windows/hardware/mt723297(v=vs.85).aspx).
 
-### Onboard and monitor endpoints 
+### Onboard and monitor endpoints
 
 1. Open the Microsoft Intune configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
- 
+
     a.  Click **Endpoint Management** on the **Navigation pane**.
 
     b.  Select **Mobile Device Management/Microsoft Intune**, click **Download package** and save the .zip file.
 
-2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file called  *WindowsDefenderATP.onboarding*.
+2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named  *WindowsDefenderATP.onboarding*.
 
 3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune).
 
@@ -50,26 +52,28 @@ Onboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Onboarding | S
 Health Status for onboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | TRUE |  Windows Defender ATP service is running
  | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 1 | Onboarded to Windows Defender ATP
   | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OrgId | String | Use OrgID from onboarding file | Onboarded to Organization ID
- Configuration for onboarded machines  | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/SampleSharing | Integer | 0 or 1 <br> Default value: 1 | Windows Defender ATP Sample sharing is enabled 
- 
+ Configuration for onboarded machines  | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Configuration/SampleSharing | Integer | 0 or 1 <br> Default value: 1 | Windows Defender ATP Sample sharing is enabled
 
-> **Note**&nbsp;&nbsp;Policies **Health Status for onboarded machines** use read-only properties and can't be remediated.
+
+> [!NOTE]
+> The **Health Status for onboarded machines** policy uses read-only properties and can't be remediated.
 
 ### Offboard and monitor endpoints
 
 For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
 
-> **Note**&nbsp;&nbsp;Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
+> [!NOTE]
+> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
 
 1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a. Click **Endpoint Management** on the **Navigation pane**.
-    
+
     b. Under **Endpoint offboarding** section, select **Mobile Device Management /Microsoft Intune**, click **Download package** and save the .zip file.
-    
+
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATP_valid_until_YYYY-MM-DD.offboarding*.
 
-3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune). 
+3. Use the Microsoft Intune custom configuration policy to deploy the following supported OMA-URI settings. For more information on Microsoft Intune policy settings see, [Windows 10 policy settings in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune).
 
 Offboarding - Use the offboarding policies to remove configuration settings on endpoints. These policies can be sub-categorized to:
 - Offboarding
@@ -78,15 +82,16 @@ Offboarding - Use the offboarding policies to remove configuration settings on e
 
 Policy | OMA-URI | Type | Value | Description
 :---|:---|:---|:---|:---
-Offboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Offboarding | String | Copy content from offboarding MDM file | Offboarding 
+Offboarding | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/Offboarding | String | Copy content from offboarding MDM file | Offboarding
  Health Status for offboarded machines | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/SenseIsRunning | Boolean | FALSE |Windows Defender ATP service is not running
   | ./Device/Vendor/MSFT/WindowsAdvancedThreatProtection/HealthState/OnBoardingState | Integer | 0 | Offboarded from Windows Defender ATP
 
-> **Note**&nbsp;&nbsp;Policies **Health Status for offboarded machines** use read-only properties and can't be remediated.
+> [!NOTE]
+> The **Health Status for offboarded machines** policy uses read-only properties and can't be remediated.
 
 
 ## Related topics
 - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) 
-- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
index 3f7fac27dc..8faa5dafdb 100644
--- a/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-sccm-windows-defender-advanced-threat-protection.md
@@ -8,64 +8,94 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure endpoints using System Center Configuration Manager
 
-
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332  or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
-
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
+- System Center 2012 Configuration Manager or later versions
 
 <span id="sccm1606"/>
 ## Configure endpoints using System Center Configuration Manager (current branch) version 1606
-System Center Configuration Manager (current branch) version 1606, currently in technical preview, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see the [Support for Windows Defender Advanced Threat Protection service](https://technet.microsoft.com/en-us/library/mt706220.aspx#BKMK_ATP) section.
-
-> **Note**&nbsp;&nbsp; If you intend to use this deployment tool, ensure that you are on Windows 10 Insider Preview Build 14379 or later. This deployment method is only available from that build or later.
+System Center Configuration Manager (current branch) version 1606, has UI integrated support for configuring and managing Windows Defender ATP on endpoints. For more information, see [Support for Windows Defender Advanced Threat Protection service](https://go.microsoft.com/fwlink/p/?linkid=823682).
 
 <span id="sccm1602"/>
-## Configure endpoints using System Center Configuration Manager (current branch) version 1602 or earlier versions 
-You can use System Center Configuration Manager’s existing functionality to create a policy to configure your endpoints. This is supported in System Center Configuration Manager (current branch), version 1602 or earlier, including: System Center 2012 R2 Configuration Manager and System Center 2012 Configuration Manager. 
+## Configure endpoints using System Center Configuration Manager earlier versions
+You can use System Center Configuration Manager’s existing functionality to create a policy to configure your endpoints. This is supported in the following System Center Configuration Manager versions:
 
-### Onboard endpoints 
+- System Center 2012 Configuration Manager
+- System Center 2012 R2 Configuration Manager
+- System Center Configuration Manager (current branch), version 1511
+- System Center Configuration Manager (current branch), version 1602
+
+### Onboard endpoints
 
 1. Open the SCCM configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a. Click **Endpoint Management** on the **Navigation pane**.
 
-    b. Select **System Center Configuration Manager (current branch) version 1602 or earlier**, click **Download package**, and save the .zip file.
+    b. Select **System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file.
 
-2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file called *WindowsDefenderATPOnboardingScript.cmd*.
+2. Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
 
-3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic.
+3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682112.aspx#BKMK_Import) topic.
 
-4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682178.aspx) topic.
+4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic.
 
     a. Choose a predefined device collection to deploy the package to.
-    
-### Offboard endpoints 
+
+### Configure sample collection settings
+For each endpoint, you can set a configuration value to state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+
+You can set a compliance rule for configuration item in System Center Configuration Manager to change the sample share setting on an endpoint.
+This rule should be a *remediating* compliance rule configuration item that sets the value of a registry key on targeted machines to make sure they’re complaint.
+
+The configuration is set through the following registry key entry:
+
+```text
+Path: “HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection”
+Name: "AllowSampleCollection"
+Value: 0 or 1
+```
+Where:<br>
+Key type is a D-WORD. <br>
+Possible values are:
+- 0 - doesn't allow sample sharing  from this endpoint
+- 1 - allows sharing of all file types from this endpoint
+
+The default value in case the registry key doesn’t exist is 1.
+
+For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/library/gg681958.aspx).
+
+
+### Offboard endpoints
 
 For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
 
-> **Note**&nbsp;&nbsp;Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
+> [!NOTE]
+> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
 
 1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
-     a. Click **Endpoint Management** on the **Navigation pane**.
-    
-    b. Under **Endpoint offboarding** section, select **System Center Configuration Manager (current branch) version 1602 or earlier**, click **Download package**, and save the .zip file.
-    
+    a. Click **Endpoint Management** on the **Navigation pane**.
+
+    b. Under **Endpoint offboarding** section, select **System Center Configuration Manager System Center Configuration Manager 2012/2012 R2/1511/1602**, click **Download package**, and save the .zip file.
+
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the network administrators who will deploy the package. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
 
-3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682112.aspx#BKMK_Import) topic.
+3. Import the configuration package by following the steps in the [How to Create Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682112.aspx#BKMK_Import) topic.
 
-4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682178.aspx) topic.
+4. Deploy the package by following the steps in the [How to Deploy Packages and Programs in Configuration Manager](https://technet.microsoft.com/library/gg682178.aspx) topic.
 
     a. Choose a predefined device collection to deploy the package to.
-    
+
 ### Monitor endpoint configuration
 Monitoring with SCCM consists of two parts:
 
@@ -83,12 +113,25 @@ Monitoring with SCCM consists of two parts:
 
 4. Review the status indicators under **Completion Statistics** and **Content Status**.
 
-If there are failed deployments (endpoints with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to  troubleshoot the endpoints. See the [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) topic for more information.
+If there are failed deployments (endpoints with **Error**, **Requirements Not Met**, or **Failed statuses**), you may need to  troubleshoot the endpoints. For more information see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
 
 ![SCCM showing successful deployment with no errors](images/sccm-deployment.png)
 
+**Check that the endpoints are compliant with the Windows Defender ATP service:**<br>
+You can set a compliance rule for configuration item in System Center Configuration Manager to monitor your deployment.
+
+This rule should be a *non-remediating* compliance rule configuration item that monitors the value of a registry key on targeted machines.
+
+Monitor the following registry key entry:
+```
+Path: “HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status”
+Name: “OnboardingState”
+Value: “1”
+```
+For more information about System Center Configuration Manager Compliance see [Compliance Settings in Configuration Manager](https://technet.microsoft.com/library/gg681958.aspx).
+
 ## Related topics
 - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md) 
-- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Configure endpoints using a local script](configure-endpoints-script-windows-defender-advanced-threat-protection.md)
+- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md
index 37cff93fb6..a2643013c6 100644
--- a/windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-script-windows-defender-advanced-threat-protection.md
@@ -8,12 +8,22 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure endpoints using a local script
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
 You can also manually onboard individual endpoints to Windows Defender ATP. You might want to do this first when testing the service before you commit to onboarding all endpoints in your network.
 
-
+## Onboard endpoints
 1.  Open the GP configuration package .zip file (*WindowsDefenderATPOnboardingPackage.zip*) that you downloaded from the service onboarding wizard. You can also get the package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a.  Click **Endpoint Management** on the **Navigation pane**.
@@ -21,11 +31,11 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
     b.  Select **Local Script**, click **Download package** and save the .zip file.
 
 
-2.  Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file called *WindowsDefenderATPOnboardingScript.cmd*.
+2.  Extract the contents of the configuration package to a location on the endpoint you want to onboard (for example, the Desktop). You should have a file named *WindowsDefenderATPOnboardingScript.cmd*.
 
 3.  Open an elevated command-line prompt on the endpoint and run the script:
 
-    a.  Click **Start** and type **cmd**.
+    a.  Go to **Start** and type **cmd**.
 
     b.  Right-click **Command prompt** and select **Run as administrator**.
 
@@ -35,23 +45,46 @@ You can also manually onboard individual endpoints to Windows Defender ATP. You
 
 5.  Press the **Enter** key or click **OK**.
 
-See the [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) topic for details on how you can manually validate that the endpoint is compliant and correctly reports telemetry.
+For for information on how you can manually validate that the endpoint is compliant and correctly reports telemetry see, [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md).
 
-## Offboard endpoints using a local script
+## Configure sample collection settings
+For each endpoint, you can set a configuration value to state whether samples can be collected from the endpoint when a request is made through the Windows Defender ATP portal to submit a file for deep analysis.
+
+You can manually configure the sample sharing setting on the endpoint by using *regedit* or creating and running a *.reg* file.  
+
+The configuration is set through the following registry key entry:
+
+```text
+Path: “HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection”
+Name: "AllowSampleCollection"
+Value: 0 or 1
+```
+Where:<br>
+Name type is a D-WORD. <br>
+Possible values are:
+- 0 - doesn't allow sample sharing  from this endpoint
+- 1 - allows sharing of all file types from this endpoint
+
+The default value in case the registry key doesn’t exist is 1.
+
+
+## Offboard endpoints
 For security reasons, the package used to offboard endpoints will expire 30 days after the date it was downloaded. Expired offboarding packages sent to an endpoint will be rejected. When downloading an offboarding package you will be notified of the packages expiry date and it will also be included in the package name.
 
-> **Note**&nbsp;&nbsp;Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
+> [!NOTE]
+> Onboarding and offboarding policies must not be deployed on the same endpoint at the same time, otherwise this will cause unpredictable collisions.
 
 1.	Get the offboarding package from the [Windows Defender ATP portal](https://securitycenter.windows.com/):
 
     a. Click **Endpoint Management** on the **Navigation pane**.
+
     b. Under **Endpoint offboarding** section, select **Group Policy**, click **Download package** and save the .zip file.
-    
+
 2.	Extract the contents of the .zip file to a shared, read-only location that can be accessed by the endpoints. You should have a file named *WindowsDefenderATPOffboardingScript_valid_until_YYYY-MM-DD.cmd*.
 
 3.  Open an elevated command-line prompt on the endpoint and run the script:
 
-    a.  Click **Start** and type **cmd**.
+    a.  Go to **Start** and type **cmd**.
 
     b.  Right-click **Command prompt** and select **Run as administrator**.
 
@@ -61,9 +94,21 @@ For security reasons, the package used to offboard endpoints will expire 30 days
 
 5.  Press the **Enter** key or click **OK**.
 
+## Monitor endpoint configuration
+You can follow the different verification steps in the [Troubleshoot onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) to verify that the script completed successfully and the agent is running.
+
+Monitoring can also be done directly on the portal, or by using the different deployment tools.
+
+### Monitor endpoints using the portal
+1.	Go to the Windows Defender ATP portal.
+
+2.	Click **Machines view**.
+
+3.	Verify that endpoints are appearing.
+
 
 ## Related topics
 - [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using System Center Configuration Manager](configure-endpoints-sccm-windows-defender-advanced-threat-protection.md)
 - [Configure endpoints using Mobile Device Management tools](configure-endpoints-mdm-windows-defender-advanced-threat-protection.md)
-- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
\ No newline at end of file
+- [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
index 0028b5478b..18864595b3 100644
--- a/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection.md
@@ -1,25 +1,27 @@
 ---
 title: Configure Windows Defender ATP endpoints
-description: Use Group Policy or SCCM to deploy the configuration package or do manual registry changes on endpoints so that they are onboarded to the service.
-keywords: configure endpoints, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints, sccm, system center configuration manager
+description: Configure endpoints so that they are onboarded to the service.
+keywords: configure endpoints, endpoint management, configure Windows ATP endpoints, configure Windows Defender Advanced Threat Protection endpoints
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Configure Windows Defender ATP endpoints
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-Endpoints in your organization must be configured so that the Windows Defender ATP service can get telemetry from them. There are various methods and deployment tools that you can use to configure the endpoints in your organization. 
+Endpoints in your organization must be configured so that the Windows Defender ATP service can get telemetry from them. There are various methods and deployment tools that you can use to configure the endpoints in your organization.
 
 Windows Defender ATP supports the following deployment tools and methods:
 
diff --git a/windows/keep-secure/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/keep-secure/configure-group-policy-to-autoenroll-and-deploy-certificates.md
index a3687db1b5..0251ff4352 100644
--- a/windows/keep-secure/configure-group-policy-to-autoenroll-and-deploy-certificates.md
+++ b/windows/keep-secure/configure-group-policy-to-autoenroll-and-deploy-certificates.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 You can use this procedure to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network. Follow this procedure for each GPO that contains IPsec connection security rules that require this certificate.
 
diff --git a/windows/keep-secure/configure-key-exchange-main-mode-settings.md b/windows/keep-secure/configure-key-exchange-main-mode-settings.md
index 097d29b877..dd11e2d12d 100644
--- a/windows/keep-secure/configure-key-exchange-main-mode-settings.md
+++ b/windows/keep-secure/configure-key-exchange-main-mode-settings.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This procedure shows you how to configure the main mode key exchange settings used to secure the IPsec authentication traffic.
 
diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index 27177d0829..5aaa60e929 100644
--- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -1,13 +1,14 @@
 ---
 title: Configure Windows Defender ATP endpoint proxy and Internet connection settings
 description: Configure the Windows Defender ATP proxy and internet settings to enable communication with the cloud service.
-keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, web proxy auto detect, wpad, netsh, winhttp, proxy server
+keywords: configure, proxy, internet, internet connectivity, settings, proxy settings, netsh, winhttp, proxy server
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 
@@ -15,168 +16,120 @@ author: mjcaparas
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
 The Window Defender ATP sensor requires Microsoft Windows HTTP (WinHTTP) to report telemetry and communicate with the Windows Defender ATP service.
 
 The embedded Windows Defender ATP sensor runs in system context using the LocalSystem account. The sensor uses Microsoft Windows HTTP Services (WinHTTP) to enable communication with the Windows Defender ATP cloud service.
 
 The WinHTTP configuration setting is independent of the Windows Internet (WinINet) internet browsing proxy settings and can only discover a proxy server by using the following discovery methods:
 
-- Configure Web Proxy Auto Detect (WPAD) settings and configure Windows to automatically detect the proxy server
+- Configure the proxy server manually using a static proxy
 
-- Configure the proxy server manually using Netsh
+    - Auto-discovery methods:
+        - Transparent proxy
 
-## Configure Web Proxy Auto Detect (WPAD) settings and proxy server
+    - Manual static proxy configuration
+      - WinHTTP configured using netsh command
+      -	Registry based configuration
 
-Configure WPAD in the environment and configure Windows to automatically detect the proxy server through Policy or the local Windows settings.
+## Configure the proxy server manually using a registry-based static proxy
+Configure a registry-based static proxy to allow only Windows Defender ATP sensor to report telemetry and communicate with Windows Defender ATP services if a computer is not be permitted to connect to the Internet.
 
-Enable the **Automatically detect settings** option in the Windows Proxy settings so that WinHTTP can use the WPAD feature to locate a proxy server.
+The static proxy is configurable through Group Policy (GP). The group policy can be found under: **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**.
 
-1. Click **Start** and select **Settings**.
-
-2. Click **Network & Internet**.
-
-3. Select **Proxy**.
-
-4. Verify that the **Automatically detect settings** option is set to On.
-
-    ![Image showing the proxy settings configuration page](images/proxy-settings.png)
-
-5. If the **Use setup script** or **Manual proxy setup** options are enabled then you will need to [configure proxy settings manually by using Netsh](#configure-proxy-server-manually-using-netsh) method for WinHTTP to discover the appropriate proxy settings and connect.
-
-## Configure the proxy server manually using Netsh
-
-If **Use setup script** or **Manual proxy setup** settings are configured in the Windows Proxy setting, then endpoints will not be discovered by WinHTTP.
-Use Netsh to configure the proxy settings to enable connectivity.
-
-You can configure the endpoint by using any of these methods:
-
-- Importing the configured proxy settings to WinHTTP
-- Configuring the proxy settings manually to WinHTTP
-
-After configuring the endpoints, you'll need to verify that the correct proxy settings were applied.
-
-**Import the configured proxy settings to WinHTTP**
-
-1.  Open an elevated command-line prompt on the endpoint:
-
-    a.  Click **Start** and type **cmd**.
-
-    b.  Right-click **Command prompt** and select **Run as administrator**.
-
-2. Enter the following command and press **Enter**:
-
- ```text
- netsh winhttp import proxy source=ie
- ```
- An output showing the applied WinHTTP proxy settings is displayed.
-
-
- **Configure the proxy settings manually to WinHTTP**
-
- 1.  Open an elevated command-line prompt on the endpoint:
-
-    a.  Click **Start** and type **cmd**.
-
-    b.  Right-click **Command prompt** and select **Run as administrator**.
-
- 2. Enter the following command and press **Enter**:
-
- ```text
- proxy [proxy-server=] ProxyServerName:PortNumber
- ```
-    Replace *ProxyServerName* with the fully qualified domain name of the proxy server.
-
-    Replace *PortNumber* with the port number that you want to configure the proxy server with.
-
- An output showing the applied WinHTTP proxy settings is displayed.
-
-
-**Verify that the correct proxy settings were applied**
-
-1.  Open an elevated command-line prompt on the endpoint:
-
-    a.  Click **Start** and type **cmd**.
-
-    b.  Right-click **Command prompt** and select **Run as administrator**.
-
-2. Enter the following command and press **Enter**:
+The registry key that this policy sets can be found at:
+```HKLM\Software\Policies\Microsoft\Windows\DataCollection              TelemetryProxyServer```
 
+The policy and the registry key takes the following string format:
+```text
+<server name or ip>:<port>
 ```
-netsh winhttp show proxy
-```
+For example: 10.0.0.6:8080
 
-For more information on how to use Netsh see, [Netsh Commands for Windows Hypertext Transfer Protocol (WINHTTP)](https://technet.microsoft.com/en-us/library/cc731131(v=ws.10).aspx)     
+If the static proxy settings are configured after onboarding, then you must restart the PC to apply the proxy settings.
+
+## Configure the proxy server manually using netsh command
+
+Use netsh to configure a system-wide static proxy.
+
+> [!NOTE]
+> This will affect all applications including Windows services which use WinHTTP with default proxy.
+
+1. Open an elevated command-line:
+
+    a. Go to **Start** and type **cmd**.
+
+    b. Right-click **Command prompt** and select **Run as administrator**.
+
+4. Enter the following command and press **Enter**:
+```
+netsh winhttp set proxy <proxy>:<port>
+```
+For example: netsh winhttp set proxy 10.0.0.6:8080
 
 ## Enable access to Windows Defender ATP service URLs in the proxy server
-
 If a proxy or firewall is blocking all traffic by default and allowing only specific domains through, make sure that the following URLs are white-listed to permit communication with Windows Defender ATP service in port 80 and 443:
 
-- *.blob.core.windows.net
-- crl.microsoft.com
-- eu.vortex-win.data.microsoft.com
-- sevillegwcus.microsoft.com
-- sevillegweus.microsoft.com
-- sevillegwneu.microsoft.com
-- sevillegwweu.microsoft.com
-- us.vortex-win.data.microsoft.com 
-- www.microsoft.com
+Primary Domain Controller | .Microsoft.com DNS record
+:---|:---
+ Central US | winatp-gw-cus.microsoft.com <br> us.vortex-win.data.microsoft.com <br> crl.microsoft.com <br>*.blob.core.windows.net
+ East US (2)| winatp-gw-eus.microsoft.com <br> us.vortex-win.data.microsoft.com <br> crl.microsoft.com <br>*.blob.core.windows.net
+ West Europe | winatp-gw-weu.microsoft.com <br> eu.vortex-win.data.microsoft.com <br> crl.microsoft.com <br>*.blob.core.windows.net
+ North Europe | winatp-gw-neu.microsoft.com <br> eu.vortex-win.data.microsoft.com <br> crl.microsoft.com <br>*.blob.core.windows.net
 
+ <br>
+ If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP  sensor is connecting from system context, make sure anonymous traffic is permitted in the above listed URLs.
+
+ If you selected US as your region, you should permit anonymous traffic for URLs listed in both Central US and East US (2).
+
+ If you selected EU as your region, you should permit anonymous traffic for URLs listed in both West Europe and North Europe.
 
-If a proxy or firewall is blocking anonymous traffic, as Windows Defender ATP  sensor is connecting from system context, make sure anonymous traffic is permitted to the above listed URLs.
 
 ## Verify client connectivity to Windows Defender ATP service URLs
 
 Verify the proxy configuration completed successfully, that WinHTTP can discover and communicate through the proxy server in your environment, and that the proxy server allows traffic to the Windows Defender ATP service URLs.
 
-1. Download the connectivity verification tools to the PC where Windows Defender ATP sensor is running on:
+1. Download the [connectivity verification tool](https://go.microsoft.com/fwlink/p/?linkid=823683) to the PC where Windows Defender ATP sensor is running on.
 
-    - [Download PsTools Suite](https://technet.microsoft.com/en-us/sysinternals/bb896649)
-    - [Download PortQry Command Line Port Scanner Version 2.0 utility](https://www.microsoft.com/en-us/download/details.aspx?id=17148)
+2.  Extract the contents of WDATPConnectivityAnalyzer on the endpoint.
 
-2. Extract the contents of **PsTools** and **PortQry** to a directory on the computer hard drive.
+3. Open an elevated command-line:
 
-3.  Open an elevated command-line:
-
-    a. Click **Start** and type **cmd**.
+    a. Go to **Start** and type **cmd**.
 
     b.  Right-click **Command prompt** and select **Run as administrator**.
 
 4. Enter the following command and press **Enter**:
 
     ```
-    HardDrivePath\PsExec.exe -s cmd.exe
+    HardDrivePath\WDATPConnectivityAnalyzer.cmd
     ```
-    Replace *HardDrivePath* with the path where the PsTools Suite was extracted to:
-    ![Image showing the command line](images/psexec-cmd.png)
-
-5. Enter the following command and press **Enter**:
-
+    Replace *HardDrivePath* with the path where the WDATPConnectivityAnalyzer tool was downloaded to, for example
+    ```text
+    C:\Work\tools\WDATPConnectivityAnalyzer\WDATPConnectivityAnalyzer.cmd
     ```
-    HardDrivePath\portqry.exe -n us.vortex-win.data.microsoft.com -e 443 -p tcp
-    ```
-    Replace *HardDrivePath* with the path where the PortQry utility was extracted to:
-    ![Image showing the command line](images/portqry.png)
 
-6.	Verify that the output shows that the name is **resolved** and connection status is **listening**.
+5. Extract the *WDATPConnectivityAnalyzerResult.zip* file created by tool in the folder used in the *HardDrivePath*.
 
-7. Repeat the same steps for the remaining URLs with the following arguments:
+6. Open *WDATPConnectivityAnalyzer.txt* and verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs. <br><br>
+The tool checks the connectivity of Windows Defender ATP service URLs that Windows Defender ATP client is configured to interact with. It then prints the results into the *WDATPConnectivityAnalyzer.txt* file for each URL that can potentially be used to communicate with the Windows Defender ATP  services. For example:
+  ```text
+  Testing URL : https://xxx.microsoft.com/xxx
+  1 - Default proxy: Succeeded (200)
+  2 - Proxy auto discovery (WPAD): Succeeded (200)
+  3 - Proxy disabled: Succeeded (200)
+  4 - Named proxy: Doesn't exist
+  5 - Command line proxy: Doesn't exist              
+  ```
 
-   - portqry.exe -n eu.vortex-win.data.microsoft.com -e 443 -p tcp
-   - portqry.exe -n sevillegwcus.microsoft.com -e 443 -p tcp
-   - portqry.exe -n sevillegweus.microsoft.com -e 443 -p tcp
-   - portqry.exe -n sevillegwweu.microsoft.com -e 443 -p tcp
-   - portqry.exe -n sevillegwneu.microsoft.com -e 443 -p tcp
-   - portqry.exe -n www.microsoft.com -e 80 -p tcp
-   - portqry.exe -n crl.microsoft.com -e 80 -p tcp
+If at least one of the connectivity options returns a (200) status, then the Windows Defender ATP client can communicate with the tested URL properly using this connectivity method. <br><br>
 
-8. Verify that each URL shows that the name is **resolved** and the connection status is **listening**.
-
-If the any of the verification steps indicate a fail, then verify that you have performed the proxy configuration steps to enable server discovery and access to the service URLs.
+However, if the connectivity check results indicate a failure, an HTTP error is displayed (see HTTP Status Codes). You can then use the URLs in the table shown in [Enable access to Windows Defender ATP service URLs in the proxy server](#enable-access-to-windows-defender-atp-service-urls-in-the-proxy-server). The URLs you'll use will depend on the region selected during the onboarding procedure.
 
 ## Related topics
 - [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-s-mime.md b/windows/keep-secure/configure-s-mime.md
index 7b9906f26d..bce814e3d6 100644
--- a/windows/keep-secure/configure-s-mime.md
+++ b/windows/keep-secure/configure-s-mime.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: jdeckerMS
+localizationpriority: high
 ---
 
 
@@ -31,11 +32,11 @@ A digitally signed message reassures the recipient that the message hasn't been
 
 ## Prerequisites
 
--   [S/MIME is enabled for Exchange accounts](http://go.microsoft.com/fwlink/p/?LinkId=718217) (on-premises and Office 365). Users can’t use S/MIME signing and encryption with a personal account such as Outlook.com.
+-   [S/MIME is enabled for Exchange accounts](https://go.microsoft.com/fwlink/p/?LinkId=718217) (on-premises and Office 365). Users can’t use S/MIME signing and encryption with a personal account such as Outlook.com.
 -   Valid Personal Information Exchange (PFX) certificates are installed on the device.
 
-    -   [How to Create PFX Certificate Profiles in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkID=718215)
-    -   [Enable access to company resources using certificate profiles with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=718216)
+    -   [How to Create PFX Certificate Profiles in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkID=718215)
+    -   [Enable access to company resources using certificate profiles with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=718216)
     -   [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md)
 
 ## Choose S/MIME settings
diff --git a/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..f8f22a049a
--- /dev/null
+++ b/windows/keep-secure/configure-siem-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,44 @@
+---
+title: Configure security information and events management tools
+description: Configure supported security information and events management tools to receive and consume alerts.
+keywords: configure siem, security information and events management tools, splunk, arcsight
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Configure security information and events management (SIEM) tools to consume alerts
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+Windows Defender ATP supports security information and events management (SIEM) tools to consume alerts. Windows Defender ATP exposes alerts through an HTTPS endpoint hosted in Azure. The endpoint can be configured to get alerts from your enterprise tenant in Azure Active Directory (AAD) using the OAuth 2.0 authentication protocol for an AAD application that represents the specific SIEM connector installed in your environment.
+
+Windows Defender ATP currently supports the following SIEM tools:
+
+- Splunk
+- HP ArcSight
+
+To use either of these supported SIEM tools you'll need to:
+
+- [Configure an Azure Active Directory application for SIEM integration in your tenant](configure-aad-windows-defender-advanced-threat-protection.md)
+- Configure the supported SIEM tool:
+    - [Configure Splunk to consume alerts](configure-splunk-windows-defender-advanced-threat-protection.md)
+    - [Configure HP ArcSight to consume alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
+
+## In this section
+
+Topic | Description
+:---|:---
+[Configure an Azure Active Directory application](configure-aad-windows-defender-advanced-threat-protection.md)| Learn about configuring an Azure Active Directory application to integrate with supported security information and events management (SIEM) tools.
+ [Configure Splunk](configure-splunk-windows-defender-advanced-threat-protection.md)| Learn about installing the REST API Modular Input app and other configuration settings to enable Splunk to consume Windows Defender ATP alerts.
+ [Configure ArcSight](configure-arcsight-windows-defender-advanced-threat-protection.md)| Learn about installing the HP ArcSight REST FlexConnector package and the files you need to configure ArcSight to consume Windows Defender ATP alerts.
diff --git a/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..60e1c00469
--- /dev/null
+++ b/windows/keep-secure/configure-splunk-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,111 @@
+---
+title: Configure Splunk to consume Windows Defender ATP alerts
+description: Configure Splunk to receive and consume alerts from the Windows Defender ATP portal.
+keywords: configure splunk, security information and events management tools, splunk
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Configure Splunk to consume Windows Defender ATP alerts
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+You'll need to configure Splunk so that it can consume Windows Defender ATP alerts.
+
+## Before you begin
+
+- Install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/) in Splunk
+- Contact the Windows Defender ATP team to get your refresh token
+- Get the following information from your Azure Active Directory (AAD) application by selecting the **View Endpoint** on the application configuration page:
+    - OAuth 2 Token refresh URL
+    - OAuth 2 Client ID
+    - OAuth 2 Client secret
+
+## Configure Splunk
+
+1. Login in to Splunk.
+
+2. Click **Search & Reporting**, then **Settings** > **Data inputs**.
+
+3. Click **REST** under **Local inputs**.
+> [!NOTE]
+> This input will only appear after you install the [REST API Modular Input app](https://splunkbase.splunk.com/app/1546/).
+
+4. Click **New**.
+
+5. Type the following values in the required fields, then click **Save**:
+> [!NOTE]
+>All other values in the form are optional and can be left blank.
+
+  <table>
+  <tbody style="vertical-align:top;">
+  <tr>
+  <th>Field</th>
+  <th>Value</th>
+  </tr>
+  <tr>
+  <td>Endpoint URL</td>
+  <td> https://<i></i>DataAccess-PRD.trafficmanager.net:444/api/alerts</td>
+  </tr>
+  <tr>
+  <td>HTTP Method</td>
+  <td>GET</td>
+  </tr>
+  <td>Authentication Type</td>
+  <td>oauth2</td>
+  <tr>
+  <td>OAuth 2 Token Refresh URL</td>
+  <td>	Value taken from AAD application</td>
+  </tr>
+  <tr>
+  <td>OAuth 2 Client ID</td>
+  <td>Value taken from AAD application</td>
+  </tr>
+  <tr>
+  <td>OAuth 2 Client Secret</td>
+  <td>Value taken from AAD application</td>
+  </tr>
+  <tr>
+  <td>Response type</td>
+  <td>Json</td>
+  </tr>
+  <tr>
+  <td>Response Handler</td>
+  <td>JSONArrayHandler</td>
+  </tr>
+  <tr>
+  <td>Polling Interval</td>
+  <td>Number of seconds that Splunk will ping the Windows Defender ATP endpoint. Accepted values are in seconds.</td>
+  </tr>
+  <tr>
+  <td>Set sourcetype</td>
+  <td>From list</td>
+  </tr>
+  <tr>
+  <td>Source type</td>
+  <td>\_json</td>
+  </tr>
+  </tr>
+  </table>
+
+After completing these configuration steps, you can go to the Splunk dashboard and run queries.
+
+You can use the following query as an example in Splunk: <br>
+```source="rest://windows atp alerts"|spath|table*```
+
+
+## Related topics
+- [Configure security information and events management (SIEM) tools to consume alerts](configure-siem-windows-defender-advanced-threat-protection.md)
+- [Configure Azure Active Directory application for SIEM integration](configure-aad-windows-defender-advanced-threat-protection.md)
+- [Configure HP ArcSight to consume alerts](configure-arcsight-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/configure-the-windows-firewall-log.md b/windows/keep-secure/configure-the-windows-firewall-log.md
index 0784a64b85..086d294c27 100644
--- a/windows/keep-secure/configure-the-windows-firewall-log.md
+++ b/windows/keep-secure/configure-the-windows-firewall-log.md
@@ -14,7 +14,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To configure Windows Firewall to log dropped packets or successful connections, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in.
 
diff --git a/windows/keep-secure/configure-the-workstation-authentication-certificate-template.md b/windows/keep-secure/configure-the-workstation-authentication-certificate-template.md
index 89b5eb68e9..3b75bc141f 100644
--- a/windows/keep-secure/configure-the-workstation-authentication-certificate-template.md
+++ b/windows/keep-secure/configure-the-workstation-authentication-certificate-template.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This procedure describes how to configure a certificate template that Active Directory Certification Services (AD CS) uses as the starting point for device certificates that are automatically enrolled and deployed to workstations in the domain. It shows how to create a copy of a template, and then configure the template according to your design requirements.
 
diff --git a/windows/keep-secure/configure-windows-defender-in-windows-10.md b/windows/keep-secure/configure-windows-defender-in-windows-10.md
index b52b5f6c57..93469dafa2 100644
--- a/windows/keep-secure/configure-windows-defender-in-windows-10.md
+++ b/windows/keep-secure/configure-windows-defender-in-windows-10.md
@@ -1,11 +1,12 @@
 ---
-title: Configure Windows Defender in Windows 10 (Windows 10)
+title: Configure and use Windows Defender in Windows 10
 description: IT professionals can configure definition updates and cloud-based protection in Windows Defender in Windows 10 through Microsoft Active Directory and Windows Server Update Services (WSUS).
 ms.assetid: 22649663-AC7A-40D8-B1F7-5CAD9E49653D
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: jasesso
 ---
 
@@ -14,7 +15,9 @@ author: jasesso
 **Applies to**
 -   Windows 10
 
-IT professionals can configure definition updates and cloud-based protection in Windows Defender in Windows 10 through Microsoft Active Directory and Windows Server Update Services (WSUS).
+You can configure definition updates and cloud-based protection in Windows Defender in Windows 10 through Microsoft Active Directory and Windows Server Update Services (WSUS).
+
+You can also enable and configure the Microsoft Active Protection Service to ensure endpoints are protected by cloud-based protection technologies.
 
 ## Configure definition updates
 
diff --git a/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
index b4990058e6..057dd20255 100644
--- a/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
+++ b/windows/keep-secure/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To configure Windows Firewall to suppress the display of a notification when it blocks a program that tries to listen for network traffic and to prohibit locally defined rules, use the Windows Firewall with Advanced Security node in the Group Policy Management console.
 
diff --git a/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md b/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md
index 0423277e45..c64746932b 100644
--- a/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md
+++ b/windows/keep-secure/confirm-that-certificates-are-deployed-correctly.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 After configuring your certificates and autoenrollment in Group Policy, you can confirm that the policy is being applied as expected, and that the certificates are being properly installed on the workstation devices.
 
diff --git a/windows/keep-secure/copy-a-gpo-to-create-a-new-gpo.md b/windows/keep-secure/copy-a-gpo-to-create-a-new-gpo.md
index 694250fe3b..0b0fc49d34 100644
--- a/windows/keep-secure/copy-a-gpo-to-create-a-new-gpo.md
+++ b/windows/keep-secure/copy-a-gpo-to-create-a-new-gpo.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To create the GPO for the boundary zone devices, make a copy of the main domain isolation GPO, and then change the settings to request, instead of require, authentication. To make a copy of a GPO, use the Active Directory Users and devices MMC snap-in.
 
@@ -47,4 +47,4 @@ To complete this procedure, you must be a member of the Domain Administrators gr
 
 12. Type the name of the group that contains members of the boundary zone, for example **CG\_DOMISO\_Boundary**, and then click **OK**.
 
-13. If required, change the WMI filter to one appropriate for the new GPO. For example, if the original GPO is for client devices running Windows 10, and the new boundary zone GPO is for devices running Windows Server 2016 Technical Preview, then select a WMI filter that allows only those devices to read and apply the GPO.
+13. If required, change the WMI filter to one appropriate for the new GPO. For example, if the original GPO is for client devices running Windows 10, and the new boundary zone GPO is for devices running Windows Server 2016, then select a WMI filter that allows only those devices to read and apply the GPO.
diff --git a/windows/keep-secure/create-a-group-account-in-active-directory.md b/windows/keep-secure/create-a-group-account-in-active-directory.md
index 6aeb64d983..6ada08d53f 100644
--- a/windows/keep-secure/create-a-group-account-in-active-directory.md
+++ b/windows/keep-secure/create-a-group-account-in-active-directory.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To create a security group to contain the computer accounts for the computers that are to receive a set of Group Policy settings, use the Active Directory Users and Computers console.
 
diff --git a/windows/keep-secure/create-a-group-policy-object.md b/windows/keep-secure/create-a-group-policy-object.md
index 42a0e5ae62..bdd41a37ca 100644
--- a/windows/keep-secure/create-a-group-policy-object.md
+++ b/windows/keep-secure/create-a-group-policy-object.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To create a new GPO, use the Active Directory Users and Computers MMC snap-in.
 
diff --git a/windows/keep-secure/create-an-authentication-exemption-list-rule.md b/windows/keep-secure/create-an-authentication-exemption-list-rule.md
index b0a4ec1118..e48455f5e9 100644
--- a/windows/keep-secure/create-an-authentication-exemption-list-rule.md
+++ b/windows/keep-secure/create-an-authentication-exemption-list-rule.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 In almost any isolated server or isolated domain scenario, there are some devices or devices that cannot communicate by using IPsec. This procedure shows you how to create rules that exempt those devices from the authentication requirements of your isolation policies.
 
diff --git a/windows/keep-secure/create-an-authentication-request-rule.md b/windows/keep-secure/create-an-authentication-request-rule.md
index 1c947f68f9..42617dc699 100644
--- a/windows/keep-secure/create-an-authentication-request-rule.md
+++ b/windows/keep-secure/create-an-authentication-request-rule.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 After you have configured IPsec algorithms and authentication methods, you can create the rule that requires the devices on the network to use those protocols and methods before they can communicate.
 
diff --git a/windows/keep-secure/create-an-inbound-icmp-rule.md b/windows/keep-secure/create-an-inbound-icmp-rule.md
index f76bba3007..83983389da 100644
--- a/windows/keep-secure/create-an-inbound-icmp-rule.md
+++ b/windows/keep-secure/create-an-inbound-icmp-rule.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To allow inbound Internet Control Message Protocol (ICMP) network traffic, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows ICMP requests and responses to be sent and received by computers on the network.
 
diff --git a/windows/keep-secure/create-an-inbound-port-rule.md b/windows/keep-secure/create-an-inbound-port-rule.md
index e2a911293f..212bf9a8fc 100644
--- a/windows/keep-secure/create-an-inbound-port-rule.md
+++ b/windows/keep-secure/create-an-inbound-port-rule.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To allow inbound network traffic on only a specified TCP or UDP port number, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows any program that listens on a specified TCP or UDP port to receive network traffic sent to that port.
 
diff --git a/windows/keep-secure/create-an-inbound-program-or-service-rule.md b/windows/keep-secure/create-an-inbound-program-or-service-rule.md
index 51524c047d..62c8e83e1b 100644
--- a/windows/keep-secure/create-an-inbound-program-or-service-rule.md
+++ b/windows/keep-secure/create-an-inbound-program-or-service-rule.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To allow inbound network traffic to a specified program or service, use the Windows Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows the program to listen and receive inbound network traffic on any port.
 
diff --git a/windows/keep-secure/create-an-outbound-port-rule.md b/windows/keep-secure/create-an-outbound-port-rule.md
index 98c85d581c..9a06f49266 100644
--- a/windows/keep-secure/create-an-outbound-port-rule.md
+++ b/windows/keep-secure/create-an-outbound-port-rule.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 By default, Windows Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic on a specified TCP or UDP port number, use the Windows Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. This type of rule blocks any outbound network traffic that matches the specified TCP or UDP port numbers.
 
diff --git a/windows/keep-secure/create-an-outbound-program-or-service-rule.md b/windows/keep-secure/create-an-outbound-program-or-service-rule.md
index 342e863ffd..2e7e5c2e1e 100644
--- a/windows/keep-secure/create-an-outbound-program-or-service-rule.md
+++ b/windows/keep-secure/create-an-outbound-program-or-service-rule.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 By default, Windows Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic for a specified program or service, use the Windows Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. This type of rule prevents the program from sending any outbound network traffic on any port.
 
diff --git a/windows/keep-secure/create-and-verify-an-efs-dra-certificate.md b/windows/keep-secure/create-and-verify-an-efs-dra-certificate.md
new file mode 100644
index 0000000000..06392494c0
--- /dev/null
+++ b/windows/keep-secure/create-and-verify-an-efs-dra-certificate.md
@@ -0,0 +1,108 @@
+---
+title: Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate (Windows 10)
+description: Follow these steps to create, verify, and perform a quick recovery by using a Encrypting File System (EFS) Data Recovery Agent (DRA) certificate.
+keywords: Windows Information Protection, WIP, EDP, Enterprise Data Protection
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: high
+---
+
+# Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate
+**Applies to:**
+
+-   Windows 10, version 1607
+-   Windows 10 Mobile
+
+If you don’t already have an EFS DRA certificate, you’ll need to create and extract one from your system before you can use Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your organization. For the purposes of this section, we’ll use the file name EFSDRA; however, this name can be replaced with anything that makes sense to you.
+
+The recovery process included in this topic only works for desktop devices. WIP deletes the data on Windows 10 Mobile devices.   
+
+>**Important**<br>
+If you already have an EFS DRA certificate for your organization, you can skip creating a new one. Just use your current EFS DRA certificate in your policy. For more info about when to use a PKI and the general strategy you should use to deploy DRA certificates, see the [Security Watch Deploying EFS: Part 1](https://technet.microsoft.com/magazine/2007.02.securitywatch.aspx) article on TechNet. For more general info about EFS protection, see [Protecting Data by Using EFS to Encrypt Hard Drives](https://msdn.microsoft.com/library/cc875821.aspx).<p>If your DRA certificate has expired, you won’t be able to encrypt your files with it. To fix this, you'll need to create a new certificate, using the steps in this topic, and then deploy it through policy.
+
+**To manually create an EFS DRA certificate**
+
+1.	On a computer without an EFS DRA certificate installed, open a command prompt with elevated rights, and then navigate to where you want to store the certificate.
+
+2.	Run this command:
+    
+    `cipher /r:<EFSRA>`
+    
+    Where *&lt;EFSRA&gt;* is the name of the .cer and .pfx files that you want to create.
+
+3.	When prompted, type and confirm a password to help protect your new Personal Information Exchange (.pfx) file.
+
+    The EFSDRA.cer and EFSDRA.pfx files are created in the location you specified in Step 1.
+
+    >**Important**<br> 
+    Because the private keys in your DRA .pfx files can be used to decrypt any WIP file, you must protect them accordingly. We highly recommend storing these files offline, keeping copies on a smart card with strong protection for normal use and master copies in a secured physical location.
+
+4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as Microsoft Intune or System Center Configuration Manager. 
+
+    >**Note**<br>
+    To add your EFS DRA certificate to your policy by using Microsoft Intune, see the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) topic. To add your EFS DRA certificate to your policy by using System Center Configuration Manager, see the [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) topic.
+
+**To verify your data recovery certificate is correctly set up on a WIP client computer**
+
+1. Find or create a file that's encrypted using Windows Information Protection. For example, you could open an app on your allowed app list, and then create and save a file so it’s encrypted by WIP. 
+
+2. Open an app on your protected app list, and then create and save a file so that it’s encrypted by WIP.
+
+3.	Open a command prompt with elevated rights, navigate to where you stored the file you just created, and then run this command:
+
+    `cipher /c <filename>`
+
+    Where *&lt;filename&gt;* is the name of the file you created in Step 1.
+
+4.	Make sure that your data recovery certificate is listed in the **Recovery Certificates** list.
+
+**To recover your data using the EFS DRA certificate in a test environment**
+
+1.	Copy your WIP-encrypted file to a location where you have admin access.
+
+2.	Install the EFSDRA.pfx file, using its password.
+
+3.	Open a command prompt with elevated rights, navigate to the encrypted file, and then run this command:
+
+    `cipher /d <encryptedfile.extension>`
+    
+    Where *&lt;encryptedfile.extension&gt;* is the name of your encrypted file. For example, corporatedata.docx.
+
+**To quickly recover WIP-protected desktop data after unenrollment**<br>
+It's possible that you might revoke data from an unenrolled device only to later want to restore it all. This can happen in the case of a missing device being returned or if an unenrolled employee enrolls again. If the employee enrolls again using the original user profile, and the revoked key store is still on the device, all of the revoked data can be restored at once, by following these steps.
+
+>**Important**<br>To maintain control over your enterprise data, and to be able to revoke again in the future, you must only perform this process after the employee has re-enrolled the device. 
+
+1. Have your employee sign in to the unenrolled device, open a command prompt, and type:
+    
+    `Robocopy “%localappdata%\Microsoft\EDP\Recovery” <“new_location”> /EFSRAW`
+
+    Where *&lt;”new_location”&gt;* is in a different directory. This can be on the employee’s device or on a Windows 8 or Windows Server 2012 or newer server file share that can be accessed while you're logged in as a data recovery agent.
+
+2. Sign in to a different device with administrator credentials that have access to your organization's DRA certificate, and perform the file decryption and recovery by typing:
+
+    `cipher.exe /D <“new_location”>`
+
+3. Have your employee sign in to the unenrolled device, and type:
+
+    `Robocopy <”new_location”> “%localappdata%\Microsoft\EDP\Recovery\Input”`
+
+4. Ask the employee to lock and unlock the device.
+
+    The Windows Credential service automatically recovers the employee’s previously revoked keys from the `Recovery\Input` location.
+
+## Related topics
+- [Security Watch Deploying EFS: Part 1](https://technet.microsoft.com/magazine/2007.02.securitywatch.aspx)
+
+- [Protecting Data by Using EFS to Encrypt Hard Drives](https://msdn.microsoft.com/library/cc875821.aspx)
+
+- [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md)
+
+- [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md)
+
+- [Creating a Domain-Based Recovery Agent](https://msdn.microsoft.com/library/cc875821.aspx#EJAA)
+
+
+
diff --git a/windows/keep-secure/create-edp-policy-using-intune.md b/windows/keep-secure/create-edp-policy-using-intune.md
index 49a3959cc2..77a7c0ee85 100644
--- a/windows/keep-secure/create-edp-policy-using-intune.md
+++ b/windows/keep-secure/create-edp-policy-using-intune.md
@@ -1,513 +1,5 @@
 ---
 title: Create an enterprise data protection (EDP) policy using Microsoft Intune (Windows 10)
 description: Microsoft Intune helps you create and deploy your enterprise data protection (EDP) policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network.
-ms.assetid: 4b307c99-3016-4d6a-9ae7-3bbebd26e721
-ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: security
-author: eross-msft
----
-
-# Create an enterprise data protection (EDP) policy using Microsoft Intune
-**Applies to:**
-
--   Windows 10 Insider Preview
--   Windows 10 Mobile Preview
-
-<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-Microsoft Intune helps you create and deploy your enterprise data protection (EDP) policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network.
-
-## Important note about the June service update
-We've received some great feedback from you, our Windows 10 Insider Preview customers, about our enterprise data protection experiences and processes. Because of that feedback, we're delighted to deliver an enhanced apps policy experience with the June service update. This means that when you open an existing enterprise data protection policy after we release the June service update in your test environment, your existing Windows 10 enterprise data protection app rules (formerly in the **Protected Apps** area) will be removed.<p>To prepare for this change, we recommend that you make an immediate backup of your current app rules as they are today, so you can use them to help reconfigure your app rules with the enhanced experience. When you open an existing enterprise data protection policy after we release the June service update, you'll get a dialog box telling you about this change. Click the **OK** button to close the box and to begin reconfiguring your app rules.
-
-![Microsoft Intune: Reconfigure app rules list dialog box](images/edp-intune-app-reconfig-warning.png)
-
-Note that if you exit the **Policy** page before you've saved your new policy, your existing deployments won't be affected. However, if you save the policy without reconfiguring your apps, an updated policy will be deployed to your employees with an empty app rules list.
- 
-## Add an EDP policy
-After you’ve set up Intune for your organization, you must create an EDP-specific policy.
-
-**To add an EDP policy**
-1.  Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy** from the **Tasks** area.
-
-2.  Go to **Windows**, click the **Enterprise data protection (Windows 10 Desktop and Mobile and later) policy**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
-
-    ![Microsoft Intune: Create your new policy from the New Policy screen](images/intune-createnewpolicy.png)
-
-3.  Type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
-
-    ![Microsoft Intune: Fill out the required Name and optional Description fields](images/intune-generalinfo.png)
-
-### Add app rules to your policy
-During the policy-creation process in Intune, you can choose the apps you want to give access to your enterprise data through EDP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps.
-
-The steps to add your app rules are based on the type of rule template being applied. You can add a store app (also known as a Universal Windows Platform (UWP) app), a signed desktop app (also known as a Classic Windows app), or an AppLocker policy file.
-
->**Important**<br>
-EDP-aware apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, EDP-unaware apps might not respect the corporate network boundary, and EDP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.<p>Care must be taken to get a support statement from the software provider that their app is safe with EDP before adding it to your App Rules list. If you don’t get this statement, it’s possible that you could experience app compat issues due to an app losing the ability to access a necessary file after revocation.
-
-<p>
->**Note**<br>
-If you want to use **File hash** or **Path** rules, instead of **Publisher** rules, you must follow the steps in the [Add apps using Microsoft Intune and custom URI](add-apps-to-protected-list-using-custom-uri.md) topic.
-
-#### Add a store app rule to your policy
-For this example, we’re going to add Microsoft OneNote, a store app, to the **App Rules** list.
-
-**To add a store app**
-1.	From the **App Rules** area, click **Add**.
-
-    The **Add App Rule** box appears.
-
-        ![Microsoft Intune, Add a store app to your policy](images/intune-add-uwp-apps.png)
-
-2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Microsoft OneNote*.
-
-3.	Click **Allow** from the **Enterprise data protection mode** drop-down list.
-
-    Allow turns on EDP, helping to protect that app’s corporate data through the enforcement of EDP restrictions. Instructions for exempting an app are included in the [Exempt apps from EDP restrictions](#exempt-apps-from-edp-restrictions) section of this topic.
-
-4.	Pick **Store App** from the **Rule template** drop-down list.
-
-    The box changes to show the store app rule options.
-
-5.	Type the name of the app and the name of its publisher, and then click **OK**. For this UWP app example, the **Publisher** is`CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` and the **Product name** is `Microsoft.Office.OneNote`.
-
-If you don't know the publisher or product name, you can find them for both desktop devices and Windows 10 Mobile phones by following these steps.
-
-**To find the Publisher and Product Name values for Store apps without installing them**
-1.	Go to the [Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Microsoft OneNote*.
-
-    >**Note**<br>
-    If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the [Add apps using Microsoft Intune and custom URI](add-apps-to-protected-list-using-custom-uri.md) topic.
-
-2.	Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, `9wzdncrfhvjl`.
-
-3.	In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata, where `9wzdncrfhvjl` is replaced with your ID value.
-
-    The API runs and opens a text editor with the app details.
-
-        ``` json
-            {
-                "packageIdentityName": "Microsoft.Office.OneNote",
-                "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
-            }
-        ```
-4. Copy the `publisherCertificateName` value into the **Publisher Name** box and copy the `packageIdentityName` value into the **Product Name** box of Intune.
-
-    >**Important**<br>
-    The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as `CN=` followed by the `windowsPhoneLegacyId`.<p>For example:<br>
-    
-    ``` json
-        {
-	       "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
-	    }
-    ```
-
-**To find the Publisher and Product Name values for apps installed on Windows 10 mobile phones**
-1.	If you need to add mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
-
-    >**Note**<br>
-    Your PC and phone must be on the same wireless network.
-
-2.	On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**.
-
-3.	In the **For developers** screen, turn on **Developer mode**, turn on **Device Discovery**, and then turn on **Device Portal**.
-
-4.	Copy the URL in the **Device Portal** area into your device's browser, and then accept the SSL certificate.
-
-5.	In the **Device discovery** area, press **Pair**, and then enter the PIN into the website from the previous step.
-
-6.	On the **Apps** tab of the website, you can see details for the running apps, including the publisher and product names.
-
-7.	Start the app for which you're looking for the publisher and product name values.
-
-8.	Copy the `publisherCertificateName` value and paste it into the **Publisher Name** box and the `packageIdentityName` value into the **Product Name** box of Intune.
-
-    >**Important**<br>
-    The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as `CN=` followed by the `windowsPhoneLegacyId`.<p>For example:<br>
-    
-    ``` json
-        {
-	       "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
-	    }
-    ```
-
-#### Add a desktop app rule to your policy
-For this example, we’re going to add Internet Explorer, a desktop app, to the **App Rules** list.
-
-**To add a desktop app**
-1.	From the **App Rules** area, click **Add**.
-
-    The **Add App Rule** box appears.
-
-        ![Microsoft Intune, Add a desktop app to your policy](images/intune-add-classic-apps.png)
-
-2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Internet Explorer*.
-
-3.	Click **Allow** from the **Enterprise data protection mode** drop-down list.
-
-    Allow turns on EDP, helping to protect that app’s corporate data through the enforcement of EDP restrictions. Instructions for exempting an app are included in the [Exempt apps from EDP restrictions](#exempt-apps-from-edp-restrictions) section of this topic.
-
-4.	Pick **Desktop App** from the **Rule template** drop-down list.
-
-    The box changes to show the store app rule options.
-
-5. Pick the options you want to include for the app rule (see table), and then click **OK**.
-
-    <table>
-        <tr>
-            <th>Option</th>
-            <th>Manages</th>
-        </tr>
-        <tr>
-            <td>All fields left as “*”</td>
-            <td>All files signed by any publisher. (Not recommended.)</td>
-        </tr>
-        <tr>
-            <td><strong>Publisher</strong> selected</td>
-            <td>All files signed by the named publisher.<p>This might be useful if your company is the publisher and signer of internal line-of-business apps.</td>
-        </tr>
-        <tr>
-            <td><strong>Publisher</strong> and <strong>Product Name</strong> selected</td>
-            <td>All files for the specified product, signed by the named publisher.</td>
-        </tr>
-        <tr>
-            <td><strong>Publisher</strong>, <strong>Product Name</strong>, and <strong>Binary name</strong> selected</td>
-            <td>Any version of the named file or package for the specified product, signed by the named publisher.</td>
-        </tr>
-        <tr>
-            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, and above</strong>, selected</td>
-            <td>Specified version or newer releases of the named file or package for the specified product, signed by the named publisher.<p>This option is recommended for enlightened apps that weren't previously enlightened.</td>
-        </tr>
-        <tr>
-            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, And below</strong> selected</td>
-            <td>Specified version or older releases of the named file or package for the specified product, signed by the named publisher.</td>
-        </tr>
-        <tr>
-            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, Exactly</strong> selected</td>
-            <td>Specified version of the named file or package for the specified product, signed by the named publisher.</td>
-        </tr>
-    </table>
-
-If you’re unsure about what to include for the publisher, you can run this PowerShell command:
-
-```ps1
-    Get-AppLockerFileInformation -Path "<path of the exe>"
-```
-Where `"<path of the exe>"` goes to the location of the app on the device. For example, `Get-AppLockerFileInformation -Path "C:\Program Files\Internet Explorer\iexplore.exe"`.
-
-In this example, you'd get the following info:
-
-``` json
-    Path                   Publisher
-    ----                   ---------
-    %PROGRAMFILES%\INTERNET EXPLORER\IEXPLORE.EXE O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\INTERNET EXPLOR...
-```
-Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the publisher name to enter in the **Publisher Name** box.
-
-#### Add an AppLocker policy file
-For this example, we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/applocker-overview) content.
-
-**To create an app rule and xml file using the AppLocker tool**
-1.	Open the Local Security Policy snap-in (SecPol.msc).
-    
-2.	In the left pane, expand **Application Control Policies**, expand **AppLocker**, and then click **Packaged App Rules**.
-
-    ![Local security snap-in, showing the Packaged app Rules](images/intune-local-security-snapin.png)
-
-3.	Right-click in the right-hand pane, and then click **Create New Rule**.
-
-    The **Create Packaged app Rules** wizard appears.
-
-4. On the **Before You Begin** page, click **Next**.
-
-    ![Create Packaged app Rules wizard, showing the Before You Begin page](images/intune-applocker-before-begin.png)
-
-5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**.
-
-    ![Create Packaged app Rules wizard, showing the Before You Begin page](images/intune-applocker-permissions.png)
-
-6.	On the **Publisher** page, click **Select** from the **Use an installed packaged app as a reference** area.
-
-    ![Create Packaged app Rules wizard, showing the Publisher](images/intune-applocker-publisher.png)
-
-7. In the **Select applications** box, pick the app that you want to use as the reference for your rule, and then click **OK**. For this example, we’re using Microsoft Photos.
-
-    ![Create Packaged app Rules wizard, showing the Select applications page](images/intune-applocker-select-apps.png)
-
-8. On the updated **Publisher** page, click **Create**.
-
-    ![Create Packaged app Rules wizard, showing the Microsoft Photos on the Publisher page](images/intune-applocker-publisher-with-app.png)
-
-9. Review the Local Security Policy snap-in to make sure your rule is correct.
-
-    ![Local security snap-in, showing the new rule](images/intune-local-security-snapin-updated.png)
-
-10.	In the left pane, right-click on **AppLocker**, and then click **Export policy**.
-
-    The **Export policy** box opens, letting you export and save your new policy as XML.
-
-    ![Local security snap-in, showing the Export Policy option](images/intune-local-security-export.png)
-
-11.	In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**.
-
-    The policy is saved and you’ll see a message that says 1 rule was exported from the policy.
-
-    **Example XML file**<br>
-    This is the XML file that AppLocker creates for Microsoft Photos.
-
-    ```xml
-     <AppLockerPolicy Version="1">
-        <RuleCollection Type="Exe" EnforcementMode="NotConfigured" />
-        <RuleCollection Type ="Msi" EnforcementMode="NotConfigured" />
-        <RuleCollection Type ="Script" EnforcementMode="NotConfigured" />
-        <RuleCollection Type ="Dll" EnforcementMode="NotConfigured" />
-        <RuleCollection Type ="Appx" EnforcementMode="NotConfigured">
-            <FilePublisherRule Id="5e0c752b-5921-4f72-8146-80ad5f582110" Name="Microsoft.Windows.Photos, version 16.526.0.0 and above, from Microsoft Corporation" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
-                <Conditions>
-                    <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Photos" BinaryName="*">
-                        <BinaryVersionRange LowSection="16.526.0.0" HighSection="*" />
-                    </FilePublisherCondition>
-                </Conditions>
-            </FilePublisherRule>
-        </RuleCollection>
-	</AppLockerPolicy>
-    ```
-12.	After you’ve created your XML file, you need to import it by using Microsoft Intune.
-
-**To import your Applocker policy file app rule using Microsoft Intune**
-1.	From the **App Rules** area, click **Add**.
-    
-    The **Add App Rule** box appears.
-
-        ![Microsoft Intune, Importing your AppLocker policy file using Intune](images/intune-add-applocker-xml-file.png)
-
-2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Allowed app list*.
-
-3.	Click **Allow** from the **Enterprise data protection mode** drop-down list.
-
-    Allow turns on EDP, helping to protect that app’s corporate data through the enforcement of EDP restrictions. Instructions for exempting an app are included in the [Exempt apps from EDP restrictions](#exempt-apps-from-edp-restrictions) section of this topic.
-
-4.	Pick **AppLocker policy file** from the **Rule template** drop-down list.
-
-    The box changes to let you import your AppLocker XML policy file.
-
-5.	Click **Import**, browse to your AppLocker XML file, click **Open**, and then click **OK** to close the **Add App Rule** box.
-
-    The file is imported and the apps are added to your **App Rules** list.
-
-#### Exempt apps from EDP restrictions
-If you're running into compatibility issues where your app is incompatible with EDP, but still needs to be used with enterprise data, you can exempt the app from the EDP restrictions. This means that your apps won't include auto-encryption or tagging and won't honor your network restrictions. It also means that your exempted apps might leak.
-
-**To exempt a store app, a desktop app, or an AppLocker policy file app rule**
-1.	From the **App Rules** area, click **Add**.
-    
-    The **Add App Rule** box appears.
-
-2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Exempt apps list*.
-
-3.	Click **Exempt** from the **Enterprise data protection mode** drop-down list.
-
-    Be aware that when you exempt apps, they’re allowed to bypass the EDP restrictions and access your corporate data. To allow apps, see the [Add app rules to your policy](#add-app-rules-to-your-policy) section of this topic.
-
-4.	Fill out the rest of the app rule info, based on the type of rule you’re adding:
-
-    - **Store app.** Follow the **Publisher** and **Product name** instructions in the [Add a store app rule to your policy](#add-a-store-app-rule-to-your-policy) section of this topic.
-
-    - **Desktop app.** Follow the **Publisher**, **Product name**, **Binary name**, and **Version** instructions in the [Add a desktop app rule to your policy](#add-a-desktop-app-rule-to-your-policy) section of this topic.
-
-    - **AppLocker policy file.** Follow the **Import** instructions in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section of this topic, using a list of exempted apps.
-
-5.	Click **OK**.
-
-### Manage the EDP protection mode for your enterprise data
-After you've added the apps you want to protect with EDP, you'll need to apply a management and protection mode.
-
-We recommend that you start with **Silent** or **Override** while verifying with a small group that you have the right apps on your protected apps list. After you're done, you can change to your final enforcement policy, either **Override** or **Block**.
-
-|Mode |Description |
-|-----|------------|
-|Block |EDP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between other people and devices outside of your enterprise.|
-|Override |EDP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](http://go.microsoft.com/fwlink/p/?LinkID=746459). |
-|Silent |EDP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or EDP-protected data, are still blocked.|
-|Off (not recommended) |EDP is turned off and doesn't help to protect or audit your data.<p>After you turn off EDP, an attempt is made to decrypt any closed EDP-tagged files on the locally attached drives.|
-
-![Microsoft Intune, Set the protection mode for your data](images/intune-protection-mode.png)
-
-### Define your enterprise-managed corporate identity
-Corporate identity, usually expressed as your primary Internet domain (for example, contoso.com), helps to identify and tag your corporate data from apps you’ve marked as protected by EDP. For example, emails using contoso.com are identified as being corporate and are restricted by your enterprise data protection policies.
-
-You can specify multiple domains owned by your enterprise by separating them with the "|" character. For example, (`contoso.com|newcontoso.com`). With multiple domains, the first one is designated as your corporate identity and all of the additional ones as being owned by the first one. We strongly recommend that you include all of your email address domains in this list.
-
-**To add your corporate identity**
-- Type the name of your corporate identity into the **Corporate identity** field. For example, `contoso.com` or `contoso.com|newcontoso.com`.
-
-    ![Microsoft Intune, Set your primary Internet domains](images/intune-corporate-identity.png)
-
-### Choose where apps can access enterprise data
-After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network.
-
-There are no default locations included with EDP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise’s range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
-
->**Important**<br>
-- Every EDP policy should include policy that defines your enterprise network locations.<p>
-- Classless Inter-Domain Routing (CIDR) notation isn’t supported for EDP configurations.
-
-**To define where your protected apps can find and send enterprise data on you network**
-
-1. Add additional network locations your apps can access by clicking **Add**.
-
-    The **Add or edit corporate network definition** box appears.
-
-2.	Type a name for your corporate network element into the **Name** box, and then pick what type of network element it is, from the **Network element** drop-down box. This can include any of the options in the following table.
-
-    ![Microsoft Intune, Add your corporate network definitions](images/intune-networklocation.png)
-<p>
-    <table>
-            <tr>
-                <th>Network location type</th>
-                <th>Format</th>
-                <th>Description</th>
-            </tr>
-            <tr>
-                <td>Enterprise Cloud Resources</td>
-                <td>**With proxy:** contoso.sharepoint.com,proxy.contoso.com|<br>contoso.visualstudio.com,proxy.contoso.com<p>**Without proxy:** contoso.sharepoint.com|contoso.visualstudio.com</td>
-                <td>Specify the cloud resources to be treated as corporate and protected by EDP.<p>For each cloud resource, you may also optionally specify an internal proxy server that routes your traffic through your Enterprise Internal Proxy Server.<p>If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: `URL <,proxy>|URL <,proxy>`.<p>If Windows is unable to determine whether an app should be allowed to connect to a network resource, it will automatically block the connection. If instead you want Windows to allow the connections to happen, you can add the `/*AppCompat*/` string to this setting. For example: `URL <,proxy>|URL <,proxy>|/*AppCompat*/`</td>
-            </tr>
-            <tr>
-                <td>Enterprise Network Domain Names (Required)</td>
-                <td>corp.contoso.com,region.contoso.com</td>
-                <td>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.<p>This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.<p>If you have multiple resources, you must separate them using the "," delimiter.</td>                
-            </tr>
-            <tr>
-                <td>Enterprise Proxy Servers</td>
-                <td>proxy.contoso.com:80;proxy2.contoso.com:137</td>
-                <td>Specify your externally-facing proxy server addresses, along with the port through which traffic is allowed and protected with EDP.<p>This list shouldn’t include any servers listed in the Enterprise Internal Proxy Servers list, which are used for EDP-protected traffic.<p>This setting is also required if you use a proxy in your network. If you don't have a proxy server, you might find that enterprise resources are unavailable when a client is behind a proxy, such as when you’re visiting another company and not on that company’s guest network.<p>If you have multiple resources, you must separate them using the ";" delimiter.</td>
-            </tr>
-            <tr>
-                <td>Enterprise Internal Proxy Servers</td>
-                <td>contoso.internalproxy1.com;contoso.internalproxy2.com</td>
-                <td>Specify the proxy servers your devices will go through to reach your cloud resources.<p>Using this server type indicates that the cloud resources you’re connecting to are enterprise resources.<p>This list shouldn’t include any servers listed in the Enterprise Proxy Servers list, which are used for non-EDP-protected traffic.<p>If you have multiple resources, you must separate them using the ";" delimiter.</td>                
-            </tr>
-            <tr>
-                <td>Enterprise IPv4 Range (Required, if not using IPv6)</td>
-                <td>**Starting IPv4 Address:** 3.4.0.1<br>**Ending IPv4 Address:** 3.4.255.254<br>**Custom URI:** 3.4.0.1-3.4.255.254,<br>10.0.0.1-10.255.255.254</td>
-                <td>Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.<p>If you have multiple ranges, you must separate them using the "," delimiter.</td>
-            </tr>
-            <tr>
-                <td>Enterprise IPv6 Range (Required, if not using IPv4)</td>
-                <td>**Starting IPv6 Address:** 2a01:110::<br>**Ending IPv6 Address:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff<br>**Custom URI:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,<br>fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff</td>
-                <td>Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.<p>If you have multiple ranges, you must separate them using the "," delimiter.</td>
-            </tr>
-            <tr>
-                <td>Neutral Resources</td>
-                <td>sts.contoso.com,sts.contoso2.com</td>
-                <td>Specify your authentication redirection endpoints for your company.<p>These locations are considered enterprise or personal, based on the context of the connection before the redirection.<p>If you have multiple resources, you must separate them using the "," delimiter.</td>
-            </tr>           
-        </table>
-
-3.	Add as many locations as you need, and then click **OK**.
-
-    The **Add corporate network definition** box closes.
-
-4. Decide if you want to Windows to look for additional network settings:
-
-    - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you clear this box, Windows will search for additional proxy servers in your immediate network.
-
-	- **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network.
-
-	- **Show the enterprise data protection icon overlay on your allowed apps that are EDP-unaware in the Windows Start menu and on corporate file icons in the File Explorer.** Click this box if you want the enterprise data protection icon overlay to appear on corporate files or in the Start menu, on top the tiles for your unenlightened protected apps.
-
-5.	In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
-
-       ![Microsoft Intune, Add your Data Recovery Agent (DRA) certificate](images/intune-data-recovery.png)
-
-    After you create and deploy your EDP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data.
-
-    For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](http://go.microsoft.com/fwlink/p/?LinkId=761462) topic.
-
-#### Create and verify an Encrypting File System (EFS) DRA certificate for EDP
-If you don’t already have an EFS DRA certificate, you’ll need to create and extract one from your system before you can use EDP in your organization. For the purposes of this section, we’ll use the file name *EFSDRA*; however, this name can be replaced with anything that makes sense to you.
-
->**Important**<br>If you already have an EFS DRA certificate for your organization, you can skip creating a new one. Just use your current EFS DRA certificate in your policy.
-
-**To manually create an EFS DRA certificate**
-1. On a computer without an EFS DRA certificate installed, open a command prompt with elevated rights, and then navigate to where you want to store the certificate.
-
-2. Run this command:
-    
-    `cipher /r:<EFSDRA>`<br>Where `<EFSDRA>` is the name of the .cer and .pfx files that you want to create.
-
-3. When prompted, type and confirm a password to help protect your new Personal Information Exchange (.pfx) file.
-
-    The EFSDRA.cer and EFSDRA.pfx files are created in the location you specified in Step 1. 
-
-    >**Important**<br>Because these files can be used to decrypt any EDP file, you must protect them accordingly. We highly recommend storing them as a public key (PKI) on a smart card with strong protection, stored in a secured physical location.
-
-4.	Add your EFS DRA certificate to your EDP policy by using Step 3 of the [Choose where apps can access enterprise data](#choose-where-apps-can-access-enterprise-data) section of this topic.
-
-**To verify your data recovery certificate is correctly set up on an EDP client computer**
-1.	Open an app on your protected app list, and then create and save a file so that it’s encrypted by EDP.
-
-2.	Open a command prompt with elevated rights, navigate to where you stored the file you just created, and then run this command:
-
-    `cipher /c <filename>`<br>Where `<filename>` is the name of the file you created in Step 1.
-
-3.	Make sure that your data recovery certificate is listed in the **Recovery Certificates** list.
-
-**To recover your data using the EFS DRA certificate in a test environment**
-1.	Copy your EDP-encrypted file to a location where you have admin access.
-
-2.	Install the EFSDRA.pfx file, using your password.
-
-3.	Open a command prompt with elevated rights, navigate to the encrypted file, and then run this command:
-
-    `cipher /d <encryptedfile.extension>`<br>Where `<encryptedfile.extension>` is the name of your encrypted file. For example, corporatedata.docx.
-
-### Choose your optional EDP-related settings
-After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional EDP settings.
-
-![Microsoft Intune, Choose any additional, optional settings](images/intune-optional-settings.png)
-
-**To set your optional settings**
-1.	Choose to set any or all of the optional settings:
-
-    - **Show the Personal option in the File ownership menus of File Explorer and the Save As dialog box.** Determines whether users can see the Personal option for files within File Explorer and the **Save As** dialog box. The options are:
-    
-        - **Yes, or not configured (recommended).** Employees can choose whether a file is **Work** or **Personal** in File Explorer and the **Save As** dialog box. 
-	
-        - **No.** Hides the **Personal** option from employees. Be aware that if you pick this option, apps that use the **Save As** dialog box might encrypt new files as corporate data unless a different file path is given during the original file creation. After this happens, decryption of work files becomes more difficult.
-
-    - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile**. Determines whether apps can show corporate data on a Windows 10 Mobile device **Lock** screen. The options are:
-	
-        - **Yes (recommended).** Stop apps from reading corporate data on Windows 10 Mobile device when the screen is locked.
-	
-        - **No, or not configured.**  Allows apps to read corporate data on Windows 10 Mobile device when the screen is locked.
-
-    - **Revoke encryption keys on unenroll.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from enterprise data protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
-
-        - **Yes, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
-        
-        - **No.** Stop local encryption keys from being revoked from a device during unenrollment. For example, if you’re migrating between Mobile Device Management (MDM) solutions.
-
-    - **Allow Windows Search to search encrypted corporate data and Store apps.** Determines whether Windows Search can search and index encrypted corporate data and Store apps. The options are:
-
-	    - **Yes.** Allows Windows Search to search and index encrypted corporate data and Store apps.
-
-	    - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps.
-
-    - **Show the enterprise data protection icon overlay.** Determines whether the enterprise data protection icon overlay appears on corporate files or in the **Start** menu, on top of the tiles for your unenlightened protected apps. The options are:
-
-    	- **Yes (recommended).** Allows the enterprise data protection icon overlay to appear for files or on top of the tiles for your unenlightened protected apps in the **Start** menu.
-
-	    - **No, or not configured.** Stops the enterprise data protection icon overlay from appearing for files or on top of the tiles for your unenlightened protected apps in the **Start** menu.
-
-2. Click **Save Policy**.
-
-## Related topics
-- [Add multiple apps to your enterprise data protection (EDP) Protected Apps list](add-apps-to-protected-list-using-custom-uri.md)
-- [Deploy your enterprise data protection (EDP) policy](deploy-edp-policy-using-intune.md)
-- [Create and deploy a VPN policy for enterprise data protection (EDP) using Microsoft Intune](create-vpn-and-edp-policy-using-intune.md)
-- [General guidance and best practices for enterprise data protection (EDP)](guidance-and-best-practices-edp.md)
\ No newline at end of file
+redirect_url:  https://technet.microsoft.com/itpro/windows/keep-secure/create-wip-policy-using-intune
+---
\ No newline at end of file
diff --git a/windows/keep-secure/create-edp-policy-using-sccm.md b/windows/keep-secure/create-edp-policy-using-sccm.md
index ee26d44b41..354503af96 100644
--- a/windows/keep-secure/create-edp-policy-using-sccm.md
+++ b/windows/keep-secure/create-edp-policy-using-sccm.md
@@ -1,541 +1,5 @@
 ---
 title: Create and deploy an enterprise data protection (EDP) policy using System Center Configuration Manager (Windows 10)
 description: Configuration Manager (version 1606 or later) helps you create and deploy your enterprise data protection (EDP) policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network.
-ms.assetid: 85b99c20-1319-4aa3-8635-c1a87b244529
-keywords: EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager
-ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: security
-author: eross-msft
----
-
-# Create and deploy an enterprise data protection (EDP) policy using System Center Configuration Manager
-**Applies to:**
-
--   Windows 10 Insider Preview
--   Windows 10 Mobile Preview
--   System Center Configuration Manager (version 1605 Tech Preview or later)
-
-<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-System Center Configuration Manager (version 1605 Tech Preview or later) helps you create and deploy your enterprise data protection (EDP) policy, including letting you choose your protected apps, your EDP-protection mode, and how to find enterprise data on the network.
-
->**Important**<br>
-If you previously created an EDP policy using System Center Configuration Manager version 1511 or 1602, you’ll need to recreate it using version 1605 Tech Preview or later. Editing an EDP policy created in version 1511 or 1602 is not supported in version 1605 Tech Preview. There is no migration path between EDP policies across these versions.
-
-## Add an EDP policy
-After you’ve installed and set up System Center Configuration Manager for your organization, you must create a configuration item for EDP, which in turn becomes your EDP policy.
-
-**To create a configuration item for EDP**
-
-1.  Open the System Center Configuration Manager console, click the **Assets and Compliance** node, expand the **Overview** node, expand the **Compliance Settings** node, and then expand the **Configuration Items** node.
-
-    ![System Center Configuration Manager, Configuration Items screen](images/edp-sccm-addpolicy.png)
-
-2.  Click the **Create Configuration Item** button.<p>
-The **Create Configuration Item Wizard** starts.
-
-    ![Create Configuration Item wizard, define the configuration item and choose the configuration type](images/edp-sccm-generalscreen.png)
-
-3.  On the **General Information screen**, type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
-
-4.  In the **Specify the type of configuration item you want to create** area, pick the option that represents whether you use System Center Configuration Manager for device management, and then click **Next**.
-
-    -   **Settings for devices managed with the Configuration Manager client:** Windows 10
-
-        -OR-
-
-    -   **Settings for devices managed without the Configuration Manager client:** Windows 8.1 and Windows 10
-
-5.  On the **Supported Platforms** screen, click the **Windows 10** box, and then click **Next**.
-
-    ![Create Configuration Item wizard, choose the supported platforms for the policy](images/edp-sccm-supportedplat.png)
-
-6.  On the **Device Settings** screen, click **Enterprise data protection**, and then click **Next**.
-
-    ![Create Configuration Item wizard, choose the enterprise data protection settings](images/edp-sccm-devicesettings.png)
-
-The **Configure enterprise data protection settings** page appears, where you'll configure your policy for your organization.
-
-### Add app rules to your policy
-During the policy-creation process in System Center Configuration Manager, you can choose the apps you want to give access to your enterprise data through EDP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps.
-
-The steps to add your app rules are based on the type of rule template being applied. You can add a store app (also known as a Universal Windows Platform (UWP) app), a signed desktop app (also known as a Classic Windows app), or an AppLocker policy file.
-
->**Important**<br>
-EDP-aware apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, EDP-unaware apps might not respect the corporate network boundary, and EDP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process. <p>Care must be taken to get a support statement from the software provider that their app is safe with EDP before adding it to your **App rules** list. If you don’t get this statement, it’s possible that you could experience app compat issues due to an app losing the ability to access a necessary file after revocation.
-
-#### Add a store app rule to your policy
-For this example, we’re going to add Microsoft OneNote, a store app, to the **App Rules** list.
-
-**To add a store app**
-
-1.	From the **App rules** area, click **Add**.
-    
-    The **Add app rule** box appears.
-
-    ![Create Configuration Item wizard, add a universal store app](images/edp-sccm-adduniversalapp.png)
-
-2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Microsoft OneNote*.
-
-3.	Click **Allow** from the **Enterprise data protection mode** drop-down list.
-
-    Allow turns on EDP, helping to protect that app’s corporate data through the enforcement of EDP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from EDP restrictions](#exempt-apps-from-edp) section.
-
-4.	Pick **Store App** from the **Rule template** drop-down list.
-
-    The box changes to show the store app rule options.
-
-5.	Type the name of the app and the name of its publisher, and then click **OK**. For this UWP app example, the **Publisher** is `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` and the **Product name** is `Microsoft.Office.OneNote`.
-
-If you don't know the publisher or product name, you can find them for both desktop devices and Windows 10 Mobile phones by following these steps.
-
-**To find the Publisher and Product Name values for Store apps without installing them**
-
-1.	Go to the [Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, Microsoft OneNote.
-
-    >**Note**<br>
-    If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the steps in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section.
-
-2.	Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, `9wzdncrfhvjl`.
-
-3.	In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata, where `9wzdncrfhvjl` is replaced with your ID value.
-
-    The API runs and opens a text editor with the app details.
-
-    ``` json
-        {
-        "packageIdentityName": "Microsoft.Office.OneNote",
-        "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
-        }
-    ```
-
-4.  Copy the `publisherCertificateName` value and paste them into the **Publisher Name** box, copy the `packageIdentityName` value into the **Product Name** box of Intune.
-
-    >**Important**<br>
-    The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as “CN=” followed by the `windowsPhoneLegacyId`.<p>For example:
-       ```json
-        {
-            "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
-        }
-        ```
-
-**To find the Publisher and Product Name values for apps installed on Windows 10 mobile phones**
-1.	If you need to add mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
-
-    >**Note**<br>
-    Your PC and phone must be on the same wireless network.
-
-2.	On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**.
-
-3.	On the **For developers** screen, turn on **Developer mode**, turn on **Device Discovery**, and then turn on **Device Portal**.
-
-4.	Copy the URL in the **Device Portal** area into your device's browser, and then accept the SSL certificate.
-
-5.	In the **Device discovery** area, press **Pair**, and then enter the PIN into the website from the previous step.
-
-6.	On the **Apps** tab of the website, you can see details for the running apps, including the publisher and product names.
-
-7.	Start the app for which you're looking for the publisher and product name values.
-
-8.	Copy the `publisherCertificateName` value and paste it into the **Publisher Name** box and the `packageIdentityName` value into the **Product Name** box of Intune.
-
-    >**Important**<br>
-    The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as “CN=” followed by the `windowsPhoneLegacyId`.<p>For example:
-       ```json
-        {
-            "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
-        }
-        ```
-
-#### Add a desktop app rule to your policy
-For this example, we’re going to add Internet Explorer, a desktop app, to the **App Rules** list.
-
-**To add a desktop app to your policy**
-1.	From the **App rules** area, click **Add**.
-    
-    The **Add app rule** box appears.
-
-    ![Create Configuration Item wizard, add a classic desktop app](images/edp-sccm-adddesktopapp.png)
-
-2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Internet Explorer*.
-
-3.	Click **Allow** from the **Enterprise data protection mode** drop-down list.
-
-    Allow turns on EDP, helping to protect that app’s corporate data through the enforcement of EDP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from EDP restrictions](#exempt-apps-from-edp) section.
-
-4.	Pick **Desktop App** from the **Rule template** drop-down list.
-
-    The box changes to show the desktop app rule options.
-
-5.	Pick the options you want to include for the app rule (see table), and then click **OK**.
-
-    <table>
-        <tr>
-            <th>Option</th>
-            <th>Manages</th>
-        </tr>
-        <tr>
-            <td>All fields left as “*”</td>
-            <td>All files signed by any publisher. (Not recommended.)</td>
-        </tr>
-        <tr>
-            <td><strong>Publisher</strong> selected</td>
-            <td>All files signed by the named publisher.<p>This might be useful if your company is the publisher and signer of internal line-of-business apps.</td>
-        </tr>
-        <tr>
-            <td><strong>Publisher</strong> and <strong>Product Name</strong> selected</td>
-            <td>All files for the specified product, signed by the named publisher.</td>
-        </tr>
-        <tr>
-            <td><strong>Publisher</strong>, <strong>Product Name</strong>, and <strong>Binary name</strong> selected</td>
-            <td>Any version of the named file or package for the specified product, signed by the named publisher.</td>
-        </tr>
-        <tr>
-            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, and above</strong>, selected</td>
-            <td>Specified version or newer releases of the named file or package for the specified product, signed by the named publisher.<p>This option is recommended for enlightened apps that weren't previously enlightened.</td>
-        </tr>
-        <tr>
-            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, And below</strong> selected</td>
-            <td>Specified version or older releases of the named file or package for the specified product, signed by the named publisher.</td>
-        </tr>
-        <tr>
-            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, Exactly</strong> selected</td>
-            <td>Specified version of the named file or package for the specified product, signed by the named publisher.</td>
-        </tr>
-    </table>
-
-If you’re unsure about what to include for the publisher, you can run this PowerShell command:
-
-```ps1
-Get-AppLockerFileInformation -Path "<path of the exe>"
-```
-Where `"<path of the exe>"` goes to the location of the app on the device. For example, `Get-AppLockerFileInformation -Path "C:\Program Files\Internet Explorer\iexplore.exe"`.
-
-In this example, you'd get the following info:
-
-``` json
-Path                   Publisher
-----                   ---------
-%PROGRAMFILES%\INTERNET EXPLORER\IEXPLORE.EXE O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\INTERNET EXPLOR...
-```
-Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the publisher name to enter in the **Publisher Name** box.
-
-#### Add an AppLocker policy file
-For this example, we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com/en-us/itpro/windows/keep-secure/applocker-overview) content.
-
-**To create an app rule and xml file using the AppLocker tool**
-1.	Open the Local Security Policy snap-in (SecPol.msc).
-    
-2.	In the left pane, expand **Application Control Policies**, expand **AppLocker**, and then click **Packaged App Rules**.
-
-    ![Local security snap-in, showing the Packaged app Rules](images/intune-local-security-snapin.png)
-
-3.	Right-click in the right-hand pane, and then click **Create New Rule**.
-
-    The **Create Packaged app Rules** wizard appears.
-
-4. On the **Before You Begin** page, click **Next**.
-
-    ![Create Packaged app Rules wizard, showing the Before You Begin page](images/intune-applocker-before-begin.png)
-
-5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**.
-
-    ![Create Packaged app Rules wizard, showing the Before You Begin page](images/intune-applocker-permissions.png)
-
-6.	On the **Publisher** page, click **Select** from the **Use an installed packaged app as a reference** area.
-
-    ![Create Packaged app Rules wizard, showing the Publisher](images/intune-applocker-publisher.png)
-
-7. In the **Select applications** box, pick the app that you want to use as the reference for your rule, and then click **OK**. For this example, we’re using Microsoft Photos.
-
-    ![Create Packaged app Rules wizard, showing the Select applications page](images/intune-applocker-select-apps.png)
-
-8. On the updated **Publisher** page, click **Create**.
-
-    ![Create Packaged app Rules wizard, showing the Microsoft Photos on the Publisher page](images/intune-applocker-publisher-with-app.png)
-
-9. Review the Local Security Policy snap-in to make sure your rule is correct.
-
-    ![Local security snap-in, showing the new rule](images/intune-local-security-snapin-updated.png)
-
-10.	In the left pane, right-click on **AppLocker**, and then click **Export policy**.
-
-    The **Export policy** box opens, letting you export and save your new policy as XML.
-
-    ![Local security snap-in, showing the Export Policy option](images/intune-local-security-export.png)
-
-11.	In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**.
-
-    The policy is saved and you’ll see a message that says 1 rule was exported from the policy.
-
-    **Example XML file**<br>
-    This is the XML file that AppLocker creates for Microsoft Photos.
-
-    ```xml
-     <AppLockerPolicy Version="1">
-        <RuleCollection Type="Exe" EnforcementMode="NotConfigured" />
-        <RuleCollection Type ="Msi" EnforcementMode="NotConfigured" />
-        <RuleCollection Type ="Script" EnforcementMode="NotConfigured" />
-        <RuleCollection Type ="Dll" EnforcementMode="NotConfigured" />
-        <RuleCollection Type ="Appx" EnforcementMode="NotConfigured">
-            <FilePublisherRule Id="5e0c752b-5921-4f72-8146-80ad5f582110" Name="Microsoft.Windows.Photos, version 16.526.0.0 and above, from Microsoft Corporation" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
-                <Conditions>
-                    <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Photos" BinaryName="*">
-                        <BinaryVersionRange LowSection="16.526.0.0" HighSection="*" />
-                    </FilePublisherCondition>
-                </Conditions>
-            </FilePublisherRule>
-        </RuleCollection>
-	</AppLockerPolicy>
-    ```
-12. After you’ve created your XML file, you need to import it by using System Center Configuration Manager.
-
-**To import your Applocker policy file app rule using 1System Center Configuration Manager**
-1.	From the **App rules** area, click **Add**.
-    
-    The **Add app rule** box appears.
-
-    ![Create Configuration Item wizard, add an AppLocker policy](images/edp-sccm-addapplockerfile.png)
-
-2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Allowed app list*.
-
-3.	Click **Allow** from the **Enterprise data protection mode** drop-down list.
-
-    Allow turns on EDP, helping to protect that app’s corporate data through the enforcement of EDP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from EDP restrictions](#exempt-apps-from-edp) section.
-
-4.	Pick the **AppLocker policy file** from the **Rule template** drop-down list.
-
-    The box changes to let you import your AppLocker XML policy file.
-
-5. Click the ellipsis (...) to browse for your AppLocker XML file, click **Open**, and then click **OK** to close the **Add app rule** box.
-
-    The file is imported and the apps are added to your **App Rules** list.
-
-#### Exempt apps from EDP restrictions
-If you're running into compatibility issues where your app is incompatible with EDP, but still needs to be used with enterprise data, you can exempt the app from the EDP restrictions. This means that your apps won't include auto-encryption or tagging and won't honor your network restrictions. It also means that your exempted apps might leak.
-
-**To exempt a store app, a desktop app, or an AppLocker policy file app rule**
-
-1.	From the **App rules** area, click **Add**.
-    
-    The **Add app rule** box appears.
-
-2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Exempt apps list*.
-
-3.	Click **Exempt** from the **Enterprise data protection mode** drop-down list.
-
-    Be aware that when you exempt apps, they’re allowed to bypass the EDP restrictions and access your corporate data. To allow apps, see the [Add app rules to your policy](#add-app-rules-to-your-policy) section of this topic.
-
-4.	Fill out the rest of the app rule info, based on the type of rule you’re adding:
-
-    - **Store app.** Follow the **Publisher** and **Product name** instructions in the [Add a store app rule to your policy](#add-a-store-app-rule-to-your-policy) section of this topic.
-
-    - **Desktop app.** Follow the **Publisher**, **Product name**, **Binary name**, and **Version** instructions in the [Add a desktop app rule to your policy](#add-a-desktop-app-rule-to-your-policy) section of this topic.
-
-    - **AppLocker policy file.** Follow the **Import** instructions in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section of this topic, using a list of exempted apps.
-
-5.	Click **OK**.
-
-### Manage the EDP-protection level for your enterprise data
-After you've added the apps you want to protect with EDP, you'll need to apply a management and protection mode.
-
-We recommend that you start with **Silent** or **Override** while verifying with a small group that you have the right apps on your protected apps list. After you're done, you can change to your final enforcement policy, either **Override** or **Block**.
-
-|Mode |Description |
-|-----|------------|
-|Block |EDP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between other people and devices outside of your enterprise.|
-|Override |EDP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](http://go.microsoft.com/fwlink/p/?LinkID=746459). |
-|Silent |EDP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or EDP-protected data, are still blocked.|
-|Off (not recommended) |EDP is turned off and doesn't help to protect or audit your data.<p>After you turn off EDP, an attempt is made to decrypt any closed EDP-tagged files on the locally attached drives.|
-
-![Create Configuration Item wizard, choose your EDP-protection level](images/edp-sccm-appmgmt.png)
-
-### Define your enterprise-managed identity domains
-Corporate identity, usually expressed as your primary internet domain (for example, contoso.com), helps to identify and tag your corporate data from apps you’ve marked as protected by EDP. For example, emails using contoso.com are identified as being corporate and are restricted by your enterprise data protection policies.
-
-You can specify multiple domains owned by your enterprise by separating them with the "|" character. For example, (contoso.com|newcontoso.com). With multiple domains, the first one is designated as your corporate identity and all of the additional ones as being owned by the first one. We strongly recommend that you include all of your email address domains in this list.
-
-**To add your corporate identity**
-
-- Type the name of your corporate identity into the **Corporate identity** field. For example, `contoso.com` or `contoso.com|newcontoso.com`.
-
-    ![Create Configuration Item wizard, Add the primary Internet domain for your enterprise identity](images/edp-sccm-corp-identity.png)
-
-### Choose where apps can access enterprise data
-After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network.
-
-There are no default locations included with EDP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise’s range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
-
->**Important**<br>
-- Every EDP policy should include policy that defines your enterprise network locations.
-- Classless Inter-Domain Routing (CIDR) notation isn’t supported for EDP configurations.
-
-**To define where your protected apps can find and send enterprise data on you network**
-
-1. Add additional network locations your apps can access by clicking **Add**.
-
-    The **Add or edit corporate network definition** box appears.
-
-2.	Type a name for your corporate network element into the **Name** box, and then pick what type of network element it is, from the **Network element** drop-down box. This can include any of the options in the following table.
-
-    ![Add or edit corporate network definition box, Add your enterprise network locations](images/edp-sccm-add-network-domain.png)
-
-    <table>
-        <tr>
-            <th>Network location type</th>
-            <th>Format</th>
-            <th>Description</th>
-        </tr>
-        <tr>
-            <td>Enterprise Cloud Resources</td>
-            <td>**With proxy:** contoso.sharepoint.com,proxy.contoso.com|<br>contoso.visualstudio.com,proxy.contoso.com<p>**Without proxy:** contoso.sharepoint.com|contoso.visualstudio.com</td>
-            <td>Specify the cloud resources to be treated as corporate and protected by EDP.<p>For each cloud resource, you may also optionally specify an internal proxy server that routes your traffic through your Enterprise Internal Proxy Server.<p>If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: `URL <,proxy>|URL <,proxy>`.<p>If Windows is unable to determine whether an app should be allowed to connect to a network resource, it will automatically block the connection. If instead you want Windows to allow the connections to happen, you can add the `/*AppCompat*/` string to this setting. For example: `URL <,proxy>|URL <,proxy>|/*AppCompat*/`</td>
-        </tr>
-        <tr>
-            <td>Enterprise Network Domain Names (Required)</td>
-            <td>corp.contoso.com,region.contoso.com</td>
-            <td>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.<p>This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.<p>If you have multiple resources, you must separate them using the "," delimiter.</td>                
-        </tr>
-        <tr>
-            <td>Enterprise Proxy Servers</td>
-            <td>proxy.contoso.com:80;proxy2.contoso.com:137</td>
-            <td>Specify your externally-facing proxy server addresses, along with the port through which traffic is allowed and protected with EDP.<p>This list shouldn’t include any servers listed in the Enterprise Internal Proxy Servers list, which are used for EDP-protected traffic.<p>This setting is also required if you use a proxy in your network. If you don't have a proxy server, you might find that enterprise resources are unavailable when a client is behind a proxy, such as when you’re visiting another company and not on that company’s guest network.<p>If you have multiple resources, you must separate them using the ";" delimiter.</td>
-        </tr>
-        <tr>
-            <td>Enterprise Internal Proxy Servers</td>
-            <td>contoso.internalproxy1.com;contoso.internalproxy2.com</td>
-            <td>Specify the proxy servers your devices will go through to reach your cloud resources.<p>Using this server type indicates that the cloud resources you’re connecting to are enterprise resources.<p>This list shouldn’t include any servers listed in the Enterprise Proxy Servers list, which are used for non-EDP-protected traffic.<p>If you have multiple resources, you must separate them using the ";" delimiter.</td>                
-        </tr>
-        <tr>
-            <td>Enterprise IPv4 Range (Required)</td>
-            <td>**Starting IPv4 Address:** 3.4.0.1<br>**Ending IPv4 Address:** 3.4.255.254<br>**Custom URI:** 3.4.0.1-3.4.255.254,<br>10.0.0.1-10.255.255.254</td>
-            <td>Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.<p>If you have multiple ranges, you must separate them using the "," delimiter.</td>
-        </tr>
-        <tr>
-            <td>Enterprise IPv6 Range</td>
-            <td>**Starting IPv6 Address:** 2a01:110::<br>**Ending IPv6 Address:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff<br>**Custom URI:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,<br>fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff</td>
-            <td>Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.<p>If you have multiple ranges, you must separate them using the "," delimiter.</td>
-        </tr>
-        <tr>
-            <td>Neutral Resources</td>
-            <td>sts.contoso.com,sts.contoso2.com</td>
-            <td>Specify your authentication redirection endpoints for your company.<p>These locations are considered enterprise or personal, based on the context of the connection before the redirection.<p>If you have multiple resources, you must separate them using the "," delimiter.</td>
-        </tr>           
-    </table>
-
-3.	Add as many locations as you need, and then click **OK**.
-
-    The **Add or edit corporate network definition** box closes.
-
-4.	Decide if you want to Windows to look for additional network settings.
-
-    ![Create Configuration Item wizard, Add whether to search for additional network settings](images/edp-sccm-optsettings.png)
-
-        - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you clear this box, Windows will search for additional proxy servers in your immediate network.
-
-        - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network.
-
-        - **Show the enterprise data protection icon overlay on your allowed apps that are EDP-unaware in the Windows Start menu and on corporate file icons in the File Explorer.** Click this box if you want the enterprise data protection icon overlay to appear on corporate files or in the Start menu, on top the tiles for your unenlightened protected apps.
-
-5.	In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
-    
-    ![Create Configuration Item wizard, Add a data recovery agent (DRA) certificate](images/edp-sccm-dra.png)
-
-    After you create and deploy your EDP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data. 
-    
-    For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](http://go.microsoft.com/fwlink/p/?LinkId=761462) topic.
-
-#### Create and verify an Encrypting File System (EFS) DRA certificate for EDP
-If you don’t already have an EFS DRA certificate, you’ll need to create and extract one from your system before you can use EDP in your organization. For the purposes of this section, we’ll use the file name EFSDRA; however, this name can be replaced with anything that makes sense to you.
-
->**Important**<br>If you already have an EFS DRA certificate for your organization, you can skip creating a new one. Just use your current EFS DRA certificate in your policy.
-
-**To manually create an EFS DRA certificate**
-1. On a computer without an EFS DRA certificate installed, open a command prompt with elevated rights, and then navigate to where you want to store the certificate.
-2. Run this command:
-    
-    `cipher /r:<EFSDRA>`<br>Where `<EFSDRA>` is the name of the .cer and .pfx files that you want to create.
-
-3. When prompted, type and confirm a password to help protect your new Personal Information Exchange (.pfx) file.
-
-    The EFSDRA.cer and EFSDRA.pfx files are created in the location you specified in Step 1. 
-
-    >**Important**<br>Because these files can be used to decrypt any EDP file, you must protect them accordingly. We highly recommend storing them as a public key (PKI) on a smart card with strong protection, stored in a secured physical location.
-
-4.	Add your EFS DRA certificate to your EDP policy by using Step 3 of the [Choose where apps can access enterprise data](#choose-where-apps-can-access-enterprise-data) section of this topic.
-
-**To verify your data recovery certificate is correctly set up on an EDP client computer**
-1.	Open an app on your protected app list, and then create and save a file so that it’s encrypted by EDP.
-
-2.	Open a command prompt with elevated rights, navigate to where you stored the file you just created, and then run this command:
-
-    `cipher /c <filename>`<br>Where `<filename>` is the name of the file you created in Step 1.
-
-3.	Make sure that your data recovery certificate is listed in the **Recovery Certificates** list.
-
-**To recover your data using the EFS DRA certificate in a test environment**
-1.	Copy your EDP-encrypted file to a location where you have admin access.
-
-2.	Install the EFSDRA.pfx file, using your password.
-
-3.	Open a command prompt with elevated rights, navigate to the encrypted file, and then run this command:
-
-    `cipher /d <encryptedfile.extension>`<br>Where `<encryptedfile.extension>` is the name of your encrypted file. For example, corporatedata.docx.
-
-### Choose your optional EDP-related settings
-After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional EDP settings.
-
-![Create Configuration Item wizard, Choose any additional, optional settings](images/edp-sccm-additionalsettings.png)
-
-**To set your optional settings**
-1.	Choose to set any or all of the optional settings:
-
-    - **Show the Personal option in the File ownership menus of File Explorer and the Save As dialog box.** Determines whether users can see the Personal option for files within File Explorer and the **Save As** dialog box. The options are:
-    
-        - **Yes, or not configured (recommended).** Employees can choose whether a file is **Work** or **Personal** in File Explorer and the **Save As** dialog box. 
-	
-        - **No.** Hides the **Personal** option from employees. Be aware that if you pick this option, apps that use the **Save As** dialog box might encrypt new files as corporate data unless a different file path is given during the original file creation. After this happens, decryption of work files becomes more difficult.
-
-    - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile**. Determines whether apps can show corporate data on a Windows 10 Mobile device **Lock** screen. The options are:
-	
-        - **Yes (recommended).** Stop apps from reading corporate data on Windows 10 Mobile device when the screen is locked.
-	
-        - **No, or not configured.**  Allows apps to read corporate data on Windows 10 Mobile device when the screen is locked.
-
-    - **Allow Windows Search to search encrypted corporate data and Store apps.** Determines whether Windows Search can search and index encrypted corporate data and Store apps. The options are:
-
-	    - **Yes.** Allows Windows Search to search and index encrypted corporate data and Store apps.
-
-	    - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps.
-
-    - **Revoke local encryption keys during the unerollment process.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from enterprise data protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
-
-        - **Yes, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
-        
-        - **No.** Stop local encryption keys from being revoked from a device during unenrollment. For example, if you’re migrating between Mobile Device Management (MDM) solutions.
-
-2. After you pick all of the settings you want to include, click **Summary**.
-
-### Review your configuration choices in the Summary screen
-After you've finished configuring your policy, you can review all of your info on the **Summary** screen.
-
-**To view the Summary screen**
-- Click the **Summary** button to review your policy choices, and then click **Next** to finish and to save your policy.
-
-    ![Create Configuration Item wizard, Summary screen for all of your policy choices](images/edp-sccm-summaryscreen.png)
- 
-    A progress bar appears, showing you progress for your policy. After it's done, click **Close** to return to the **Configuration Items** page.
-
-
-## Deploy the EDP policy
-After you’ve created your EDP policy, you'll need to deploy it to your organization's devices. For info about your deployment options, see these topics:
-- [Operations and Maintenance for Compliance Settings in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=708224)
-- [How to Create Configuration Baselines for Compliance Settings in Configuration Manager]( http://go.microsoft.com/fwlink/p/?LinkId=708225)
-- [How to Deploy Configuration Baselines in Configuration Manager]( http://go.microsoft.com/fwlink/p/?LinkId=708226)
-
-## Related topics
-- [System Center Configuration Manager and Endpoint Protection (Version 1606)](http://go.microsoft.com/fwlink/p/?LinkId=717372)
-- [TechNet documentation for Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=691623)
-- [Manage mobile devices with Configuration Manager and Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=691624)
\ No newline at end of file
+redirect_url:  https://technet.microsoft.com/itpro/windows/keep-secure/create-wip-policy-using-sccm
+---
\ No newline at end of file
diff --git a/windows/keep-secure/create-inbound-rules-to-support-rpc.md b/windows/keep-secure/create-inbound-rules-to-support-rpc.md
index 0ba04d529e..a7cf60c649 100644
--- a/windows/keep-secure/create-inbound-rules-to-support-rpc.md
+++ b/windows/keep-secure/create-inbound-rules-to-support-rpc.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To allow inbound remote procedure call (RPC) network traffic, use the Windows Firewall with Advanced Security node in the Group Policy Management console to create two firewall rules. The first rule allows incoming network packets on TCP port 135 to the RPC Endpoint Mapper service. The incoming traffic consists of requests to communicate with a specified network service. The RPC Endpoint Mapper replies with a dynamically-assigned port number that the client must use to communicate with the service. The second rule allows the network traffic that is sent to the dynamically-assigned port number. Using the two rules configured as described in this topic helps to protect your device by allowing network traffic only from devices that have received RPC dynamic port redirection and to only those TCP port numbers assigned by the RPC Endpoint Mapper.
 
diff --git a/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md b/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
index c623dd725f..ef423697d1 100644
--- a/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
+++ b/windows/keep-secure/create-list-of-applications-deployed-to-each-business-group.md
@@ -41,10 +41,10 @@ initially. Therefore, you should continue your evaluation until you can verify t
 >**Tip:**  If you run Application Verifier against a custom application with any AppLocker policies enabled, it might prevent the application from running. You should either disable Application Verifier or AppLocker.
 You can create an inventory of Universal Windows apps on a device by using two methods: the **Get-AppxPackage** Windows PowerShell cmdlet or the AppLocker console.
  
-The following topics in the [AppLocker Step-by-Step Guide](http://go.microsoft.com/fwlink/p/?LinkId=160261) describe how to perform each method:
+The following topics in the [AppLocker Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=160261) describe how to perform each method:
 
--   [Automatically generating executable rules from a reference computer](http://go.microsoft.com/fwlink/p/?LinkId=160264)
--   [Using auditing to track which apps are used](http://go.microsoft.com/fwlink/p/?LinkId=160281)
+-   [Automatically generating executable rules from a reference computer](https://go.microsoft.com/fwlink/p/?LinkId=160264)
+-   [Using auditing to track which apps are used](https://go.microsoft.com/fwlink/p/?LinkId=160281)
 
 ### Prerequisites to completing the inventory
 
diff --git a/windows/keep-secure/create-vpn-and-edp-policy-using-intune.md b/windows/keep-secure/create-vpn-and-edp-policy-using-intune.md
index 760968b092..edd007a4f0 100644
--- a/windows/keep-secure/create-vpn-and-edp-policy-using-intune.md
+++ b/windows/keep-secure/create-vpn-and-edp-policy-using-intune.md
@@ -1,119 +1,5 @@
 ---
 title: Create and deploy a VPN policy for enterprise data protection (EDP) using Microsoft Intune (Windows 10)
 description: After you've created and deployed your enterprise data protection (EDP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your EDP policy.
-ms.assetid: d0eaba4f-6d7d-4ae4-8044-64680a40cf6b
-keywords: EDP, Enterprise Data Protection
-ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: security
-author: eross-msft
----
-
-# Create and deploy a VPN policy for enterprise data protection (EDP) using Microsoft Intune
-**Applies to:**
-
--   Windows 10 Insider Preview
--   Windows 10 Mobile Preview
-
-<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-After you've created and deployed your enterprise data protection (EDP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your EDP policy.
-
-## Create your VPN policy using Microsoft Intune
-Follow these steps to create the VPN policy you want to use with EDP.
-
-**To create your VPN policy**
-
-1.  Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**.
-
-2.  Go to **Windows**, click the **VPN Profile (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
-
-    ![Microsoft Intune: Create a new policy using the New Policy screen](images/intune-vpn-createpolicy.png)
-
-3.  Type *EdpModeID* into the **Name** box, along with an optional description for your policy into the **Description** box.
-
-    ![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-titledescription.png)
-
-4.  In the **VPN Settings** area, type the following info:
-
-    -   **VPN connection name.** This name is also what appears to your employees, so it's important that it be clear and understandable.
-
-    -   **Connection type.** Pick the connection type that matches your infrastructure. The options are **Pulse Secure**, **F5 Edge Client**, **Dell SonicWALL Mobile Connect**, or **Check Point Capsule VPN**.
-
-    -   **VPN server description.** A descriptive name for this connection. Only you will see it, but it should be unique and readable.
-
-    -   **Server IP address or FQDN.** The server's IP address or fully-qualified domain name (FQDN).
-
-        ![Microsoft Intune: Fill in the VPN Settings area](images/intune-vpn-vpnsettings.png)
-
-5.  In the **Authentication** area, choose the authentication method that matches your VPN infrastructure, either **Username and Password** or **Certificates**.<p>
-It's your choice whether you check the box to **Remember the user credentials at each logon**.
-
-    ![Microsoft Intune: Choose the Authentication Method for your VPN system](images/intune-vpn-authentication.png)
-
-6.  You can leave the rest of the default or blank settings, and then click **Save Policy**.
-
-## Deploy your VPN policy using Microsoft Intune
-After you’ve created your VPN policy, you'll need to deploy it to the same group you deployed your enterprise data protection (EDP) policy.
-
-**To deploy your VPN policy**
-
-1.  On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button.
-
-2.  In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**.<p>
-The added people move to the **Selected Groups** list on the right-hand pane.
-
-    ![Microsoft Intune: Pick the group of employees that should get the policy](images/intune-deploy-vpn.png)
-
-3.  After you've picked all of the employees and groups that should get the policy, click **OK**.<p>
-The policy is deployed to the selected users' devices.
-
-## Link your EDP and VPN policies and deploy the custom configuration policy
-The final step to making your VPN configuration work with EDP, is to link your two policies together. To do this, you must first create a custom configuration policy, setting it to use your **EdpModeID** setting, and then deploying the policy to the same group you deployed your EDP and VPN policies
-
-**To link your VPN policy**
-
-1.  Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**.
-
-2.  Go to **Windows**, click the **Custom Configuration (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
-
-    ![Microsoft Intune: Create a new policy from the New Policy screen](images/intune-vpn-customconfig.png)
-
-3.  Type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
-
-    ![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-edpmodeid.png)
-
-4.  In the **OMA-URI Settings** area, click **Add** to add your **EdpModeID** info.
-
-5.  In the **OMA-URI Settings** area, type the following info:
-
-    -   **Setting name.** Type **EdpModeID** as the name.
-
-    -   **Data type.** Pick the **String** data type.
-
-    -   **OMA-URI.** Type `./Vendor/MSFT/VPNv2/<your_edp_policy_name>/EdpModeId`, replacing *&lt;your\_edp\_policy\_name&gt;* with the name you gave to your EDP policy. For example, `./Vendor/MSFT/VPNv2/W10-Checkpoint-VPN1/EdpModeId`.
-
-    -   **Value.** Your fully-qualified domain that should be used by the OMA-URI setting.
-
-        ![Microsoft Intune: Fill in the OMA-URI Settings for the EdpModeID setting](images/intune-vpn-omaurisettings.png)
-
-6.  Click **OK** to save your new OMA-URI setting, and then click **Save Policy.**
-
-
- **To deploy your linked policy**
-
-1.  On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button.
-
-2.  In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**. The added people move to the **Selected Groups** list on the right-hand pane.
-
-3.  After you've picked all of the employees and groups that should get the policy, click **OK**. The policy is deployed to the selected users' devices.
-
- 
-
- 
-
-
-
-
-
+redirect_url:  https://technet.microsoft.com/itpro/windows/keep-secure/create-vpn-and-wip-policy-using-intune
+---
\ No newline at end of file
diff --git a/windows/keep-secure/create-vpn-and-wip-policy-using-intune.md b/windows/keep-secure/create-vpn-and-wip-policy-using-intune.md
new file mode 100644
index 0000000000..339d6b3da3
--- /dev/null
+++ b/windows/keep-secure/create-vpn-and-wip-policy-using-intune.md
@@ -0,0 +1,116 @@
+---
+title: Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune (Windows 10)
+description: After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
+ms.assetid: d0eaba4f-6d7d-4ae4-8044-64680a40cf6b
+keywords: WIP, Enterprise Data Protection
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+author: eross-msft
+localizationpriority: high
+---
+
+# Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune
+**Applies to:**
+
+-   Windows 10, version 1607
+-   Windows 10 Mobile
+
+After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to create and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
+
+## Create your VPN policy using Microsoft Intune
+Follow these steps to create the VPN policy you want to use with WIP.
+
+**To create your VPN policy**
+
+1.  Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**.
+
+2.  Go to **Windows**, click the **VPN Profile (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
+
+    ![Microsoft Intune, Create a new policy using the New Policy screen](images/intune-vpn-createpolicy.png)
+
+3.  Type *WIPModeID* into the **Name** box, along with an optional description for your policy into the **Description** box.
+
+    ![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-titledescription.png)
+
+4.  In the **VPN Settings** area, type the following info:
+
+    -   **VPN connection name.** This name is also what appears to your employees, so it's important that it be clear and understandable.
+
+    -   **Connection type.** Pick the connection type that matches your infrastructure. The options are **Pulse Secure**, **F5 Edge Client**, **Dell SonicWALL Mobile Connect**, or **Check Point Capsule VPN**.
+
+    -   **VPN server description.** A descriptive name for this connection. Only you will see it, but it should be unique and readable.
+
+    -   **Server IP address or FQDN.** The server's IP address or fully-qualified domain name (FQDN).
+
+        ![Microsoft Intune: Fill in the VPN Settings area](images/intune-vpn-vpnsettings.png)
+
+5.  In the **Authentication** area, choose the authentication method that matches your VPN infrastructure, either **Username and Password** or **Certificates**.<p>
+It's your choice whether you check the box to **Remember the user credentials at each logon**.
+
+    ![Microsoft Intune, Choose the Authentication Method for your VPN system](images/intune-vpn-authentication.png)
+
+6.  You can leave the rest of the default or blank settings, and then click **Save Policy**.
+
+## Deploy your VPN policy using Microsoft Intune
+After you’ve created your VPN policy, you'll need to deploy it to the same group you deployed your Windows Information Protection (WIP) policy.
+
+**To deploy your VPN policy**
+
+1.  On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button.
+
+2.  In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**.<p>
+The added people move to the **Selected Groups** list on the right-hand pane.
+
+    ![Microsoft Intune: Pick the group of employees that should get the policy](images/intune-deploy-vpn.png)
+
+3.  After you've picked all of the employees and groups that should get the policy, click **OK**.<p>
+The policy is deployed to the selected users' devices.
+
+## Link your WIP and VPN policies and deploy the custom configuration policy
+The final step to making your VPN configuration work with WIP, is to link your two policies together. To do this, you must first create a custom configuration policy, setting it to use your **WIPModeID** setting, and then deploying the policy to the same group you deployed your WIP and VPN policies
+
+**To link your VPN policy**
+
+1.  Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy**.
+
+2.  Go to **Windows**, click the **Custom Configuration (Windows 10 Desktop and Mobile and later)**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
+
+    ![Microsoft Intune, Create a new policy from the New Policy screen](images/intune-vpn-customconfig.png)
+
+3.  Type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
+
+    ![Microsoft Intune: Fill in the required Name and optional Description for your policy](images/intune-vpn-wipmodeid.png)
+
+4.  In the **OMA-URI Settings** area, click **Add** to add your **WIPModeID** info.
+
+5.  In the **OMA-URI Settings** area, type the following info:
+
+    -   **Setting name.** Type **WIPModeID** as the name.
+
+    -   **Data type.** Pick the **String** data type.
+
+    -   **OMA-URI.** Type `./Vendor/MSFT/VPNv2/<your_wip_policy_name>/WIPModeId`, replacing *&lt;your\_wip\_policy\_name&gt;* with the name you gave to your WIP policy. For example, `./Vendor/MSFT/VPNv2/W10-Checkpoint-VPN1/WIPModeId`.
+
+    -   **Value.** Your fully-qualified domain that should be used by the OMA-URI setting.
+
+        ![Microsoft Intune: Fill in the OMA-URI Settings for the WIPModeID setting](images/intune-vpn-omaurisettings.png)
+
+6.  Click **OK** to save your new OMA-URI setting, and then click **Save Policy.**
+
+
+ **To deploy your linked policy**
+
+1.  On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button.
+
+2.  In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**. The added people move to the **Selected Groups** list on the right-hand pane.
+
+    ![Microsoft Intune, Manage Deployment box used to deploy your linked VPN policy](images/intune-groupselection_vpnlink.png)
+
+3.  After you've picked all of the employees and groups that should get the policy, click **OK**. The policy is deployed to the selected users' devices.
+
+
+
+
+
diff --git a/windows/keep-secure/create-wip-policy-using-intune.md b/windows/keep-secure/create-wip-policy-using-intune.md
new file mode 100644
index 0000000000..7a107e086c
--- /dev/null
+++ b/windows/keep-secure/create-wip-policy-using-intune.md
@@ -0,0 +1,472 @@
+---
+title: Create a Windows Information Protection (WIP) policy using Microsoft Intune (Windows 10)
+description: Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
+ms.assetid: 4b307c99-3016-4d6a-9ae7-3bbebd26e721
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+author: eross-msft
+localizationpriority: high
+---
+
+# Create a Windows Information Protection (WIP) policy using Microsoft Intune
+**Applies to:**
+
+-   Windows 10, version 1607
+-   Windows 10 Mobile
+
+Microsoft Intune helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your allowed apps, your WIP-protection level, and how to find enterprise data on the network.
+
+## Important note about the June service update for Insider Preview
+We've received some great feedback from you, our Windows 10 Insider Preview customers, about our Windows Information Protection experiences and processes. Because of that feedback, we're delighted to deliver an enhanced apps policy experience with the June service update. This means that when you open an existing Windows Information Protection policy after we release the June service update in your test environment, your existing Windows 10 Windows Information Protection app rules (formerly in the **Protected Apps** area) will be removed.<p>To prepare for this change, we recommend that you make an immediate backup of your current app rules as they are today, so you can use them to help reconfigure your app rules with the enhanced experience. When you open an existing Windows Information Protection policy after we release the June service update, you'll get a dialog box telling you about this change. Click the **OK** button to close the box and to begin reconfiguring your app rules.
+
+![Microsoft Intune: Reconfigure app rules list dialog box](images/wip-intune-app-reconfig-warning.png)
+
+Note that if you exit the **Policy** page before you've saved your new policy, your existing deployments won't be affected. However, if you save the policy without reconfiguring your apps, an updated policy will be deployed to your employees with an empty app rules list.
+ 
+## Add a WIP policy
+After you’ve set up Intune for your organization, you must create a WIP-specific policy.
+
+**To add a WIP policy**
+1.  Open the Intune administration console, and go to the **Policy** node, and then click **Add Policy** from the **Tasks** area.
+
+2.  Go to **Windows**, click the **Windows Information Protection (Windows 10 Desktop and Mobile and later) policy**, click **Create and Deploy a Custom Policy**, and then click **Create Policy**.
+
+    ![Microsoft Intune: Create your new policy from the New Policy screen](images/intune-createnewpolicy.png)
+
+3.  Type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
+
+    ![Microsoft Intune: Fill out the required Name and optional Description fields](images/intune-generalinfo.png)
+
+### Add app rules to your policy
+During the policy-creation process in Intune, you can choose the apps you want to give access to your enterprise data through WIP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps.
+
+The steps to add your app rules are based on the type of rule template being applied. You can add a store app (also known as a Universal Windows Platform (UWP) app), a signed Windows desktop app, or an AppLocker policy file.
+
+>**Important**<br>WIP-aware apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, WIP-unaware apps might not respect the corporate network boundary, and WIP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process.<p>Care must be taken to get a support statement from the software provider that their app is safe with WIP before adding it to your **App Rules** list. If you don’t get this statement, it’s possible that you could experience app compat issues due to an app losing the ability to access a necessary file after revocation.
+
+>**Note**<br>
+If you want to use **File hash** or **Path** rules, instead of **Publisher** rules, you must follow the steps in the [Add apps to your Windows Information Protection (WIP) policy by using the Microsoft Intune custom URI functionality](add-apps-to-protected-list-using-custom-uri.md) topic.
+
+#### Add a store app rule to your policy
+For this example, we’re going to add Microsoft OneNote, a store app, to the **App Rules** list.
+
+**To add a store app**
+1.	From the **App Rules** area, click **Add**.
+
+    The **Add App Rule** box appears.
+
+    ![Microsoft Intune, Add a store app to your policy](images/intune-add-uwp-apps.png)
+
+2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Microsoft OneNote*.
+
+3.	Click **Allow** from the **Windows Information Protection mode** drop-down list.
+
+    Allow turns on WIP, helping to protect that app’s corporate data through the enforcement of WIP restrictions. Instructions for exempting an app are included in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section of this topic.
+
+4.	Pick **Store App** from the **Rule template** drop-down list.
+
+    The box changes to show the store app rule options.
+
+5.	Type the name of the app and the name of its publisher, and then click **OK**. For this UWP app example, the **Publisher** is `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` and the **Product name** is `Microsoft.Office.OneNote`.
+
+If you don't know the publisher or product name, you can find them for both desktop devices and Windows 10 Mobile phones by following these steps.
+
+**To find the Publisher and Product Name values for Store apps without installing them**
+1.	Go to the [Windows Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, *Microsoft OneNote*.
+
+    >**Note**<br>
+    If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the [Add apps to your Windows Information Protection (WIP) policy by using the Microsoft Intune custom URI functionality](add-apps-to-protected-list-using-custom-uri.md) topic.
+
+2.	Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, `9wzdncrfhvjl`.
+
+3.	In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata, where `9wzdncrfhvjl` is replaced with your ID value.
+
+    The API runs and opens a text editor with the app details.
+
+    ```json
+    {
+        "packageIdentityName": "Microsoft.Office.OneNote",
+        "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
+    }
+    ```
+
+4. Copy the `publisherCertificateName` value into the **Publisher Name** box and copy the `packageIdentityName` value into the **Product Name** box of Intune.
+
+    >**Important**<br>
+    The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as `CN=` followed by the `windowsPhoneLegacyId`.<p>For example:
+        
+    ```json
+        {
+            "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
+        }
+    ```
+
+**To find the Publisher and Product Name values for apps installed on Windows 10 mobile phones**
+1.	If you need to add mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
+
+    >**Note**<br>Your PC and phone must be on the same wireless network.
+
+2.	On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**.
+
+3.	In the **For developers** screen, turn on **Developer mode**, turn on **Device Discovery**, and then turn on **Device Portal**.
+
+4.	Copy the URL in the **Device Portal** area into your device's browser, and then accept the SSL certificate.
+
+5.	In the **Device discovery** area, press **Pair**, and then enter the PIN into the website from the previous step.
+
+6.	On the **Apps** tab of the website, you can see details for the running apps, including the publisher and product names.
+
+7.	Start the app for which you're looking for the publisher and product name values.
+
+8.	Copy the `publisherCertificateName` value and paste it into the **Publisher Name** box and the `packageIdentityName` value into the **Product Name** box of Intune.
+
+    >**Important**<br>
+    The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as `CN=` followed by the `windowsPhoneLegacyId`.<p>For example:<br>
+    
+    ``` json
+        {
+	       "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
+	    }
+    ```
+
+#### Add a desktop app rule to your policy
+For this example, we’re going to add Internet Explorer, a desktop app, to the **App Rules** list.
+
+**To add a desktop app**
+1.	From the **App Rules** area, click **Add**.
+
+    The **Add App Rule** box appears.
+
+        ![Microsoft Intune, Add a desktop app to your policy](images/intune-add-classic-apps.png)
+
+2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Internet Explorer*.
+
+3.	Click **Allow** from the **Windows Information Protection mode** drop-down list.
+
+    Allow turns on WIP, helping to protect that app’s corporate data through the enforcement of WIP restrictions. Instructions for exempting an app are included in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section of this topic.
+
+4.	Pick **Desktop App** from the **Rule template** drop-down list.
+
+    The box changes to show the store app rule options.
+
+5. Pick the options you want to include for the app rule (see table), and then click **OK**.
+
+    <table>
+        <tr>
+            <th>Option</th>
+            <th>Manages</th>
+        </tr>
+        <tr>
+            <td>All fields left as “*”</td>
+            <td>All files signed by any publisher. (Not recommended.)</td>
+        </tr>
+        <tr>
+            <td><strong>Publisher</strong> selected</td>
+            <td>All files signed by the named publisher.<p>This might be useful if your company is the publisher and signer of internal line-of-business apps.</td>
+        </tr>
+        <tr>
+            <td><strong>Publisher</strong> and <strong>Product Name</strong> selected</td>
+            <td>All files for the specified product, signed by the named publisher.</td>
+        </tr>
+        <tr>
+            <td><strong>Publisher</strong>, <strong>Product Name</strong>, and <strong>Binary name</strong> selected</td>
+            <td>Any version of the named file or package for the specified product, signed by the named publisher.</td>
+        </tr>
+        <tr>
+            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, and above</strong>, selected</td>
+            <td>Specified version or newer releases of the named file or package for the specified product, signed by the named publisher.<p>This option is recommended for enlightened apps that weren't previously enlightened.</td>
+        </tr>
+        <tr>
+            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, And below</strong> selected</td>
+            <td>Specified version or older releases of the named file or package for the specified product, signed by the named publisher.</td>
+        </tr>
+        <tr>
+            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, Exactly</strong> selected</td>
+            <td>Specified version of the named file or package for the specified product, signed by the named publisher.</td>
+        </tr>
+    </table>
+
+If you’re unsure about what to include for the publisher, you can run this PowerShell command:
+
+```ps1
+    Get-AppLockerFileInformation -Path "<path of the exe>"
+```
+Where `"<path of the exe>"` goes to the location of the app on the device. For example, `Get-AppLockerFileInformation -Path "C:\Program Files\Internet Explorer\iexplore.exe"`.
+
+In this example, you'd get the following info:
+
+``` json
+    Path                   Publisher
+    ----                   ---------
+    %PROGRAMFILES%\INTERNET EXPLORER\IEXPLORE.EXE O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\INTERNET EXPLOR...
+```
+Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the publisher name to enter in the **Publisher Name** box.
+
+#### Add an AppLocker policy file
+For this example, we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) content.
+
+**To create an app rule and xml file using the AppLocker tool**
+1.	Open the Local Security Policy snap-in (SecPol.msc).
+    
+2.	In the left pane, expand **Application Control Policies**, expand **AppLocker**, and then click **Packaged App Rules**.
+
+    ![Local security snap-in, showing the Packaged app Rules](images/intune-local-security-snapin.png)
+
+3.	Right-click in the right-hand pane, and then click **Create New Rule**.
+
+    The **Create Packaged app Rules** wizard appears.
+
+4. On the **Before You Begin** page, click **Next**.
+
+    ![Create Packaged app Rules wizard, showing the Before You Begin page](images/intune-applocker-before-begin.png)
+
+5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**.
+
+    ![Create Packaged app Rules wizard, showing the Before You Begin page](images/intune-applocker-permissions.png)
+
+6.	On the **Publisher** page, click **Select** from the **Use an installed packaged app as a reference** area.
+
+    ![Create Packaged app Rules wizard, showing the Publisher](images/intune-applocker-publisher.png)
+
+7. In the **Select applications** box, pick the app that you want to use as the reference for your rule, and then click **OK**. For this example, we’re using Microsoft Photos.
+
+    ![Create Packaged app Rules wizard, showing the Select applications page](images/intune-applocker-select-apps.png)
+
+8. On the updated **Publisher** page, click **Create**.
+
+    ![Create Packaged app Rules wizard, showing the Microsoft Photos on the Publisher page](images/intune-applocker-publisher-with-app.png)
+
+9. Review the Local Security Policy snap-in to make sure your rule is correct.
+
+    ![Local security snap-in, showing the new rule](images/intune-local-security-snapin-updated.png)
+
+10.	In the left pane, right-click on **AppLocker**, and then click **Export policy**.
+
+    The **Export policy** box opens, letting you export and save your new policy as XML.
+
+    ![Local security snap-in, showing the Export Policy option](images/intune-local-security-export.png)
+
+11.	In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**.
+
+    The policy is saved and you’ll see a message that says 1 rule was exported from the policy.
+
+    **Example XML file**<br>
+    This is the XML file that AppLocker creates for Microsoft Photos.
+
+    ```xml
+     <AppLockerPolicy Version="1">
+        <RuleCollection Type="Exe" EnforcementMode="NotConfigured" />
+        <RuleCollection Type ="Msi" EnforcementMode="NotConfigured" />
+        <RuleCollection Type ="Script" EnforcementMode="NotConfigured" />
+        <RuleCollection Type ="Dll" EnforcementMode="NotConfigured" />
+        <RuleCollection Type ="Appx" EnforcementMode="NotConfigured">
+            <FilePublisherRule Id="5e0c752b-5921-4f72-8146-80ad5f582110" Name="Microsoft.Windows.Photos, version 16.526.0.0 and above, from Microsoft Corporation" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
+                <Conditions>
+                    <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Photos" BinaryName="*">
+                        <BinaryVersionRange LowSection="16.526.0.0" HighSection="*" />
+                    </FilePublisherCondition>
+                </Conditions>
+            </FilePublisherRule>
+        </RuleCollection>
+	</AppLockerPolicy>
+    ```
+12.	After you’ve created your XML file, you need to import it by using Microsoft Intune.
+
+**To import your Applocker policy file app rule using Microsoft Intune**
+1.	From the **App Rules** area, click **Add**.
+    
+    The **Add App Rule** box appears.
+
+        ![Microsoft Intune, Importing your AppLocker policy file using Intune](images/intune-add-applocker-xml-file.png)
+
+2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Allowed app list*.
+
+3.	Click **Allow** from the **Windows Information Protection mode** drop-down list.
+
+    Allow turns on WIP, helping to protect that app’s corporate data through the enforcement of WIP restrictions. Instructions for exempting an app are included in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip-restrictions) section of this topic.
+
+4.	Pick **AppLocker policy file** from the **Rule template** drop-down list.
+
+    The box changes to let you import your AppLocker XML policy file.
+
+5.	Click **Import**, browse to your AppLocker XML file, click **Open**, and then click **OK** to close the **Add App Rule** box.
+
+    The file is imported and the apps are added to your **App Rules** list.
+
+#### Exempt apps from WIP restrictions
+If you're running into compatibility issues where your app is incompatible with WIP, but still needs to be used with enterprise data, you can exempt the app from the WIP restrictions. This means that your apps won't include auto-encryption or tagging and won't honor your network restrictions. It also means that your exempted apps might leak.
+
+**To exempt a store app, a desktop app, or an AppLocker policy file app rule**
+1.	From the **App Rules** area, click **Add**.
+    
+    The **Add App Rule** box appears.
+
+2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Exempt apps list*.
+
+3.	Click **Exempt** from the **Windows Information Protection mode** drop-down list.
+
+    Be aware that when you exempt apps, they’re allowed to bypass the WIP restrictions and access your corporate data. To allow apps, see the [Add app rules to your policy](#add-app-rules-to-your-policy) section of this topic.
+
+4.	Fill out the rest of the app rule info, based on the type of rule you’re adding:
+
+    - **Store app.** Follow the **Publisher** and **Product name** instructions in the [Add a store app rule to your policy](#add-a-store-app-rule-to-your-policy) section of this topic.
+
+    - **Desktop app.** Follow the **Publisher**, **Product name**, **Binary name**, and **Version** instructions in the [Add a desktop app rule to your policy](#add-a-desktop-app-rule-to-your-policy) section of this topic.
+
+    - **AppLocker policy file.** Follow the **Import** instructions in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section of this topic, using a list of exempted apps.
+
+5.	Click **OK**.
+
+### Manage the WIP protection mode for your enterprise data
+After you've added the apps you want to protect with WIP, you'll need to apply a management and protection mode.
+
+We recommend that you start with **Silent** or **Override** while verifying with a small group that you have the right apps on your protected apps list. After you're done, you can change to your final enforcement policy, either **Override** or **Block**.
+
+|Mode |Description |
+|-----|------------|
+|Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between other people and devices outside of your enterprise.|
+|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](https://go.microsoft.com/fwlink/p/?LinkID=746459). |
+|Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still blocked.|
+|Off (not recommended) |WIP is turned off and doesn't help to protect or audit your data.<p>After you turn off WIP, an attempt is made to decrypt any closed WIP-tagged files on the locally attached drives.|
+
+![Microsoft Intune, Set the protection mode for your data](images/intune-protection-mode.png)
+
+### Define your enterprise-managed corporate identity
+Corporate identity, usually expressed as your primary Internet domain (for example, contoso.com), helps to identify and tag your corporate data from apps you’ve marked as protected by WIP. For example, emails using contoso.com are identified as being corporate and are restricted by your Windows Information Protection policies.
+
+You can specify multiple domains owned by your enterprise by separating them with the "|" character. For example, (`contoso.com|newcontoso.com`). With multiple domains, the first one is designated as your corporate identity and all of the additional ones as being owned by the first one. We strongly recommend that you include all of your email address domains in this list.
+
+**To add your corporate identity**
+- Type the name of your corporate identity into the **Corporate identity** field. For example, `contoso.com` or `contoso.com|newcontoso.com`.
+
+    ![Microsoft Intune, Set your primary Internet domains](images/intune-corporate-identity.png)
+
+### Choose where apps can access enterprise data
+After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network.
+
+There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise’s range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
+
+>**Important**
+- Every WIP policy should include policy that defines your enterprise network locations.
+- Classless Inter-Domain Routing (CIDR) notation isn’t supported for WIP configurations.
+
+**To define where your protected apps can find and send enterprise data on you network**
+
+1. Add additional network locations your apps can access by clicking **Add**.
+
+    The **Add or edit corporate network definition** box appears.
+
+2.	Type a name for your corporate network element into the **Name** box, and then pick what type of network element it is, from the **Network element** drop-down box. This can include any of the options in the following table.
+
+    ![Microsoft Intune, Add your corporate network definitions](images/intune-networklocation.png)
+<p>
+    <table>
+            <tr>
+                <th>Network location type</th>
+                <th>Format</th>
+                <th>Description</th>
+            </tr>
+            <tr>
+                <td>Enterprise Cloud Resources</td>
+                <td>**With proxy:** contoso.sharepoint.com,proxy.contoso.com|<br>contoso.visualstudio.com,proxy.contoso.com<p>**Without proxy:** contoso.sharepoint.com|contoso.visualstudio.com</td>
+                <td>Specify the cloud resources to be treated as corporate and protected by WIP.<p>For each cloud resource, you may also optionally specify an internal proxy server that routes your traffic through your Enterprise Internal Proxy Server.<p>If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: `URL <,proxy>|URL <,proxy>`.<p>If Windows is unable to determine whether an app should be allowed to connect to a network resource, it will automatically block the connection. If instead you want Windows to allow the connections to happen, you can add the `/*AppCompat*/` string to this setting. For example: `URL <,proxy>|URL <,proxy>|/*AppCompat*/`</td>
+            </tr>
+            <tr>
+                <td>Enterprise Network Domain Names (Required)</td>
+                <td>corp.contoso.com,region.contoso.com</td>
+                <td>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.<p>This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.<p>If you have multiple resources, you must separate them using the "," delimiter.</td>                
+            </tr>
+            <tr>
+                <td>Enterprise Proxy Servers</td>
+                <td>proxy.contoso.com:80;proxy2.contoso.com:137</td>
+                <td>Specify your externally-facing proxy server addresses, along with the port through which traffic is allowed and protected with WIP.<p>This list shouldn’t include any servers listed in the Enterprise Internal Proxy Servers list, which are used for WIP-protected traffic.<p>This setting is also required if you use a proxy in your network. If you don't have a proxy server, you might find that enterprise resources are unavailable when a client is behind a proxy, such as when you’re visiting another company and not on that company’s guest network.<p>If you have multiple resources, you must separate them using the ";" delimiter.</td>
+            </tr>
+            <tr>
+                <td>Enterprise Internal Proxy Servers</td>
+                <td>contoso.internalproxy1.com;contoso.internalproxy2.com</td>
+                <td>Specify the proxy servers your devices will go through to reach your cloud resources.<p>Using this server type indicates that the cloud resources you’re connecting to are enterprise resources.<p>This list shouldn’t include any servers listed in the Enterprise Proxy Servers list, which are used for non-WIP-protected traffic.<p>If you have multiple resources, you must separate them using the ";" delimiter.</td>                
+            </tr>
+            <tr>
+                <td>Enterprise IPv4 Range (Required, if not using IPv6)</td>
+                <td>**Starting IPv4 Address:** 3.4.0.1<br>**Ending IPv4 Address:** 3.4.255.254<br>**Custom URI:** 3.4.0.1-3.4.255.254,<br>10.0.0.1-10.255.255.254</td>
+                <td>Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.<p>If you have multiple ranges, you must separate them using the "," delimiter.</td>
+            </tr>
+            <tr>
+                <td>Enterprise IPv6 Range (Required, if not using IPv4)</td>
+                <td>**Starting IPv6 Address:** 2a01:110::<br>**Ending IPv6 Address:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff<br>**Custom URI:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,<br>fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff</td>
+                <td>Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.<p>If you have multiple ranges, you must separate them using the "," delimiter.</td>
+            </tr>
+            <tr>
+                <td>Neutral Resources</td>
+                <td>sts.contoso.com,sts.contoso2.com</td>
+                <td>Specify your authentication redirection endpoints for your company.<p>These locations are considered enterprise or personal, based on the context of the connection before the redirection.<p>If you have multiple resources, you must separate them using the "," delimiter.</td>
+            </tr>           
+        </table>
+
+3.	Add as many locations as you need, and then click **OK**.
+
+    The **Add corporate network definition** box closes.
+
+4. Decide if you want to Windows to look for additional network settings:
+
+    ![Microsoft Intune, Choose if you want Windows to search for additinal proxy servers or IP ranges in your enterprise](images/intune-network-detection-boxes.png)
+
+    - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you clear this box, Windows will search for additional proxy servers in your immediate network.
+
+	- **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network.
+
+5.	In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
+
+       ![Microsoft Intune, Add your Data Recovery Agent (DRA) certificate](images/intune-data-recovery.png)
+
+    After you create and deploy your WIP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data.
+
+    For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](https://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
+
+### Choose your optional WIP-related settings
+After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional WIP settings.
+
+![Microsoft Intune, Choose any additional, optional settings](images/intune-optional-settings.png)
+
+**To set your optional settings**
+1.	Choose to set any or all of the optional settings:
+
+    - **Show the Personal option in the File ownership menus of File Explorer and the Save As dialog box.** Determines whether users can see the Personal option for files within File Explorer and the **Save As** dialog box. The options are:
+    
+        - **Yes, or not configured (recommended).** Employees can choose whether a file is **Work** or **Personal** in File Explorer and the **Save As** dialog box. 
+	
+        - **No.** Hides the **Personal** option from employees. Be aware that if you pick this option, apps that use the **Save As** dialog box might encrypt new files as corporate data unless a different file path is given during the original file creation. After this happens, decryption of work files becomes more difficult.
+
+    - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile**. Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are:
+	
+        - **Yes (recommended).** Turns on the feature and provides the additional protection.
+	
+        - **No, or not configured.**  Doesn't enable this feature.
+
+    - **Revoke encryption keys on unenroll.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
+
+        - **Yes, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
+        
+        - **No.** Stop local encryption keys from being revoked from a device during unenrollment. For example, if you’re migrating between Mobile Device Management (MDM) solutions.
+
+    - **Allow Windows Search to search encrypted corporate data and Store apps.** Determines whether Windows Search can search and index encrypted corporate data and Store apps. The options are:
+
+	    - **Yes.** Allows Windows Search to search and index encrypted corporate data and Store apps.
+
+	    - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps.
+
+    - **Show the Windows Information Protection icon overlay.** Determines whether the Windows Information Protection icon overlay appears on corporate files or in the **Start** menu, on top of the tiles for your unenlightened protected apps. The options are:
+
+    	- **Yes (recommended).** Allows the Windows Information Protection icon overlay to appear for files or on top of the tiles for your unenlightened protected apps in the **Start** menu.
+
+	    - **No, or not configured.** Stops the Windows Information Protection icon overlay from appearing for files or on top of the tiles for your unenlightened protected apps in the **Start** menu.
+
+2. Click **Save Policy**.
+
+## Related topics
+- [Add apps to your Windows Information Protection (WIP) policy by using the Microsoft Intune custom URI functionality](add-apps-to-protected-list-using-custom-uri.md)
+- [Deploy your Windows Information Protection (WIP) policy](deploy-wip-policy-using-intune.md)
+- [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md)
+- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
\ No newline at end of file
diff --git a/windows/keep-secure/create-wip-policy-using-sccm.md b/windows/keep-secure/create-wip-policy-using-sccm.md
new file mode 100644
index 0000000000..c66c433c22
--- /dev/null
+++ b/windows/keep-secure/create-wip-policy-using-sccm.md
@@ -0,0 +1,505 @@
+---
+title: Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager (Windows 10)
+description: Configuration Manager (version 1606 or later) helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
+ms.assetid: 85b99c20-1319-4aa3-8635-c1a87b244529
+keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, SCCM, System Center Configuration Manager, Configuration Manager
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+author: eross-msft
+localizationpriority: high
+---
+
+# Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager
+**Applies to:**
+
+-   Windows 10, version 1607
+-   Windows 10 Mobile
+-   System Center Configuration Manager
+
+System Center Configuration Manager helps you create and deploy your Windows Information Protection (WIP) policy, including letting you choose your protected apps, your WIP-protection mode, and how to find enterprise data on the network.
+
+>**Important**<br>
+If you previously created a WIP policy using System Center Configuration Manager version 1511 or 1602, you’ll need to recreate it using version 1606 or later. Editing a WIP policy created in version 1511 or 1602 is not supported in later versions and there is no migration path between older and newer WIP policies.
+
+## Add a WIP policy
+After you’ve installed and set up System Center Configuration Manager for your organization, you must create a configuration item for WIP, which in turn becomes your WIP policy.
+
+**To create a configuration item for WIP**
+
+1.  Open the System Center Configuration Manager console, click the **Assets and Compliance** node, expand the **Overview** node, expand the **Compliance Settings** node, and then expand the **Configuration Items** node.
+
+    ![System Center Configuration Manager, Configuration Items screen](images/wip-sccm-addpolicy.png)
+
+2.  Click the **Create Configuration Item** button.<p>
+The **Create Configuration Item Wizard** starts.
+
+    ![Create Configuration Item wizard, define the configuration item and choose the configuration type](images/wip-sccm-generalscreen.png)
+
+3.  On the **General Information screen**, type a name (required) and an optional description for your policy into the **Name** and **Description** boxes.
+
+4.  In the **Specify the type of configuration item you want to create** area, pick the option that represents whether you use System Center Configuration Manager for device management, and then click **Next**.
+
+    -   **Settings for devices managed with the Configuration Manager client:** Windows 10
+
+        -OR-
+
+    -   **Settings for devices managed without the Configuration Manager client:** Windows 8.1 and Windows 10
+
+5.  On the **Supported Platforms** screen, click the **Windows 10** box, and then click **Next**.
+
+    ![Create Configuration Item wizard, choose the supported platforms for the policy](images/wip-sccm-supportedplat.png)
+
+6.  On the **Device Settings** screen, click **Windows Information Protection**, and then click **Next**.
+
+    ![Create Configuration Item wizard, choose the Windows Information Protection settings](images/wip-sccm-devicesettings.png)
+
+The **Configure Windows Information Protection settings** page appears, where you'll configure your policy for your organization.
+
+### Add app rules to your policy
+During the policy-creation process in System Center Configuration Manager, you can choose the apps you want to give access to your enterprise data through WIP. Apps included in this list can protect data on behalf of the enterprise and are restricted from copying or moving enterprise data to unprotected apps.
+
+The steps to add your app rules are based on the type of rule template being applied. You can add a store app (also known as a Universal Windows Platform (UWP) app), a signed Windows desktop app, or an AppLocker policy file.
+
+>**Important**<br>
+WIP-aware apps are expected to prevent enterprise data from going to unprotected network locations and to avoid encrypting personal data. On the other hand, WIP-unaware apps might not respect the corporate network boundary, and WIP-unaware apps will encrypt all files they create or modify. This means that they could encrypt personal data and cause data loss during the revocation process. <p>Care must be taken to get a support statement from the software provider that their app is safe with WIP before adding it to your **App rules** list. If you don’t get this statement, it’s possible that you could experience app compat issues due to an app losing the ability to access a necessary file after revocation.
+
+#### Add a store app rule to your policy
+For this example, we’re going to add Microsoft OneNote, a store app, to the **App Rules** list.
+
+**To add a store app**
+
+1.	From the **App rules** area, click **Add**.
+    
+    The **Add app rule** box appears.
+
+    ![Create Configuration Item wizard, add a universal store app](images/wip-sccm-adduniversalapp.png)
+
+2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Microsoft OneNote*.
+
+3.	Click **Allow** from the **Windows Information Protection mode** drop-down list.
+
+    Allow turns on WIP, helping to protect that app’s corporate data through the enforcement of WIP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip) section.
+
+4.	Pick **Store App** from the **Rule template** drop-down list.
+
+    The box changes to show the store app rule options.
+
+5.	Type the name of the app and the name of its publisher, and then click **OK**. For this UWP app example, the **Publisher** is `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US` and the **Product name** is `Microsoft.Office.OneNote`.
+
+If you don't know the publisher or product name, you can find them for both desktop devices and Windows 10 Mobile phones by following these steps.
+
+**To find the Publisher and Product Name values for Store apps without installing them**
+
+1.	Go to the [Windows Store for Business](https://go.microsoft.com/fwlink/p/?LinkID=722910) website, and find your app. For example, Microsoft OneNote.
+
+    >**Note**<br>
+    If your app is already installed on desktop devices, you can use the AppLocker local security policy MMC snap-in to gather the info for adding the app to the protected apps list. For info about how to do this, see the steps in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section.
+
+2.	Copy the ID value from the app URL. For example, Microsoft OneNote's ID URL is https://www.microsoft.com/store/apps/onenote/9wzdncrfhvjl, and you'd copy the ID value, `9wzdncrfhvjl`.
+
+3.	In a browser, run the Store for Business portal web API, to return a JavaScript Object Notation (JSON) file that includes the publisher and product name values. For example, run https://bspmts.mp.microsoft.com/v1/public/catalog/Retail/Products/9wzdncrfhvjl/applockerdata, where `9wzdncrfhvjl` is replaced with your ID value.
+
+    The API runs and opens a text editor with the app details.
+
+    ``` json
+        {
+        "packageIdentityName": "Microsoft.Office.OneNote",
+        "publisherCertificateName": "CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US"
+        }
+    ```
+
+4.  Copy the `publisherCertificateName` value and paste them into the **Publisher Name** box, copy the `packageIdentityName` value into the **Product Name** box of Intune.
+
+    >**Important**<br>
+    The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as “CN=” followed by the `windowsPhoneLegacyId`.<p>For example:<p>
+    
+    ```json
+        {
+            "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
+        }
+    ```
+
+**To find the Publisher and Product Name values for apps installed on Windows 10 mobile phones**
+1.	If you need to add mobile apps that aren't distributed through the Store for Business, you must use the **Windows Device Portal** feature.
+
+    >**Note**<br>
+    Your PC and phone must be on the same wireless network.
+
+2.	On the Windows Phone, go to **Settings**, choose **Update & security**, and then choose **For developers**.
+
+3.	On the **For developers** screen, turn on **Developer mode**, turn on **Device Discovery**, and then turn on **Device Portal**.
+
+4.	Copy the URL in the **Device Portal** area into your device's browser, and then accept the SSL certificate.
+
+5.	In the **Device discovery** area, press **Pair**, and then enter the PIN into the website from the previous step.
+
+6.	On the **Apps** tab of the website, you can see details for the running apps, including the publisher and product names.
+
+7.	Start the app for which you're looking for the publisher and product name values.
+
+8.	Copy the `publisherCertificateName` value and paste it into the **Publisher Name** box and the `packageIdentityName` value into the **Product Name** box of Intune.
+
+    >**Important**<br>
+    The JSON file might also return a `windowsPhoneLegacyId` value for both the **Publisher Name** and **Product Name** boxes. This means that you have an app that’s using a XAP package and that you must set the **Product Name** as `windowsPhoneLegacyId`, and set the **Publisher Name** as “CN=” followed by the `windowsPhoneLegacyId`.<p>For example:<p>
+
+    ```json
+        {
+            "windowsPhoneLegacyId": "ca05b3ab-f157-450c-8c49-a1f127f5e71d",
+        }
+    ```
+
+#### Add a desktop app rule to your policy
+For this example, we’re going to add Internet Explorer, a desktop app, to the **App Rules** list.
+
+**To add a desktop app to your policy**
+1.	From the **App rules** area, click **Add**.
+    
+    The **Add app rule** box appears.
+
+    ![Create Configuration Item wizard, add a classic desktop app](images/wip-sccm-adddesktopapp.png)
+
+2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Internet Explorer*.
+
+3.	Click **Allow** from the **Windows Information Protection mode** drop-down list.
+
+    Allow turns on WIP, helping to protect that app’s corporate data through the enforcement of WIP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip) section.
+
+4.	Pick **Desktop App** from the **Rule template** drop-down list.
+
+    The box changes to show the desktop app rule options.
+
+5.	Pick the options you want to include for the app rule (see table), and then click **OK**.
+
+    <table>
+        <tr>
+            <th>Option</th>
+            <th>Manages</th>
+        </tr>
+        <tr>
+            <td>All fields left as “*”</td>
+            <td>All files signed by any publisher. (Not recommended.)</td>
+        </tr>
+        <tr>
+            <td><strong>Publisher</strong> selected</td>
+            <td>All files signed by the named publisher.<p>This might be useful if your company is the publisher and signer of internal line-of-business apps.</td>
+        </tr>
+        <tr>
+            <td><strong>Publisher</strong> and <strong>Product Name</strong> selected</td>
+            <td>All files for the specified product, signed by the named publisher.</td>
+        </tr>
+        <tr>
+            <td><strong>Publisher</strong>, <strong>Product Name</strong>, and <strong>Binary name</strong> selected</td>
+            <td>Any version of the named file or package for the specified product, signed by the named publisher.</td>
+        </tr>
+        <tr>
+            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, and above</strong>, selected</td>
+            <td>Specified version or newer releases of the named file or package for the specified product, signed by the named publisher.<p>This option is recommended for enlightened apps that weren't previously enlightened.</td>
+        </tr>
+        <tr>
+            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, And below</strong> selected</td>
+            <td>Specified version or older releases of the named file or package for the specified product, signed by the named publisher.</td>
+        </tr>
+        <tr>
+            <td><strong>Publisher</strong>, <strong>Product Name</strong>, <strong>Binary name</strong>, and <strong>File Version, Exactly</strong> selected</td>
+            <td>Specified version of the named file or package for the specified product, signed by the named publisher.</td>
+        </tr>
+    </table>
+
+If you’re unsure about what to include for the publisher, you can run this PowerShell command:
+
+```ps1
+Get-AppLockerFileInformation -Path "<path of the exe>"
+```
+Where `"<path of the exe>"` goes to the location of the app on the device. For example, `Get-AppLockerFileInformation -Path "C:\Program Files\Internet Explorer\iexplore.exe"`.
+
+In this example, you'd get the following info:
+
+``` json
+Path                   Publisher
+----                   ---------
+%PROGRAMFILES%\INTERNET EXPLORER\IEXPLORE.EXE O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US\INTERNET EXPLOR...
+```
+Where the text, `O=MICROSOFT CORPORATION, L=REDMOND, S=WASHINGTON, C=US` is the publisher name to enter in the **Publisher Name** box.
+
+#### Add an AppLocker policy file
+For this example, we’re going to add an AppLocker XML file to the **App Rules** list. You’ll use this option if you want to add multiple apps at the same time. For more info about AppLocker, see the [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) content.
+
+**To create an app rule and xml file using the AppLocker tool**
+1.	Open the Local Security Policy snap-in (SecPol.msc).
+    
+2.	In the left pane, expand **Application Control Policies**, expand **AppLocker**, and then click **Packaged App Rules**.
+
+    ![Local security snap-in, showing the Packaged app Rules](images/intune-local-security-snapin.png)
+
+3.	Right-click in the right-hand pane, and then click **Create New Rule**.
+
+    The **Create Packaged app Rules** wizard appears.
+
+4. On the **Before You Begin** page, click **Next**.
+
+    ![Create Packaged app Rules wizard, showing the Before You Begin page](images/intune-applocker-before-begin.png)
+
+5. On the **Permissions** page, make sure the **Action** is set to **Allow** and the **User or group** is set to **Everyone**, and then click **Next**.
+
+    ![Create Packaged app Rules wizard, showing the Before You Begin page](images/intune-applocker-permissions.png)
+
+6.	On the **Publisher** page, click **Select** from the **Use an installed packaged app as a reference** area.
+
+    ![Create Packaged app Rules wizard, showing the Publisher](images/intune-applocker-publisher.png)
+
+7. In the **Select applications** box, pick the app that you want to use as the reference for your rule, and then click **OK**. For this example, we’re using Microsoft Photos.
+
+    ![Create Packaged app Rules wizard, showing the Select applications page](images/intune-applocker-select-apps.png)
+
+8. On the updated **Publisher** page, click **Create**.
+
+    ![Create Packaged app Rules wizard, showing the Microsoft Photos on the Publisher page](images/intune-applocker-publisher-with-app.png)
+
+9. Review the Local Security Policy snap-in to make sure your rule is correct.
+
+    ![Local security snap-in, showing the new rule](images/intune-local-security-snapin-updated.png)
+
+10.	In the left pane, right-click on **AppLocker**, and then click **Export policy**.
+
+    The **Export policy** box opens, letting you export and save your new policy as XML.
+
+    ![Local security snap-in, showing the Export Policy option](images/intune-local-security-export.png)
+
+11.	In the **Export policy** box, browse to where the policy should be stored, give the policy a name, and then click **Save**.
+
+    The policy is saved and you’ll see a message that says 1 rule was exported from the policy.
+
+    **Example XML file**<br>
+    This is the XML file that AppLocker creates for Microsoft Photos.
+
+    ```xml
+     <AppLockerPolicy Version="1">
+        <RuleCollection Type="Exe" EnforcementMode="NotConfigured" />
+        <RuleCollection Type ="Msi" EnforcementMode="NotConfigured" />
+        <RuleCollection Type ="Script" EnforcementMode="NotConfigured" />
+        <RuleCollection Type ="Dll" EnforcementMode="NotConfigured" />
+        <RuleCollection Type ="Appx" EnforcementMode="NotConfigured">
+            <FilePublisherRule Id="5e0c752b-5921-4f72-8146-80ad5f582110" Name="Microsoft.Windows.Photos, version 16.526.0.0 and above, from Microsoft Corporation" Description="" UserOrGroupSid="S-1-1-0" Action="Allow">
+                <Conditions>
+                    <FilePublisherCondition PublisherName="CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.Photos" BinaryName="*">
+                        <BinaryVersionRange LowSection="16.526.0.0" HighSection="*" />
+                    </FilePublisherCondition>
+                </Conditions>
+            </FilePublisherRule>
+        </RuleCollection>
+	</AppLockerPolicy>
+    ```
+12. After you’ve created your XML file, you need to import it by using System Center Configuration Manager.
+
+**To import your Applocker policy file app rule using System Center Configuration Manager**
+1.	From the **App rules** area, click **Add**.
+    
+    The **Add app rule** box appears.
+
+    ![Create Configuration Item wizard, add an AppLocker policy](images/wip-sccm-addapplockerfile.png)
+
+2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Allowed app list*.
+
+3.	Click **Allow** from the **Windows Information Protection mode** drop-down list.
+
+    Allow turns on WIP, helping to protect that app’s corporate data through the enforcement of WIP restrictions. If you want to exempt an app, you can follow the steps in the [Exempt apps from WIP restrictions](#exempt-apps-from-wip) section.
+
+4.	Pick the **AppLocker policy file** from the **Rule template** drop-down list.
+
+    The box changes to let you import your AppLocker XML policy file.
+
+5. Click the ellipsis (...) to browse for your AppLocker XML file, click **Open**, and then click **OK** to close the **Add app rule** box.
+
+    The file is imported and the apps are added to your **App Rules** list.
+
+#### Exempt apps from WIP restrictions
+If you're running into compatibility issues where your app is incompatible with WIP, but still needs to be used with enterprise data, you can exempt the app from the WIP restrictions. This means that your apps won't include auto-encryption or tagging and won't honor your network restrictions. It also means that your exempted apps might leak.
+
+**To exempt a store app, a desktop app, or an AppLocker policy file app rule**
+
+1.	From the **App rules** area, click **Add**.
+    
+    The **Add app rule** box appears.
+
+2.	Add a friendly name for your app into the **Title** box. In this example, it’s *Exempt apps list*.
+
+3.	Click **Exempt** from the **Windows Information Protection mode** drop-down list.
+
+    Be aware that when you exempt apps, they’re allowed to bypass the WIP restrictions and access your corporate data. To allow apps, see the [Add app rules to your policy](#add-app-rules-to-your-policy) section of this topic.
+
+4.	Fill out the rest of the app rule info, based on the type of rule you’re adding:
+
+    - **Store app.** Follow the **Publisher** and **Product name** instructions in the [Add a store app rule to your policy](#add-a-store-app-rule-to-your-policy) section of this topic.
+
+    - **Desktop app.** Follow the **Publisher**, **Product name**, **Binary name**, and **Version** instructions in the [Add a desktop app rule to your policy](#add-a-desktop-app-rule-to-your-policy) section of this topic.
+
+    - **AppLocker policy file.** Follow the **Import** instructions in the [Add an AppLocker policy file](#add-an-applocker-policy-file) section of this topic, using a list of exempted apps.
+
+5.	Click **OK**.
+
+### Manage the WIP-protection level for your enterprise data
+After you've added the apps you want to protect with WIP, you'll need to apply a management and protection mode.
+
+We recommend that you start with **Silent** or **Override** while verifying with a small group that you have the right apps on your protected apps list. After you're done, you can change to your final enforcement policy, either **Override** or **Block**.
+
+|Mode |Description |
+|-----|------------|
+|Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between other people and devices outside of your enterprise.|
+|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](https://go.microsoft.com/fwlink/p/?LinkID=746459). |
+|Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still blocked.|
+|Off (not recommended) |WIP is turned off and doesn't help to protect or audit your data.<p>After you turn off WIP, an attempt is made to decrypt any closed WIP-tagged files on the locally attached drives.|
+
+![Create Configuration Item wizard, choose your WIP-protection level](images/wip-sccm-appmgmt.png)
+
+### Define your enterprise-managed identity domains
+Corporate identity, usually expressed as your primary internet domain (for example, contoso.com), helps to identify and tag your corporate data from apps you’ve marked as protected by WIP. For example, emails using contoso.com are identified as being corporate and are restricted by your Windows Information Protection policies.
+
+You can specify multiple domains owned by your enterprise by separating them with the "|" character. For example, (contoso.com|newcontoso.com). With multiple domains, the first one is designated as your corporate identity and all of the additional ones as being owned by the first one. We strongly recommend that you include all of your email address domains in this list.
+
+**To add your corporate identity**
+
+- Type the name of your corporate identity into the **Corporate identity** field. For example, `contoso.com` or `contoso.com|newcontoso.com`.
+
+    ![Create Configuration Item wizard, Add the primary Internet domain for your enterprise identity](images/wip-sccm-corp-identity.png)
+
+### Choose where apps can access enterprise data
+After you've added a protection mode to your apps, you'll need to decide where those apps can access enterprise data on your network.
+
+There are no default locations included with WIP, you must add each of your network locations. This area applies to any network endpoint device that gets an IP address in your enterprise’s range and is also bound to one of your enterprise domains, including SMB shares. Local file system locations should just maintain encryption (for example, on local NTFS, FAT, ExFAT).
+
+>**Important**<br>
+- Every WIP policy should include policy that defines your enterprise network locations.
+- Classless Inter-Domain Routing (CIDR) notation isn’t supported for WIP configurations.
+
+**To define where your protected apps can find and send enterprise data on you network**
+
+1. Add additional network locations your apps can access by clicking **Add**.
+
+    The **Add or edit corporate network definition** box appears.
+
+2.	Type a name for your corporate network element into the **Name** box, and then pick what type of network element it is, from the **Network element** drop-down box. This can include any of the options in the following table.
+
+    ![Add or edit corporate network definition box, Add your enterprise network locations](images/wip-sccm-add-network-domain.png)
+
+    <table>
+        <tr>
+            <th>Network location type</th>
+            <th>Format</th>
+            <th>Description</th>
+        </tr>
+        <tr>
+            <td>Enterprise Cloud Resources</td>
+            <td>**With proxy:** contoso.sharepoint.com,proxy.contoso.com|<br>contoso.visualstudio.com,proxy.contoso.com<p>**Without proxy:** contoso.sharepoint.com|contoso.visualstudio.com</td>
+            <td>Specify the cloud resources to be treated as corporate and protected by WIP.<p>For each cloud resource, you may also optionally specify an internal proxy server that routes your traffic through your Enterprise Internal Proxy Server.<p>If you have multiple resources, you must separate them using the "|" delimiter. If you don’t use proxy servers, you must also include the "," delimiter just before the "|". For example: `URL <,proxy>|URL <,proxy>`.<p>If Windows is unable to determine whether an app should be allowed to connect to a network resource, it will automatically block the connection. If instead you want Windows to allow the connections to happen, you can add the `/*AppCompat*/` string to this setting. For example: `URL <,proxy>|URL <,proxy>|/*AppCompat*/`</td>
+        </tr>
+        <tr>
+            <td>Enterprise Network Domain Names (Required)</td>
+            <td>corp.contoso.com,region.contoso.com</td>
+            <td>Specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected.<p>This setting works with the IP ranges settings to detect whether a network endpoint is enterprise or personal on private networks.<p>If you have multiple resources, you must separate them using the "," delimiter.</td>                
+        </tr>
+        <tr>
+            <td>Enterprise Proxy Servers</td>
+            <td>proxy.contoso.com:80;proxy2.contoso.com:137</td>
+            <td>Specify your externally-facing proxy server addresses, along with the port through which traffic is allowed and protected with WIP.<p>This list shouldn’t include any servers listed in the Enterprise Internal Proxy Servers list, which are used for WIP-protected traffic.<p>This setting is also required if you use a proxy in your network. If you don't have a proxy server, you might find that enterprise resources are unavailable when a client is behind a proxy, such as when you’re visiting another company and not on that company’s guest network.<p>If you have multiple resources, you must separate them using the ";" delimiter.</td>
+        </tr>
+        <tr>
+            <td>Enterprise Internal Proxy Servers</td>
+            <td>contoso.internalproxy1.com;contoso.internalproxy2.com</td>
+            <td>Specify the proxy servers your devices will go through to reach your cloud resources.<p>Using this server type indicates that the cloud resources you’re connecting to are enterprise resources.<p>This list shouldn’t include any servers listed in the Enterprise Proxy Servers list, which are used for non-WIP-protected traffic.<p>If you have multiple resources, you must separate them using the ";" delimiter.</td>                
+        </tr>
+        <tr>
+            <td>Enterprise IPv4 Range (Required)</td>
+            <td>**Starting IPv4 Address:** 3.4.0.1<br>**Ending IPv4 Address:** 3.4.255.254<br>**Custom URI:** 3.4.0.1-3.4.255.254,<br>10.0.0.1-10.255.255.254</td>
+            <td>Specify the addresses for a valid IPv4 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.<p>If you have multiple ranges, you must separate them using the "," delimiter.</td>
+        </tr>
+        <tr>
+            <td>Enterprise IPv6 Range</td>
+            <td>**Starting IPv6 Address:** 2a01:110::<br>**Ending IPv6 Address:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff<br>**Custom URI:** 2a01:110:7fff:ffff:ffff:ffff:ffff:ffff,<br>fd00::-fdff:ffff:ffff:ffff:ffff:ffff:ffff:ffff</td>
+            <td>Specify the addresses for a valid IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries.<p>If you have multiple ranges, you must separate them using the "," delimiter.</td>
+        </tr>
+        <tr>
+            <td>Neutral Resources</td>
+            <td>sts.contoso.com,sts.contoso2.com</td>
+            <td>Specify your authentication redirection endpoints for your company.<p>These locations are considered enterprise or personal, based on the context of the connection before the redirection.<p>If you have multiple resources, you must separate them using the "," delimiter.</td>
+        </tr>           
+    </table>
+
+3.	Add as many locations as you need, and then click **OK**.
+
+    The **Add or edit corporate network definition** box closes.
+
+4.	Decide if you want to Windows to look for additional network settings.
+
+    ![Create Configuration Item wizard, Add whether to search for additional network settings](images/wip-sccm-optsettings.png)
+
+        - **Enterprise Proxy Servers list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the proxy servers you specified in the network boundary definition as the complete list of proxy servers available on your network. If you clear this box, Windows will search for additional proxy servers in your immediate network.
+
+        - **Enterprise IP Ranges list is authoritative (do not auto-detect).** Click this box if you want Windows to treat the IP ranges you specified in the network boundary definition as the complete list of IP ranges available on your network. If you clear this box, Windows will search for additional IP ranges on any domain-joined devices connected to your network.
+
+        - **Show the Windows Information Protection icon overlay on your allowed apps that are WIP-unaware in the Windows Start menu and on corporate file icons in the File Explorer.** Click this box if you want the Windows Information Protection icon overlay to appear on corporate files or in the Start menu, on top the tiles for your unenlightened protected apps.
+
+5.	In the required **Upload a Data Recovery Agent (DRA) certificate to allow recovery of encrypted data** box, click **Browse** to add a data recovery certificate for your policy.
+    
+    ![Create Configuration Item wizard, Add a data recovery agent (DRA) certificate](images/wip-sccm-dra.png)
+
+    After you create and deploy your WIP policy to your employees, Windows will begin to encrypt your corporate data on the employees’ local device drive. If somehow the employees’ local encryption keys get lost or revoked, the encrypted data can become unrecoverable. To help avoid this possibility, the DRA certificate lets Windows use an included public key to encrypt the local data, while you maintain the private key that can unencrypt the data. 
+    
+    For more info about how to find and export your data recovery certificate, see the [Data Recovery and Encrypting File System (EFS)](https://go.microsoft.com/fwlink/p/?LinkId=761462) topic. For more info about creating and verifying your EFS DRA certificate, see the [Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md).
+
+### Choose your optional WIP-related settings
+After you've decided where your protected apps can access enterprise data on your network, you’ll be asked to decide if you want to add any optional WIP settings.
+
+![Create Configuration Item wizard, Choose any additional, optional settings](images/wip-sccm-additionalsettings.png)
+
+**To set your optional settings**
+1.	Choose to set any or all of the optional settings:
+
+    - **Show the Personal option in the File ownership menus of File Explorer and the Save As dialog box.** Determines whether users can see the Personal option for files within File Explorer and the **Save As** dialog box. The options are:
+    
+        - **Yes, or not configured (recommended).** Employees can choose whether a file is **Work** or **Personal** in File Explorer and the **Save As** dialog box. 
+	
+        - **No.** Hides the **Personal** option from employees. Be aware that if you pick this option, apps that use the **Save As** dialog box might encrypt new files as corporate data unless a different file path is given during the original file creation. After this happens, decryption of work files becomes more difficult.
+
+    - **Prevent corporate data from being accessed by apps when the device is locked. Applies only to Windows 10 Mobile**. Determines whether to encrypt enterprise data using a key that's protected by an employee's PIN code on a locked device. Apps won't be able to read corporate data when the device is locked. The options are:
+	
+        - **Yes (recommended).** Turns on the feature and provides the additional protection.
+	
+        - **No, or not configured.**  Doesn't enable this feature.
+
+    - **Allow Windows Search to search encrypted corporate data and Store apps.** Determines whether Windows Search can search and index encrypted corporate data and Store apps. The options are:
+
+	    - **Yes.** Allows Windows Search to search and index encrypted corporate data and Store apps.
+
+	    - **No, or not configured (recommended).** Stops Windows Search from searching and indexing encrypted corporate data and Store apps.
+
+    - **Revoke local encryption keys during the unerollment process.** Determines whether to revoke a user’s local encryption keys from a device when it’s unenrolled from Windows Information Protection. If the encryption keys are revoked, a user no longer has access to encrypted corporate data. The options are:
+
+        - **Yes, or not configured (recommended).** Revokes local encryption keys from a device during unenrollment.
+        
+        - **No.** Stop local encryption keys from being revoked from a device during unenrollment. For example, if you’re migrating between Mobile Device Management (MDM) solutions.
+
+2. After you pick all of the settings you want to include, click **Summary**.
+
+### Review your configuration choices in the Summary screen
+After you've finished configuring your policy, you can review all of your info on the **Summary** screen.
+
+**To view the Summary screen**
+- Click the **Summary** button to review your policy choices, and then click **Next** to finish and to save your policy.
+
+    ![Create Configuration Item wizard, Summary screen for all of your policy choices](images/wip-sccm-summaryscreen.png)
+ 
+    A progress bar appears, showing you progress for your policy. After it's done, click **Close** to return to the **Configuration Items** page.
+
+
+## Deploy the WIP policy
+After you’ve created your WIP policy, you'll need to deploy it to your organization's devices. For info about your deployment options, see these topics:
+- [Operations and Maintenance for Compliance Settings in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=708224)
+- [How to Create Configuration Baselines for Compliance Settings in Configuration Manager]( https://go.microsoft.com/fwlink/p/?LinkId=708225)
+- [How to Deploy Configuration Baselines in Configuration Manager]( https://go.microsoft.com/fwlink/p/?LinkId=708226)
+
+## Related topics
+- [System Center Configuration Manager and Endpoint Protection (Version 1606)](https://go.microsoft.com/fwlink/p/?LinkId=717372)
+- [TechNet documentation for Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=691623)
+- [Manage mobile devices with Configuration Manager and Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=691624)
\ No newline at end of file
diff --git a/windows/keep-secure/create-wmi-filters-for-the-gpo.md b/windows/keep-secure/create-wmi-filters-for-the-gpo.md
index f4b066d3e1..3cbb5be9a5 100644
--- a/windows/keep-secure/create-wmi-filters-for-the-gpo.md
+++ b/windows/keep-secure/create-wmi-filters-for-the-gpo.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To make sure that each GPO associated with a group can only be applied to devices running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each device.
 
diff --git a/windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md b/windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md
index fdf497e545..6d70cbad2b 100644
--- a/windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md
+++ b/windows/keep-secure/creating-a-device-guard-policy-for-signed-apps.md
@@ -1,5 +1,5 @@
 ---
 title: Create a Device Guard code integrity policy based on a reference device (Windows 10)
-redirect_url: device-guard-deployment-guide.md
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/device-guard-deployment-guide
 ---
 
diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md
index 3974a748e2..55180bcbe5 100644
--- a/windows/keep-secure/credential-guard.md
+++ b/windows/keep-secure/credential-guard.md
@@ -6,15 +6,16 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: high
 author: brianlic-msft
 ---
 # Protect derived domain credentials with Credential Guard
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
-Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.
+Introduced in Windows 10 Enterprise and Windows Server 2016, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets.
 
 Credential Guard offers the following features and solutions:
 
@@ -35,10 +36,6 @@ Here's a high-level overview on how the LSA is isolated by using virtualization-
 
 ![Credential Guard overview](images/credguard.png)
 
-## New and changed functionality
-
-To see what was added or changed in Credential Guard, see [What's new in Credential Guard?](../whats-new/credential-guard.md).
-
 ## Hardware and software requirements
 
 The PC must meet the following hardware and software requirements to use Credential Guard:
@@ -90,7 +87,7 @@ The PC must meet the following hardware and software requirements to use Credent
 <td>TPM 2.0</td>
 </tr>
 <tr>
-<td>Windows 10 version 1511</td>
+<td>Windows 10 version 1511, Windows Server 2016, or later</td>
 <td>TPM 2.0 or TPM 1.2</td>
 </tr>
 </table>
@@ -109,7 +106,16 @@ The PC must meet the following hardware and software requirements to use Credent
 </tr>
 <tr class="odd">
 <td align="left"><p>Physical PC</p></td>
-<td align="left"><p>For PCs running Windows 10, you cannot run Credential Guard on a virtual machine.</p></td>
+<td align="left"><p>For PCs running Windows 10, version 1511 and Windows 10, version 1507, you cannot run Credential Guard on a virtual machine.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Virtual machine</p></td>
+<td align="left"><p>For PCs running Windows 10, version 1607 or Windows Server 2016, you can run Credential Guard on a Generation 2 virtual machine.</p></td>
+</tr>
+</tr>
+<tr class="even">
+<td align="left"><p>Hypervisor</p></td>
+<td align="left"><p>You must use the Windows hypervisor.</p></td>
 </tr>
 </tbody>
 </table>
@@ -139,14 +145,14 @@ If you would like to add Credential Guard to an image, you can do this by adding
 ### Add the virtualization-based security features
 
 First, you must add the virtualization-based security features. You can do this by using either the Control Panel or the Deployment Image Servicing and Management tool (DISM).
-> **Note:**  If you enable Credential Guard by using Group Policy, these steps are not required. Group Policy will install the features for you.
+> [!NOTE]  
+> If you enable Credential Guard by using Group Policy, these steps are not required. Group Policy will install the features for you.
  
 **Add the virtualization-based security features by using Programs and Features**
 1.  Open the Programs and Features control panel.
 2.  Click **Turn Windows feature on or off**.
-3.  Select the **Isolated User Mode** check box.
-4.  Go to **Hyper-V** -&gt; **Hyper-V Platform**, and then select the **Hyper-V Hypervisor** check box.
-5.  Click **OK**.
+3.  Go to **Hyper-V** -&gt; **Hyper-V Platform**, and then select the **Hyper-V Hypervisor** check box.
+4.  Click **OK**.
 
 **Add the virtualization-based security features to an offline image by using DISM**
 1.  Open an elevated command prompt.
@@ -154,12 +160,16 @@ First, you must add the virtualization-based security features. You can do this
     ``` syntax
     dism /image:<WIM file name> /Enable-Feature /FeatureName:Microsoft-Hyper-V-Hypervisor /all
     ```
-3.  Add Isolated User Mode by running the following command:
-    ``` syntax
-    dism /image:<WIM file name> /Enable-Feature /FeatureName:IsolatedUserMode
-    ```
-> **Note:**  You can also add these features to an online image by using either DISM or Configuration Manager.
- 
+
+> [!NOTE]  
+> You can also add these features to an online image by using either DISM or Configuration Manager.
+
+
+In Windows 10, version 1607 and Windows Server 2016, Isolated User Mode is included with Hyper-V and does not need to be installed separately. If you're running a version of Windows 10 that's earlier than Windows 10, version 1607, you can run the following command to install Isolated User Mode:
+
+``` syntax
+dism /image:<WIM file name> /Enable-Feature /FeatureName:IsolatedUserMode
+```
 ### Turn on Credential Guard
 
 If you don't use Group Policy, you can enable Credential Guard by using the registry.
@@ -176,36 +186,71 @@ If you don't use Group Policy, you can enable Credential Guard by using the regi
     -   Add a new DWORD value named **LsaCfgFlags**. Set the value of this registry setting to 1 to enable Credential Guard with UEFI lock, set it to 2 to enable Credential Guard without lock, and set it to 0 to disable it.
 4.  Close Registry Editor.
 
-> **Note:**  You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting.
+
+> [!NOTE]  
+> You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting.
+
+**Turn on Credential Guard by using the Device Guard and Credential Guard hardware readiness tool**
+
+You can also enable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
+
+```
+DG_Readiness_Tool_v2.0.ps1 -Enable -AutoReboot
+```
  
 ### Remove Credential Guard
 
 If you have to remove Credential Guard on a PC, you need to do the following:
 
 1.  If you used Group Policy, disable the Group Policy setting that you used to enable Credential Guard (**Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Device Guard** -&gt; **Turn on Virtualization Based Security**).
-2.  Delete the following registry setting: HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\LsaCfgFlags
+2.  Delete the following registry settings:
+    - HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Control\\LSA\LsaCfgFlags
+    - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\EnableVirtualizationBasedSecurity
+    - HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\DeviceGuard\\RequirePlatformSecurityFeatures
+
+    > [!IMPORTANT]  
+    > If you manually remove these registry settings, make sure to delete them all. If you don't remove them all, the device might go into BitLocker recovery.
+
 3.  Delete the Credential Guard EFI variables by using bcdedit.
 
 **Delete the Credential Guard EFI variables**
 
 1.  From an elevated command prompt, type the following commands:
     ``` syntax
+
     mountvol X: /s
+    
     copy %WINDIR%\System32\SecConfig.efi X:\EFI\Microsoft\Boot\SecConfig.efi /Y
+    
     bcdedit /create {0cb3b571-2f2e-4343-a879-d86a476d7215} /d "DebugTool" /application osloader
+    
     bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} path "\EFI\Microsoft\Boot\SecConfig.efi"
+    
     bcdedit /set {bootmgr} bootsequence {0cb3b571-2f2e-4343-a879-d86a476d7215}
+    
     bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO
+    
     bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} device partition=X:
+    
     mountvol X: /d
+    
     ```
 2.  Restart the PC.
 3.  Accept the prompt to disable Credential Guard.
 4.  Alternatively, you can disable the virtualization-based security features to turn off Credential Guard.
 
-> **Note: ** The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
+> [!NOTE]  
+> The PC must have one-time access to a domain controller to decrypt content, such as files that were encrypted with EFS. If you want to turn off both Credential Guard and virtualization-based security, run the following bcdedit command after turning off all virtualization-based security Group Policy and registry settings: bcdedit /set {0cb3b571-2f2e-4343-a879-d86a476d7215} loadoptions DISABLE-LSA-ISO,DISABLE-VBS
 
 For more info on virtualization-based security and Device Guard, see [Device Guard deployment guide](device-guard-deployment-guide.md).
+
+**Turn off Credential Guard by using the Device Guard and Credential Guard hardware readiness tool**
+
+You can also enable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
+
+```
+DG_Readiness_Tool_v2.0.ps1 -Disable -AutoReboot
+```
  
 ### Check that Credential Guard is running
 
@@ -218,6 +263,12 @@ You can use System Information to ensure that Credential Guard is running on a P
     Here's an example:
     
     ![System Information](images/credguard-msinfo32.png)
+
+You can also check that Credential Guard is running by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
+
+```
+DG_Readiness_Tool_v2.0.ps1 -Ready
+```
     
 ## Considerations when using Credential Guard
 
@@ -235,15 +286,20 @@ You can use System Information to ensure that Credential Guard is running on a P
 -   Passwords are still weak so we recommend that your organization deploy Credential Guard and move away from passwords and to other authentication methods, such as physical smart cards, virtual smart cards, Microsoft Passport, or Microsoft Passport for Work.
 -   Some 3rd party Security Support Providers (SSPs and APs) might not be compatible with Credential Guard. Credential Guard does not allow 3rd party SSPs to ask for password hashes from LSA. However, SSPs and APs still get notified of the password when a user logs on and/or changes their password. Any use of undocumented APIs within custom SSPs and APs are not supported. We recommend that custom implementations of SSPs/APs are tested against Credential Guard to ensure that the SSPs and APs do not depend on any undocumented or unsupported behaviors. For example, using the KerbQuerySupplementalCredentialsMessage API is not supported. You should not replace the NTLM or Kerberos SSPs with custom SSPs and APs. For more info, see [Restrictions around Registering and Installing a Security Package](http://msdn.microsoft.com/library/windows/desktop/dn865014.aspx) on MSDN.
 -   As the depth and breadth of protections provided by Credential Guard are increased, subsequent releases of Windows 10 with Credential Guard running may impact scenarios that were working in the past. For example, Credential Guard may block the use of a particular type of credential or a particular component to prevent malwar efrom taking advantage of vulnerabilities. Therefore, we recommend that scenarios required for operations in an organization are tested before upgrading a device that has Credential Guard running.
--   If you are using Wi-Fi and VPN end points that are based on MS-CHAPv2, they are subject to similar attacks as NTLMv1. We recommend that organizations use certificated-based authentication for Wi-Fi and VPN connections.
+
 -   Starting with Windows 10, version 1511, domain credentials that are stored with Credential Manager are protected with Credential Guard. Credential Manager allows you to store credentials, such as user names and passwords that you use to log on to websites or other computers on a network. The following considerations apply to the Credential Guard protections for Credential Manager:
     -   Credentials saved by Remote Desktop Services cannot be used to remotely connect to another machine without supplying the password. Attempts to use saved credentials will fail, displaying the error message "Logon attempt failed".
     -   Applications that extract derived domain credentials from Credential Manager will no longer be able to use those credentials.
     -   You cannot restore credentials using the Credential Manager control panel if the credentials were backed up from a PC that has Credential Guard turned on. If you need to back up your credentials, you must do this before you enable Credential Guard. Otherwise, you won't be able to restore those credentials.
+    - Credential Guard uses hardware security so some features, such as Windows To Go, are not supported.
+
+### NTLM & CHAP Considerations
+
+When you enable Credential Guard, you can no longer use NTLM v1 authentication. If you are using WiFi and VPN endpoints that are based on MS-CHAPv2, they are subject to similar attacks as NTLMv1. We recommend that organizations use certificated-based authentication for WiFi and VPN connections.
 
 ### Kerberos Considerations
 
-When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead.
+When you enable Credential Guard, you can no longer use Kerberos unconstrained delegation or DES encryption. Unconstrained delegation could allow attackers to extract Kerberos keys from the isolated LSA process. You must use constrained or resource-based Kerberos delegation instead.
     
 ## Scenarios not protected by Credential Guard
 
@@ -251,7 +307,7 @@ Some ways to store credentials are not protected by Credential Guard, including:
 
 -   Software that manages credentials outside of Windows feature protection
 -   Local accounts and Microsoft Accounts
--   Credential Guard does not protect the Active Directory database running on Windows Server 2016 Technical Preview domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 Technical Preview servers running Remote Desktop Gateway. If you're using a Windows Server 2016 Technical Preview server as a client PC, it will get the same protection as it would be running Windows 10 Enterprise.
+-   Credential Guard does not protect the Active Directory database running on Windows Server 2016 domain controllers. It also does not protect credential input pipelines, such as Windows Server 2016 servers running Remote Desktop Gateway. If you're using a Windows Server 2016 server as a client PC, it will get the same protection as it would be running Windows 10 Enterprise.
 -   Key loggers
 -   Physical attacks
 -   Does not prevent an attacker with malware on the PC from using the privileges associated with any credential. We recommend using dedicated PCs for high value accounts, such as IT Pros and users with access high value assets in your organization.
@@ -264,34 +320,39 @@ Some ways to store credentials are not protected by Credential Guard, including:
 
 Credential Guard can provide mitigations against attacks on derived credentials and prevent the use of stolen credentials elsewhere. However, PCs can still be vulnerable to certain attacks, even if the derived credentials are protected by Credential Guard. These attacks can include abusing privileges and use of derived credentials directly from a compromised device, reusing previously stolen credentials prior to Device Guard, and abuse of management tools and weak application configurations. Because of this, additional mitigations also need to be deployed to make the domain environment more robust.
 
-Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. By deploying authentication policies with compound authentication in Windows Server 2012 R2 or later domains, users can be restricted to only sign on from specific domain-joined devices. However, since devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, authentication policies can require that the device authenticates with its private key. This prevents shared secrets on stolen devices to be used with stolen user passwords or Kerberos secret keys to sign on as the user.
+### Restricting domain users to specific domain-joined devices
 
-Device certificate authentication has the following requirements:
+Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign on multiple devices then any device could be used to steal credentials. How do you ensure that users only sign on with devices with Credential Guard? By deploying authentication policies which restrict them to specific domain-joined device that have been configured with Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used.
 
--   Device domains are Windows Server 2012 or higher and all domain controllers have certificates, which satisfy strict KDC validation (KDC EKU present and the DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension).
+#### Kerberos armoring
+
+Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks. 
+
+**To enable Kerberos armoring for restricting domain users to specific domain-joined devices**
+
+-   Users need to be in domains which are running Windows Server 2012 R2 or higher
+-   All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**.
+-   All the devices with Credential Guard which the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Kerberos**.
+
+#### Protecting domain-joined device secrets
+
+Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices which authenticate using those certificates. This prevents shared secrets on stolen from the device to be used with stolen user credentials to sign on as the user.
+
+Domain-joined device certificate authentication has the following requirements:
+-   Devices' accounts are in Windows Server 2012 domain funcational level or higher domains.
+-   All domain controllers in those domains have KDC certificates which satisfy strict KDC validation certificate requirements:
+    -   KDC EKU present
+    -   DNS domain name matches the DNSName field of the SubjectAltName (SAN) extension
 -   Windows 10 devices have the CA issuing the domain controller certificates in the enterprise store.
 -   A process is established to ensure the identity and trustworthiness of the device in a similar manner as you would establish the identity and trustworthiness of a user before issuing them a smartcard.
 
-### Additional Group Policy settings
+##### Deploying domain-joined device certificates
 
-There are a few Group Policy settings that you can enable that provide more protection against credential attacks:
+To guarantee that certificates with the issuance policy required are only on the devices these users must use, they must be deployed manually on each device. The same security procedures used for issuing smart cards to users should be applied to device certificates.
 
--   On the domain controllers, configure the KDC support for claims, compound authentication, and Kerberos armoring system by using Group Policy. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**.
--   On devices running Windows 10, you can turn it on by using Group Policy as well. To do this, enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** & **Always send compound authentication first system** Group Policy settings under **Computer Configuration** -&gt; **Administrative Templates** -&gt; **System** -&gt; **Kerberos**.
+For example, let's say you wanted to use the High Assurance policy only on these devices. Using a Windows Server Enterprise certificate authority, you would create a new template.
 
-### Compound authentication
-
-Compound authentication adds the device identity to the user’s during authentication to the domain and resources. Without compound authentication, only the user’s secrets are validated. With compound authentication, the Kerberos client has to have both the user’s and device’s secrets.
-Enabling compound authentication also enables Kerberos armoring, which provides two additional benefits:
-
--   User authentication on domain-joined devices will be armored. This means that network captures will contain encrypted Kerberos initial authentication. Without the appropriate device key, Kerberos AS-REQs are protected against offline dictionary attacks.
--   KDC errors are signed, which provides protection against error spoofing attacks.
-
-### Deploying machine certificates
-
-If the domain controllers in your organization are running Windows Server 2016 Technical Preview, devices running Windows 10 will automatically enroll a machine certificate when Credential Guard is enabled and the PC is joined to the domain.
-If the domain controllers are running Windows Server 2012 R2, the machine certificates must be provisioned manually on each device. You can do this by creating a certificate template on the domain controller or certificate authority and deploying the machine certificates to each device.
-The same security procedures used for issuing smart cards to users should be applied to machine certificates.
+**Creating a new certificate template**
 
 1.  From the Certificate Manager console, right-click **Certificate Templates**, and then click **Manage.**
 2.  Right-click **Workstation Authentication**, and then click **Duplicate Template**.
@@ -305,56 +366,81 @@ The same security procedures used for issuing smart cards to users should be app
 8.  Under **Issuance Policies**, click**High Assurance**.
 9.  On the **Subject name** tab, clear the **DNS name** check box, and then select the **User Principal Name (UPN)** check box.
 
-On devices that are running Credential Guard, enroll the devices using the machine authentication certificate by running the following command:
+Then on the devices that are running Credential Guard, enroll the devices using the certificate you just created.
+
+**Enrolling devices in a certificate**
+
+Run the following command:
 ``` syntax
 CertReq -EnrollCredGuardCert MachineAuthentication
 ```
-> **Note:**  You must restart the device after enrolling the machine authentication certificate.
- 
-### Link the issuance policies to a group
 
-By using an authentication policy, you can ensure that users only sign into devices that are running Credential Guard. Before you deploy the authentication policy though, you must first run a couple of scripts that set up your environment.
+> [!NOTE]  
+> You must restart the device after enrolling the machine authentication certificate.
+ 
+#### How a certificate issuance policy can be used for access control
+
+Beginning with the Windows Server 2008 R2 domain functional level, domain controllers support for authentication mechanism assurance provides a way to map certificate issuance policy OIDs to universal security groups. Windows Server 2012 domain controllers with claim support can map them to claims. To learn more about authentication mechanism assurance, see [Authentication Mechanism Assurance for AD DS in Windows Server 2008 R2 Step-by-Step Guide](https://technet.microsoft.com/en-us/library/dd378897(v=ws.10).aspx) on TechNet.
+
+**To see the issuance policies available**
+
 -   The [get-IssuancePolicy.ps1](#bkmk-getscript) shows all of the issuance policies that are available on the certificate authority.
     From a Windows PowerShell command prompt, run the following command:
+
     ``` syntax
     .\get-IssuancePolicy.ps1 –LinkedToGroup:All
     ```
+
+**To link a issuance policy to a universal security group**
+
 -   The [set-IssuancePolicyToGroupLink.ps1](#bkmk-setscript) creates a Universal security group, creates an organizational unit, and links the issuance policy to that Universal security group.
     From a Windows PowerShell command prompt, run the following command:
+
     ``` syntax
-    .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:”<name of issuance policy>” –groupOU:”<Name of OU to create>” –groupName:”<name of Universal security group to create>”
+    .\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"<name of issuance policy>" –groupOU:"<Name of OU to create>" –groupName:”<name of Universal security group to create>"
     ```
-### Deploy the authentication policy
 
-Before setting up the authentication policy, you should log any failed attempt to apply an authentication policy on the KDC. To do this in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**.
+#### Restricting user sign on
 
-Now you can set up an authentication policy to use Credential Guard.
+So we now have the following:
 
-**To add an authentication policy for Credential Guard**
+-   Created a special certificate issuance policy to identify devices which meet the deployment criteria required for the user to be able to sign on
+-   Mapped that policy to a universal security group or claim
+-   Provided a way for domain controllers to get the device authorization data during user sign on using Kerberos armoring-   
+so what is left to do is configuring the access check on the domain controllers. This is done with authentication policies.
 
-1.  Ensure that your domain controllers are running at least the Windows Server 2012 R2 domain functional level.
-2.  Create a security group that will be used to identify the PCs that will have this authentication policy applied to them.
-3.  Add the computer account to this security group.
-4.  Open Active Directory Administrative Center.
-5.  Click **Authentication**, click **New**, and then click **Authentication Policy**.
-6.  In the **Display name** box, enter a name for this authentication policy.
-7.  Under the **Accounts** heading, click **Add**.
-8.  In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account, and then click **OK**.
-9.  Under the **User** heading, click the **Edit** button that applies to user account.
-10. Click **Add a condition**.
-11. In the **Edit Access Control Conditions** box, ensure that it reads **User** &gt; **Group** &gt; **Member of each** &gt; **Value**, and then click **Add items**.
-12. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the security group that you created with the set-IssuancePolicyToGroupLink script, and then click **OK**.
-13. Click **OK** to close the **Edit Access Control Conditions** box.
-14. Click **OK** to create the authentication policy.
-15. Close Active Directory Administrative Center.
+Authentication policies have the following requirements:
+-   User accounts are in a Windows Server 2012 domain functional level or higher domain.
 
-> **Note:**  When authentication policies in enforcement mode are deployed with Credential Guard, users will not be able to sign in using devices that do not have the machine authentication certificate provisioned. This applies to both local and remote sign in scenarios.
- 
-### Appendix: Scripts
+**Creating an authentication policy restricting to the specific universal security group**
+
+1.  Open Active Directory Administrative Center.
+2.  Click **Authentication**, click **New**, and then click **Authentication Policy**.
+3.  In the **Display name** box, enter a name for this authentication policy.
+4.  Under the **Accounts** heading, click **Add**.
+5.  In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the user account you with to restrict, and then click **OK**.
+6.  Under the **User Sign On** heading, click the **Edit** button.
+7. Click **Add a condition**.
+8. In the **Edit Access Control Conditions** box, ensure that it reads **User** &gt; **Group** &gt; **Member of each** &gt; **Value**, and then click **Add items**.
+9. In the **Select Users, Computers, or Service Accounts** dialog box, type the name of the universal security group that you created with the set-IssuancePolicyToGroupLink script, and then click **OK**.
+10. Click **OK** to close the **Edit Access Control Conditions** box.
+11. Click **OK** to create the authentication policy.
+12. Close Active Directory Administrative Center.
+
+> [!NOTE]  
+> When the authentication policy enforces policy restrictions, users will not be able to sign on using devices that do not have a certificate with the appropriate issuance policy deployed. This applies to both local and remote sign on scenarios. Therefore, it is strongly recommended to first only audit policy restrictions to ensure you don't have unexpected failures.
+
+#### Discovering authentication failures due to authentication policies
+
+To make tracking authentication failures due to authentication policies easier, an operational log exists with just those events. To enable the logs on the domain controllers, in Event Viewer, navigate to **Applications and Services Logs\\Microsoft\\Windows\\Authentication, right-click AuthenticationPolicyFailures-DomainController**, and then click **Enable Log**.
+
+To learn more about authentication policy events, see [Authentication Policies and Authentication Policy Silos](https://technet.microsoft.com/en-us/library/dn486813(v=ws.11).aspx).
+
+## Appendix: Scripts
 
 Here is a list of scripts that are mentioned in this topic.
 
-#### <a href="" id="bkmk-getscript"></a>Get the available issuance policies on the certificate authority
+### <a href="" id="bkmk-getscript"></a>Get the available issuance policies on the certificate authority
 
 Save this script file as get-IssuancePolicy.ps1.
 
@@ -542,9 +628,10 @@ write-host "There are no issuance policies which are not mapped to groups"
     }
 }
 ```
-> **Note:**  If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
+> [!NOTE]  
+> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
  
-#### <a href="" id="bkmk-setscript"></a>Link an issuance policy to a group
+### <a href="" id="bkmk-setscript"></a>Link an issuance policy to a group
 
 Save the script file as set-IssuancePolicyToGroupLink.ps1.
 
@@ -823,7 +910,8 @@ write-host $tmp -Foreground Red
 }
 ```
 
-> **Note:**  If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
+> [!NOTE]  
+> If you're having trouble running this script, try replacing the single quote after the ConvertFrom-StringData parameter.
  
 ## Related topics
 
diff --git a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
index 07afd4227c..8192f42f7f 100644
--- a/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/dashboard-windows-defender-advanced-threat-protection.md
@@ -8,17 +8,19 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # View the Windows Defender Advanced Threat Protection Dashboard
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
 The **Dashboard** displays a snapshot of:
 
 - The latest active alerts on your network
@@ -40,21 +42,21 @@ You can view the overall number of active ATP alerts from the last 30 days in yo
 
 Each group is further sub-categorized into their corresponding alert severity levels. Click the number of alerts inside each alert ring to see a sorted view of that category's queue (**New** or **In progress**).
 
-See the [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) topic for more information.
+For more information see, [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md).
 
-The **Latest ATP alerts** section includes the latest active alerts in your network. Each row includes an alert severity category and a short description of the alert. Click an alert to see its detailed view, or **Alerts queue** at the top of the list to go directly to the Alerts queue. See the [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) and [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md) topics for more information.
+The **Latest ATP alerts** section includes the latest active alerts in your network. Each row includes an alert severity category and a short description of the alert. Click an alert to see its detailed view, or **Alerts queue** at the top of the list to go directly to the Alerts queue. For more information see,  [Investigate Windows Defender Advanced Threat Protection alerts](investigate-alerts-windows-defender-advanced-threat-protection.md) and [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md).
 
 ## Machines at risk
-This tile shows you a list of machines with the highest number of active alerts. The total number of alerts for each machine is shown in a circle next to the machine name, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to its label).
+This tile shows you a list of machines with the highest number of active alerts. The total number of alerts for each machine is shown in a circle next to the machine name, and then further categorized by severity levels at the far end of the tile (hover over each severity bar to see its label).
 
 ![The Machines at risk tile shows a list of machines with the highest number of alerts, and a breakdown of the severity of the alerts](images/machines-at-risk.png)
 
-Click the name of the machine to see details about that machine. See the [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-a-machine) topic for more information.
+Click the name of the machine to see details about that machine. For more information see, [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-a-machine).
 
-You can also click **Machines view** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. See the [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) topic for more information.
+You can also click **Machines view** at the top of the tile to go directly to the **Machines view**, sorted by the number of active alerts. For more information see, [Investigate machines in the Windows Defender Advanced Threat Protection Machines view](investigate-machines-windows-defender-advanced-threat-protection.md).
 
 ## Status
-The **Status** tile informs you if the service is active and running and the specific number of machines (endpoints) reporting to Windows Defender ATP.
+The **Status** tile informs you if the service is active and running and the unique number of machines (endpoints) reporting over the past 30 days.
 
 ![The Status tile shows an overall indicator of the service and the total number of machines reporting to the service](images/status-tile.png)
 
@@ -66,7 +68,7 @@ The **Machines reporting** tile shows a bar graph that represents the number of
 ## Machines with active malware detections
 The **Machines with active malware detections** tile will only appear if your endpoints are using Windows Defender.
 
-Active malware is defined as threats that are actively executing at the time of detection.
+Active malware is defined as threats that were actively executing at the time of detection.
 
 Hover over each bar to see the number of active malware detections (as **Malware detections**) and the number of endpoints with at least one active detection (as **Machines**) over the past 30 days.
 
@@ -84,7 +86,8 @@ Threats are considered "active" if there is a very high probability that the mal
 
 Clicking on any of these categories will navigate to the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md), filtered by the appropriate category. This lets you see a detailed breakdown of which machines have active malware detections, and how many threats were detected per machine.
 
-> **Note**&nbsp;&nbsp;The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
+> [!NOTE]
+> The **Machines with active malware detections** tile will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
 
 ### Related topics
 - [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
index a5d2bec8ce..ad99762845 100644
--- a/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/data-storage-privacy-windows-defender-advanced-threat-protection.md
@@ -8,19 +8,23 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Windows Defender ATP data storage and privacy
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
 
 This section covers some of the most frequently asked questions regarding privacy and data handling for Windows Defender ATP.
-> **Note**&nbsp;&nbsp;This document covers the information specific to the Windows Defender ATP service. Other data shared and stored by Windows Defender and Windows 10 is covered under the [Microsoft Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement). See the [Windows 10 privacy FAQ for more information](http://windows.microsoft.com/en-au/windows-10/windows-privacy-faq).
+> [!NOTE]
+> This document explains the data storage and privacy details related to Windows Defender ATP. For more information related to Windows Defender ATP and other products and services like Windows Defender and Windows 10, see [Microsoft Privacy Statement](https://go.microsoft.com/fwlink/?linkid=827576). See also [Windows 10 privacy FAQ](https://go.microsoft.com/fwlink/?linkid=827577) for more information.
 
 ## What data does Windows Defender ATP collect?
 
@@ -28,7 +32,7 @@ Microsoft will collect and store information from your configured endpoints in a
 
 Information collected includes code file data (such as file names, sizes, and hashes), process data (running processes, hashes), registry data, network connection data (host IPs and ports), and machine details (such as GUIDs, names, and the operating system version).
 
-Microsoft stores this data in a Microsoft Azure security-specific data store, and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://azure.microsoft.com/en-us/support/trust-center/).
+Microsoft stores this data securely in Microsoft Azure and maintains it in accordance with Microsoft privacy practices and [Microsoft Trust Center policies](https://go.microsoft.com/fwlink/?linkid=827578).
 
 Microsoft uses this data to:
 - Proactively identify indicators of attack (IOAs) in your organization
@@ -39,10 +43,10 @@ Microsoft does not mine your data for advertising or for any other purpose other
 
 ## Do I have the flexibility to select where to store my data?
 
-Data for this new service is stored in Microsoft Azure datacenters in the United States and European Union based on the geolocation properties. Subject to the relevant preview program you may be able to specify your preferred geolocation when you onboard to the service. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations in which your data will reside. Microsoft will not transfer the data from the specified geolocation except in specific circumstances during the preview stage.
+When onboarding the service for the first time, you can choose to store your data in Microsoft Azure datacenters in Europe or United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. Microsoft will not transfer the data from the specified geolocation.
 
 ## Is my data isolated from other customer data?
-Yes. The new cloud service provides appropriate segregation at a number of levels, such as isolation of files, configurations, and telemetry data. Aside from data access authentication, simply keeping different data appropriately segregated provides well-recognized protection.
+Yes, your data is isolated through access authentication and logical segregation based on customer identifier. Each customer can only access data collected from its own organization and generic data that Microsoft provides.
 
 ## How does Microsoft prevent malicious insider activities and abuse of high privilege roles?
 
@@ -58,18 +62,13 @@ Additionally, Microsoft conducts background verification checks of certain opera
 No. Customer data is isolated from other customers and is not shared. However, insights on the data resulting from Microsoft processing, and which don’t contain any customer specific data, might be shared with other customers. Each customer can only access data collected from its own organization and generic data that Microsoft provides.
 
 ## How long will Microsoft store my data? What is Microsoft’s data retention policy?
-Your data privacy is one of Microsoft's key commitments for the cloud. For this service, at contract termination or expiration, your data will be erased from Microsoft’s systems to make it unrecoverable after 90 days (from contract termination or expiration).
+**At service onboarding**<br>
+You can choose the data retention policy for your data. This determines how long Window Defender ATP will store your data. There’s a flexibility of choosing in the range of 1 month to six months to meet your company’s regulatory compliance needs.
+
+**At contract termination or expiration**<br>
+Your data will be kept for a period of at least 90 days, during which it will be available to you. At the end of this period, that data will be erased from Microsoft’s systems to make it unrecoverable, no later than 180 days from contract termination or expiration.
+
 
 ## Can Microsoft help us maintain regulatory compliance?
 Microsoft provides customers with detailed information about Microsoft's security and compliance programs, including audit reports and compliance packages, to help customers assess Windows Defender ATP services against their own legal and regulatory requirements. Windows Defender ATP has a roadmap for obtaining national, regional and industry-specific certifications, starting with ISO 27001. The service is designed, implemented, and maintained according to the compliance and privacy principles of ISO 27001, as well as Microsoft’s compliance standards.
 By providing customers with compliant, independently-verified services, Microsoft makes it easier for customers to achieve compliance for the infrastructure and applications they run, including this new Microsoft cloud service.
-
-## Is there a difference between how Microsoft handles data for the preview programs and for General Availability?
-Subject to the preview program you are in, you could be asked to choose to store your data in a datacenter either in Europe or United States. Your data will not be copied or moved outside of the datacenter you choose, except in the following specific circumstance:
-
-1.	You choose Europe as your datacenter, and
-2.	You [submit a file for deep analysis](investigate-files-windows-defender-advanced-threat-protection.md#submit-files-for-analysis).
-
-In this circumstance, the submitted file will be sent to the US deep analysis laboratory. The results of the analysis will be stored in the European datacenter, and the file and data will be deleted from the US deep analysis laboratory and datacenter.
-
-This is a temporary measure as we work to integrate our deep analysis capabilities into the European datacenter. If you have any concerns or questions about submitting files for deep analysis and you are using a European datacenter, or if you’d like to be updated as to when the European deep analysis lab is online, email [winatp@microsoft.com](mailto:winatp@microsoft.com).
diff --git a/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md b/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md
new file mode 100644
index 0000000000..e3df30dc93
--- /dev/null
+++ b/windows/keep-secure/defender-compatibility-windows-defender-advanced-threat-protection.md
@@ -0,0 +1,33 @@
+---
+title: Windows Defender compatibility
+description: Learn about how Windows Defender works with Windows Defender ATP.
+keywords: windows defender compatibility, defender, windows defender atp
+search.product: eADQiWindows 10XVcnh
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.pagetype: security
+author: mjcaparas
+localizationpriority: high
+---
+
+# Windows Defender compatibility
+
+**Applies to:**
+
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
+- Windows Defender
+- Windows Defender Advanced Threat Protection (Windows Defender ATP)
+
+The Windows Defender Advanced Threat Protection agent depends on Windows Defender for some capabilities such as file scanning.
+
+If an onboarded endpoint is protected by a third-party antimalware client, Windows Defender on that endpoint will enter into passive mode.
+
+Windows Defender will continue to receive updates, and the *mspeng.exe* process will be listed as a running a service, but it will not perform scans and will not replace the running third-party antimalware client.
+
+The Windows Defender interface will be disabled, and users on the endpoint will not be able to use Windows Defender to perform on-demand scans or configure most options.
+
+For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](windows-defender-in-windows-10.md# compatibility-with-windows-defender-advanced-threat-protection).
diff --git a/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md b/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
index b5ecdf6702..0e2faeb18c 100644
--- a/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
+++ b/windows/keep-secure/deploy-applocker-policies-by-using-the-enforce-rules-setting.md
@@ -35,7 +35,7 @@ Rule enforcement is applied only to a collection of rules, not to individual rul
 
 ## Step 3: Update the policy
 
-You can edit an AppLocker policy by adding, changing, or removing rules. However, you cannot specify a version for the AppLocker policy by importing additional rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of GPOs. An example of this type of software is the [Advanced Group Policy Management](http://go.microsoft.com/fwlink/p/?LinkId=145013) feature from the 
+You can edit an AppLocker policy by adding, changing, or removing rules. However, you cannot specify a version for the AppLocker policy by importing additional rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of GPOs. An example of this type of software is the [Advanced Group Policy Management](https://go.microsoft.com/fwlink/p/?LinkId=145013) feature from the 
 Microsoft Desktop Optimization Pack.
 
 >**Caution:**  You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior.
diff --git a/windows/keep-secure/deploy-catalog-files-to-support-code-integrity-policies.md b/windows/keep-secure/deploy-catalog-files-to-support-code-integrity-policies.md
index a20497761c..2a41a2d649 100644
--- a/windows/keep-secure/deploy-catalog-files-to-support-code-integrity-policies.md
+++ b/windows/keep-secure/deploy-catalog-files-to-support-code-integrity-policies.md
@@ -4,6 +4,7 @@ description: This article describes how to deploy catalog files to support code
 keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 author: brianlic-msft
 ---
 
diff --git a/windows/keep-secure/deploy-code-integrity-policies-policy-rules-and-file-rules.md b/windows/keep-secure/deploy-code-integrity-policies-policy-rules-and-file-rules.md
index f9cae0de10..e61e798a6f 100644
--- a/windows/keep-secure/deploy-code-integrity-policies-policy-rules-and-file-rules.md
+++ b/windows/keep-secure/deploy-code-integrity-policies-policy-rules-and-file-rules.md
@@ -4,6 +4,7 @@ description: This article provides information about two elements in code integr
 keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 author: brianlic-msft
 ---
 
@@ -24,6 +25,7 @@ This topic includes the following sections:
 - [Overview of the process of creating code integrity policies](#overview-of-the-process-of-creating-code-integrity-policies): Helps familiarize you with the process described in this and related topics.
 - [Code integrity policy rules](#code-integrity-policy-rules): Describes one key element you specify in a policy, the *policy rules*, which control options such as audit mode or whether UMCI is enabled in a code integrity policy.
 - [Code integrity file rule levels](#code-integrity-file-rule-levels): Describes the other key element you specify in a policy, the *file rules* (or *file rule levels*), which specify the level at which applications will be identified and trusted.
+- [Example of file rule levels in use](#example-of-file-rule-levels-in-use): Gives an example of how file rule levels can be applied.
 
 ## Overview of the process of creating code integrity policies
 
@@ -78,11 +80,6 @@ File rule levels allow administrators to specify the level at which they want to
 
 Each file rule level has its benefit and disadvantage. Use Table 3 to select the appropriate protection level for your available administrative resources and Device Guard deployment scenario.
 
-<!-- Need to confirm these updated table rows:
-    | **SignedVersion** | This combines the publisher rule with a version number. This option allows anything from the specified publisher, with a version at or above the specified version number, to run. |
-    | **FilePublisher** | This is a combination of the “FileName” attribute of the signed file, plus “Publisher” (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number. |
---> 
-
 Table 3. Code integrity policy - file rule levels
 
 | Rule level | Description |
@@ -99,10 +96,20 @@ Table 3. Code integrity policy - file rule levels
 | **WHQLPublisher** | This is a combination of the WHQL and the CN on the leaf certificate and is primarily for kernel binaries. |
 | **WHQLFilePublisher** | Specifies that the binaries are validated and signed by WHQL, with a specific publisher (WHQLPublisher), and that the binary is the specified version or newer. This is primarily for kernel binaries. |
 
-> **Note**&nbsp;&nbsp;When you create code integrity policies with the [New-CIPolicy](https://technet.microsoft.com/library/mt634473.aspx) cmdlet, you can specify a primary file rule level by including the **–Level** parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the **–Fallback** parameter. For example, if the primary file rule level is PCACertificate but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate.
+> **Note**&nbsp;&nbsp;When you create code integrity policies with the [New-CIPolicy](https://technet.microsoft.com/library/mt634473.aspx) cmdlet, you can specify a primary file rule level by including the **-Level** parameter. For discovered binaries that cannot be trusted based on the primary file rule criteria, use the **-Fallback** parameter. For example, if the primary file rule level is PCACertificate but you would like to trust the unsigned applications as well, using the Hash rule level as a fallback adds the hash values of binaries that did not have a signing certificate.
+
+## Example of file rule levels in use
+
+For example, consider some IT professionals in a department that runs many servers. They decide they want their servers to run only software signed by the providers of their software and drivers, that is, the companies that provide their hardware, operating system, antivirus, and other important software. They know that their servers also run an internally written application that is unsigned but is rarely updated. They want to allow this application to run.
+
+To create the code integrity policy, they build a reference server on their standard hardware, and install all of the software that their servers are known to run. Then they run [New-CIPolicy](https://technet.microsoft.com/library/mt634473.aspx) with **-Level Publisher** (to allow software from their software providers, the "Publishers") and **-Fallback Hash** (to allow the internal, unsigned application). They enable the policy in auditing mode and gather information about any necessary software that was not included on the reference server. They merge code integrity policies into the original policy to allow that additional software to run. Then they enable the code integrity policy in enforced mode for their servers.
+
+As part of normal operations, they will eventually install software updates, or perhaps add software from the same software providers. Because the "Publisher" remains the same on those updates and software, they will not need to update their code integrity policy. If they come to a time when the internally-written, unsigned application must be updated, they must also update the code integrity policy so that the hash in the policy matches the hash of the updated internal application.
+
+They could also choose to create a catalog that captures information about the unsigned internal application, then sign and distribute the catalog. Then the internal application could be handled by code integrity policies in the same way as any other signed application. An update to the internal application would only require that the catalog be regenerated, signed, and distributed (no restarts would be required).
+
 
 ## Related topics
 
 - [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats)
 - [Deploy code integrity policies: steps](deploy-code-integrity-policies-steps.md)
-
diff --git a/windows/keep-secure/deploy-code-integrity-policies-steps.md b/windows/keep-secure/deploy-code-integrity-policies-steps.md
index d9fa657c72..2febd90862 100644
--- a/windows/keep-secure/deploy-code-integrity-policies-steps.md
+++ b/windows/keep-secure/deploy-code-integrity-policies-steps.md
@@ -4,6 +4,7 @@ description: This article describes how to deploy code integrity policies, one o
 keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 author: brianlic-msft
 ---
 
diff --git a/windows/keep-secure/deploy-device-guard-deploy-code-integrity-policies.md b/windows/keep-secure/deploy-device-guard-deploy-code-integrity-policies.md
index 02ce631862..17169f4a98 100644
--- a/windows/keep-secure/deploy-device-guard-deploy-code-integrity-policies.md
+++ b/windows/keep-secure/deploy-device-guard-deploy-code-integrity-policies.md
@@ -4,6 +4,7 @@ description: This article, and the articles it links to, describe how to create
 keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 author: brianlic-msft
 ---
 
diff --git a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md
index 9eda4d82c8..bf63f5df7f 100644
--- a/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md
+++ b/windows/keep-secure/deploy-device-guard-enable-virtualization-based-security.md
@@ -4,6 +4,7 @@ description: This article describes how to enable virtualization-based security,
 keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 author: brianlic-msft
 ---
 
@@ -13,38 +14,47 @@ author: brianlic-msft
 -   Windows 10
 -   Windows Server 2016
 
-Hardware-based security features, also called virtualization-based security or VBS, make up a large part of Device Guard security offerings. VBS reinforces the most important feature of Device Guard: configurable code integrity. There are three steps to configure hardware-based security features in Device Guard:
+Hardware-based security features, also called virtualization-based security or VBS, make up a large part of Device Guard security offerings. VBS reinforces the most important feature of Device Guard: configurable code integrity. There are a few steps to configure hardware-based security features in Device Guard:
 
-1.  **Verify that hardware and firmware requirements are met**. Verify that your client computers possess the necessary hardware and firmware to run these features. A list of requirements for hardware-based security features is available in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard).
+1.  **Decide whether to use the procedures in this topic, or to use the Device Guard readiness tool**. To enable VBS, you can download and use [the hardware readiness tool on the Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or follow the procedures in this topic.
 
-2.  **Enable the necessary Windows features**. There are several ways to enable the Windows features required for hardware-based security. For details, see the following section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security).
+2.  **Verify that hardware and firmware requirements are met**. Verify that your client computers possess the necessary hardware and firmware to run these features. A list of requirements for hardware-based security features is available in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard).
 
-3.  **Enable additional features as desired**. When the necessary Windows features have been enabled, you can enable additional hardware-based security features as desired. For more information, see the following sections in this topic:
+3.  **Enable the necessary Windows features**. There are several ways to enable the Windows features required for hardware-based security. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see the following section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security).
 
-    - [Enable Unified Extensible Firmware Interface Secure Boot](#enable-unified-extensible-firmware-interface-secure-boot)
-    - [Enable virtualization-based security for kernel-mode code integrity](#enable-virtualization-based-security-for-kernel-mode-code-integrity)
+4.  **Enable additional features as desired**. When the necessary Windows features have been enabled, you can enable additional hardware-based security features as desired. You can use the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337), or see [Enable virtualization-based security (VBS)](#enable-virtualization-based-security-vbs), later in this topic. 
 
 For information about enabling Credential Guard, see [Protect derived domain credentials with Credential Guard](credential-guard.md).
 
 ## Windows feature requirements for virtualization-based security
 
-In addition to the hardware requirements found in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard), you must enable certain operating system features before you can enable VBS: Microsoft Hyper-V and isolated user mode (shown in Figure 1).
+In addition to the hardware requirements found in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard), you must enable certain operating system features before you can enable VBS:
+
+- With Windows 10, version 1607 or Windows Server 2016:<br> 
+Hyper-V Hypervisor  (shown in Figure 1).
+
+- With an earlier version of Windows 10, or Windows Server 2016 Technical Preview 5 or earlier:<br> 
+Hyper-V Hypervisor and Isolated User Mode (not shown).
 
 > **Note**&nbsp;&nbsp;You can configure these features manually by using Windows PowerShell or Deployment Image Servicing and Management. For specific information about these methods, see [Protect derived domain credentials with Credential Guard](credential-guard.md).
  
 ![Turn Windows features on or off](images/dg-fig1-enableos.png)
 
-Figure 1. Enable operating system features for VBS
+Figure 1. Enable operating system feature for VBS
 
-After you enable these features, you can configure any additional hardware-based security features you want. The following sections provide more information:
-- [Enable Unified Extensible Firmware Interface Secure Boot](#enable-unified-extensible-firmware-interface-secure-boot)
-- [Enable virtualization-based security for kernel-mode code integrity](#enable-virtualization-based-security-for-kernel-mode-code-integrity)
+After you enable the feature or features, you can enable VBS for Device Guard, as described in the following sections.
 
-## Enable Unified Extensible Firmware Interface Secure Boot
+## Enable Virtualization Based Security (VBS)
 
-Before you begin this process, verify that the target device meets the hardware requirements for UEFI Secure Boot that are laid out in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard). There are two options to configure UEFI Secure Boot: manual configuration of the appropriate registry keys and Group Policy deployment. Complete the following steps to manually configure UEFI Secure Boot on a computer running Windows 10.
+Before you begin this process, verify that the target device meets the hardware and firmware requirements for the features that you want, as described in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard). Also, confirm that you have enabled the Windows features discussed in the previous section, [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security).
 
-> **Note**&nbsp;&nbsp;There are two platform security levels for Secure Boot: stand-alone Secure Boot and Secure Boot with DMA protection. DMA protection provides additional memory protection but will be enabled only on systems whose processors include input/output memory management units (IOMMUs). Protection against driver-based attacks is provided only on systems that have IOMMUs and that have DMA protection enabled.
+There are multiple ways to configure VBS features for Device Guard. You can use the [readiness tool](https://www.microsoft.com/en-us/download/details.aspx?id=53337) rather than the procedures in this topic, or you can use the following procedures, either to configure the appropriate registry keys manually or to use Group Policy.
+
+> **Important**&nbsp;&nbsp;
+> - The settings in the following procedure include **Secure Boot** and **Secure Boot with DMA**. In most situations we recommend that you simply choose **Secure Boot**. This option provides secure boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have secure boot with DMA protection. A computer without IOMMUs will simply have secure boot enabled.<br>In contrast, with **Secure Boot with DMA**, the setting will enable secure boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS (hardware-based) protection, although it can still have code integrity policies enabled.<br>For information about how VBS uses the hypervisor to strengthen protections provided by a code integrity policy, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).<br>
+> - All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable these features on a group of test computers before you enable them on users' computers.
+
+**To configure VBS manually**
 
 1.  Navigate to the **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard** registry subkey.
 
@@ -52,25 +62,31 @@ Before you begin this process, verify that the target device meets the hardware
 
 3.  Set the **RequirePlatformSecurityFeatures DWORD** value as appropriate:
 
-    -   Set this value to **1** to enable the **Secure Boot** option.
+    | **With Windows 10, version 1607, <br>or Windows Server 2016** | **With an earlier version of Windows 10, <br>or Windows Server 2016 Technical Preview 5 or earlier** |
+    | ---------------- | ---------------- |
+    | **1** enables the **Secure Boot** option<br>**3** enables the **Secure Boot and DMA protection** option | **1** enables the **Secure Boot** option<br>**2** enables the **Secure Boot and DMA protection** option |
 
-    -   Set this value to **2** to enable the **Secure Boot with DMA Protection** option.
+4. With a supported operating system earlier than Windows 10, version 1607, or Windows Server 2016, skip this step, and remain in the same registry subkey.
 
-4.  Restart the client computer.
+    With Windows 10, version 1607, or Windows Server 2016, navigate to **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard\\Scenarios**.
 
-Unfortunately, it would be time consuming to perform these steps manually on every protected computer in your enterprise. Group Policy offers a much simpler way to deploy UEFI Secure Boot to your organization. This example creates a test organizational unit (OU) called *DG Enabled PCs*. If you want, you can instead link the policy to an existing OU, and then scope the GPO by using appropriately named computer security groups.
+5. Set the **HypervisorEnforcedCodeIntegrity DWORD** value to **1**.
 
-> **Note**&nbsp;&nbsp;We recommend that you test-enable this feature on a group of test computers before you deploy it to users' computers.
+6.  Restart the client computer.
 
-### Use Group Policy to deploy Secure Boot
+Unfortunately, it would be time consuming to perform these steps manually on every protected computer in your enterprise. Group Policy offers a much simpler way to deploy these features to your organization. This example creates a test organizational unit (OU) called *DG Enabled PCs*. If you want, you can instead link the policy to an existing OU, and then scope the GPO by using appropriately named computer security groups.
+
+> **Note**&nbsp;&nbsp;We recommend that you test-enable these features on a group of test computers before you enable them on users' computers. If untested, there is a possibility that this feature can cause system instability and ultimately cause the client operating system to fail.
+
+### Use Group Policy to enable VBS
 
 1.  To create a new GPO, right-click the OU to which you want to link the GPO, and then click **Create a GPO in this domain, and Link it here**.
 
     ![Group Policy Management, create a GPO](images/dg-fig2-createou.png)
 
-    Figure 5. Create a new OU-linked GPO
+    Figure 2. Create a new OU-linked GPO
 
-2.  Give the new GPO a name, for example, **Contoso Secure Boot GPO Test**, or any name you prefer. Ideally, the name will align with your existing GPO naming convention.
+2.  Give the new GPO a name, for example, **Contoso VBS settings GPO Test**, or any name you prefer. Ideally, the name will align with your existing GPO naming convention.
 
 3.  Open the Group Policy Management Editor: right-click the new GPO, and then click **Edit**.
 
@@ -78,71 +94,34 @@ Unfortunately, it would be time consuming to perform these steps manually on eve
 
     ![Edit the group policy for Virtualization Based Security](images/dg-fig3-enablevbs.png)
 
-    Figure 6. Enable VBS
+    Figure 3. Enable VBS
 
-5.  Select the **Enabled** option, and then select **Secure Boot and DMA Protection** from the **Select Platform Security Level** list.
+5.  Select the **Enabled** button, and then choose a secure boot option, such as **Secure Boot**, from the **Select Platform Security Level** list.
 
     ![Group Policy, Turn On Virtualization Based Security](images/device-guard-gp.png)
 
-    Figure 7. Enable Secure Boot
+    Figure 4. Configure VBS, Secure Boot setting (in Windows 10, version 1607)
 
-    > **Note**&nbsp;&nbsp;Device Guard Secure Boot is maximized when combined with DMA protection. If your hardware contains the IOMMUs required for DMA protection, be sure to select the **Secure Boot and DMA Protection** platform security level. If your hardware does not contain IOMMUs, there are several mitigations provided by leveraging Secure Boot without DMA Protection.
+    > **Important**&nbsp;&nbsp;These settings include **Secure Boot** and **Secure Boot with DMA**. In most situations we recommend that you choose **Secure Boot**. This option provides secure boot with as much protection as is supported by a given computer’s hardware. A computer with input/output memory management units (IOMMUs) will have secure boot with DMA protection. A computer without IOMMUs will simply have secure boot enabled.<br>In contrast, with **Secure Boot with DMA**, the setting will enable secure boot—and VBS itself—only on a computer that supports DMA, that is, a computer with IOMMUs. With this setting, any computer without IOMMUs will not have VBS (hardware-based) protection, although it can have code integrity policies enabled.<br>For information about how VBS uses the hypervisor to strengthen protections provided by a code integrity policy, see [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats).
 
-6.  Close the Group Policy Management Editor, and then restart the Windows 10 test computer. After you configure this setting, UEFI Secure Boot will be enabled upon restart.
+6. For **Virtualization Based Protection of Code Integrity**, select the appropriate option:
 
-7.  Check the test computer’s event log for Device Guard GPOs.
+    - With Windows 10, version 1607 or Windows Server 2016, choose an appropriate option:<br>For an initial deployment or test deployment, we recommend **Enabled without lock**.<br>When your deployment is stable in your environment, we recommend changing to **Enabled with lock**. This option helps protect the registry from tampering, either through malware or by an unauthorized person.
 
-    Processed Device Guard policies are logged in event viewer at **Applications and Services Logs\\Microsoft\\Windows\\DeviceGuard-GPEXT\\Operational**. When the **Turn On Virtualization Based Security** policy is successfully processed, event ID 7000 is logged, which contains the selected settings within the policy.
-
-## Enable virtualization-based security for kernel-mode code integrity
-
-Before you begin this process, verify that the desired computer meets the hardware requirements for VBS found in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard), and enable the Windows features discussed in the [Windows feature requirements for virtualization-based security](#windows-feature-requirements-for-virtualization-based-security) section. When validated, you can enable virtualization-based protection of KMCI in one of two ways: manual configuration of the appropriate registry subkeys and Group Policy deployment.
-
-> **Note**&nbsp;&nbsp;All drivers on the system must be compatible with virtualization-based protection of code integrity; otherwise, your system may fail. We recommend that you enable this feature on a group of test computers before you enable it on users' computers.
-
-**To configure virtualization-based protection of KMCI manually:**
-
-1.  Navigate to the **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\DeviceGuard** registry subkey.
-
-2.  Set the **HypervisorEnforcedCodeIntegrity DWORD** value to **1**.
-
-3.  Restart the client computer.
-
-It would be time consuming to perform these steps manually on every protected computer in your enterprise. Instead, use Group Policy to deploy virtualization-based protection of KMCI. This example creates a test OU called *DG Enabled PCs*, which you will use to link the GPO. If you prefer to link the policy to an existing OU rather than create a test OU and scope the policy by using appropriately named computer security groups, that is another option.
-
-> **Note**&nbsp;&nbsp;We recommend that you test-enable this feature on a group of test computers before you deploy it to users' computers. If untested, there is a possibility that this feature can cause system instability and ultimately cause the client operating system to fail.
-
-**To use Group Policy to configure VBS of KMCI:**
-
-1.  Create a new GPO: Right-click the OU to which you want to link the GPO, and then click **Create a GPO in this domain, and Link it here**.
-
-    ![Group Policy Management, create a GPO](images/dg-fig5-createnewou.png)
-
-    Figure 2. Create a new OU-linked GPO
-
-2.  Give the new GPO a name, for example, **Contoso VBS CI Protection GPO Test**, or any name you prefer. Ideally, the name will align with your existing GPO naming convention.
-
-3.  Open the Group Policy Management Editor: Right-click the new GPO, and then click **Edit**.
-
-4.  Within the selected GPO, navigate to Computer Configuration\\Administrative Templates\\System\\Device Guard. Right-click **Turn On Virtualization Based Security**, and then click **Edit**.
-
-    ![Edit the group policy for Virtualization Based Security](images/dg-fig6-enablevbs.png)
-
-    Figure 3. Enable VBS
-
-5.  Select the **Enabled** option, and then select the **Enable Virtualization Based Protection of Code Integrity** check box.
+    - With earlier versions of Windows 10, or Windows Server 2016 Technical Preview 5 or earlier:<br>Select the **Enable Virtualization Based Protection of Code Integrity** check box.
 
     ![Group Policy, Turn On Virtualization Based Security](images/dg-fig7-enablevbsofkmci.png)
 
-    Figure 4. Enable VBS of KMCI
+    Figure 5. Configure VBS, Lock setting (in Windows 10, version 1607)
 
-6.  Close the Group Policy Management Editor, and then restart the Windows 10 test computer. With this setting configured, the VBS of the KMCI will take effect upon restart.
+7.  Close the Group Policy Management Editor, and then restart the Windows 10 test computer. The settings will take effect upon restart.
 
-7.  Check the test client event log for Device Guard GPOs.
+8.  Check the test computer’s event log for Device Guard GPOs.
 
-    Processed Device Guard policies are logged in event viewer under **Applications and Services Logs\\Microsoft\\Windows\\DeviceGuard-GPEXT\\Operational**. When the **Turn On Virtualization Based Security** policy has been successfully processed, event ID 7000 is logged, which contains the selected settings within the policy.
+    Processed Device Guard policies are logged in event viewer at **Applications and Services Logs\\Microsoft\\Windows\\DeviceGuard-GPEXT\\Operational**. When the **Turn On Virtualization Based Security** policy is successfully processed, event ID 7000 is logged, which contains the selected settings within the policy.
 
-**Validate enabled Device Guard hardware-based security features**
+
+### Validate enabled Device Guard hardware-based security features
 
 Windows 10 and Windows Server 2016 and later have a WMI class for Device Guard–related properties and features: *Win32\_DeviceGuard*. This class can be queried from an elevated Windows PowerShell session by using the following command:
 
@@ -176,7 +155,12 @@ Table 1. Win32\_DeviceGuard properties
 <li><p><strong>1.</strong> If present, hypervisor support is available.</p></li>
 <li><p><strong>2.</strong> If present, Secure Boot is available.</p></li>
 <li><p><strong>3.</strong> If present, DMA protection is available.</p></li>
-</ul></td>
+<li><p><strong>4.</strong> If present, Secure Memory Overwrite is available.</p></li>
+<li><p><strong>5.</strong> If present, NX protections are available.</p></li>
+<li><p><strong>6.</strong> If present, SMM mitigations are available.</p></li>
+</ul>
+<p><strong>Note</strong>: 4, 5, and 6 were added as of Windows 10, version 1607.</p>
+</td>
 </tr>
 <tr class="even">
 <td align="left"><strong>InstanceIdentifier</strong></td>
@@ -188,10 +172,15 @@ Table 1. Win32\_DeviceGuard properties
 <td align="left">This field describes the required security properties to enable virtualization-based security.</td>
 <td align="left"><ul>
 <li><p><strong>0.</strong> Nothing is required.</p></li>
-<li><p><strong>1.</strong> If present, Secure Boot is needed.</p></li>
-<li><p><strong>2.</strong> If present, DMA protection is needed.</p></li>
-<li><p><strong>3.</strong> If present, both Secure Boot and DMA protection are needed.</p></li>
-</ul></td>
+<li><p><strong>1.</strong> If present, hypervisor support is needed.</p></li>
+<li><p><strong>2.</strong> If present, Secure Boot is needed.</p></li>
+<li><p><strong>3.</strong> If present, DMA protection is needed.</p></li>
+<li><p><strong>4.</strong> If present, Secure Memory Overwrite is needed.</p></li>
+<li><p><strong>5.</strong> If present, NX protections are needed.</p></li>
+<li><p><strong>6.</strong> If present, SMM mitigations are needed.</p></li>
+</ul>
+<p><strong>Note</strong>: 4, 5, and 6 were added as of Windows 10, version 1607.</p>
+</td>
 </tr>
 <tr class="even">
 <td align="left"><strong>SecurityServicesConfigured</strong></td>
@@ -233,11 +222,11 @@ Table 1. Win32\_DeviceGuard properties
 </tbody>
 </table>
 
-Another method to determine the available and enabled Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Device Guard properties are displayed at the bottom of the **System Summary** section, as shown in Figure 11.
+Another method to determine the available and enabled Device Guard features is to run msinfo32.exe from an elevated PowerShell session. When you run this program, the Device Guard properties are displayed at the bottom of the **System Summary** section, as shown in Figure 6.
 
 ![Device Guard properties in the System Summary](images/dg-fig11-dgproperties.png)
 
-Figure 11. Device Guard properties in the System Summary
+Figure 6. Device Guard properties in the System Summary
 
 ## Related topics
 
diff --git a/windows/keep-secure/deploy-edp-policy-using-intune.md b/windows/keep-secure/deploy-edp-policy-using-intune.md
index 7b23a44cf2..c9528077e0 100644
--- a/windows/keep-secure/deploy-edp-policy-using-intune.md
+++ b/windows/keep-secure/deploy-edp-policy-using-intune.md
@@ -1,50 +1,5 @@
 ---
 title: Deploy your enterprise data protection (EDP) policy using Microsoft Intune (Windows 10)
 description: After you’ve created your enterprise data protection (EDP) policy, you'll need to deploy it to your organization's enrolled devices.
-ms.assetid: 9c4a01e7-0b1c-4f15-95d0-0389f0686211
-keywords: EDP, Enterprise Data Protection, Intune
-ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: security
-author: eross-msft
----
-
-# Deploy your enterprise data protection (EDP) policy using Microsoft Intune
-**Applies to:**
-
--   Windows 10 Insider Preview
--   Windows 10 Mobile Preview
-
-<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-After you’ve created your enterprise data protection (EDP) policy, you'll need to deploy it to your organization's enrolled devices. Enrollment can be done for business or personal devices, allowing the devices to use your managed apps and to sync with your managed content and information.
-
-**To deploy your EDP policy**
-
-1.  On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button.
-
-    ![Microsoft Intune: Click the Manage Deployment link from the Configuration Policies screen](images/intune-managedeployment.png)
-
-2.  In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**.<p>
-The added people move to the **Selected Groups** list on the right-hand pane.
-
-    ![Microsoft Intune: Pick the group of employees that should get the policy](images/intune-groupselection.png)
-
-3.  After you've picked all of the employees and groups that should get the policy, click **OK**.<p>
-The policy is deployed to the selected users' devices.
-
-## Related topics
-- [Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md)
--[Add multiple apps to your enterprise data protection (EDP) Protected Apps list](add-apps-to-protected-list-using-custom-uri.md)
-- [Create and deploy a VPN policy for enterprise data protection (EDP) using Microsoft Intune](create-vpn-and-edp-policy-using-intune.md)
-- [General guidance and best practices for enterprise data protection (EDP)](guidance-and-best-practices-edp.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/deploy-wip-policy-using-intune
+---
\ No newline at end of file
diff --git a/windows/keep-secure/deploy-wip-policy-using-intune.md b/windows/keep-secure/deploy-wip-policy-using-intune.md
new file mode 100644
index 0000000000..075fba2473
--- /dev/null
+++ b/windows/keep-secure/deploy-wip-policy-using-intune.md
@@ -0,0 +1,40 @@
+---
+title: Deploy your Windows Information Protection (WIP) policy using Microsoft Intune (Windows 10)
+description: After you’ve created your Windows Information Protection (WIP) policy, you'll need to deploy it to your organization's enrolled devices.
+ms.assetid: 9c4a01e7-0b1c-4f15-95d0-0389f0686211
+keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, Intune
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+author: eross-msft
+localizationpriority: high
+---
+
+# Deploy your Windows Information Protection (WIP) policy using Microsoft Intune
+**Applies to:**
+
+-   Windows 10, version 1607
+-   Windows 10 Mobile
+
+After you’ve created your Windows Information Protection (WIP) policy, you'll need to deploy it to your organization's enrolled devices. Enrollment can be done for business or personal devices, allowing the devices to use your managed apps and to sync with your managed content and information.
+
+**To deploy your WIP policy**
+
+1.  On the **Configuration policies** page, locate your newly-created policy, click to select it, and then click the **Manage Deployment** button.
+
+    ![Microsoft Intune: Click the Manage Deployment link from the Configuration Policies screen](images/intune-managedeployment.png)
+
+2.  In the left pane of the **Manage Deployment** box, click the employees or groups that should get the policy, and then click **Add**.<p>
+The added people move to the **Selected Groups** list on the right-hand pane.
+
+    ![Microsoft Intune: Pick the group of employees that should get the policy](images/intune-groupselection.png)
+
+3.  After you've picked all of the employees and groups that should get the policy, click **OK**.<p>
+The policy is deployed to the selected users' devices.
+
+## Related topics
+- [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md)
+- [Add apps to your Windows Information Protection (WIP) policy by using the Microsoft Intune custom URI functionality](add-apps-to-protected-list-using-custom-uri.md)
+- [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-vpn-and-wip-policy-using-intune.md)
+- [General guidance and best practices for Windows Information Protection (WIP)](guidance-and-best-practices-wip.md)
\ No newline at end of file
diff --git a/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md
index 144252b206..df45d7bcb2 100644
--- a/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md
+++ b/windows/keep-secure/designing-a-windows-firewall-with-advanced-security-strategy.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To select the most effective design for helping to protect the network, you must spend time collecting key information about your current computer environment. You must have a good understanding of what tasks the devices on the network perform, and how they use the network to accomplish those tasks. You must understand the network traffic generated by the programs running on the devices.
 
diff --git a/windows/keep-secure/determining-the-trusted-state-of-your-devices.md b/windows/keep-secure/determining-the-trusted-state-of-your-devices.md
index 8bbd75608d..01ed85051c 100644
--- a/windows/keep-secure/determining-the-trusted-state-of-your-devices.md
+++ b/windows/keep-secure/determining-the-trusted-state-of-your-devices.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 After obtaining information about the devices that are currently part of the IT infrastructure, you must determine at what point a device is considered trusted. The term *trusted* can mean different things to different people. Therefore, you must communicate a firm definition for it to all stakeholders in the project. Failure to do this can lead to problems with the security of the trusted environment, because the overall security cannot exceed the level of security set by the least secure client that achieves trusted status.
 
diff --git a/windows/keep-secure/device-guard-certification-and-compliance.md b/windows/keep-secure/device-guard-certification-and-compliance.md
index 5e60c5e980..566a6df4da 100644
--- a/windows/keep-secure/device-guard-certification-and-compliance.md
+++ b/windows/keep-secure/device-guard-certification-and-compliance.md
@@ -1,4 +1,4 @@
 ---
 title: Device Guard certification and compliance (Windows 10)
-redirect_url: device-guard-deployment-guide.md
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/device-guard-deployment-guide
 ---
diff --git a/windows/keep-secure/device-guard-deployment-guide.md b/windows/keep-secure/device-guard-deployment-guide.md
index e82f511105..cf8c3bd107 100644
--- a/windows/keep-secure/device-guard-deployment-guide.md
+++ b/windows/keep-secure/device-guard-deployment-guide.md
@@ -5,6 +5,7 @@ ms.assetid: 4BA52AA9-64D3-41F3-94B2-B87EC2717486
 keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 author: brianlic-msft
 ---
 
@@ -14,7 +15,7 @@ author: brianlic-msft
 -   Windows 10
 -   Windows Server 2016
 
-Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity policies. If the app isn’t trusted it can’t run, period. With hardware that meets basic requirements, it also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code. With appropriate hardware, Device Guard can use the new virtualization-based security in Windows 10 Enterprise to isolate the Code Integrity service from the Microsoft Windows kernel itself. In this case, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
+Device Guard is a combination of enterprise-related hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications that you define in your code integrity policies. If the app isn’t trusted it can’t run, period. With hardware that meets basic requirements, it also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code. With appropriate hardware, Device Guard can use the new virtualization-based security in Windows 10 (available in Enterprise and Education desktop SKUs and in all Server SKUs) to isolate the Code Integrity service from the Microsoft Windows kernel itself. In this case, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
 
 This guide explores the individual features in Device Guard as well as how to plan for, configure, and deploy them. It includes:
 
diff --git a/windows/keep-secure/documenting-the-zones.md b/windows/keep-secure/documenting-the-zones.md
index 88e67e80c4..9c120835e8 100644
--- a/windows/keep-secure/documenting-the-zones.md
+++ b/windows/keep-secure/documenting-the-zones.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Generally, the task of determining zone membership is not complex, but it can be time-consuming. Use the information generated during the [Designing a Windows Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) section of this guide to determine the zone in which to put each host. You can document this zone placement by adding a Group column to the inventory table shown in the Designing a Windows Firewall with Advanced Security Strategy section. A sample is shown here:
 
diff --git a/windows/keep-secure/domain-isolation-policy-design-example.md b/windows/keep-secure/domain-isolation-policy-design-example.md
index 2bfcf9cbc8..f5cc8ea0f6 100644
--- a/windows/keep-secure/domain-isolation-policy-design-example.md
+++ b/windows/keep-secure/domain-isolation-policy-design-example.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This design example continues to use the fictitious company Woodgrove Bank, and builds on the example described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section. See that example for an explanation of the basic corporate network infrastructure at Woodgrove Bank with diagrams.
 
diff --git a/windows/keep-secure/domain-isolation-policy-design.md b/windows/keep-secure/domain-isolation-policy-design.md
index da2564242b..6f15c8338f 100644
--- a/windows/keep-secure/domain-isolation-policy-design.md
+++ b/windows/keep-secure/domain-isolation-policy-design.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 In the domain isolation policy design, you configure the devices on your network to accept only connections coming from devices that are authenticated as members of the same isolated domain.
 
diff --git a/windows/keep-secure/dynamic-access-control.md b/windows/keep-secure/dynamic-access-control.md
index 643a78aa1c..466562cc90 100644
--- a/windows/keep-secure/dynamic-access-control.md
+++ b/windows/keep-secure/dynamic-access-control.md
@@ -16,7 +16,7 @@ This overview topic for the IT professional describes Dynamic Access Control and
 
 Domain-based Dynamic Access Control enables administrators to apply access-control permissions and restrictions based on well-defined rules that can include the sensitivity of the resources, the job or role of the user, and the configuration of the device that is used to access these resources.
 
-For example, a user might have different permissions when they access a resource from their office computer versus when they are using a portable computer over a virtual private network. Or access may be allowed only if a device meets the security requirements that are defined by the network administrators. When Dynamic Access Control is used, a user’s permissions change dynamically without additional administrator intervention if the user’s job or role changes (resulting in changes to the user’s account attributes in AD DS).
+For example, a user might have different permissions when they access a resource from their office computer versus when they are using a portable computer over a virtual private network. Or access may be allowed only if a device meets the security requirements that are defined by the network administrators. When Dynamic Access Control is used, a user’s permissions change dynamically without additional administrator intervention if the user’s job or role changes (resulting in changes to the user’s account attributes in AD DS). For more detailed examples of Dynamic Access Control in use, see the scenarios described in [Dynamic Access Control: Scenario Overview](https://technet.microsoft.com/windows-server-docs/identity/solution-guides/dynamic-access-control--scenario-overview).
 
 Dynamic Access Control is not supported in Windows operating systems prior to Windows Server 2012 and Windows 8. When Dynamic Access Control is configured in environments with supported and non-supported versions of Windows, only the supported versions will implement the changes.
 
diff --git a/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md b/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md
index 923334f58b..e3c6cbddf6 100644
--- a/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md
+++ b/windows/keep-secure/enable-phone-signin-to-pc-and-vpn.md
@@ -6,6 +6,7 @@ ms.prod: W10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Enable phone sign-in to PC or VPN
@@ -16,22 +17,26 @@ author: jdeckerMS
 -   Windows 10
 -   Windows 10 Mobile
 
-In Windows 10, Version 1607, your network users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser. Phone sign-in uses Bluetooth, which means no need to wait for a phone call -- just unlock the phone and tap the app.
+In Windows 10, version 1607, your network users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser. Phone sign-in uses Bluetooth, which means no need to wait for a phone call -- just unlock the phone and tap the app.
 
- (add screenshot when I can get the app working)
+![Sign in to a device](images/phone-signin-menu.png)
+
+> [!NOTE]
+> Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
 
 You can create a Group Policy or mobile device management (MDM) policy that will allow users to sign in to a work PC or their company's VPN using the credentials stored on their Windows 10 phone.
 
  ## Prerequisites
  
- - Both phone and PC must be running Windows 10, Version 1607.
+ - Both phone and PC must be running Windows 10, version 1607.
  - The PC must be running Windows 10 Pro, Enterprise, or Education
  - Both phone and PC must have Bluetooth.
+ - The **Microsoft Authenticator** app must be installed on the phone.
  - The PC must be joined to an Active Directory domain that is connected to an Azure Active Directory (Azure AD) domain, or the PC must be joined to Azure AD.
  - The phone must be joined to Azure AD or have a work account added.
- - VPN configuration profile must use certificate-based authentication.
+ - The VPN configuration profile must use certificate-based authentication.
  
-## Set policies and get the app
+## Set policies
 
 To enable phone sign-in, you must enable the following policies using Group Policy or MDM.
 
@@ -42,7 +47,16 @@ To enable phone sign-in, you must enable the following policies using Group Poli
     - Set **UsePassportForWork** to **True**
     - Set **Remote\UseRemotePassport** to **True**
 
-Everyone can get the **Microsoft Authenticator** app from the Windows Store. If you want to distribute the **Microsoft Authenticator** app, your organization must have set up Windows Store for Business, with Microsoft added as a Line of Business (LOB) publisher.
+## Configure VPN 
+
+To enable phone sign-in to VPN, you must enable the [policy](#set-policies) for phone sign-in and ensure that VPN is configured as follows:
+
+- For inbox VPN, set up the VPN profile with Extensible Authentication Protocol (EAP) with the **Smart card or other certificate (TLS)** EAP type, also known as EAP-Transport Level Security (EAP-TLS). To exclusively access the VPN certificates on the phone, in the EAP filtering XML, add either **EKU** or **Issuer** (or both) filtering to make sure it picks only the Remote NGC certificate.
+- For a Universal Windows Platform (UWP) VPN plug-in, add filtering criteria based on the 3rd party mechanism for the Remote NGC Certificate.
+
+## Get the app
+
+If you want to distribute the **Microsoft Authenticator** app, your organization must have set up Windows Store for Business, with Microsoft added as a [Line of Business (LOB) publisher](../manage/working-with-line-of-business-apps.md).
 
 [Tell people how to sign in using their phone.](prepare-people-to-use-microsoft-passport.md#bmk-remote)
 
diff --git a/windows/keep-secure/enable-predefined-inbound-rules.md b/windows/keep-secure/enable-predefined-inbound-rules.md
index fe16701837..59e8325dac 100644
--- a/windows/keep-secure/enable-predefined-inbound-rules.md
+++ b/windows/keep-secure/enable-predefined-inbound-rules.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Windows Firewall with Advanced Security includes many predefined rules for common networking roles and functions. When you install a new server role on a device or enable a network feature on a client device, the installer typically enables the rules required for that role instead of creating new ones. When deploying firewall rules to the devices on the network, you can take advantage of these predefined rules instead of creating new ones. Doing this helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use.
 
diff --git a/windows/keep-secure/enable-predefined-outbound-rules.md b/windows/keep-secure/enable-predefined-outbound-rules.md
index 1691399b8a..137de67aa2 100644
--- a/windows/keep-secure/enable-predefined-outbound-rules.md
+++ b/windows/keep-secure/enable-predefined-outbound-rules.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 By default, Windows Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. Windows Firewall with Advanced Security includes many predefined outbound rules that can be used to block network traffic for common networking roles and functions. When you install a new server role on a computer or enable a network feature on a client computer, the installer can install, but typically does not enable, outbound block rules for that role. When deploying firewall rules to the computers on the network, you can take advantage of these predefined rules instead of creating new ones. Doing this helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use.
 
diff --git a/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md b/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md
new file mode 100644
index 0000000000..82a3908d87
--- /dev/null
+++ b/windows/keep-secure/enable-pua-windows-defender-for-windows-10.md
@@ -0,0 +1,120 @@
+---
+title: Detect and block Potentially Unwanted Application with Windows Defender
+description: In Windows 10, you can enable the Potentially Unwanted Application (PUA) feature in Managed Windows Defender to identify and block unwanted software during download and install time.
+keywords: pua, enable, detect pua, block pua, windows defender and pua
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: detect
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: dulcemv
+---
+
+# Detect and block Potentially Unwanted Application in Windows 10
+
+**Applies to:**
+
+- Windows 10
+
+You can enable the Potentially Unwanted Application (PUA) feature in Managed Windows Defender to identify and block unwanted software during download and install time.
+
+Potentially Unwanted Application (PUA) refers to applications that are not considered viruses, malware, or other types of threats, but might perform actions on your computer that adversely affect your computing experience. It also refers to applications considered to have a poor reputation.
+
+Typical examples of PUA behavior include:
+*	Various types of software bundling
+*	Ad-injection into your browsers
+*	Driver and registry optimizers that detect issues, request payment to fix them, and persist
+
+These applications can increase the risk of your network being infected with malware, cause malware infections to be harder to identify among the noise, and can waste helpdesk, IT, and user time in cleaning up the applications.
+
+Since the stakes are higher in an enterprise environment, the potential disaster and potential productivity and performance disruptions that PUA brings can be a cause of concern. Hence, it is important to deliver trusted protection in this field.
+
+##Enable PUA protection in System Center Configuration Manager and Intune
+
+The PUA feature is available for enterprise users who are running System Center Configuration Manager or Intune in their infrastructure.
+
+###Configure PUA in System Center Configuration Manager
+
+For System Center Configuration Manager users, PUA is enabled by default. See the following topics for configuration details:
+
+If you are using these versions | See these topics
+:---|:---
+System Center Configuration Manager (current branch) version 1606 | [Create a new antimalware policy](https://technet.microsoft.com/en-US/library/mt613199.aspx#To-create-a-new-antimalware-policy)<br>[Real-time Protection Settings](https://technet.microsoft.com/en-US/library/mt613199.aspx#Real-time-Protection-Settings)
+System Center 2012 R2 Endpoint Protection<br>System Center 2012 Configuration Manager<br>System Center 2012 Configuration Manager SP1<br>System Center 2012 Configuration Manager SP2<br>System Center 2012 R2 Configuration Manager<br>System Center 2012 Endpoint Protection SP1<br>System Center 2012 Endpoint Protection<br>System Center 2012 R2 Configuration Manager SP1| [How to Deploy Potentially Unwanted Application Protection Policy for Endpoint Protection in Configuration Manager](https://technet.microsoft.com/library/hh508770.aspx#BKMK_PUA)
+
+<br>
+###Use PUA audit mode in System Center Configuration Manager
+
+You can use PowerShell to detect PUA without blocking them. In fact, you can run audit mode on individual machines. This feature is useful if your company is conducting an internal software security compliance check and you’d like to avoid any false positives.
+
+1. Open PowerShell as Administrator: <br>
+
+    a.  Click **Start**, type **powershell**, and press **Enter**.
+    
+    b.  Click **Windows PowerShell** to open the interface.
+    >[!NOTE]
+    >You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
+2. Enter the PowerShell command:
+
+  ```text
+  set-mpPreference -puaprotection 2
+  ```
+> [!NOTE]
+> PUA events are reported in the Windows Event Viewer and not in System Center Configuration Manager.  
+
+
+###Configure PUA in Intune
+
+ PUA is not enabled by default. You need to [Create and deploy a PUA configuration policy to use it](https://docs.microsoft.com/en-us/intune/deploy-use/manage-settings-and-features-on-your-devices-with-microsoft-intune-policies). See the [Potentially Unwanted Application Detection policy setting](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune) for details.
+
+
+###Use PUA audit mode in Intune
+
+ You can detect PUA without blocking them from your client so you can gain insights into what can be blocked.
+
+1. Open PowerShell as Administrator: <br>
+
+    a.  Click **Start**, type **powershell**, and press **Enter**.
+    
+    b.  Click **Windows PowerShell** to open the interface.
+    
+    >[!NOTE]
+    >You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
+    
+2. Enter the PowerShell command:
+
+  ```text
+  set-mpPreference -puaprotection 1
+  ```
+
+##View PUA events
+
+PUA events are reported in the Windows Event Viewer and not in System Center Configuration Manager or Intune. To view PUA events:
+
+1.  Open **Event Viewer**.
+2.  In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender**.
+3.  Double-click on **Operational**.
+4.  In the details pane, view the list of individual events to find your event. PUA events are under Event ID 1160 along with detection details.
+
+You can find a complete list of the Microsoft antimalware event IDs, the symbol, and the description of each ID in [Windows Server Antimalware Events TechNet](https://technet.microsoft.com/library/dn913615.aspx).
+
+
+##What PUA notifications look like
+
+When a detection occurs, end users who enabled the PUA detection feature will see the following notification:
+
+
+To see historical PUA detections that occurred on a PC, users can go to History, then **Quarantined items** or **All detected items**.
+
+##PUA threat naming convention
+
+When enabled, potentially unwanted applications are identified with threat names that start with “PUA:”, such as, PUA:Win32/Creprote.
+
+##PUA blocking conditions
+
+PUA protection quarantines the file so they won’t run. PUA will be blocked only at download or install-time. A file will be included for blocking if it has been identified as PUA and meets one of the following conditions:
+*	The file is being scanned from the browser
+*	The file is in the %downloads% folder
+*	Or if the file in the %temp% folder
diff --git a/windows/keep-secure/encrypted-hard-drive.md b/windows/keep-secure/encrypted-hard-drive.md
index 7de2f367e0..3bae653290 100644
--- a/windows/keep-secure/encrypted-hard-drive.md
+++ b/windows/keep-secure/encrypted-hard-drive.md
@@ -12,7 +12,8 @@ author: brianlic-msft
 # Encrypted Hard Drive
 
 **Applies to**
--   Windows 10
+- Windows 10
+- Windows Server 2016
 
 Encrypted Hard Drive uses the rapid encryption that is provided by BitLocker Drive Encryption to enhance data security and management.
 
diff --git a/windows/keep-secure/encryption-zone-gpos.md b/windows/keep-secure/encryption-zone-gpos.md
index dcb49121a4..357f2eebfc 100644
--- a/windows/keep-secure/encryption-zone-gpos.md
+++ b/windows/keep-secure/encryption-zone-gpos.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Handle encryption zones in a similar manner to the boundary zones. A device is added to an encryption zone by adding the device account to the encryption zone group. Woodgrove Bank has a single service that must be protected, and the devices that are running that service are added to the group CG\_DOMISO\_Encryption. This group is granted Read and Apply Group Policy permissions in on the GPO described in this section.
 
diff --git a/windows/keep-secure/encryption-zone.md b/windows/keep-secure/encryption-zone.md
index f6fd2aacd4..7e59ef31e3 100644
--- a/windows/keep-secure/encryption-zone.md
+++ b/windows/keep-secure/encryption-zone.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Some servers in the organization host data that is very sensitive, including medical, financial, or other personally identifying data. Government or industry regulations might require that this sensitive information must be encrypted when it is transferred between devices.
 
diff --git a/windows/keep-secure/enlightened-microsoft-apps-and-edp.md b/windows/keep-secure/enlightened-microsoft-apps-and-edp.md
index bf8d546f56..c152dca1e5 100644
--- a/windows/keep-secure/enlightened-microsoft-apps-and-edp.md
+++ b/windows/keep-secure/enlightened-microsoft-apps-and-edp.md
@@ -1,89 +1,5 @@
 ---
 title: List of enlightened Microsoft apps for use with enterprise data protection (EDP) (Windows 10)
 description: Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your Protected Apps list.
-ms.assetid: 17c85ea3-9b66-4b80-b511-8f277cb4345f
-keywords: EDP, Enterprise Data Protection
-ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: security
-author: eross-msft
----
-
-# List of enlightened Microsoft apps for use with enterprise data protection (EDP)
-
-**Applies to:**
-
--   Windows 10 Insider Preview
--   Windows 10 Mobile Preview
-
-<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your **Protected Apps** list.
-
-## Enlightened versus unenlightened apps
-Apps can be enlightened (policy-aware) or unenlightened (policy unaware).
-
--   **Enlightened apps** can differentiate between corporate and personal data, correctly determining which to protect, based on your policies.
-
--   **Unenlightened apps** consider all data corporate and encrypt everything. Typically, you can tell an unenlightened app because:
-
-    -   Windows Desktop shows it as always running in enterprise mode.
-
-    -   Windows **Save As** experiences only allow you to save your files as enterprise.
-
-## List of enlightened Microsoft apps
-Microsoft has made a concerted effort to enlighten several of our more popular apps, including the following:
-
--   Microsoft Edge
-
--   Internet Explorer 11
-
--   Microsoft People
-
--   Mobile Office apps, including Word, Excel, PowerPoint, OneNote, and Outlook Mail and Calendar
-
--   Microsoft Photos
-
--   Microsoft OneDrive
-
--   Groove Music
-
--   Notepad
-
--   Microsoft Paint
-
--   Microsoft Movies & TV
-
--   Microsoft Messaging
-
-## Adding enlightened Microsoft apps to the Protected Apps list
-You can add any or all of the enlightened Microsoft apps to your Protected Apps list. Included here is the **Publisher name**, **Product or File name**, and **App Type** info for both Microsoft Intune and System Center Configuration Manager.
-
-|Product name |App info |
-|-------------|---------|
-|Microsoft Edge |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.MicrosoftEdge<br>**App Type:** Universal app |
-|IE11 |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** iexplore.exe<br>**App Type:** Desktop app |
-|Microsoft People |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.People<br>**App Type:** Universal app |
-|Word Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.Word<br>**App Type:** Universal app |
-|Excel Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.Excel<br>**App Type:** Universal app |
-|PowerPoint Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.PowerPoint<br>**App Type:** Universal app |
-|OneNote |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.OneNote<br>**App Type:** Universal app |
-|Outlook Mail and Calendar |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** microsoft.windowscommunicationsapps<br>**App Type:** Universal app |
-|Microsoft Photos |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Windows.Photos<br>**App Type:** Universal app |
-|Microsoft OneDrive |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** microsoft.microsoftskydrive<br>**App Type:** Universal app |
-|Groove Music |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.ZuneMusic<br>**App Type:** Universal app |
-|Notepad |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** notepad.exe<br>**App Type:** Desktop app |
-|Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** mspaint.exe<br>**App Type:** Desktop app |
-|Microsoft Movies & TV |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.ZuneVideo<br>**App Type:** Universal app |
-|Microsoft Messaging |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Messaging<br>**App Type:** Universal app |
-
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/enlightened-microsoft-apps-and-wip
+---
\ No newline at end of file
diff --git a/windows/keep-secure/enlightened-microsoft-apps-and-wip.md b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md
new file mode 100644
index 0000000000..9793cfc53f
--- /dev/null
+++ b/windows/keep-secure/enlightened-microsoft-apps-and-wip.md
@@ -0,0 +1,78 @@
+---
+title: List of enlightened Microsoft apps for use with Windows Information Protection (WIP) (Windows 10)
+description: Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your Protected Apps list.
+ms.assetid: 17c85ea3-9b66-4b80-b511-8f277cb4345f
+keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+author: eross-msft
+localizationpriority: high
+---
+
+# List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
+
+**Applies to:**
+
+-   Windows 10, version 1607
+-   Windows 10 Mobile
+
+Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list.
+
+## Enlightened versus unenlightened apps
+Apps can be enlightened (policy-aware) or unenlightened (policy-unaware).
+
+-   **Enlightened apps** can differentiate between corporate and personal data, correctly determining which to protect, based on your policies.
+
+-   **Unenlightened apps** consider all data corporate and encrypt everything. Typically, you can tell an unenlightened app because:
+
+    -   Windows Desktop shows it as always running in enterprise mode.
+
+    -   Windows **Save As** experiences only allow you to save your files as enterprise.
+
+## List of enlightened Microsoft apps
+Microsoft has made a concerted effort to enlighten several of our more popular apps, including the following:
+
+-   Microsoft Edge
+
+-   Internet Explorer 11
+
+-   Microsoft People
+
+-   Mobile Office apps, including Word, Excel, PowerPoint, OneNote, and Outlook Mail and Calendar
+
+-   Microsoft Photos
+
+<!-- Microsoft OneDrive -->
+
+-   Groove Music
+
+-   Notepad
+
+-   Microsoft Paint
+
+-   Microsoft Movies & TV
+
+-   Microsoft Messaging
+
+## Adding enlightened Microsoft apps to the allowed apps list
+You can add any or all of the enlightened Microsoft apps to your allowed apps list. Included here is the **Publisher name**, **Product or File name**, and **App Type** info for both Microsoft Intune and System Center Configuration Manager.
+
+|Product name |App info |
+|-------------|---------|
+|Microsoft Edge |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.MicrosoftEdge<br>**App Type:** Universal app |
+|Microsoft People |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.People<br>**App Type:** Universal app |
+|Word Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.Word<br>**App Type:** Universal app |
+|Excel Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.Excel<br>**App Type:** Universal app |
+|PowerPoint Mobile |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.PowerPoint<br>**App Type:** Universal app |
+|OneNote |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.OneNote<br>**App Type:** Universal app |
+|Outlook Mail and Calendar |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** microsoft.windowscommunicationsapps<br>**App Type:** Universal app |
+|Microsoft Photos |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Windows.Photos<br>**App Type:** Universal app |
+|Groove Music |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.ZuneMusic<br>**App Type:** Universal app |
+|Microsoft Movies & TV |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.ZuneVideo<br>**App Type:** Universal app |
+|Microsoft Messaging |**Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Messaging<br>**App Type:** Universal app |
+|IE11 |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** iexplore.exe<br>**App Type:** Desktop app |
+|Microsoft OneDrive |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** onedrive.exe<br>**App Type:** Desktop app|
+|Notepad |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** notepad.exe<br>**App Type:** Desktop app |
+|Microsoft Paint |**Publisher:** `O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Binary Name:** mspaint.exe<br>**App Type:** Desktop app |
\ No newline at end of file
diff --git a/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md
index 35a8444e6e..c7fe4f7637 100644
--- a/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md
+++ b/windows/keep-secure/evaluating-windows-firewall-with-advanced-security-design-examples.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 The following Windows Firewall with Advanced Security design examples illustrate how you can use Windows Firewall with Advanced Security to improve the security of the devices connected to the network. You can use these topics to evaluate how the firewall and connection security rules work across all Windows Firewall with Advanced Security designs and to determine which design or combination of designs best suits the goals of your organization.
 
diff --git a/windows/keep-secure/event-4706.md b/windows/keep-secure/event-4706.md
index 3eb6bdda15..8681185c08 100644
--- a/windows/keep-secure/event-4706.md
+++ b/windows/keep-secure/event-4706.md
@@ -108,7 +108,7 @@ This event is generated only on domain controllers.
 |-------|------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | 1     | TRUST\_TYPE\_DOWNLEVEL | The domain controller of the trusted domain is a computer running an operating system earlier than Windows 2000.                                                                                                                                                                                                                                                                                                                                                                                                                           |
 | 2     | TRUST\_TYPE\_UPLEVEL   | The domain controller of the trusted domain is a computer running Windows 2000 or later.                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
-| 3     | TRUST\_TYPE\_MIT       | The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution. This type of trust is distinguished in that (1) a [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) is not required for the [TDO](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_f2ceef4e-999b-4276-84cd-2e2829de5fc4), and (2) the default key types include the DES-CBC and DES-CRC encryption types (see [\[RFC4120\]](http://go.microsoft.com/fwlink/?LinkId=90458) section 8.1). |
+| 3     | TRUST\_TYPE\_MIT       | The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution. This type of trust is distinguished in that (1) a [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) is not required for the [TDO](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_f2ceef4e-999b-4276-84cd-2e2829de5fc4), and (2) the default key types include the DES-CBC and DES-CRC encryption types (see [\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458) section 8.1). |
 | 4     | TRUST\_TYPE\_DCE       | The trusted domain is a DCE realm. Historical reference, this value is not used in Windows.                                                                                                                                                                                                                                                                                                                                                                                                                                                |
 
 -   **Trust Direction** \[Type = UInt32\]**:** the direction of new trust. The following table contains possible values for this field:
@@ -127,13 +127,13 @@ This event is generated only on domain controllers.
 | 0x1   | TRUST\_ATTRIBUTE\_NON\_TRANSITIVE                          | If this bit is set, then the trust cannot be used transitively. For example, if domain A trusts domain B, which in turn trusts domain C, and the A&lt;--&gt;B trust has this attribute set, then a client in domain A cannot authenticate to a server in domain C over the A&lt;--&gt;B&lt;--&gt;C trust linkage.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 | 0x2   | TRUST\_ATTRIBUTE\_UPLEVEL\_ONLY                            | If this bit is set in the attribute, then only Windows 2000 operating system and newer clients may use the trust link. [Netlogon](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_70771a5a-04a3-447d-981b-e03098808c32) does not consume [trust objects](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_e81f6436-01d2-4311-93a4-4316bb67eabd) that have this flag set.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
 | 0x4   | TRUST\_ATTRIBUTE\_QUARANTINED\_DOMAIN                      | If this bit is set, the trusted domain is quarantined and is subject to the rules of [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) Filtering as described in [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section [4.1.2.2](https://msdn.microsoft.com/en-us/library/cc237940.aspx).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
-| 0x8   | TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE                       | If this bit is set, the trust link is a [cross-forest trust](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_86f3dbf2-338f-462e-8c5b-3c8e05798dbc) [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) between the root domains of two [forests](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_fd104241-4fb3-457c-b2c4-e0c18bb20b62), both of which are running in a [forest functional level](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_b3240417-ca43-4901-90ec-fde55b32b3b8) of DS\_BEHAVIOR\_WIN2003 or greater.<br>Only evaluated on Windows Server 2003 operating system, Windows Server 2008 operating system, Windows Server 2008 R2 operating system, Windows Server 2012 operating system, Windows Server 2012 R2 operating system, and Windows Server 2016 Technical Preview operating system.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater.                   |
-| 0x10  | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION                      | If this bit is set, then the trust is to a domain or forest that is not part of the [organization](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_6fae7775-5232-4206-b452-f298546ab54f). The behavior controlled by this bit is explained in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section [3.3.5.7.5](https://msdn.microsoft.com/en-us/library/cc233949.aspx) and [\[MS-APDS\]](https://msdn.microsoft.com/en-us/library/cc223948.aspx) section [3.1.5](https://msdn.microsoft.com/en-us/library/cc223991.aspx).<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater.                                                                                                                                        |
-| 0x20  | TRUST\_ATTRIBUTE\_WITHIN\_FOREST                           | If this bit is set, then the trusted domain is within the same forest.<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
-| 0x40  | TRUST\_ATTRIBUTE\_TREAT\_AS\_EXTERNAL                      | If this bit is set, then a cross-forest trust to a domain is to be treated as an external trust for the purposes of SID Filtering. Cross-forest trusts are more stringently [filtered](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_ffbe7b55-8e84-4f41-a18d-fc29191a4cda) than external trusts. This attribute relaxes those cross-forest trusts to be equivalent to external trusts. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.<br>Only evaluated if SID Filtering is used.<br>Only evaluated on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
-| 0x80  | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION                    | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/en-us/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](http://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](http://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/en-us/library/cc223782.aspx).<br>Only evaluated on TRUST\_TYPE\_MIT                                                                                                                                                                                                                                          |
-| 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.<br>Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
-| 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST                               | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Evaluated only on Windows Server 2016 Technical Preview<br>Evaluated only if SID Filtering is used.<br>Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater.                                                                                                                                                                                                                                                                                                                                   |
+| 0x8   | TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE                       | If this bit is set, the trust link is a [cross-forest trust](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_86f3dbf2-338f-462e-8c5b-3c8e05798dbc) [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) between the root domains of two [forests](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_fd104241-4fb3-457c-b2c4-e0c18bb20b62), both of which are running in a [forest functional level](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_b3240417-ca43-4901-90ec-fde55b32b3b8) of DS\_BEHAVIOR\_WIN2003 or greater.<br>Only evaluated on Windows Server 2003 operating system, Windows Server 2008 operating system, Windows Server 2008 R2 operating system, Windows Server 2012 operating system, Windows Server 2012 R2 operating system, and Windows Server 2016 operating system.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater.                   |
+| 0x10  | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION                      | If this bit is set, then the trust is to a domain or forest that is not part of the [organization](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_6fae7775-5232-4206-b452-f298546ab54f). The behavior controlled by this bit is explained in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section [3.3.5.7.5](https://msdn.microsoft.com/en-us/library/cc233949.aspx) and [\[MS-APDS\]](https://msdn.microsoft.com/en-us/library/cc223948.aspx) section [3.1.5](https://msdn.microsoft.com/en-us/library/cc223991.aspx).<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater.                                                                                                                                        |
+| 0x20  | TRUST\_ATTRIBUTE\_WITHIN\_FOREST                           | If this bit is set, then the trusted domain is within the same forest.<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
+| 0x40  | TRUST\_ATTRIBUTE\_TREAT\_AS\_EXTERNAL                      | If this bit is set, then a cross-forest trust to a domain is to be treated as an external trust for the purposes of SID Filtering. Cross-forest trusts are more stringently [filtered](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_ffbe7b55-8e84-4f41-a18d-fc29191a4cda) than external trusts. This attribute relaxes those cross-forest trusts to be equivalent to external trusts. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.<br>Only evaluated if SID Filtering is used.<br>Only evaluated on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
+| 0x80  | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION                    | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/en-us/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](https://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/en-us/library/cc223782.aspx).<br>Only evaluated on TRUST\_TYPE\_MIT                                                                                                                                                                                                                                          |
+| 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.<br>Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
+| 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST                               | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Evaluated only on Windows Server 2016<br>Evaluated only if SID Filtering is used.<br>Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater.                                                                                                                                                                                                                                                                                                                                   |
 
 -   **SID Filtering** \[Type = UnicodeString\]: [SID Filtering](https://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx) state for the new trust:
 
diff --git a/windows/keep-secure/event-4716.md b/windows/keep-secure/event-4716.md
index 8140c94b16..6f8731a019 100644
--- a/windows/keep-secure/event-4716.md
+++ b/windows/keep-secure/event-4716.md
@@ -108,7 +108,7 @@ This event is generated only on domain controllers.
 |-------|------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | 1     | TRUST\_TYPE\_DOWNLEVEL | The domain controller of the trusted domain is a computer running an operating system earlier than Windows 2000.                                                                                                                                                                                                                                                                                                                                                                                                                           |
 | 2     | TRUST\_TYPE\_UPLEVEL   | The domain controller of the trusted domain is a computer running Windows 2000 or later.                                                                                                                                                                                                                                                                                                                                                                                                                                                   |
-| 3     | TRUST\_TYPE\_MIT       | The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution. This type of trust is distinguished in that (1) a [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) is not required for the [TDO](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_f2ceef4e-999b-4276-84cd-2e2829de5fc4), and (2) the default key types include the DES-CBC and DES-CRC encryption types (see [\[RFC4120\]](http://go.microsoft.com/fwlink/?LinkId=90458) section 8.1). |
+| 3     | TRUST\_TYPE\_MIT       | The trusted domain is running a non-Windows, RFC4120-compliant Kerberos distribution. This type of trust is distinguished in that (1) a [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) is not required for the [TDO](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_f2ceef4e-999b-4276-84cd-2e2829de5fc4), and (2) the default key types include the DES-CBC and DES-CRC encryption types (see [\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458) section 8.1). |
 | 4     | TRUST\_TYPE\_DCE       | The trusted domain is a DCE realm. Historical reference, this value is not used in Windows.                                                                                                                                                                                                                                                                                                                                                                                                                                                |
 
 -   **Trust Direction** \[Type = UInt32\]**:** the direction of new trust. If this attribute was not changed, then it will have “**-**“ value or its old value. The following table contains possible values for this field:
@@ -127,13 +127,13 @@ This event is generated only on domain controllers.
 | 0x1   | TRUST\_ATTRIBUTE\_NON\_TRANSITIVE                          | If this bit is set, then the trust cannot be used transitively. For example, if domain A trusts domain B, which in turn trusts domain C, and the A&lt;--&gt;B trust has this attribute set, then a client in domain A cannot authenticate to a server in domain C over the A&lt;--&gt;B&lt;--&gt;C trust linkage.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 | 0x2   | TRUST\_ATTRIBUTE\_UPLEVEL\_ONLY                            | If this bit is set in the attribute, then only Windows 2000 operating system and newer clients may use the trust link. [Netlogon](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_70771a5a-04a3-447d-981b-e03098808c32) does not consume [trust objects](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_e81f6436-01d2-4311-93a4-4316bb67eabd) that have this flag set.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
 | 0x4   | TRUST\_ATTRIBUTE\_QUARANTINED\_DOMAIN                      | If this bit is set, the trusted domain is quarantined and is subject to the rules of [SID](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_83f2020d-0804-4840-a5ac-e06439d50f8d) Filtering as described in [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section [4.1.2.2](https://msdn.microsoft.com/en-us/library/cc237940.aspx).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
-| 0x8   | TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE                       | If this bit is set, the trust link is a [cross-forest trust](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_86f3dbf2-338f-462e-8c5b-3c8e05798dbc) [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) between the root domains of two [forests](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_fd104241-4fb3-457c-b2c4-e0c18bb20b62), both of which are running in a [forest functional level](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_b3240417-ca43-4901-90ec-fde55b32b3b8) of DS\_BEHAVIOR\_WIN2003 or greater.<br>Only evaluated on Windows Server 2003 operating system, Windows Server 2008 operating system, Windows Server 2008 R2 operating system, Windows Server 2012 operating system, Windows Server 2012 R2 operating system, and Windows Server 2016 Technical Preview operating system.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater.                   |
-| 0x10  | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION                      | If this bit is set, then the trust is to a domain or forest that is not part of the [organization](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_6fae7775-5232-4206-b452-f298546ab54f). The behavior controlled by this bit is explained in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section [3.3.5.7.5](https://msdn.microsoft.com/en-us/library/cc233949.aspx) and [\[MS-APDS\]](https://msdn.microsoft.com/en-us/library/cc223948.aspx) section [3.1.5](https://msdn.microsoft.com/en-us/library/cc223991.aspx).<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater.                                                                                                                                        |
-| 0x20  | TRUST\_ATTRIBUTE\_WITHIN\_FOREST                           | If this bit is set, then the trusted domain is within the same forest.<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
-| 0x40  | TRUST\_ATTRIBUTE\_TREAT\_AS\_EXTERNAL                      | If this bit is set, then a cross-forest trust to a domain is to be treated as an external trust for the purposes of SID Filtering. Cross-forest trusts are more stringently [filtered](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_ffbe7b55-8e84-4f41-a18d-fc29191a4cda) than external trusts. This attribute relaxes those cross-forest trusts to be equivalent to external trusts. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.<br>Only evaluated if SID Filtering is used.<br>Only evaluated on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
-| 0x80  | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION                    | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/en-us/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](http://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](http://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/en-us/library/cc223782.aspx).<br>Only evaluated on TRUST\_TYPE\_MIT                                                                                                                                                                                                                                          |
-| 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.<br>Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016 Technical Preview.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
-| 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST                               | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Evaluated only on Windows Server 2016 Technical Preview<br>Evaluated only if SID Filtering is used.<br>Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater.                                                                                                                                                                                                                                                                                                                                   |
+| 0x8   | TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE                       | If this bit is set, the trust link is a [cross-forest trust](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_86f3dbf2-338f-462e-8c5b-3c8e05798dbc) [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) between the root domains of two [forests](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_fd104241-4fb3-457c-b2c4-e0c18bb20b62), both of which are running in a [forest functional level](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_b3240417-ca43-4901-90ec-fde55b32b3b8) of DS\_BEHAVIOR\_WIN2003 or greater.<br>Only evaluated on Windows Server 2003 operating system, Windows Server 2008 operating system, Windows Server 2008 R2 operating system, Windows Server 2012 operating system, Windows Server 2012 R2 operating system, and Windows Server 2016 operating system.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater.                   |
+| 0x10  | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION                      | If this bit is set, then the trust is to a domain or forest that is not part of the [organization](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_6fae7775-5232-4206-b452-f298546ab54f). The behavior controlled by this bit is explained in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section [3.3.5.7.5](https://msdn.microsoft.com/en-us/library/cc233949.aspx) and [\[MS-APDS\]](https://msdn.microsoft.com/en-us/library/cc223948.aspx) section [3.1.5](https://msdn.microsoft.com/en-us/library/cc223991.aspx).<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater.                                                                                                                                        |
+| 0x20  | TRUST\_ATTRIBUTE\_WITHIN\_FOREST                           | If this bit is set, then the trusted domain is within the same forest.<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
+| 0x40  | TRUST\_ATTRIBUTE\_TREAT\_AS\_EXTERNAL                      | If this bit is set, then a cross-forest trust to a domain is to be treated as an external trust for the purposes of SID Filtering. Cross-forest trusts are more stringently [filtered](https://msdn.microsoft.com/en-us/library/cc223126.aspx#gt_ffbe7b55-8e84-4f41-a18d-fc29191a4cda) than external trusts. This attribute relaxes those cross-forest trusts to be equivalent to external trusts. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Only evaluated on Windows Server 2003, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.<br>Only evaluated if SID Filtering is used.<br>Only evaluated on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can only be set if forest and trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WIN2003 or greater. |
+| 0x80  | TRUST\_ATTRIBUTE\_USES\_RC4\_ENCRYPTION                    | This bit is set on trusts with the [trustType](https://msdn.microsoft.com/en-us/library/cc220955.aspx) set to TRUST\_TYPE\_MIT, which are capable of using RC4 keys. Historically, MIT Kerberos distributions supported only DES and 3DES keys ([\[RFC4120\]](https://go.microsoft.com/fwlink/?LinkId=90458), [\[RFC3961\]](https://go.microsoft.com/fwlink/?LinkId=90450)). MIT 1.4.1 adopted the RC4HMAC encryption type common to Windows 2000 [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx), so trusted domains deploying later versions of the MIT distribution required this bit. For more information, see "Keys and Trusts", section [6.1.6.9.1](https://msdn.microsoft.com/en-us/library/cc223782.aspx).<br>Only evaluated on TRUST\_TYPE\_MIT                                                                                                                                                                                                                                          |
+| 0x200 | TRUST\_ATTRIBUTE\_CROSS\_ORGANIZATION\_NO\_TGT\_DELEGATION | If this bit is set, tickets granted under this trust MUST NOT be trusted for delegation. The behavior controlled by this bit is as specified in [\[MS-KILE\]](https://msdn.microsoft.com/en-us/library/cc233855.aspx) section 3.3.5.7.5.<br>Only supported on Windows Server 2012, Windows Server 2012 R2, and Windows Server 2016.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |
+| 0x400 | TRUST\_ATTRIBUTE\_PIM\_TRUST                               | If this bit and the TATE bit are set, then a cross-forest trust to a domain is to be treated as Privileged Identity Management trust for the purposes of SID Filtering. For more information on how each trust type is filtered, see [\[MS-PAC\]](https://msdn.microsoft.com/en-us/library/cc237917.aspx) section 4.1.2.2.<br>Evaluated only on Windows Server 2016<br>Evaluated only if SID Filtering is used.<br>Evaluated only on cross-forest trusts having TRUST\_ATTRIBUTE\_FOREST\_TRANSITIVE.<br>Can be set only if the forest and the trusted forest are running in a forest functional level of DS\_BEHAVIOR\_WINTHRESHOLD or greater.                                                                                                                                                                                                                                                                                                                                   |
 
 -   **SID Filtering** \[Type = UnicodeString\]: [SID Filtering](https://technet.microsoft.com/en-us/library/cc772633(v=ws.10).aspx) state for the new trust:
 
diff --git a/windows/keep-secure/event-4739.md b/windows/keep-secure/event-4739.md
index 8b692f1ea3..44897f5f13 100644
--- a/windows/keep-secure/event-4739.md
+++ b/windows/keep-secure/event-4739.md
@@ -165,14 +165,14 @@ This event generates when one of the following changes was made to local compute
 
 | Value | Identifier                                  | Domain controller operating systems that are allowed in the domain                                                                                                                                                                                                                                                                               |
 |-------|---------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 0     | DS\_BEHAVIOR\_WIN2000                       | Windows 2000 Server operating system<br>Windows Server 2003 operating system<br>Windows Server 2008 operating system<br>Windows Server 2008 R2 operating system<br>Windows Server 2012 operating system<br>Windows Server 2012 R2 operating system<br>Windows Server 2016 Technical Preview operating system |
-| 1     | DS\_BEHAVIOR\_WIN2003\_WITH\_MIXED\_DOMAINS | Windows Server 2003<br>Windows Server 2008<br>Windows Server 2008 R2<br>Windows Server 2012<br>Windows Server 2012 R2<br>Windows Server 2016 Technical Preview                                                                                                                                                     |
-| 2     | DS\_BEHAVIOR\_WIN2003                       | Windows Server 2003<br>Windows Server 2008<br>Windows Server 2008 R2<br>Windows Server 2012<br>Windows Server 2012 R2<br>Windows Server 2016 Technical Preview                                                                                                                                                     |
-| 3     | DS\_BEHAVIOR\_WIN2008                       | Windows Server 2008<br>Windows Server 2008 R2<br>Windows Server 2012<br>Windows Server 2012 R2<br>Windows Server 2016 Technical Preview                                                                                                                                                                                  |
-| 4     | DS\_BEHAVIOR\_WIN2008R2                     | Windows Server 2008 R2<br>Windows Server 2012<br>Windows Server 2012 R2<br>Windows Server 2016 Technical Preview                                                                                                                                                                                                               |
-| 5     | DS\_BEHAVIOR\_WIN2012                       | Windows Server 2012<br>Windows Server 2012 R2<br>Windows Server 2016 Technical Preview                                                                                                                                                                                                                                               |
-| 6     | DS\_BEHAVIOR\_WIN2012R2                     | Windows Server 2012 R2<br>Windows Server 2016 Technical Preview                                                                                                                                                                                                                                                                            |
-| 7     | DS\_BEHAVIOR\_WINTHRESHOLD                  | Windows Server 2016 Technical Preview                                                                                                                                                                                                                                                                                                            |
+| 0     | DS\_BEHAVIOR\_WIN2000                       | Windows 2000 Server operating system<br>Windows Server 2003 operating system<br>Windows Server 2008 operating system<br>Windows Server 2008 R2 operating system<br>Windows Server 2012 operating system<br>Windows Server 2012 R2 operating system<br>Windows Server 2016 operating system |
+| 1     | DS\_BEHAVIOR\_WIN2003\_WITH\_MIXED\_DOMAINS | Windows Server 2003<br>Windows Server 2008<br>Windows Server 2008 R2<br>Windows Server 2012<br>Windows Server 2012 R2<br>Windows Server 2016                                                                                                                                                     |
+| 2     | DS\_BEHAVIOR\_WIN2003                       | Windows Server 2003<br>Windows Server 2008<br>Windows Server 2008 R2<br>Windows Server 2012<br>Windows Server 2012 R2<br>Windows Server 2016                                                                                                                                                     |
+| 3     | DS\_BEHAVIOR\_WIN2008                       | Windows Server 2008<br>Windows Server 2008 R2<br>Windows Server 2012<br>Windows Server 2012 R2<br>Windows Server 2016                                                                                                                                                                                  |
+| 4     | DS\_BEHAVIOR\_WIN2008R2                     | Windows Server 2008 R2<br>Windows Server 2012<br>Windows Server 2012 R2<br>Windows Server 2016                                                                                                                                                                                                               |
+| 5     | DS\_BEHAVIOR\_WIN2012                       | Windows Server 2012<br>Windows Server 2012 R2<br>Windows Server 2016                                                                                                                                                                                                                                               |
+| 6     | DS\_BEHAVIOR\_WIN2012R2                     | Windows Server 2012 R2<br>Windows Server 2016                                                                                                                                                                                                                                                                            |
+| 7     | DS\_BEHAVIOR\_WINTHRESHOLD                  | Windows Server 2016                                                                                                                                                                                                                                                                                                            |
 
 -   **OEM Information** \[Type = UnicodeString\]: there is no information about this field in this document.
 
diff --git a/windows/keep-secure/event-4826.md b/windows/keep-secure/event-4826.md
index 989ba1f6e1..c8213b2290 100644
--- a/windows/keep-secure/event-4826.md
+++ b/windows/keep-secure/event-4826.md
@@ -118,7 +118,7 @@ This event is always logged regardless of the "Audit Other Policy Change Events"
 
 -   **HyperVisor Load Options** \[Type = UnicodeString\]**:** shows hypervisor **loadoptions**. See more information here: <https://msdn.microsoft.com/en-us/library/windows/hardware/ff542202(v=vs.85).aspx>.
 
--   **HyperVisor Launch Type** \[Type = UnicodeString\]**:** shows the hypervisor launch options (**Off** or **Auto**). If you are setting up a debugger to debug Hyper-V on a target computer, set this option to **Auto** on the target computer. For more information, see [Attaching to a Target Computer Running Hyper-V](https://msdn.microsoft.com/en-us/library/windows/hardware/ff538138(v=vs.85).aspx). Information about [Hyper-V](http://go.microsoft.com/fwlink/p/?linkid=271817) technology is available on Microsoft TechNet web site.
+-   **HyperVisor Launch Type** \[Type = UnicodeString\]**:** shows the hypervisor launch options (**Off** or **Auto**). If you are setting up a debugger to debug Hyper-V on a target computer, set this option to **Auto** on the target computer. For more information, see [Attaching to a Target Computer Running Hyper-V](https://msdn.microsoft.com/en-us/library/windows/hardware/ff538138(v=vs.85).aspx). Information about [Hyper-V](https://go.microsoft.com/fwlink/p/?linkid=271817) technology is available on Microsoft TechNet web site.
 
 -   **HyperVisor Debugging** \[Type = UnicodeString\]**:** shows whether the hypervisor debugger is enabled or not (**Yes** or **No**). For information about hypervisor debugging, see [Attaching to a Target Computer Running Hyper-V](https://msdn.microsoft.com/en-us/library/windows/hardware/ff538138(v=vs.85).aspx).
 
diff --git a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
index f019d14fdf..cdde9f9522 100644
--- a/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/event-error-codes-windows-defender-advanced-threat-protection.md
@@ -1,13 +1,14 @@
 ---
 title: Review events and errors on endpoints with Event Viewer
 description: Get descriptions and further troubleshooting steps (if required) for all events reported by the Windows Defender ATP service.
-keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Advanced Threat Protection service, cannot start, broken, can't start
+keywords: troubleshoot, event viewer, log summary, failure code, failed, Windows Defender Advanced Threat Protection service, cannot start, broken, can't start
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: iaanw
+localizationpriority: high
 ---
 
 
@@ -15,16 +16,19 @@ author: iaanw
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Event Viewer
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/en-US/library/aa745633(v=bts.10).aspx) on individual endpoints.
+You can review event IDs in the [Event Viewer](https://msdn.microsoft.com/library/aa745633(v=bts.10).aspx) on individual endpoints.
 
 For example, if endpoints are not appearing in the **Machines view** list, you might need to look for event IDs on the endpoints. You can then use this table to determine further troubleshooting steps.
 
-> **Note**&nbsp;&nbsp;It can take several days for endpoints to begin reporting to the Windows Defender ATP service.
+> [!NOTE]
+> It can take several days for endpoints to begin reporting to the Windows Defender ATP service.
 
 **Open Event Viewer and find the Windows Defender ATP service event log:**
 
@@ -35,7 +39,8 @@ For example, if endpoints are not appearing in the **Machines view** list, you m
 
   a.  You can also access the log by expanding **Applications and Services Logs** > **Microsoft** > **Windows** > **SENSE** and click on **Operational**.
 
-    > **Note**&nbsp;&nbsp;SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP.
+    > [!NOTE]
+	> SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP.
 
 3.  Events recorded by the service will appear in the log. See the following table for a list of events recorded by the service.
 
@@ -49,39 +54,39 @@ For example, if endpoints are not appearing in the **Machines view** list, you m
 </tr>
 <tr>
 <td>1</td>
-<td>Windows Advanced Threat Protection service started (Version ```variable```).</td>
+<td>Windows Defender Advanced Threat Protection service started (Version ```variable```).</td>
 <td>Occurs during system start up, shut down, and during onbboarding.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>2</td>
-<td>Windows Advanced Threat Protection service shutdown.</td>
+<td>Windows Defender Advanced Threat Protection service shutdown.</td>
 <td>Occurs when the endpoint is shut down or offboarded.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>3</td>
-<td>Windows Advanced Threat Protection service failed to start. Failure code: ```variable```</td>
+<td>Windows Defender Advanced Threat Protection service failed to start. Failure code: ```variable```.</td>
 <td>Service did not start.</td>
 <td>Review other messages to determine possible cause and troubleshooting steps.</td>
 </tr>
 <tr>
 <td>4</td>
-<td>Windows Advanced Threat Protection service contacted the server at ```variable```.</td>
-<td>variable = URL of the Windows Defender ATP processing servers.<br>
+<td>Windows Defender Advanced Threat Protection service contacted the server at ```variable```.</td>
+<td>Variable = URL of the Windows Defender ATP processing servers.<br>
 This URL will match that seen in the Firewall or network activity.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
 <td>5</td>
-<td>Windows Advanced Threat Protection service failed to connect to the server at ```variable```.</td>
-<td>variable = URL of the Windows Defender ATP processing servers.<br>
+<td>Windows Defender Advanced Threat Protection service failed to connect to the server at ```variable```.</td>
+<td>Variable = URL of the Windows Defender ATP processing servers.<br>
 The service could not contact the external processing servers at that URL.</td>
 <td>Check the connection to the URL. See [Configure proxy and Internet connectivity](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#configure-proxy-and-Internet-connectivity).</td>
 </tr>
 <tr>
 <td>6</td>
-<td>Windows Advanced Threat Protection service is not onboarded and no onboarding parameters were found.</td>
+<td>Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found.</td>
 <td>The endpoint did not onboard correctly and will not be reporting to the portal.</td>
 <td>Onboarding must be run before starting the service.<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
@@ -89,72 +94,66 @@ See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defen
 </tr>
 <tr>
 <td>7</td>
-<td>Windows Advanced Threat Protection service failed to read the onboarding parameters. Failure code: ```variable```</td>
-<td>The endpoint did not onboard correctly and will not be reporting to the portal.</td>
+<td>Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure: ```variable```.</td>
+<td>Variable = detailed error description. The endpoint did not onboard correctly and will not be reporting to the portal.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)</td>
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>8</td>
-<td>Windows Advanced Threat Protection service failed to clean its configuration. Failure code: ```variable```</td>
-<td>The endpoint did not onboard correctly and will not be reporting to the portal.</td>
-<td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)</td>
+<td>Windows Defender Advanced Threat Protection service failed to clean its configuration. Failure code: ```variable```.</td>
+<td>**During onboarding:** The service failed to clean its configuration during the onboarding. The onboarding process continues. <br><br> **During offboarding:** The service failed to clean its configuration during the offboarding. The offboarding process finished but the service keeps running.
+ </td>
+<td>**Onboarding:** No action required. <br><br> **Offboarding:** Reboot the system.<br>
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>9</td>
-<td>Windows Advanced Threat Protection service failed to change its start type. Failure code: ```variable```</td>
-<td>The endpoint did not onboard correctly and will not be reporting to the portal.</td>
+<td>Windows Defender Advanced Threat Protection service failed to change its start type. Failure code: ```variable```.</td>
+<td>**During onboarding:** The endpoint did not onboard correctly and will not be reporting to the portal. <br><br>**During offboarding:** Failed to change the service start type. The offboarding process continues. </td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)</td>
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>10</td>
-<td>Windows Advanced Threat Protection service failed to persist the onboarding information. Failure code: ```variable```</td>
+<td>Windows Defender Advanced Threat Protection service failed to persist the onboarding information. Failure code: ```variable```.</td>
 <td>The endpoint did not onboard correctly and will not be reporting to the portal.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)</td>
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>11</td>
-<td>Windows Advanced Threat Protection service completed.</td>
+<td>Onboarding or re-onboarding of Windows Defender Advanced Threat Protection service completed.</td>
 <td>The endpoint onboarded correctly.</td>
 <td>Normal operating notification; no action required.<br>
 It may take several hours for the endpoint to appear in the portal.</td>
 </tr>
 <tr>
 <td>12</td>
-<td>Windows Advanced Threat Protection failed to apply the default configuration.</td>
-<td>Service was unable to apply configuration from the processing servers.</td>
-<td>This is a server error and should resolve after a short period.</td>
+<td>Windows Defender Advanced Threat Protection failed to apply the default configuration.</td>
+<td>Service was unable to apply the default configuration.</td>
+<td>This error should resolve after a short period of time.</td>
 </tr>
 <tr>
 <td>13</td>
-<td>Service machine ID calculated: ```variable```</td>
+<td>Windows Defender Advanced Threat Protection machine ID calculated: ```variable```.</td>
 <td>Normal operating process.</td>
 <td>Normal operating notification; no action required.</td>
 </tr>
 <tr>
-<td>14</td>
-<td>Service cannot calculate machine ID. Failure code: ```variable```</td>
-<td>Internal error.</td>
-<td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)</td>
-</tr>
-<tr>
 <td>15</td>
-<td>Windows Advanced Threat Protection cannot start command channel with URL: ```variable```</td>
-<td>variable = URL of the Windows Defender ATP processing servers.<br>
+<td>Windows Defender Advanced Threat Protection cannot start command channel with URL: ```variable```.</td>
+<td>Variable = URL of the Windows Defender ATP processing servers.<br>
 The service could not contact the external processing servers at that URL.</td>
 <td>Check the connection to the URL. See [Configure proxy and Internet connectivity](#configure-proxy-and-Internet-connectivity).</td>
 </tr>
 <tr>
 <td>17</td>
-<td>Windows Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable```</td>
+<td>Windows Defender Advanced Threat Protection service failed to change the Connected User Experiences and Telemetry service location. Failure code: ```variable```.</td>
 <td>An error occurred with the Windows telemetry service.</td>
-<td>[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled)<br>
+<td>[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)</td>
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>18</td>
@@ -171,44 +170,45 @@ If this error persists after a system restart, ensure all Windows updates have f
 </tr>
 <tr>
 <td>20</td>
-<td>Cannot wait for OOBE (Windows Welcome) to complete. Failure code: ```variable```</td>
+<td>Cannot wait for OOBE (Windows Welcome) to complete. Failure code: ```variable```.</td>
 <td>Internal error.</td>
 <td>If this error persists after a system restart, ensure all Windows updates have full installed.</td>
 </tr>
 <tr>
 <td>25</td>
-<td>Windows Advanced Threat Protection service failed to reset health status in the registry, causing the onboarding process to fail. Failure code: ```variable```</td>
-<td>The endpoint did not onboard correctly and will not be reporting to the portal.</td>
+<td>Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: ```variable```.</td>
+<td>The endpoint did not onboard correctly.
+It will report to the portal, however the service may not appear as registered in SCCM or the registry.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)</td>
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>26</td>
-<td>Windows Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: ```variable```</td>
+<td>Windows Defender Advanced Threat Protection service failed to set the onboarding status in the registry. Failure code: ```variable```.</td>
 <td>The endpoint did not onboard correctly.<br>
 It will report to the portal, however the service may not appear as registered in SCCM or the registry.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)</td>
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>27</td>
-<td>Windows Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender. Onboarding process failed. Failure code: ```variable```</td>
+<td>Windows Defender Advanced Threat Protection service failed to enable SENSE aware mode in Windows Defender. Onboarding process failed. Failure code: ```variable```.</td>
 <td>Normally, Windows Defender will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)<br>
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).<br>
 Ensure real-time antimalware protection is running properly.</td>
 </tr>
 <tr>
 <td>28</td>
-<td>Windows Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable```</td>
+<td>Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration failed. Failure code: ```variable```.</td>
 <td>An error occurred with the Windows telemetry service.</td>
 <td>[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)</td>
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
 </tr>
 <tr>
 <td>30</td>
-<td>Windows Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender. Failure code: ```variable```</td>
+<td>Windows Defender Advanced Threat Protection service failed to disable SENSE aware mode in Windows Defender. Failure code: ```variable```.</td>
 <td>Normally, Windows Defender will enter a special passive state if another real-time antimalware product is running properly on the endpoint, and the endpoint is reporting to Windows Defender ATP.</td>
 <td>Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
 See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)<br>
@@ -216,24 +216,115 @@ Ensure real-time antimalware protection is running properly.</td>
 </tr>
 <tr>
 <td>31</td>
-<td>Windows Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable```</td>
-<td>An error occurred with the Windows telemetry service.</td>
+<td>Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service unregistration failed. Failure code: ```variable```.</td>
+<td>An error occurred with the Windows telemetry service during onboarding. The offboarding process continues.</td>
 <td>[Check for errors with the Windows telemetry service](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).</td>
 </tr>
 <tr>
+<td>32</td>
+<td>Windows Defender Advanced Threat Protection service failed to request to stop itself after offboarding process. Failure code: %1</td>
+<td>An error occurred during offboarding.</td>
+<td>Reboot the machine.</td>
+</tr>
+<tr>
 <td>33</td>
-<td>Windows Advanced Threat Protection service failed to persist SENSE GUID. Failure code: ```variable```</td>
+<td>Windows Defender Advanced Threat Protection service failed to persist SENSE GUID. Failure code: ```variable```.</td>
 <td>A unique identifier is used to represent each endpoint that is reporting to the portal.<br>
 If the identifier does not persist, the same machine might appear twice in the portal.</td>
 <td>Check registry permissions on the endpoint to ensure the service can update the registry.</td>
 </tr>
 <tr>
 <td>34</td>
-<td>Windows Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable```</td>
+<td>Windows Defender Advanced Threat Protection service failed to add itself as a dependency on the Connected User Experiences and Telemetry service, causing onboarding process to fail. Failure code: ```variable```.</td>
 <td>An error occurred with the Windows telemetry service.</td>
 <td>[Ensure the telemetry service is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-the-telemetry-and-diagnostics-service-is-enabled).<br>
 Check that the onboarding settings and scripts were deployed properly. Try to redeploy the configuration packages.<br>
-See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)</td>
+See [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md).</td>
+</tr>
+<tr>
+<td>35</td>
+<td>Windows Defender Advanced Threat Protection service failed to remove itself as a dependency on the Connected User Experiences and Telemetry service. Failure code: ```variable```.</td>
+<td>An error occurred with the Windows telemetry service during offboarding. The offboarding process continues.
+</td>
+<td>Check for errors with the Windows telemetry service.</td>
+</tr>
+<tr>
+<td>36</td>
+<td>Windows Defender Advanced Threat Protection Connected User Experiences and Telemetry service registration succeeded. Completion code: ```variable```.</td>
+<td>Registering Windows Defender Advanced Threat Protection with the Connected User Experiences and Telemetry service completed successfully.</td>
+<td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+<td>37</td>
+<td>Windows Defender Advanced Threat Protection A module is about to exceed its quota. Module: %1, Quota: {%2} {%3}, Percentage of quota utilization: %4.</td>
+<td>The machine has almost used its allocated quota of the current 24-hour window. It’s about to be throttled.</td>
+<td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+<td>38</td>
+<td>Network connection is identified as low. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.</td>
+<td>The machine is using a metered/paid network and will be contacting the server less frequently.</td>
+<td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+<td>39</td>
+<td>Network connection is identified as normal. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Metered connection: %2, internet available: %3, free network available: %4.</td>
+<td>The machine is not using a metered/paid connection and will contact the server as usual.</td>
+<td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+<td>40</td>
+<td>Battery state is identified as low. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Battery state: %2.</td>
+<td>The machine has low battery level and will contact the server less frequently.</td>
+<td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+<td>41</td>
+<td>Battery state is identified as normal. Windows Defender Advanced Threat Protection will contact the server every %1 minutes. Battery state: %2.</td>
+<td>The machine doesn’t have low battery level and will contact the server as usual.</td>
+<td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+<td>42</td>
+<td>Windows Defender Advanced Threat Protection WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception message: %4</td>
+<td>Internal error. The service failed to start.</td>
+<td>If this error persists, contact Support.</td>
+</tr>
+<tr>
+<td>43</td>
+<td>Windows Defender Advanced Threat Protection WDATP component failed to perform action. Component: %1, Action: %2, Exception Type: %3, Exception Error: %4, Exception message: %5</td>
+<td>Internal error. The service failed to start.</td>
+<td>If this error persists, contact Support.</td>
+</tr>
+<tr>
+<td>44</td>
+<td>Offboarding of Windows Defender Advanced Threat Protection service completed.</td>
+<td>The service was offboarded.</td>
+<td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+<td>45</td>
+<td>Failed to register and to start the event trace session [%1]. Error code: %2</td>
+<td>An error occurred on service startup while creating ETW session. This caused service start-up failure.</td>
+<td>If this error persists, contact Support.</td>
+</tr>
+<tr>
+<td>46</td>
+<td>Failed to register and start the event trace session [%1] due to lack of resources. Error code: %2. This is most likely because there are too many active event trace sessions. The service will retry in 1 minute.</td>
+<td>An error occurred on service startup while creating ETW session due to lack of resources. The service started and is running, but will not report any sensor event until the ETW session is started.</td>
+<td>Normal operating notification; no action required. The service will try to start the session every minute.</td>
+</tr>
+<tr>
+<td>47</td>
+<td>Successfully registered and started the event trace session - recovered after previous failed attempts.</td>
+<td>This event follows the previous event after successfully starting of the ETW session.</td>
+<td>Normal operating notification; no action required.</td>
+</tr>
+<tr>
+<td>48</td>
+<td>Failed to add a provider [%1] to event trace session [%2]. Error code: %3. This means that events from this provider will not be reported.</td>
+<td>Failed to add a provider to ETW session. As a result, the provider events aren’t reported.</td>
+<td>Check the error code. If the error persists contact Support.</td>
 </tr>
 </tr>
 </tbody>
diff --git a/windows/keep-secure/exempt-icmp-from-authentication.md b/windows/keep-secure/exempt-icmp-from-authentication.md
index a60e483753..21100a9674 100644
--- a/windows/keep-secure/exempt-icmp-from-authentication.md
+++ b/windows/keep-secure/exempt-icmp-from-authentication.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This procedure shows you how to add exemptions for any network traffic that uses the ICMP protocol.
 
diff --git a/windows/keep-secure/exemption-list.md b/windows/keep-secure/exemption-list.md
index 3ebf7a465b..fc0fd3b704 100644
--- a/windows/keep-secure/exemption-list.md
+++ b/windows/keep-secure/exemption-list.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 When you implement a server and domain isolation security model in your organization, you are likely to find some additional challenges. Key infrastructure servers such as DNS servers and DHCP servers typically must be available to all devicess on the internal network, yet secured from network attacks. However, if they must remain available to all devicess on the network, not just to isolated domain members, then these servers cannot require IPsec for inbound access, nor can they use IPsec transport mode for outbound traffic.
 
diff --git a/windows/keep-secure/firewall-gpos.md b/windows/keep-secure/firewall-gpos.md
index b264a38993..229cb2a3e0 100644
--- a/windows/keep-secure/firewall-gpos.md
+++ b/windows/keep-secure/firewall-gpos.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 All the devices on Woodgrove Bank's network that run Windows are part of the isolated domain, except domain controllers. To configure firewall rules, the GPO described in this section is linked to the domain container in the Active Directory OU hierarchy, and then filtered by using security group filters and WMI filters.
 
diff --git a/windows/keep-secure/firewall-policy-design-example.md b/windows/keep-secure/firewall-policy-design-example.md
index 41310314aa..8dad2b48f7 100644
--- a/windows/keep-secure/firewall-policy-design-example.md
+++ b/windows/keep-secure/firewall-policy-design-example.md
@@ -13,13 +13,13 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 In this example, the fictitious company Woodgrove Bank is a financial services institution.
 
 Woodgrove Bank has an Active Directory domain that provides Group Policy-based management for all their Windows devices. The Active Directory domain controllers also host Domain Name System (DNS) for host name resolution. Separate devices host Windows Internet Name Service (WINS) for network basic input/output system (NetBIOS) name resolution. A set of devices that are running UNIX provide the Dynamic Host Configuration Protocol (DHCP) services for automatic IP addressing.
 
-Woodgrove Bank is in the process of migrating their devices from Windows Vista and Windows Server 2008 to Windows 10 and Windows Server 2016 Technical Preview. A significant number of the devices at Woodgrove Bank continue to run Windows Vista and Windows Server 2008. Interoperability between the previous and newer operating systems must be maintained. Wherever possible, security features applied to the newer operating systems must also be applied to the previous operating systems.
+Woodgrove Bank is in the process of migrating their devices from Windows Vista and Windows Server 2008 to Windows 10 and Windows Server 2016. A significant number of the devices at Woodgrove Bank continue to run Windows Vista and Windows Server 2008. Interoperability between the previous and newer operating systems must be maintained. Wherever possible, security features applied to the newer operating systems must also be applied to the previous operating systems.
 
 A key line-of-business program called WGBank consists of a client program running on most of the desktop devices in the organization. This program accesses several front-end server devices that run the server-side part of WGBank. These front-end servers only do the processing — they do not store the data. The data is stored in several back-end database devices that are running Microsoft SQL Server.
 
@@ -60,7 +60,7 @@ Woodgrove Bank uses Active Directory groups and Group Policy Objects to deploy t
 
 -   Client devices that run Windows 10, Windows 8, or Windows 7
 
--   WGBank front-end servers that run Windows Server 2016 Technical Preview, Windows Server 2012 R2, Windows Server 2012 or Windows Server 2008 R2 (there are none in place yet, but their solution must support adding them)
+-   WGBank front-end servers that run Windows Server 2016, Windows Server 2012 R2, Windows Server 2012 or Windows Server 2008 R2 (there are none in place yet, but their solution must support adding them)
 
 -   WGBank partner servers that run Windows Server 2008
 
diff --git a/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md b/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md
index 33727fc9f4..0c507fdc73 100644
--- a/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md
+++ b/windows/keep-secure/gathering-information-about-your-active-directory-deployment.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Active Directory is another important item about which you must gather information. You must understand the forest structure. This includes domain layout, organizational unit (OU) architecture, and site topology. This information makes it possible to know where devices are currently placed, their configuration, and the impact of changes to Active Directory that result from implementing Windows Firewall with Advanced Security. Review the following list for information needed:
 
diff --git a/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md b/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md
index 65555cc782..67dcea5661 100644
--- a/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md
+++ b/windows/keep-secure/gathering-information-about-your-current-network-infrastructure.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Perhaps the most important aspect of planning for Windows Firewall with Advanced Security deployment is the network architecture, because IPsec is layered on the Internet Protocol itself. An incomplete or inaccurate understanding of the network can prevent any Windows Firewall with Advanced Security solution from being successful. Understanding subnet layout, IP addressing schemes, and traffic patterns are part of this effort, but accurately documenting the following components are important to completing the planning phase of this project:
 
diff --git a/windows/keep-secure/gathering-information-about-your-devices.md b/windows/keep-secure/gathering-information-about-your-devices.md
index 1f3b73fa21..3643e51814 100644
--- a/windows/keep-secure/gathering-information-about-your-devices.md
+++ b/windows/keep-secure/gathering-information-about-your-devices.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 One of the most valuable benefits of conducting an asset discovery project is the large amount of data that is obtained about the client and server devices on the network. When you start designing and planning your isolation zones, you must make decisions that require accurate information about the state of all hosts to ensure that they can use IPsec as planned.
 
@@ -45,7 +45,7 @@ Using an automated auditing network management system provides valuable informat
 
 The biggest difference between manual discovery methods and automated methods is time.
 
-You can use Windows PowerShell to create a script file that can collect the system configuration information. For more information, see [Windows PowerShell Scripting](http://go.microsoft.com/fwlink/?linkid=110413).
+You can use Windows PowerShell to create a script file that can collect the system configuration information. For more information, see [Windows PowerShell Scripting](https://go.microsoft.com/fwlink/?linkid=110413).
 
 Whether you use an automatic, manual, or hybrid option to gather the information, one of the biggest issues that can cause problems to the design is capturing the changes between the original inventory scan and the point at which the implementation is ready to start. After the first scan has been completed, make support staff aware that all additional changes must be recorded and the updates noted in the inventory.
 
diff --git a/windows/keep-secure/gathering-other-relevant-information.md b/windows/keep-secure/gathering-other-relevant-information.md
index ca8d396fcb..85e9be98dc 100644
--- a/windows/keep-secure/gathering-other-relevant-information.md
+++ b/windows/keep-secure/gathering-other-relevant-information.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This topic discusses several other things that you should examine to see whether they will cause any complications in your ability to deploy Windows Firewall with Advanced Security policies in your organization.
 
@@ -52,7 +52,7 @@ In some cases, IPsec-secured traffic might have to pass through a router, perime
 
 In the case of a filtering router or a firewall, you must configure these devices to allow IPsec traffic to be forwarded. Configure the firewall to allow IPsec traffic on UDP source and destination port 500 (IKE), UDP source and destination port 4500 (IPsec NAT-T), and IP Protocol 50 (ESP). You might also have to configure the firewall to allow IPsec traffic on IP protocol 51 (AH) to allow troubleshooting by IPsec administrators and to allow the IPsec traffic to be inspected.
 
-For more info, see [How to Enable IPsec Traffic Through a Firewall](http://go.microsoft.com/fwlink/?LinkId=45085).
+For more info, see [How to Enable IPsec Traffic Through a Firewall](https://go.microsoft.com/fwlink/?LinkId=45085).
 
 ## Network load balancing and server clusters
 
diff --git a/windows/keep-secure/gathering-the-information-you-need.md b/windows/keep-secure/gathering-the-information-you-need.md
index 3e8a62b0cc..a11fbf67c8 100644
--- a/windows/keep-secure/gathering-the-information-you-need.md
+++ b/windows/keep-secure/gathering-the-information-you-need.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Before starting the planning process for a Windows Firewall with Advanced Security deployment, you must collect and analyze up-to-date information about the network, the directory services, and the devices that are already deployed in the organization. This information enables you to create a design that accounts for all possible elements of the existing infrastructure. If the gathered information is not accurate, problems can occur when devices and devices that were not considered during the planning phase are encountered during implementation.
 
diff --git a/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md b/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md
index 1a19780713..f7c920bb4f 100644
--- a/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md
+++ b/windows/keep-secure/get-started-with-windows-defender-for-windows-10.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: jasesso
 ---
 
@@ -183,7 +184,7 @@ In Endpoint Protection, you can use the advanced scanning options to configure a
 
 ## Related topics
 
-[Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md)
-[Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)
+- [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md)
+- [Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)
  
  
diff --git a/windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md b/windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md
index 542e85c56f..88a3f076b6 100644
--- a/windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md
+++ b/windows/keep-secure/getting-apps-to-run-on-device-guard-protected-devices.md
@@ -1,4 +1,4 @@
 ---
 title: Get apps to run on Device Guard-protected devices (Windows 10)
-redirect_url: device-guard-deployment-guide.md
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/device-guard-deployment-guide
 ---
diff --git a/windows/keep-secure/gpo-domiso-boundary.md b/windows/keep-secure/gpo-domiso-boundary.md
index 22db5273b8..00fb043b7a 100644
--- a/windows/keep-secure/gpo-domiso-boundary.md
+++ b/windows/keep-secure/gpo-domiso-boundary.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. Woodgrove Bank began by copying and pasting the GPO for the Windows Server 2008 version of the isolated domain GPO, and then renamed the copy to reflect its new purpose.
 
diff --git a/windows/keep-secure/gpo-domiso-firewall.md b/windows/keep-secure/gpo-domiso-firewall.md
index 226c9deac1..d1349941e1 100644
--- a/windows/keep-secure/gpo-domiso-firewall.md
+++ b/windows/keep-secure/gpo-domiso-firewall.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to devices that are running at least Windows 7 or Windows Server 2008.
 
diff --git a/windows/keep-secure/gpo-domiso-isolateddomain-clients.md b/windows/keep-secure/gpo-domiso-isolateddomain-clients.md
index 0f2faadb9e..a6ab80ad09 100644
--- a/windows/keep-secure/gpo-domiso-isolateddomain-clients.md
+++ b/windows/keep-secure/gpo-domiso-isolateddomain-clients.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to client devices that are running Windows 8, Windows 7, or Windows Vista.
 
diff --git a/windows/keep-secure/gpo-domiso-isolateddomain-servers.md b/windows/keep-secure/gpo-domiso-isolateddomain-servers.md
index fb984adf5f..91cd4e3890 100644
--- a/windows/keep-secure/gpo-domiso-isolateddomain-servers.md
+++ b/windows/keep-secure/gpo-domiso-isolateddomain-servers.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This GPO is authored by using the Windows Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to server devices that are running at least Windows Server 2008.
 
diff --git a/windows/keep-secure/guidance-and-best-practices-edp.md b/windows/keep-secure/guidance-and-best-practices-edp.md
index fd1ffe2dcd..cfd70be3cc 100644
--- a/windows/keep-secure/guidance-and-best-practices-edp.md
+++ b/windows/keep-secure/guidance-and-best-practices-edp.md
@@ -1,39 +1,5 @@
 ---
 title: General guidance and best practices for enterprise data protection (EDP) (Windows 10)
 description: This section includes info about the enlightened Microsoft apps, including how to add them to your Protected Apps list in Microsoft Intune. It also includes some testing scenarios that we recommend running through with enterprise data protection (EDP).
-ms.assetid: aa94e733-53be-49a7-938d-1660deaf52b0
-keywords: EDP, Enterprise Data Protection
-ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: security
-author: eross-msft
----
-
-# General guidance and best practices for enterprise data protection (EDP)
-**Applies to:**
-
--   Windows 10 Insider Preview
--   Windows 10 Mobile Preview
-
-<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-This section includes info about the enlightened Microsoft apps, including how to add them to your **Protected Apps** list in Microsoft Intune. It also includes some testing scenarios that we recommend running through with enterprise data protection (EDP).
-
-## In this section
-|Topic |Description |
-|------|------------|
-|[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |A list of all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your enterprise. |
-|[Enlightened apps for use with enterprise data protection (EDP)](enlightened-microsoft-apps-and-edp.md) |Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your **Protected Apps** list. |
-|[Testing scenarios for enterprise data protection (EDP)](testing-scenarios-for-edp.md) |We've come up with a list of suggested testing scenarios that you can use to test EDP in your company. |
-
- 
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/guidance-and-best-practices-wip
+---
\ No newline at end of file
diff --git a/windows/keep-secure/guidance-and-best-practices-wip.md b/windows/keep-secure/guidance-and-best-practices-wip.md
new file mode 100644
index 0000000000..b64a82a6e0
--- /dev/null
+++ b/windows/keep-secure/guidance-and-best-practices-wip.md
@@ -0,0 +1,28 @@
+---
+title: General guidance and best practices for Windows Information Protection (WIP) (Windows 10)
+description: This section includes info about the enlightened Microsoft apps, including how to add them to your Protected Apps list in Microsoft Intune. It also includes some testing scenarios that we recommend running through with Windows Information Protection (WIP).
+ms.assetid: aa94e733-53be-49a7-938d-1660deaf52b0
+keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+author: eross-msft
+localizationpriority: high
+---
+
+# General guidance and best practices for Windows Information Protection (WIP)
+**Applies to:**
+
+-   Windows 10, version 1607
+-   Windows 10 Mobile
+
+This section includes info about the enlightened Microsoft apps, including how to add them to your allowed apps list in Microsoft Intune. It also includes some testing scenarios that we recommend running through with Windows Information Protection (WIP).
+
+## In this section
+|Topic |Description |
+|------|------------|
+|[Windows Information Protection (WIP) overview](wip-enterprise-overview.md) |High-level overview info about why to use WIP, the enterprise scenarios, and how to turn it off. |
+|[Mandatory settings for Windows Information Protection (WIP)](mandatory-settings-for-wip.md) |A list of all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your enterprise. |
+|[Enlightened apps for use with Windows Information Protection (WIP)](enlightened-microsoft-apps-and-wip.md) |Learn the difference between enlightened and unenlightened apps, and then review the list of enlightened apps provided by Microsoft along with the text you will need to use to add them to your allowed apps list. |
+|[Testing scenarios for Windows Information Protection (WIP)](testing-scenarios-for-wip.md) |We've come up with a list of suggested testing scenarios that you can use to test WIP in your company. |
\ No newline at end of file
diff --git a/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index b1adf33fd9..092982bd0a 100644
--- a/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/keep-secure/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Correctly identifying your Windows Firewall with Advanced Security deployment goals is essential for the success of your Windows Firewall with Advanced Security design project. Form a project team that can clearly articulate deployment issues in a vision statement. When you write your vision statement, identify, clarify, and refine your deployment goals. Prioritize and, if possible, combine your deployment goals so that you can design and deploy Windows Firewall with Advanced Security by using an iterative approach. You can take advantage of the predefined Windows Firewall with Advanced Security deployment goals presented in this guide that are relevant to your scenarios.
 
diff --git a/windows/keep-secure/images/alert-details.png b/windows/keep-secure/images/alert-details.png
index 7d23ae0374..e2f5a387b0 100644
Binary files a/windows/keep-secure/images/alert-details.png and b/windows/keep-secure/images/alert-details.png differ
diff --git a/windows/keep-secure/images/alertsq2.png b/windows/keep-secure/images/alertsq2.png
index a11b5ba76b..8e823cd9c7 100644
Binary files a/windows/keep-secure/images/alertsq2.png and b/windows/keep-secure/images/alertsq2.png differ
diff --git a/windows/keep-secure/images/defender/client.png b/windows/keep-secure/images/defender/client.png
new file mode 100644
index 0000000000..4f2118206e
Binary files /dev/null and b/windows/keep-secure/images/defender/client.png differ
diff --git a/windows/keep-secure/images/defender/detection-source.png b/windows/keep-secure/images/defender/detection-source.png
new file mode 100644
index 0000000000..7d471dc22d
Binary files /dev/null and b/windows/keep-secure/images/defender/detection-source.png differ
diff --git a/windows/keep-secure/images/defender/download-wdo.png b/windows/keep-secure/images/defender/download-wdo.png
new file mode 100644
index 0000000000..50d2fc3152
Binary files /dev/null and b/windows/keep-secure/images/defender/download-wdo.png differ
diff --git a/windows/keep-secure/images/defender/enhanced-notifications.png b/windows/keep-secure/images/defender/enhanced-notifications.png
new file mode 100644
index 0000000000..8317458416
Binary files /dev/null and b/windows/keep-secure/images/defender/enhanced-notifications.png differ
diff --git a/windows/keep-secure/images/defender/gp.png b/windows/keep-secure/images/defender/gp.png
new file mode 100644
index 0000000000..8b57c7b45c
Binary files /dev/null and b/windows/keep-secure/images/defender/gp.png differ
diff --git a/windows/keep-secure/images/defender/notification.png b/windows/keep-secure/images/defender/notification.png
new file mode 100644
index 0000000000..cad9f162e9
Binary files /dev/null and b/windows/keep-secure/images/defender/notification.png differ
diff --git a/windows/keep-secure/images/defender/sccm-wdo.png b/windows/keep-secure/images/defender/sccm-wdo.png
new file mode 100644
index 0000000000..8f504b94e1
Binary files /dev/null and b/windows/keep-secure/images/defender/sccm-wdo.png differ
diff --git a/windows/keep-secure/images/defender/settings-wdo.png b/windows/keep-secure/images/defender/settings-wdo.png
new file mode 100644
index 0000000000..23412856b0
Binary files /dev/null and b/windows/keep-secure/images/defender/settings-wdo.png differ
diff --git a/windows/keep-secure/images/defender/ux-config-key.png b/windows/keep-secure/images/defender/ux-config-key.png
new file mode 100644
index 0000000000..3e2d966342
Binary files /dev/null and b/windows/keep-secure/images/defender/ux-config-key.png differ
diff --git a/windows/keep-secure/images/defender/ux-uilockdown-key.png b/windows/keep-secure/images/defender/ux-uilockdown-key.png
new file mode 100644
index 0000000000..86d1b4b249
Binary files /dev/null and b/windows/keep-secure/images/defender/ux-uilockdown-key.png differ
diff --git a/windows/keep-secure/images/detection-source.png b/windows/keep-secure/images/detection-source.png
new file mode 100644
index 0000000000..7d471dc22d
Binary files /dev/null and b/windows/keep-secure/images/detection-source.png differ
diff --git a/windows/keep-secure/images/device-guard-gp.png b/windows/keep-secure/images/device-guard-gp.png
index 0c2c1c9d4f..169d2f245b 100644
Binary files a/windows/keep-secure/images/device-guard-gp.png and b/windows/keep-secure/images/device-guard-gp.png differ
diff --git a/windows/keep-secure/images/dg-fig1-enableos.png b/windows/keep-secure/images/dg-fig1-enableos.png
index cefb124344..a114c520de 100644
Binary files a/windows/keep-secure/images/dg-fig1-enableos.png and b/windows/keep-secure/images/dg-fig1-enableos.png differ
diff --git a/windows/keep-secure/images/dg-fig11-dgproperties.png b/windows/keep-secure/images/dg-fig11-dgproperties.png
index ce16705d0f..3c93b2b948 100644
Binary files a/windows/keep-secure/images/dg-fig11-dgproperties.png and b/windows/keep-secure/images/dg-fig11-dgproperties.png differ
diff --git a/windows/keep-secure/images/dg-fig7-enablevbsofkmci.png b/windows/keep-secure/images/dg-fig7-enablevbsofkmci.png
index bf0d55dd7f..ddc2158a8a 100644
Binary files a/windows/keep-secure/images/dg-fig7-enablevbsofkmci.png and b/windows/keep-secure/images/dg-fig7-enablevbsofkmci.png differ
diff --git a/windows/keep-secure/images/edp-sccm-add-network-domain.png b/windows/keep-secure/images/edp-sccm-add-network-domain.png
deleted file mode 100644
index 505a3ca5fe..0000000000
Binary files a/windows/keep-secure/images/edp-sccm-add-network-domain.png and /dev/null differ
diff --git a/windows/keep-secure/images/edp-sccm-addapplockerfile.png b/windows/keep-secure/images/edp-sccm-addapplockerfile.png
deleted file mode 100644
index 36d4508747..0000000000
Binary files a/windows/keep-secure/images/edp-sccm-addapplockerfile.png and /dev/null differ
diff --git a/windows/keep-secure/images/edp-sccm-adddesktopapp.png b/windows/keep-secure/images/edp-sccm-adddesktopapp.png
deleted file mode 100644
index 18b1970f81..0000000000
Binary files a/windows/keep-secure/images/edp-sccm-adddesktopapp.png and /dev/null differ
diff --git a/windows/keep-secure/images/edp-sccm-additionalsettings.png b/windows/keep-secure/images/edp-sccm-additionalsettings.png
deleted file mode 100644
index 3bd31c8e27..0000000000
Binary files a/windows/keep-secure/images/edp-sccm-additionalsettings.png and /dev/null differ
diff --git a/windows/keep-secure/images/edp-sccm-addpolicy.png b/windows/keep-secure/images/edp-sccm-addpolicy.png
deleted file mode 100644
index d506a859a2..0000000000
Binary files a/windows/keep-secure/images/edp-sccm-addpolicy.png and /dev/null differ
diff --git a/windows/keep-secure/images/edp-sccm-adduniversalapp.png b/windows/keep-secure/images/edp-sccm-adduniversalapp.png
deleted file mode 100644
index cd8b78c72d..0000000000
Binary files a/windows/keep-secure/images/edp-sccm-adduniversalapp.png and /dev/null differ
diff --git a/windows/keep-secure/images/edp-sccm-appmgmt.png b/windows/keep-secure/images/edp-sccm-appmgmt.png
deleted file mode 100644
index 52a6ef5fd9..0000000000
Binary files a/windows/keep-secure/images/edp-sccm-appmgmt.png and /dev/null differ
diff --git a/windows/keep-secure/images/edp-sccm-devicesettings.png b/windows/keep-secure/images/edp-sccm-devicesettings.png
deleted file mode 100644
index 1573ef06d7..0000000000
Binary files a/windows/keep-secure/images/edp-sccm-devicesettings.png and /dev/null differ
diff --git a/windows/keep-secure/images/edp-sccm-dra.png b/windows/keep-secure/images/edp-sccm-dra.png
deleted file mode 100644
index d823ecb78d..0000000000
Binary files a/windows/keep-secure/images/edp-sccm-dra.png and /dev/null differ
diff --git a/windows/keep-secure/images/edp-sccm-generalscreen.png b/windows/keep-secure/images/edp-sccm-generalscreen.png
deleted file mode 100644
index e0013f5b2d..0000000000
Binary files a/windows/keep-secure/images/edp-sccm-generalscreen.png and /dev/null differ
diff --git a/windows/keep-secure/images/edp-sccm-optsettings.png b/windows/keep-secure/images/edp-sccm-optsettings.png
deleted file mode 100644
index 65365356da..0000000000
Binary files a/windows/keep-secure/images/edp-sccm-optsettings.png and /dev/null differ
diff --git a/windows/keep-secure/images/edp-sccm-summaryscreen.png b/windows/keep-secure/images/edp-sccm-summaryscreen.png
deleted file mode 100644
index 2cbb827d7a..0000000000
Binary files a/windows/keep-secure/images/edp-sccm-summaryscreen.png and /dev/null differ
diff --git a/windows/keep-secure/images/edp-sccm-supportedplat.png b/windows/keep-secure/images/edp-sccm-supportedplat.png
deleted file mode 100644
index 7add4926a9..0000000000
Binary files a/windows/keep-secure/images/edp-sccm-supportedplat.png and /dev/null differ
diff --git a/windows/keep-secure/images/gp-process-mitigation-options-bit-flag-image.png b/windows/keep-secure/images/gp-process-mitigation-options-bit-flag-image.png
new file mode 100644
index 0000000000..e493da9e20
Binary files /dev/null and b/windows/keep-secure/images/gp-process-mitigation-options-bit-flag-image.png differ
diff --git a/windows/keep-secure/images/gp-process-mitigation-options-show.png b/windows/keep-secure/images/gp-process-mitigation-options-show.png
new file mode 100644
index 0000000000..0269ddf21f
Binary files /dev/null and b/windows/keep-secure/images/gp-process-mitigation-options-show.png differ
diff --git a/windows/keep-secure/images/gp-process-mitigation-options.png b/windows/keep-secure/images/gp-process-mitigation-options.png
new file mode 100644
index 0000000000..cd69708af3
Binary files /dev/null and b/windows/keep-secure/images/gp-process-mitigation-options.png differ
diff --git a/windows/keep-secure/images/hellosettings.png b/windows/keep-secure/images/hellosettings.png
index 77a8753b5c..9b897a136e 100644
Binary files a/windows/keep-secure/images/hellosettings.png and b/windows/keep-secure/images/hellosettings.png differ
diff --git a/windows/keep-secure/images/intune-add-applocker-xml-file.png b/windows/keep-secure/images/intune-add-applocker-xml-file.png
index 8829c070a6..3ceabfd15a 100644
Binary files a/windows/keep-secure/images/intune-add-applocker-xml-file.png and b/windows/keep-secure/images/intune-add-applocker-xml-file.png differ
diff --git a/windows/keep-secure/images/intune-add-classic-apps.png b/windows/keep-secure/images/intune-add-classic-apps.png
index bf4e5792c1..09bbda3a06 100644
Binary files a/windows/keep-secure/images/intune-add-classic-apps.png and b/windows/keep-secure/images/intune-add-classic-apps.png differ
diff --git a/windows/keep-secure/images/intune-add-uwp-apps.png b/windows/keep-secure/images/intune-add-uwp-apps.png
index 933cd9addf..17a97b8d3a 100644
Binary files a/windows/keep-secure/images/intune-add-uwp-apps.png and b/windows/keep-secure/images/intune-add-uwp-apps.png differ
diff --git a/windows/keep-secure/images/intune-corporate-identity.png b/windows/keep-secure/images/intune-corporate-identity.png
index 4ffb6223ea..808de2db0e 100644
Binary files a/windows/keep-secure/images/intune-corporate-identity.png and b/windows/keep-secure/images/intune-corporate-identity.png differ
diff --git a/windows/keep-secure/images/intune-createnewpolicy.png b/windows/keep-secure/images/intune-createnewpolicy.png
index 26ab066343..3f7b7af6b6 100644
Binary files a/windows/keep-secure/images/intune-createnewpolicy.png and b/windows/keep-secure/images/intune-createnewpolicy.png differ
diff --git a/windows/keep-secure/images/intune-data-recovery.png b/windows/keep-secure/images/intune-data-recovery.png
index 32d7282110..f889dbca48 100644
Binary files a/windows/keep-secure/images/intune-data-recovery.png and b/windows/keep-secure/images/intune-data-recovery.png differ
diff --git a/windows/keep-secure/images/intune-generalinfo.png b/windows/keep-secure/images/intune-generalinfo.png
index c740cad913..70e726d379 100644
Binary files a/windows/keep-secure/images/intune-generalinfo.png and b/windows/keep-secure/images/intune-generalinfo.png differ
diff --git a/windows/keep-secure/images/intune-groupselection.png b/windows/keep-secure/images/intune-groupselection.png
index 992d7a52cf..e48b59aa4b 100644
Binary files a/windows/keep-secure/images/intune-groupselection.png and b/windows/keep-secure/images/intune-groupselection.png differ
diff --git a/windows/keep-secure/images/intune-groupselection_vpnlink.png b/windows/keep-secure/images/intune-groupselection_vpnlink.png
new file mode 100644
index 0000000000..6aa8f89355
Binary files /dev/null and b/windows/keep-secure/images/intune-groupselection_vpnlink.png differ
diff --git a/windows/keep-secure/images/intune-managedeployment.png b/windows/keep-secure/images/intune-managedeployment.png
index 93d37116ef..6786a93416 100644
Binary files a/windows/keep-secure/images/intune-managedeployment.png and b/windows/keep-secure/images/intune-managedeployment.png differ
diff --git a/windows/keep-secure/images/intune-network-detection-boxes.png b/windows/keep-secure/images/intune-network-detection-boxes.png
index 256b586c70..bc801a8521 100644
Binary files a/windows/keep-secure/images/intune-network-detection-boxes.png and b/windows/keep-secure/images/intune-network-detection-boxes.png differ
diff --git a/windows/keep-secure/images/intune-networklocation.png b/windows/keep-secure/images/intune-networklocation.png
index 058aaec38e..64d9ebda26 100644
Binary files a/windows/keep-secure/images/intune-networklocation.png and b/windows/keep-secure/images/intune-networklocation.png differ
diff --git a/windows/keep-secure/images/intune-optional-settings.png b/windows/keep-secure/images/intune-optional-settings.png
index 2d2bf90bb1..3ec8bec32d 100644
Binary files a/windows/keep-secure/images/intune-optional-settings.png and b/windows/keep-secure/images/intune-optional-settings.png differ
diff --git a/windows/keep-secure/images/intune-protection-mode.png b/windows/keep-secure/images/intune-protection-mode.png
index 80804f7946..b3340d6e4f 100644
Binary files a/windows/keep-secure/images/intune-protection-mode.png and b/windows/keep-secure/images/intune-protection-mode.png differ
diff --git a/windows/keep-secure/images/intune-vpn-customconfig.png b/windows/keep-secure/images/intune-vpn-customconfig.png
index 1e1dd0345b..cf9f85181a 100644
Binary files a/windows/keep-secure/images/intune-vpn-customconfig.png and b/windows/keep-secure/images/intune-vpn-customconfig.png differ
diff --git a/windows/keep-secure/images/intune-vpn-edpmodeid.png b/windows/keep-secure/images/intune-vpn-edpmodeid.png
deleted file mode 100644
index 80852af30d..0000000000
Binary files a/windows/keep-secure/images/intune-vpn-edpmodeid.png and /dev/null differ
diff --git a/windows/keep-secure/images/intune-vpn-omaurisettings.png b/windows/keep-secure/images/intune-vpn-omaurisettings.png
index 382301498e..c7016e13c4 100644
Binary files a/windows/keep-secure/images/intune-vpn-omaurisettings.png and b/windows/keep-secure/images/intune-vpn-omaurisettings.png differ
diff --git a/windows/keep-secure/images/intune-vpn-wipmodeid.png b/windows/keep-secure/images/intune-vpn-wipmodeid.png
new file mode 100644
index 0000000000..6c45fd0a25
Binary files /dev/null and b/windows/keep-secure/images/intune-vpn-wipmodeid.png differ
diff --git a/windows/keep-secure/images/machines-view.png b/windows/keep-secure/images/machines-view.png
index 3baf15a05f..f1d00f4035 100644
Binary files a/windows/keep-secure/images/machines-view.png and b/windows/keep-secure/images/machines-view.png differ
diff --git a/windows/keep-secure/images/onboardingstate.png b/windows/keep-secure/images/onboardingstate.png
index 0606e2b2c6..ab49c49e17 100644
Binary files a/windows/keep-secure/images/onboardingstate.png and b/windows/keep-secure/images/onboardingstate.png differ
diff --git a/windows/keep-secure/images/phone-signin-device-select.png b/windows/keep-secure/images/phone-signin-device-select.png
new file mode 100644
index 0000000000..a002efa427
Binary files /dev/null and b/windows/keep-secure/images/phone-signin-device-select.png differ
diff --git a/windows/keep-secure/images/phone-signin-menu.png b/windows/keep-secure/images/phone-signin-menu.png
new file mode 100644
index 0000000000..4672433344
Binary files /dev/null and b/windows/keep-secure/images/phone-signin-menu.png differ
diff --git a/windows/keep-secure/images/phone-signin-settings.png b/windows/keep-secure/images/phone-signin-settings.png
new file mode 100644
index 0000000000..e0ae827426
Binary files /dev/null and b/windows/keep-secure/images/phone-signin-settings.png differ
diff --git a/windows/keep-secure/images/pinerror.png b/windows/keep-secure/images/pinerror.png
index 188b981299..28a759f2fc 100644
Binary files a/windows/keep-secure/images/pinerror.png and b/windows/keep-secure/images/pinerror.png differ
diff --git a/windows/keep-secure/images/portal-image.png b/windows/keep-secure/images/portal-image.png
index be59f06fa5..c038da30de 100644
Binary files a/windows/keep-secure/images/portal-image.png and b/windows/keep-secure/images/portal-image.png differ
diff --git a/windows/keep-secure/images/pua1.png b/windows/keep-secure/images/pua1.png
new file mode 100644
index 0000000000..f3d96a245a
Binary files /dev/null and b/windows/keep-secure/images/pua1.png differ
diff --git a/windows/keep-secure/images/pua2.png b/windows/keep-secure/images/pua2.png
new file mode 100644
index 0000000000..72ffa10aa5
Binary files /dev/null and b/windows/keep-secure/images/pua2.png differ
diff --git a/windows/keep-secure/images/remote-credential-guard-gp.png b/windows/keep-secure/images/remote-credential-guard-gp.png
new file mode 100644
index 0000000000..98c97825fa
Binary files /dev/null and b/windows/keep-secure/images/remote-credential-guard-gp.png differ
diff --git a/windows/keep-secure/images/remote-credential-guard.png b/windows/keep-secure/images/remote-credential-guard.png
new file mode 100644
index 0000000000..d8e3598dc9
Binary files /dev/null and b/windows/keep-secure/images/remote-credential-guard.png differ
diff --git a/windows/keep-secure/images/security-fig2-vbsarchitecture-redo.png b/windows/keep-secure/images/security-fig2-vbsarchitecture-redo.png
new file mode 100644
index 0000000000..6bcddd364a
Binary files /dev/null and b/windows/keep-secure/images/security-fig2-vbsarchitecture-redo.png differ
diff --git a/windows/keep-secure/images/timeline.png b/windows/keep-secure/images/timeline.png
index 83ac56f312..ac657b2a12 100644
Binary files a/windows/keep-secure/images/timeline.png and b/windows/keep-secure/images/timeline.png differ
diff --git a/windows/keep-secure/images/edp-intune-app-reconfig-warning.png b/windows/keep-secure/images/wip-intune-app-reconfig-warning.png
similarity index 100%
rename from windows/keep-secure/images/edp-intune-app-reconfig-warning.png
rename to windows/keep-secure/images/wip-intune-app-reconfig-warning.png
diff --git a/windows/keep-secure/images/wip-sccm-add-network-domain.png b/windows/keep-secure/images/wip-sccm-add-network-domain.png
new file mode 100644
index 0000000000..6f5e80d670
Binary files /dev/null and b/windows/keep-secure/images/wip-sccm-add-network-domain.png differ
diff --git a/windows/keep-secure/images/wip-sccm-addapplockerfile.png b/windows/keep-secure/images/wip-sccm-addapplockerfile.png
new file mode 100644
index 0000000000..6cd571b404
Binary files /dev/null and b/windows/keep-secure/images/wip-sccm-addapplockerfile.png differ
diff --git a/windows/keep-secure/images/wip-sccm-adddesktopapp.png b/windows/keep-secure/images/wip-sccm-adddesktopapp.png
new file mode 100644
index 0000000000..e6c9769e68
Binary files /dev/null and b/windows/keep-secure/images/wip-sccm-adddesktopapp.png differ
diff --git a/windows/keep-secure/images/wip-sccm-additionalsettings.png b/windows/keep-secure/images/wip-sccm-additionalsettings.png
new file mode 100644
index 0000000000..4b66070098
Binary files /dev/null and b/windows/keep-secure/images/wip-sccm-additionalsettings.png differ
diff --git a/windows/keep-secure/images/wip-sccm-addpolicy.png b/windows/keep-secure/images/wip-sccm-addpolicy.png
new file mode 100644
index 0000000000..49613b5587
Binary files /dev/null and b/windows/keep-secure/images/wip-sccm-addpolicy.png differ
diff --git a/windows/keep-secure/images/wip-sccm-adduniversalapp.png b/windows/keep-secure/images/wip-sccm-adduniversalapp.png
new file mode 100644
index 0000000000..8d1815ddf9
Binary files /dev/null and b/windows/keep-secure/images/wip-sccm-adduniversalapp.png differ
diff --git a/windows/keep-secure/images/wip-sccm-appmgmt.png b/windows/keep-secure/images/wip-sccm-appmgmt.png
new file mode 100644
index 0000000000..495fdfdb95
Binary files /dev/null and b/windows/keep-secure/images/wip-sccm-appmgmt.png differ
diff --git a/windows/keep-secure/images/edp-sccm-corp-identity.png b/windows/keep-secure/images/wip-sccm-corp-identity.png
similarity index 100%
rename from windows/keep-secure/images/edp-sccm-corp-identity.png
rename to windows/keep-secure/images/wip-sccm-corp-identity.png
diff --git a/windows/keep-secure/images/wip-sccm-devicesettings.png b/windows/keep-secure/images/wip-sccm-devicesettings.png
new file mode 100644
index 0000000000..bee8ddfb1a
Binary files /dev/null and b/windows/keep-secure/images/wip-sccm-devicesettings.png differ
diff --git a/windows/keep-secure/images/wip-sccm-dra.png b/windows/keep-secure/images/wip-sccm-dra.png
new file mode 100644
index 0000000000..cc58cdb34a
Binary files /dev/null and b/windows/keep-secure/images/wip-sccm-dra.png differ
diff --git a/windows/keep-secure/images/wip-sccm-generalscreen.png b/windows/keep-secure/images/wip-sccm-generalscreen.png
new file mode 100644
index 0000000000..c2c85c62d4
Binary files /dev/null and b/windows/keep-secure/images/wip-sccm-generalscreen.png differ
diff --git a/windows/keep-secure/images/edp-sccm-network-domain.png b/windows/keep-secure/images/wip-sccm-network-domain.png
similarity index 100%
rename from windows/keep-secure/images/edp-sccm-network-domain.png
rename to windows/keep-secure/images/wip-sccm-network-domain.png
diff --git a/windows/keep-secure/images/wip-sccm-optsettings.png b/windows/keep-secure/images/wip-sccm-optsettings.png
new file mode 100644
index 0000000000..c52e7a4fdb
Binary files /dev/null and b/windows/keep-secure/images/wip-sccm-optsettings.png differ
diff --git a/windows/keep-secure/images/wip-sccm-summaryscreen.png b/windows/keep-secure/images/wip-sccm-summaryscreen.png
new file mode 100644
index 0000000000..5cae0416bd
Binary files /dev/null and b/windows/keep-secure/images/wip-sccm-summaryscreen.png differ
diff --git a/windows/keep-secure/images/wip-sccm-supportedplat.png b/windows/keep-secure/images/wip-sccm-supportedplat.png
new file mode 100644
index 0000000000..c09ff3cfc3
Binary files /dev/null and b/windows/keep-secure/images/wip-sccm-supportedplat.png differ
diff --git a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
index db0f315439..b9e72308cc 100644
--- a/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
+++ b/windows/keep-secure/implement-microsoft-passport-in-your-organization.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Implement Windows Hello for Business in your organization
@@ -17,9 +18,15 @@ author: jdeckerMS
 -   Windows 10 Mobile
 
 You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10.
-> **Important:**  The Group Policy setting **Turn on PIN sign-in** does not apply to Windows 10. Use **Windows Hello for Business** policy settings to manage PINs.
+
+>[!IMPORTANT]
+>The Group Policy setting **Turn on PIN sign-in** does not apply to Windows Hello for Business. It still prevents or enables the creation of a convenience PIN for Windows 10, version 1507 and 1511. 
+>
+>Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting **Turn on convenience PIN sign-in**. 
+>
+>Use **Windows Hello for Business** policy settings to manage PINs for Windows Hello for Business.
  
-## Group Policy settings for Passport
+## Group Policy settings for Windows Hello for Business
 
 The following table lists the Group Policy settings that you can configure for Hello use in your workplace. These policy settings are available in both **User configuration** and **Computer Configuration** under **Policies** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Hello for Business**.
 
@@ -138,9 +145,13 @@ The following table lists the Group Policy settings that you can configure for H
 </tr>
 </table>
 
-## MDM policy settings for Passport
+## MDM policy settings for Windows Hello for Business
+
+The following table lists the MDM policy settings that you can configure for Windows Hello for Business use in your workplace. These MDM policy settings use the [PassportForWork configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkId=692070).
+
+>[!IMPORTANT]
+>Starting in Windows 10, version 1607, all devices only have one PIN associated with Windows Hello for Business. This means that any PIN on a device will be subject to the policies specified in the PassportForWork CSP. The values specified take precedence over any complexity rules set via Exchange ActiveSync (EAS) or the DeviceLock CSP. 
 
-The following table lists the MDM policy settings that you can configure for Windows Hello for Business use in your workplace. These MDM policy settings use the [PassportForWork configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkId=692070).
 <table>
 <tr>
 <th colspan="2">Policy</th>
@@ -284,8 +295,8 @@ The following table lists the MDM policy settings that you can configure for Win
 </tr>
 </table>
 
-**Note**  
-If policy is not configured to explicitly require letters or special characters, users will be restricted to creating a numeric PIN.
+>[!NOTE]  
+> If policy is not configured to explicitly require letters or special characters, users will be restricted to creating a numeric PIN.
  
 ## Prerequisites
 
@@ -311,12 +322,12 @@ You’ll need this software to set Windows Hello for Business policies in your e
 <td align="left">Azure AD subscription</td>
 <td align="left"><ul>
 <li>Active Directory Federation Service (AD FS) (Windows Server 2016)</li>
-<li>A few Windows Server 2016 Technical Preview domain controllers on-site</li>
+<li>A few Windows Server 2016 domain controllers on-site</li>
 <li>Microsoft System Center 2012 R2 Configuration Manager SP2</li>
 </ul></td>
 <td align="left"><ul>
 <li>Azure AD subscription</li>
-<li>[Azure AD Connect](http://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
+<li>[Azure AD Connect](https://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
 <li>A few Windows Server 2016 domain controllers on-site</li>
 <li>A management solution, such as Configuration Manager, Group Policy, or MDM</li>
 <li>Active Directory Certificate Services (AD CS) without Network Device Enrollment Service (NDES)</li>
@@ -337,9 +348,9 @@ You’ll need this software to set Windows Hello for Business policies in your e
 </ul></td>
 <td align="left"><ul>
 <li>Azure AD subscription</li>
-<li>[Azure AD Connect](http://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
+<li>[Azure AD Connect](https://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
 <li>AD CS with NDES</li>
-<li>Configuration Manager 2016 for domain-joined certificate enrollment, or InTune for non-domain-joined devices, or a non-Microsoft MDM service that supports Passport for Work</li>
+<li>Configuration Manager for domain-joined certificate enrollment, or InTune for non-domain-joined devices, or a non-Microsoft MDM service that supports Passport for Work</li>
 </ul></td>
 </tr>
 </tbody>
@@ -349,12 +360,12 @@ Configuration Manager and MDM provide the ability to manage Windows Hello for Bu
 
 Azure AD provides the ability to register devices with your enterprise and to provision Windows Hello for Business for organization accounts.
 
-Active Directory provides the ability to authorize users and devices using keys protected by Windows Hello for Business if domain controllers are running Windows 10 and the Windows Hello for Business provisioning service in Windows 10 AD FS.
 
 ## Windows Hello for BYOD
 
-Windows Hello can be managed on personal devices that your employees use for work purposes using MDM. On personal devices, users can create a personal Windows Hello PIN for unlocking the device and a separate work PIN for access to work resources.
-The work PIN is managed using the same Windows Hello for Business policies that you can use to manage Windows Hello for Business on organization-owned devices. The personal PIN is managed separately using DeviceLock policy. DeviceLock policy can be used to control length, complexity, history, and expiration requirements and can be configured using the [Policy configuration service provider](http://go.microsoft.com/fwlink/p/?LinkID=623244).
+Windows Hello can be managed on personal devices that your employees use for work purposes using MDM. On personal devices, users can create a personal Windows Hello PIN for unlocking the device and used this PIN for access to work resources.
+
+The PIN is managed using the same Windows Hello for Business policies that you can use to manage Windows Hello for Business on organization-owned devices. The PIN can also be managed using DeviceLock policy. DeviceLock policy can be used to control length, complexity, history, and expiration requirements and can be configured using the [Policy configuration service provider](https://go.microsoft.com/fwlink/p/?LinkID=623244).
 
 ## Related topics
 
diff --git a/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md
index 25f0fba560..6099d183c9 100644
--- a/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md
+++ b/windows/keep-secure/implementing-your-windows-firewall-with-advanced-security-design-plan.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 The following are important factors in the implementation of your Windows Firewall with Advanced Security design plan:
 
diff --git a/windows/keep-secure/index.md b/windows/keep-secure/index.md
index f10f0d6cfe..bae0757612 100644
--- a/windows/keep-secure/index.md
+++ b/windows/keep-secure/index.md
@@ -21,19 +21,16 @@ Learn about keeping Windows 10 and Windows 10 Mobile secure.
 | [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md) | In Windows 10, Windows Hello replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN. |
 | [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md) | In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with. |
 | [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) | Digital certificates bind the identity of a user or computer to a pair of keys that can be used to encrypt and sign digital information. Certificates are issued by a certification authority (CA) that vouches for the identity of the certificate holder, and they enable secure client communications with websites and services. |
-| [Device Guard deployment guide](device-guard-deployment-guide.md) | Device Guard is a combination of hardware and software security features that, when configured together, will lock a device down so that it can only run trusted applications. If the app isn’t trusted it can’t run, period. It also means that even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to be able to run malicious executable code after the computer restarts because of how decisions are made about what can run and when. |
 | [Protect derived domain credentials with Credential Guard](credential-guard.md) | Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard prevents these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets. |
-| [Protect your enterprise data using enterprise data protection (EDP)](protect-enterprise-data-using-edp.md) | With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage. |
+| [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) | Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that's requesting the connection. |
+| [Protect your enterprise data using Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) | With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage. |
 | [Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md) | Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. |
+|[Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |Use Group Policy to override individual **Process Mitigation Options** settings and help to enforce specific app-related security policies. |
 | [VPN profile options](vpn-profile-options.md) | Virtual private networks (VPN) let you give your users secure remote access to your company network. Windows 10 adds useful new VPN profile options to help you manage how users connect. |
 | [Windows security baselines](windows-security-baselines.md) | Learn why you should use security baselines in your organization. |
 | [Security technologies](security-technologies.md) | Learn more about the different security technologies that are available in Windows 10 and Windows 10 Mobile. |
-<<<<<<< HEAD
 | [Enterprise security guides](windows-10-enterprise-security-guides.md) | Get proven guidance to help you better secure and protect your enterprise by using technologies such as Credential Guard, Device Guard, Microsoft Passport, and Windows Hello. This section offers technology overviews and step-by-step guides. |
 | [Change history for Keep Windows 10 secure](change-history-for-keep-windows-10-secure.md) | This topic lists new and updated topics in the Keep Windows 10 secure documentation for [Windows 10 and Windows 10 Mobile](../index.md). |
-=======
-| [Enterprise security guides](windows-10-enterprise-security-guides.md) | Get proven guidance to help you better secure and protect your enterprise by using technologies such as Credential Guard, Microsoft Passport, and Windows Hello. This section offers technology overviews and step-by-step guides. |
->>>>>>> refs/remotes/origin/master
  
 ## Related topics
 
diff --git a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
index a1d2220641..8670def085 100644
--- a/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/keep-secure/initialize-and-configure-ownership-of-the-tpm.md
@@ -106,13 +106,13 @@ Some systems may have multiple TPMs and the active TPM may be toggled in the BIO
 
 ## <a href="" id="bkmk-onoff"></a>Turn on or turn off the TPM
 
-Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC.
+Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC. This option is only available with TPM 1.2 and does not apply to TPM 2.0.
 
 ### <a href="" id="turn-on-the-tpm-"></a>Turn on the TPM
 
 If the TPM has been initialized but has never been used, or if you want to use the TPM after you have turned it off, you can use the following procedure to turn on the TPM.
 
-**To turn on the TPM**
+**To turn on the TPM (TPM 1.2 Only)**
 
 1.  Open the TPM MMC (tpm.msc).
 2.  In the **Action** pane, click **Turn TPM On** to display the **Turn on the TPM Security Hardware** page. Read the instructions on this page.
@@ -125,7 +125,7 @@ If the TPM has been initialized but has never been used, or if you want to use t
 If you want to stop using the services that are provided by the TPM, you can use the TPM MMC to turn off the TPM. If you have the TPM owner password, physical access to the computer is not required to turn off the TPM. If you do not have the TPM owner password, you must have physical access to the 
 computer to turn off the TPM.
 
-**To turn off the TPM**
+**To turn off the TPM (TPM 1.2 only)**
 
 1.  Open the TPM MMC (tpm.msc).
 2.  In the **Action** pane, click **Turn TPM Off** to display the **Turn off the TPM security hardware** page.
@@ -156,13 +156,7 @@ Membership in the local Administrators group, or equivalent, is the minimum requ
     
     Clearing the TPM resets it to factory defaults and turns it off. You will lose all created keys and data that is protected by those keys.
      
-4.  In the **Clear the TPM security hardware** dialog box, select one of the following methods to enter your password and clear the TPM:
-    -   If you have the removable storage device with your saved TPM owner password, insert it, and click **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, use **Browse** to navigate to the .tpm file that is saved on your removable storage device. Click **Open**, and then click **Clear TPM**.
-    -   If you do not have the removable storage device with your saved password, click **I want to enter the owner password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and click **Clear TPM**.
-    -   If you do not know your TPM owner password, click **I don't have the TPM owner password**, and follow the instructions that are provided to clear the TPM without entering the password.
-    >**Note:**  If you have physical access to the computer, you can clear the TPM and perform a limited number of management tasks without entering the TPM owner password.
-     
-    The status of your TPM is displayed under **Status** in TPM MMC.
+4.  You will be prompted to restart the computer. During the restart, you will be prompted by the BIOS or UEFI to press a button to confirm you wish to clear the TPM.
 
 ## <a href="" id="bkmk-tpmcmdlets"></a>Use the TPM cmdlets
 
diff --git a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
index 3d0ace0785..11d5fe781d 100644
--- a/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
+++ b/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Install digital certificates on Windows 10 Mobile
@@ -24,7 +25,7 @@ Certificates in Windows 10 Mobile are primarily used for the following purposes
 
 
 **Warning**  
-In Windows 10, Version 1607, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. [Learn more about this known issue in Version 1607](http://go.microsoft.com/fwlink/p/?LinkId=786764)
+In Windows 10, Version 1607, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned does not have a strict filtering criteria, you may see connection failures when connecting to Wi-Fi. [Learn more about this known issue in Version 1607](https://go.microsoft.com/fwlink/p/?LinkId=786764)
 
 ## Install certificates using Microsoft Edge
 
@@ -37,7 +38,7 @@ The Windows 10 Mobile certificate installer supports .cer, .p7b, .pem, and .pfx
 ## Install certificates using mobile device management (MDM)
 
 Windows 10 Mobile supports root, CA, and client certificate to be configured via MDM. Using MDM, an administrator can directly add, delete, or query root and CA certificates, and configure the device to enroll a client certificate with a certificate enrollment server that supports Simple Certificate Enrollment Protocol (SCEP). SCEP enrolled client certificates are used by Wi-Fi, VPN, email, and browser for certificate-based client authentication. An MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired.
-> **Warning:**  Do not use SCEP for encryption certificates for S/MIME. You must use a PFX certificate profile to support S/MIME on Windows 10 Mobile. For instructions on creating a PFX certificate profile in Microsoft Intune, see [Enable access to company resources using certificate profiles with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkID=718216).
+> **Warning:**  Do not use SCEP for encryption certificates for S/MIME. You must use a PFX certificate profile to support S/MIME on Windows 10 Mobile. For instructions on creating a PFX certificate profile in Microsoft Intune, see [Enable access to company resources using certificate profiles with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkID=718216).
  
 **Process of installing certificates using MDM**
 
diff --git a/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md b/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md
index f0e196b799..c0577fe786 100644
--- a/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md
+++ b/windows/keep-secure/introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md
@@ -4,6 +4,7 @@ description: Microsoft Device Guard is a feature set that consists of both hardw
 keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 author: brianlic-msft
 ---
 
diff --git a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
index d724b1862d..ef95089b35 100644
--- a/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-alerts-windows-defender-advanced-threat-protection.md
@@ -8,17 +8,19 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Investigate Windows Defender Advanced Threat Protection alerts
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
 Alerts in Windows Defender ATP indicate possible security breaches on endpoints in your organization.
 
 There are three alert severity levels, described in the following table.
@@ -43,17 +45,39 @@ Details displayed about the alert include:
 - When the alert was last observed
 - Alert description
 - Recommended actions
-- The potential scope of breach
+- The incident graph
 - The indicators that triggered the alert
 
-![A detailed view of an alert when clicked](images/alert-details.png)
-
 Alerts attributed to an adversary or actor display a colored tile with the actor name.
 
 Click on the actor's name to see a threat intelligence profile of the actor, including a brief overview of the actor, their interests or targets, tools, tactics, and processes (TTPs) as well as areas where it's active worldwide. You will also see a set of recommended actions to take.
 
 Some actor profiles include a link to download a more comprehensive threat intelligence report.
 
+![A detailed view of an alert when clicked](images/alert-details.png)
+
+## Incident graph
+The incident graph provides a visual representation of where an alert was seen, events that triggered the alert, and which other machines are affected by the event. It provides an illustrated alert footprint on the original machine and expands to show the footprint of each alert event on other machines.
+
+You can click the circles on the incident graph to expand the nodes and view the associated events or files related to the alert.
+
+## Alert spotlight
+The alert spotlight feature helps ease investigations by highlighting alerts related to a specific machine and events. You can highlight an alert and its related events in the machine timeline to increase your focus during an investigation.
+
+You can click on the machine link from the alert view to see the alerts related to the machine.
+
+
+  > [!NOTE]
+  > This shortcut is not available from the Incident graph machine links.  
+
+Alerts related to the machine are displayed under the **Alerts related to this machine** section.
+Clicking on an alert row takes you the to the date in which the alert was flagged on **Machine timeline**. This eliminates the need to manually filter and drag the machine timeline marker to when the alert was seen on that machine.
+
+You can also choose to highlight an alert from the **Alerts related to this machine** or from the  **Machine timeline** section to see the correlation between the alert and other events that occurred on the machine. Right-click on any alert from either section and select **Mark related events**. This highlights alerts and events that are related and helps differentiate between the other alerts listed in the timeline. Highlighted events are displayed in all filtering modes whether you choose to view the timeline by **Detections**, **Behaviours**, or **Verbose**.
+
+You can also remove the highlight by right-clicking a highlighted alert and selecting **Unmark related events**.
+
+
 ### Related topics
 - [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
 - [View and organize the Windows Defender Advanced Threat Protection Alerts queue](alerts-queue-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
index fd75059fff..4e52c15a2e 100644
--- a/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-domain-windows-defender-advanced-threat-protection.md
@@ -1,23 +1,25 @@
 ---
 title: Investigate Windows Defender Advanced Threat Protection domains
 description: Use the investigation options to see if machines and servers have been communicating with malicious domains.
-keywords: investigate domain, domain, malicious domain, windows defender atp, alert, URL 
+keywords: investigate domain, domain, malicious domain, windows defender atp, alert, URL
 search.product: eADQiWindows 10XVcnh
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 # Investigate a domain associated with a Windows Defender ATP alert
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
 Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain.
 
 You can see information from the following sections in the URL view:
diff --git a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
index 5dfb3959f9..51e68f1fee 100644
--- a/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-files-windows-defender-advanced-threat-protection.md
@@ -8,16 +8,18 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 # Investigate a file associated with a Windows Defender ATP alert
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
 Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach.
 
 You can get information from the following sections in the file view:
@@ -62,11 +64,13 @@ Use the deep analysis feature to investigate the details of any file, usually du
 
 In the file's page, **Submit for deep analysis** is enabled when the file is available in the Windows Defender ATP backend sample collection or if it was observed on a Windows 10 machine that supports submitting to deep analysis.
 
-> **Note**&nbsp;&nbsp;Only files from Windows 10 can be automatically collected.
+> [!NOTE]
+> Only files from Windows 10 can be automatically collected.
 
-You can also manually submit a sample through the [Malware Protection Center Portal](https://www.microsoft.com/en-us/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 machine, and wait for **Submit for deep analysis** button to become available.
+You can also manually submit a sample through the [Malware Protection Center Portal](https://www.microsoft.com/security/portal/submission/submit.aspx) if the file was not observed on a Windows 10 machine, and wait for **Submit for deep analysis** button to become available.
 
-> **Note**&nbsp;&nbsp;Due to backend processing flows in the Malware Protection Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Windows Defender ATP.
+> [!NOTE]
+> Due to backend processing flows in the Malware Protection Center Portal, there could be up to 10 minutes of latency between file submission and availability of the deep analysis feature in Windows Defender ATP.
 
 When the sample is collected, Windows Defender ATP runs the file in is a secure environment and creates a detailed report of observed behaviors and associated artifacts, such as files dropped on machines, communication to IPs, and registry modifications.
 
@@ -84,7 +88,8 @@ When the sample is collected, Windows Defender ATP runs the file in is a secure
 
 A progress bar is displayed and provides information on the different stages of the analysis. You can then view the report when the analysis is done.
 
-> **Note**&nbsp;&nbsp;Depending on machine availability, sample collection time can vary. There is a 3-hour timeout for sample collection. The collection will fail and the operation will abort if there is no online Windows 10 machine reporting at that time. You can re-submit files for deep analysis to get fresh data on the file.
+> [!NOTE]
+> Depending on machine availability, sample collection time can vary. There is a 3-hour timeout for sample collection. The collection will fail and the operation will abort if there is no online Windows 10 machine reporting at that time. You can re-submit files for deep analysis to get fresh data on the file.
 
 ## View deep analysis report
 
@@ -121,10 +126,11 @@ HKLM\SOFTWARE\Policies\Microsoft\Sense\AllowSampleCollection
   Value = 0 - block sample collection
   Value = 1 - allow sample collection
 ```
-5. Change the organizational unit through the Group Policy. See [Configure endpoints using Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md).
+5. Change the organizational unit through the Group Policy. For more information, see [Configure with Group Policy](configure-endpoints-gp-windows-defender-advanced-threat-protection.md).
 6. If these steps do not resolve the issue, contact [winatp@microsoft.com](mailto:winatp@microsoft.com).
 
-> **Note**&nbsp;&nbsp;If the value *AllowSampleCollection* is not available, the client will allow sample collection by default.
+> [!NOTE]
+> If the value *AllowSampleCollection* is not available, the client will allow sample collection by default.
 
 ### Related topics
 - [View the Windows Defender Advanced Threat Protection Dashboard](dashboard-windows-defender-advanced-threat-protection.md)
diff --git a/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
index e1427b0400..381ee7be12 100644
--- a/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-ip-windows-defender-advanced-threat-protection.md
@@ -8,17 +8,18 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 # Investigate an IP address associated with a Windows Defender ATP alert
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-
 Examine possible communication between your machines and external internet protocol (IP) addresses.
 
 Identifying all machines in the organization that communicated with a suspected or known malicious IP address, such as Command and Control (C2) servers, helps determine the potential scope of breach, associated files, and infected machines.
@@ -43,7 +44,8 @@ The **Communication with IP in organization** section provides a chronological v
 
 Details about the IP address are displayed, including: registration details (if available), reverse IPs (for example, domains), prevalence of machines in the organization that communicated with this IP Address (during selectable time period), and the machines in the organization that were observed communicating with this IP address.
 
-> **Note**&nbsp;&nbsp;Search results will only be returned for IP addresses observed in communication with machines in the organization.
+> [!NOTE]
+> Search results will only be returned for IP addresses observed in communication with machines in the organization.
 
 Use the search filters to define the search criteria. You can also use the timeline search box to filter the displayed results of all machines in the organization observed communicating with the IP address, the file associated with the communication and the last date observed.
 
diff --git a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
index 4778e194e5..fb34c03d1f 100644
--- a/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/investigate-machines-windows-defender-advanced-threat-protection.md
@@ -8,17 +8,19 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Investigate machines in the Windows Defender ATP Machines view
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
 The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, and the number of active malware detections. This view allows you to identify machines with the highest risk at a glance, and keep track of all the machines that are reporting telemetry in your network.
 
 Use the Machines view in these two main scenarios:
@@ -37,7 +39,8 @@ The Machines view contains the following columns:
 - **Active Alerts** - the number of alerts reported by the machine by severity
 - **Active malware detections** - the number of active malware detections reported by the machine
 
-> **Note**&nbsp;&nbsp;The **Active alerts** and **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
+> [!NOTE]
+> The **Active alerts** and **Active malware detections** filter column will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
 
 Click any column header to sort the view in ascending or descending order.
 
@@ -55,7 +58,8 @@ You can filter the view by the following time periods:
 - 30 days
 - 6 months
 
-> **Note**&nbsp;&nbsp;When you select a time period, the list will only display machines that reported within the selected time period. For example, selecting 1 day will only display a list of machines that reported telemetry within the last 24-hour period.
+> [!NOTE]
+> When you select a time period, the list will only display machines that reported within the selected time period. For example, selecting 1 day will only display a list of machines that reported telemetry within the last 24-hour period.
 
 The threat category filter lets you filter the view by the following categories:
 
@@ -65,7 +69,7 @@ The threat category filter lets you filter the view by the following categories:
 - Threat
 - Low severity
 
-See the [Investigate machines with active alerts](dashboard-windows-defender-advanced-threat-protection.md#investigate-machines-with-active-malware-detections) topic for a description of each category.
+For more information on the description of each category see, [Investigate machines with active alerts](dashboard-windows-defender-advanced-threat-protection.md#investigate-machines-with-active-malware-detections).
 
 You can also download a full list of all the machines in your organization, in CSV format. Click the **Manage Alert** menu icon ![The menu icon looks like three periods stacked on top of each other](images/menu-icon.png) to download the entire list as a CSV file.
 
@@ -100,13 +104,14 @@ You'll see an aggregated view of alerts, a short description of the alert, detai
 
 This feature also enables you to selectively drill down into a behavior or event that occurred within a given time period. You can view the temporal sequence of events that occurred on a machine over a specified time period.
 
+You can also use the [Alerts spotlight](investigate-alerts-windows-defender-advanced-threat-protection.md#alerts-spotlight) feature to see the correlation between alerts and events on a specific machine.
+
 ![The timeline shows an interactive history of the alerts seen on a machine](images/timeline.png)
 
 Use the search bar to look for specific alerts or files associated with the machine.
 
 You can also filter by:
 
-- Signed or unsigned files
 - Detections mode: displays Windows ATP Alerts and detections
 - Behaviors mode: displays "detections" and selected events of interest
 - Verbose mode: displays "behaviors" (including "detections"), and all reported events
diff --git a/windows/keep-secure/isolated-domain-gpos.md b/windows/keep-secure/isolated-domain-gpos.md
index b7f6c3b921..745da6642b 100644
--- a/windows/keep-secure/isolated-domain-gpos.md
+++ b/windows/keep-secure/isolated-domain-gpos.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 All of the devices in the isolated domain are added to the group CG\_DOMISO\_IsolatedDomain. You must create multiple GPOs to align with this group, one for each Windows operating system that must have different rules or settings to implement the basic isolated domain functionality that you have in your isolated domain. This group is granted Read and Apply Group Policy permissions on all the GPOs described in this section.
 
diff --git a/windows/keep-secure/isolated-domain.md b/windows/keep-secure/isolated-domain.md
index 3d23484bf9..43e1461c41 100644
--- a/windows/keep-secure/isolated-domain.md
+++ b/windows/keep-secure/isolated-domain.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 The isolated domain is the primary zone for trusted devices. The devices in this zone use connection security and firewall rules to control the communications that can be sent between devices in the zone.
 
diff --git a/windows/keep-secure/isolating-apps-on-your-network.md b/windows/keep-secure/isolating-apps-on-your-network.md
index 09367196c5..c8adf77620 100644
--- a/windows/keep-secure/isolating-apps-on-your-network.md
+++ b/windows/keep-secure/isolating-apps-on-your-network.md
@@ -12,7 +12,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 When you add new devices to your network, you may want to customize your Windows Firewall configuration to isolate the network access of the new Windows Store apps that run on them. Developers who build Windows Store apps can declare certain app capabilities that enable different classes of network access. A developer can decide what kind of network access the app requires and configure this capability for the app. When the app is installed on a device, appropriate firewall rules are automatically created to enable access. You can then customize the firewall configuration to further fine-tune this access if they desire more control over the network access for the app.
 
diff --git a/windows/keep-secure/link-the-gpo-to-the-domain.md b/windows/keep-secure/link-the-gpo-to-the-domain.md
index ab224211e6..ba14d60b0e 100644
--- a/windows/keep-secure/link-the-gpo-to-the-domain.md
+++ b/windows/keep-secure/link-the-gpo-to-the-domain.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 After you create the GPO and configure it with security group filters and WMI filters, you must link the GPO to the container in Active Directory that contains all of the target devices.
 
diff --git a/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
index 718b2e22ce..d707f81431 100644
--- a/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -8,20 +8,22 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Manage Windows Defender Advanced Threat Protection alerts
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
 Windows Defender ATP notifies you of detected, possible attacks or breaches through alerts. A summary of new alerts is displayed in the **Dashboard**, and you can access all alerts in the **Alerts queue** menu.
 
-See the [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-windows-defender-advanced-threat-protection-alerts) topic for more details on how to investigate alerts.
+For more information on how to investigate alerts see, [Investigate Windows Defender ATP alerts](investigate-alerts-windows-defender-advanced-threat-protection.md#investigate-windows-defender-advanced-threat-protection-alerts).
 
 Click the **Manage Alert** menu icon ![The menu icon looks like three periods stacked on top of each other](images/menu-icon.png) on the top of the alert to access the Manage Alert menu and manage alerts.
 
@@ -55,7 +57,7 @@ You can resolve an alert by changing the status of the alert to **Resolved**. Th
 
 ![You can resolve an alert as valid, valid - allowed, or false alarm](images/resolve-alert.png)
 
-The comments and change of status are recorded in the [Comments and history window](#view-history-and-comments).
+The comments and change of status are recorded in the Comments and history window.
 
 ![The comments window will display a history of status changes](images/comments.png)
 
@@ -86,7 +88,8 @@ The context of the rule lets you tailor the queue to ensure that only alerts you
 1. Click the **Manage Alert** menu icon ![The menu icon looks like three periods stacked on top of each other](images/menu-icon.png) on the heading of an existing alert.
 2. Choose the context for suppressing the alert.
 
-> **Note**&nbsp;&nbsp;You cannot create a custom or blank suppression rule. You must start from an existing alert.
+> [!NOTE]
+> You cannot create a custom or blank suppression rule. You must start from an existing alert.
 
 **See the list of suppression rules:**
 
@@ -95,7 +98,8 @@ The context of the rule lets you tailor the queue to ensure that only alerts you
 
   ![Click the settings icon and then Suppression rules to create and modify rules](images/suppression-rules.png)
 
-> **Note**&nbsp;&nbsp;You can also click **See rules** in the confirmation window that appears when you suppress an alert.
+> [!NOTE]
+> You can also click **See rules** in the confirmation window that appears when you suppress an alert.
 
 The list of suppression rules shows all the rules that users in your organization have created.
 Each rule shows:
diff --git a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
index d5eb1a60e3..71b7ad88c9 100644
--- a/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
+++ b/windows/keep-secure/manage-identity-verification-using-microsoft-passport.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, mobile
 author: jdeckerMS
+localizationpriority: high
 ---
 # Manage identity verification using Windows Hello for Business
 
@@ -17,19 +18,20 @@ author: jdeckerMS
 
 In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN.
 
-> **Note:** When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
+>[!NOTE]
+> When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
 
 Hello addresses the following problems with passwords:
 -   Passwords can be difficult to remember, and users often reuse passwords on multiple sites.
 -   Server breaches can expose symmetric network credentials.
--   Passwords can be subject to [replay attacks](http://go.microsoft.com/fwlink/p/?LinkId=615673).
--   Users can inadvertently expose their passwords due to [phishing attacks](http://go.microsoft.com/fwlink/p/?LinkId=615674).
+-   Passwords can be subject to [replay attacks](https://go.microsoft.com/fwlink/p/?LinkId=615673).
+-   Users can inadvertently expose their passwords due to [phishing attacks](https://go.microsoft.com/fwlink/p/?LinkId=615674).
 
 Hello lets users authenticate to:
 -   a Microsoft account.
 -   an Active Directory account.
--   a Microsoft Azure Active Directory (AD) account.
--   Identity Provider Services or Relying Party Services that support [Fast ID Online (FIDO) v2.0](http://go.microsoft.com/fwlink/p/?LinkId=533889) authentication
+-   a Microsoft Azure Active Directory (Azure AD) account.
+-   Identity Provider Services or Relying Party Services that support [Fast ID Online (FIDO) v2.0](https://go.microsoft.com/fwlink/p/?LinkId=533889) authentication
 
 After an initial two-step verification of the user during enrollment, Hello is set up on the user's device and the user is asked to set a gesture, which can be a biometric, such as a fingerprint, or a PIN. The user provides the gesture to verify their identity. Windows then uses Hello to authenticate users and help them to access protected resources and services.
 
@@ -40,26 +42,30 @@ As an administrator in an enterprise or educational organization, you can create
 
 ## The difference between Windows Hello and Windows Hello for Business
 
-- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Hello provides a layer of protection by being unique to the device on which it is set up, however it is not backed by key-based or certificate-based authentication. 
+- Individuals can create a PIN or biometric gesture on their personal devices for convenient sign-in. This use of Hello provides a layer of protection by being unique to the device on which it is set up, however it is not backed by certificate-based authentication. 
 
 - Windows Hello for Business, which is configured by Group Policy or MDM policy, uses key-based or certificate-based authentication.
 
+- Currently Active Directory accounts using Windows Hello are not backed by key-based or certificate-based authentication.  Support for key-based or certificate-based authentication is on the roadmap for a future release.
+
 ## Benefits of Windows Hello
 
 Reports of identity theft and large-scale hacking are frequent headlines. Nobody wants to be notified that their user name and password have been exposed.
 
 You may wonder [how a PIN can help protect a device better than a password](why-a-pin-is-better-than-a-password.md). Passwords are shared secrets; they are entered on a device and transmitted over the network to the server. An intercepted account name and password can be used by anyone. Because they're stored on the server, a server breach can reveal those stored credentials.
 
-In Windows 10, Hello replaces passwords. The Hello provisioning process creates two cryptographic keys bound to the Trusted Platform Module (TPM), if a device has a TPM, or in software. Access to these keys and obtaining a signature to validate user possession of the private key is enabled only by the PIN or biometric gesture. The two-step verification that takes place during Hello enrollment creates a trusted relationship between the identity provider and the user when the public portion of the public/private key pair is sent to an identity provider and associated with a user account. When a user enters the gesture on the device, the identify provider knows from the combination of Hello keys and gesture that this is a verified identity and provides an authentication token that allows Windows 10 to access resources and services. In addition, during the registration process, the attestation claim is produced for every identity provider to cryptographically prove that the Hello keys are tied to TPM. During registration, when the attestation claim is not presented to the identity provider, the identity provider must assume that the Hello key is created in software.
+In Windows 10, Hello replaces passwords. The Hello provisioning process creates a cryptographic key pair bound to the Trusted Platform Module (TPM), if a device has a TPM, or in software. Access to these keys and obtaining a signature to validate user possession of the private key is enabled only by the PIN or biometric gesture. The two-step verification that takes place during Hello enrollment creates a trusted relationship between the identity provider and the user when the public portion of the public/private key pair is sent to an identity provider and associated with a user account. When a user enters the gesture on the device, the identify provider knows from the combination of Hello keys and gesture that this is a verified identity and provides an authentication token that allows Windows 10 to access resources and services. In addition, during the registration process, the attestation claim is produced for every identity provider to cryptographically prove that the Hello keys are tied to TPM. During registration, when the attestation claim is not presented to the identity provider, the identity provider must assume that the Hello key is created in software.
 
 ![how authentication works in windows hello](images/authflow.png)
 
 Imagine that someone is looking over your shoulder as you get money from an ATM and sees the PIN that you enter. Having that PIN won't help them access your account because they don't have your ATM card. In the same way, learning your PIN for your device doesn't allow that attacker to access your account because the PIN is local to your specific device and doesn't enable any type of authentication from any other device.
-Hello helps protect user identities and user credentials. Because no passwords are used, it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are generated within isolated environments of TPMs.
+
+Hello helps protect user identities and user credentials. Because no passwords are used, it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Hello credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are protected by TPMs.
 
 Hello also enables Windows 10 Mobile devices to be used as [a remote credential](prepare-people-to-use-microsoft-passport.md#bmk-remote) when signing into Windows 10 PCs. During the sign-in process, the Windows 10 PC can connect using Bluetooth to access Hello on the user’s Windows 10 Mobile device. Because users carry their phone with them, Hello makes implementing two-factor authentication across the enterprise less costly and complex than other solutions.
 
-> **Note:**  Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
+> [!NOTE]
+>  Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
 
  
 ## How Windows Hello for Business works: key points
@@ -71,8 +77,8 @@ Hello also enables Windows 10 Mobile devices to be used as [a remote credential
 -   Private key never leaves a device. The authenticating server has a public key that is mapped to the user account during the registration process.
 -   PIN entry and biometric gesture both trigger Windows 10 to verify the user's identity and authenticate using Hello keys or certificates.
 -   Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys. All keys are separated by identity providers' domains to help ensure user privacy.
--   Certificates are added to the Hello container and are protected by the Hello gesture.
--   Windows Update behavior: After a reboot is required by Windows Update, the last interactive user is automatically signed on without any user gesture and the session is locked so the user's lock screen apps can run.
+-   Certificate private keys can be protected by the Hello container and the Hello gesture.
+
 
 ## Comparing key-based and certificate-based authentication
 
@@ -85,21 +91,21 @@ When identity providers such as Active Directory or Azure AD enroll a certificat
 
 ## Learn more
 
-[Introduction to Windows Hello](http://go.microsoft.com/fwlink/p/?LinkId=786649), video presentation on Microsoft Virtual Academy
+[Introduction to Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=786649), video presentation on Microsoft Virtual Academy
 
-[What's new in Active Directory Domain Services (AD DS) in Windows Server Technical Preview](http://go.microsoft.com/fwlink/p/?LinkId=708533)
+[What's new in Active Directory Domain Services (AD DS) in Windows Server Technical Preview](https://go.microsoft.com/fwlink/p/?LinkId=708533)
 
-[Windows Hello face authentication](http://go.microsoft.com/fwlink/p/?LinkId=626024)
+[Windows Hello face authentication](https://go.microsoft.com/fwlink/p/?LinkId=626024)
 
-[Biometrics hardware guidelines](http://go.microsoft.com/fwlink/p/?LinkId=626995)
+[Biometrics hardware guidelines](https://go.microsoft.com/fwlink/p/?LinkId=626995)
 
-[Windows 10: Disrupting the Revolution of Cyber-Threats with Revolutionary Security!](http://go.microsoft.com/fwlink/p/?LinkId=533890)
+[Windows 10: Disrupting the Revolution of Cyber-Threats with Revolutionary Security!](https://go.microsoft.com/fwlink/p/?LinkId=533890)
 
-[Windows 10: The End Game for Passwords and Credential Theft?](http://go.microsoft.com/fwlink/p/?LinkId=533891)
+[Windows 10: The End Game for Passwords and Credential Theft?](https://go.microsoft.com/fwlink/p/?LinkId=533891)
 
-[Authenticating identities without passwords through Microsoft Passport](http://go.microsoft.com/fwlink/p/?LinkId=616778)
+[Authenticating identities without passwords through Microsoft Passport](https://go.microsoft.com/fwlink/p/?LinkId=616778)
 
-[Microsoft Passport guide](http://go.microsoft.com/fwlink/p/?LinkId=691928)
+[Microsoft Passport guide](https://go.microsoft.com/fwlink/p/?LinkId=691928)
 
 ## Related topics
 
diff --git a/windows/keep-secure/manage-tpm-commands.md b/windows/keep-secure/manage-tpm-commands.md
index 0620207ec5..c4b6611da4 100644
--- a/windows/keep-secure/manage-tpm-commands.md
+++ b/windows/keep-secure/manage-tpm-commands.md
@@ -40,7 +40,7 @@ The following procedures describe how to manage the TPM command lists. You must
 5.  Click **Enabled**, and then click **Show**.
 6.  For each command that you want to block, click **Add**, enter the command number, and then click **OK**.
     
-    >**Note:**  For a list of commands, see the [Trusted Platform Module (TPM) Specifications](http://go.microsoft.com/fwlink/p/?linkid=139770).
+    >**Note:**  For a list of commands, see the [Trusted Platform Module (TPM) Specifications](https://go.microsoft.com/fwlink/p/?linkid=139770).
      
 7.  After you have added numbers for each command that you want to block, click **OK** twice.
 8.  Close the Local Group Policy Editor.
diff --git a/windows/keep-secure/manage-tpm-lockout.md b/windows/keep-secure/manage-tpm-lockout.md
index 61c94cc77e..f59a117ee3 100644
--- a/windows/keep-secure/manage-tpm-lockout.md
+++ b/windows/keep-secure/manage-tpm-lockout.md
@@ -19,17 +19,22 @@ This topic for the IT professional describes how to manage the lockout feature f
 
 The TPM will lock itself to prevent tampering or malicious attacks. TPM lockout often lasts for a variable amount of time or until the computer is turned off. While the TPM is in lockout mode, it generally returns an error message when it receives commands that require an authorization value. One exception is that the TPM always allows the owner at least one attempt to reset the TPM lockout when it is in lockout mode.
 
-TPM ownership is commonly taken the first time BitLocker Drive Encryption is turned on for the computer. In this case, the TPM owner authorization password is saved with the BitLocker recovery key. When the BitLocker recovery key is saved to a file, BitLocker also saves a TPM owner password file (.tpm) with the TPM owner password hash value. When the BitLocker recovery key is printed, the TPM owner password is printed at the same time. You can also save your TPM owner password hash value to Active Directory Domain Services (AD DS) if your organization's Group Policy settings are configured to do so.
+TPM ownership is taken upon first boot by Windows. By default, Windows does not retain the TPM owner password.
 
 In some cases, encryption keys are protected by a TPM by requiring a valid authorization value to access the key. A common example is configuring BitLocker Drive Encryption to use the TPM plus PIN key protector. In this scenario, the user must type the correct PIN during the boot process to access the volume encryption key protected by the TPM. To prevent malicious users or software from discovering authorization values, TPMs implement protection logic. The protection logic is designed to slow or stop responses from the TPM if it detects that an entity might be trying to guess authorization values.
 
-The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM manufacturers implement different protection mechanisms and behavior. The general guidance is for the TPM chip to take exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. This can prevent them from using the TPM for a period of time.
+**TPM 1.2**
+The industry standards from the Trusted Computing Group (TCG) specify that TPM manufacturers must implement some form of protection logic in TPM 1.2 and TPM 2.0 chips. TPM 1.2 devices implement different protection mechanisms and behavior. In general, the TPM chip takes exponentially longer to respond if incorrect authorization values are sent to the TPM. Some TPM chips may not store failed attempts over time. Other TPM chips may store every failed attempt indefinitely. Therefore, some users may experience increasingly longer delays when they mistype an authorization value that is sent to the TPM. This can prevent them from using the TPM for a period of time.
 
-If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner’s authorization.
+**TPM 2.0**
+ TPM 2.0 devices have standardized lockout behavior which is configured by Windows. TPM 2.0 devices have a maximum count threshold and a healing time. Windows configures the maximum count to be 32 and the healing time to be 2 hours. This means that every continuous two hours of powered on operation without an event which increases the counter will cause the counter to decrease by 1.
+
+If your TPM has entered lockout mode or is responding slowly to commands, you can reset the lockout value by using the following procedures. Resetting the TPM lockout requires the TPM owner’s authorization.  This value is no longer retained by default starting with Windows 10 version 1607.
 
 ## Reset the TPM lockout by using the TPM MMC
+**Note:** This procedure is only available if you have configured Windows to retain the TPM Owner Password. By default, this password is not available in Windows 10 starting with version 1607.
 
-The following procedure explains the steps to reset the TPM lockout by using the TPM MMC.
+The following procedure explains the steps to reset the TPM lockout by using the TPM MMC.  
 
 **To reset the TPM lockout**
 
@@ -71,4 +76,4 @@ For details about the individual cmdlets, see [TPM Cmdlets in Windows PowerShell
 
 ## Additional resources
 
-For more info about TPM, see [TPM technology overview](trusted-platform-module-overview.md#bkmk-additionalresources).
\ No newline at end of file
+For more info about TPM, see [TPM technology overview](trusted-platform-module-overview.md#bkmk-additionalresources).
diff --git a/windows/keep-secure/mandatory-settings-for-wip.md b/windows/keep-secure/mandatory-settings-for-wip.md
index 56b79bc283..0e1345c2ae 100644
--- a/windows/keep-secure/mandatory-settings-for-wip.md
+++ b/windows/keep-secure/mandatory-settings-for-wip.md
@@ -6,27 +6,26 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: high
 ---
 
 # Mandatory tasks and settings required to turn on Windows Information Protection (WIP)
 **Applies to:**
 
--   Windows 10 Insider Preview
--   Windows 10 Mobile Preview
-
-<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
+-   Windows 10, version 1607
+-   Windows 10 Mobile
 
 This list provides all of the tasks and settings that are required for the operating system to turn on Windows Information Protection (WIP), formerly known as enterprise data protection (EDP), in your enterprise.
 
 >**Important**<br>
-All sections provided for more info appear in either the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-edp-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md), based on the tool you're using in your enterprise.
+All sections provided for more info appear in either the [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md), based on the tool you're using in your enterprise.
 
 
 |Task                                |Description               |
 |------------------------------------|--------------------------|
 |Add at least one app rule in the **App Rules** area in your WIP policy. |You must have at least one app rule specified in the **App Rules** area of your WIP policy. For more info about where this area is and how to add an app rule, see the **Add individual apps to your Protected App list** section of the policy creation topics.|
-|Pick your WIP protection level. |You must choose the level of protection level you want to apply to your WIP-protected content, including Override, Silent, or Block. For more info about where this area is and how to decide on your protection level, see the **Manage the EDP protection level for your enterprise data** section of the policy creation topics.|
+|Pick your WIP protection level. |You must choose the level of protection level you want to apply to your WIP-protected content, including Override, Silent, or Block. For more info about where this area is and how to decide on your protection level, see the **Manage the WIP protection level for your enterprise data** section of the policy creation topics.|
 |Specify your corporate identity. |You must specify your corporate identity, usually expressed as your primary Internet domain (for example, contoso.com). For more info about where this area is and what it means, see the **Define your enterprise-managed corporate identity** section of the policy creation topics. |
 |Specify your Enterprise Network Domain Names. |You must specify the DNS suffixes used in your environment. All traffic to the fully-qualified domains appearing in this list will be protected. For more info about where this area is and how to add your suffixes, see the table that appears in the **Choose where apps can access enterprise data** section of the policy creation topics. |
 |Specify your Enterprise IPv4 or IPv6 Ranges. |Specify the addresses for a valid IPv4 or IPv6 value range within your intranet. These addresses, used with your Enterprise Network Domain Names, define your corporate network boundaries. For more info about where this area is and what it means, see the table that appears in the **Define your enterprise-managed corporate identity** section of the policy creation topics. |
-|Include your Data Recovery Agent (DRA) certificate. |This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the **Create and verify an Encrypting File System (EFS) DRA certificate for EDP** section of the policy creation topics. |
\ No newline at end of file
+|Include your Data Recovery Agent (DRA) certificate. |This certificate makes sure that any of your WIP-encrypted data can be decrypted, even if the security keys are lost. For more info about where this area is and what it means, see the **Create and verify an Encrypting File System (EFS) DRA certificate** section of the policy creation topics. |
\ No newline at end of file
diff --git a/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index 3187e17371..49dc1620f6 100644
--- a/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/keep-secure/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 After you finish reviewing the existing Windows Firewall with Advanced Security deployment goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design.
 
diff --git a/windows/keep-secure/microsoft-accounts.md b/windows/keep-secure/microsoft-accounts.md
index 910e6fac1f..6bea7ac9aa 100644
--- a/windows/keep-secure/microsoft-accounts.md
+++ b/windows/keep-secure/microsoft-accounts.md
@@ -98,7 +98,7 @@ Although the Microsoft account was designed to serve consumers, you might find s
 
 -   **Integrated social media services**:
 
-    Contact information and status for your users’ friends and associates automatically stay up-to-date from sites such as Hotmail, Outlook, Facebook, Twitter, and LinkedIn. Users can also access and share photos, documents, and other files from sites such as SkyDrive, Facebook, and Flickr.
+    Contact information and status for your users’ friends and associates automatically stay up-to-date from sites such as Hotmail, Outlook, Facebook, Twitter, and LinkedIn. Users can also access and share photos, documents, and other files from sites such as OneDrive, Facebook, and Flickr.
 
 ### Managing the Microsoft account in the domain
 
diff --git a/windows/keep-secure/microsoft-passport-and-password-changes.md b/windows/keep-secure/microsoft-passport-and-password-changes.md
index ff90865f5e..128f1ffe29 100644
--- a/windows/keep-secure/microsoft-passport-and-password-changes.md
+++ b/windows/keep-secure/microsoft-passport-and-password-changes.md
@@ -7,8 +7,9 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: jdeckerMS
+localizationpriority: high
 ---
-# Microsoft Passport and password changes
+# Windows Hello and password changes
 
 **Applies to**
 -   Windows 10
diff --git a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
index 78dcefde4d..3e4fbfbedf 100644
--- a/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
+++ b/windows/keep-secure/microsoft-passport-errors-during-pin-creation.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Windows Hello errors during PIN creation
@@ -16,11 +17,11 @@ author: jdeckerMS
 -   Windows 10
 -   Windows 10 Mobile
 
-When you set up Windows Hello in Windows 10, you may get an error during the **Create a work PIN** step. This topic lists some of the error codes with recommendations for mitigating the problem. If you get an error code that is not listed here, contact Microsoft Support.
+When you set up Windows Hello in Windows 10, you may get an error during the **Create a PIN** step. This topic lists some of the error codes with recommendations for mitigating the problem. If you get an error code that is not listed here, contact Microsoft Support.
 
 ## Where is the error code?
 
-The following image shows an example of an error during **Create a work PIN**.
+The following image shows an example of an error during **Create a PIN**.
 
 ![](images/pinerror.png)
 
@@ -30,8 +31,8 @@ When a user encounters an error when creating the work PIN, advise the user to t
 1.  Try to create the PIN again. Some errors are transient and resolve themselves.
 2.  Sign out, sign in, and try to create the PIN again.
 3.  Reboot the device and then try to create the PIN again.
-4.  Unjoin the device from Azure Active Directory (Azure AD), rejoin, and then try to create the PIN again. To unjoin a desktop PC, go to **Settings** &gt; **System** &gt; **About** and select **Disconnect from organization**. To unjoin a device running Windows 10 Mobile, you must [reset the device](http://go.microsoft.com/fwlink/p/?LinkId=715697).
-5.  On mobile devices, if you are unable to setup a PIN after multiple attempts, reset your device and start over. For help on how to reset your phone go to [Reset my phone](http://go.microsoft.com/fwlink/p/?LinkId=715697).
+4.  Unjoin the device from Azure Active Directory (Azure AD), rejoin, and then try to create the PIN again. To unjoin a desktop PC, go to **Settings** &gt; **System** &gt; **About** and select **Disconnect from organization**. To unjoin a device running Windows 10 Mobile, you must [reset the device](https://go.microsoft.com/fwlink/p/?LinkId=715697).
+5.  On mobile devices, if you are unable to setup a PIN after multiple attempts, reset your device and start over. For help on how to reset your phone go to [Reset my phone](https://go.microsoft.com/fwlink/p/?LinkId=715697).
 If the error occurs again, check the error code against the following table to see if there is another mitigation for that error. When no mitigation is listed in the table, contact Microsoft Support for assistance.
 
 <table>
@@ -83,7 +84,7 @@ If the error occurs again, check the error code against the following table to s
 <tr class="even">
 <td align="left">0x80090031</td>
 <td align="left">NTE_AUTHENTICATION_IGNORED</td>
-<td align="left">Reboot the device. If the error occurs again after rebooting, [reset the TPM]( http://go.microsoft.com/fwlink/p/?LinkId=619969) or run [Clear-TPM](http://go.microsoft.com/fwlink/p/?LinkId=629650)</td>
+<td align="left">Reboot the device. If the error occurs again after rebooting, [reset the TPM]( https://go.microsoft.com/fwlink/p/?LinkId=619969) or run [Clear-TPM](https://go.microsoft.com/fwlink/p/?LinkId=629650)</td>
 </tr>
 <tr class="odd">
 <td align="left">0x80090035</td>
@@ -98,7 +99,7 @@ If the error occurs again, check the error code against the following table to s
 <tr class="odd">
 <td align="left">0x801C000E</td>
 <td align="left">Registration quota reached</td>
-<td align="left"><p>Unjoin some other device that is currently joined using the same account or [increase the maximum number of devices per user](http://go.microsoft.com/fwlink/p/?LinkId=626933).</p></td>
+<td align="left"><p>Unjoin some other device that is currently joined using the same account or [increase the maximum number of devices per user](https://go.microsoft.com/fwlink/p/?LinkId=626933).</p></td>
 </tr>
 <tr class="even">
 <td align="left">0x801C000F</td>
diff --git a/windows/keep-secure/microsoft-passport-guide.md b/windows/keep-secure/microsoft-passport-guide.md
index b78b6f94f7..d4bd6e4d33 100644
--- a/windows/keep-secure/microsoft-passport-guide.md
+++ b/windows/keep-secure/microsoft-passport-guide.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: security
 author: challum
+localizationpriority: high
 ---
 
 # Microsoft Passport guide
@@ -15,7 +16,10 @@ author: challum
 **Applies to**
 -   Windows 10
 
-This guide describes the new Windows Hello and Microsoft Passport technologies that are part of the Windows 10 operating system. It highlights specific capabilities of these technologies that help mitigate threats from conventional credentials and provides guidance about how to design and deploy these technologies as part of your Windows 10 rollout.
+This guide describes the new Windows Hello and Microsoft Passport technologies that are part of the Windows 10, version 1511 operating system. It highlights specific capabilities of these technologies that help mitigate threats from conventional credentials and provides guidance about how to design and deploy these technologies as part of your Windows 10 rollout.
+
+>[!NOTE]
+>For information about Windows Hello for Business in Windows 10, version 1607, see [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md).
 
 A fundamental assumption about information security is that a system can identify who’s using it. In identifying a user, the system can decide whether the user has identified himself or herself appropriately (a process known as authentication), and then determine what that properly authenticated user should be able to do (a process known as authorization). The overwhelming majority of computer systems deployed throughout the world depend on user credentials as a means of making authentication and authorization decisions, and that means that these systems depend on reusable, user-created passwords for their security. The oft-cited maxim that authentication can involve “something you know, something you have, or something you are” neatly highlights the issue: a reusable password is an authentication factor all by itself, so anyone who knows the password can impersonate the user who owns it.
 
@@ -41,7 +45,7 @@ Most security is a tradeoff between convenience and security: the more secure a
 
 **Password complexity**
 
-If the major risk to passwords is that an attacker might guess them through brute-force analysis, it might seem reasonable to require users to include a broader character set in their passwords or make them longer, but as a practical matter, password length and complexity requirements have two negative side effects. First, they encourage password reuse. Estimates by [Herley, Florêncio, and van Oorschot](http://go.microsoft.com/fwlink/p/?LinkId=627392) calculate that the stronger a password is, the more likely it is to be reused. Because users put more effort into the creation and memorization of strong passwords, they are much more likely to use the same credential across multiple systems. Second, adding length or character set complexity to passwords does not necessarily make them more difficult to guess. For example, P@ssw0rd1 is nine characters long and includes uppercase and lowercase letters, numbers, and special characters, but it’s easily guessed by many of the common password-cracking tools now available on the Internet. These tools can attack passwords by using a pre-computed dictionary of common passwords, or they can start with a base word such as password, and then apply common character substitutions. A completely random eight-character password might therefore actually take longer to guess than P@ssw0rd123.
+If the major risk to passwords is that an attacker might guess them through brute-force analysis, it might seem reasonable to require users to include a broader character set in their passwords or make them longer, but as a practical matter, password length and complexity requirements have two negative side effects. First, they encourage password reuse. Estimates by [Herley, Florêncio, and van Oorschot](https://go.microsoft.com/fwlink/p/?LinkId=627392) calculate that the stronger a password is, the more likely it is to be reused. Because users put more effort into the creation and memorization of strong passwords, they are much more likely to use the same credential across multiple systems. Second, adding length or character set complexity to passwords does not necessarily make them more difficult to guess. For example, P@ssw0rd1 is nine characters long and includes uppercase and lowercase letters, numbers, and special characters, but it’s easily guessed by many of the common password-cracking tools now available on the Internet. These tools can attack passwords by using a pre-computed dictionary of common passwords, or they can start with a base word such as password, and then apply common character substitutions. A completely random eight-character password might therefore actually take longer to guess than P@ssw0rd123.
 
 **Password expiration**
 
@@ -101,11 +105,11 @@ Microsoft Passport offers four significant advantages over the current state of
 **It’s flexible**
 
 Microsoft Passport offers unprecedented flexibility. Although the format and use of reusable passwords are fixed, Microsoft Passport gives both administrators and users options to manage authentication. First and foremost, Microsoft Passport works with both biometric identifiers and PINs, so users’ credentials are protected even on devices that don’t support biometrics. Users can even use their phone to release their credentials instead of a PIN or biometric gesture on the main device. Microsoft Passport seamlessly takes advantage of the hardware of the devices in use; as users upgrade to newer devices, Microsoft Passport is ready to use them, and organizations can upgrade existing devices by adding biometric sensors where appropriate.
-Microsoft Passport offers flexibility in the datacenter, too. To deploy it, in some modes you must add Windows Server 2016 Technical Preview domain controllers to your Active Directory environment, but you don’t have to replace or remove your existing Active Directory servers — the servers required for Microsoft Passport build on and add capability to your existing infrastructure. You don’t have to change the domain or forest functional level, and you can either add on-premises servers or use Microsoft Azure Active Directory to deploy Microsoft Passport on your network. The choice of which users you should enable for Microsoft Passport use is completely up to you: you choose the policies and devices to support and which authentication factors you want users to have access to. This makes it easy to use Microsoft Passport to supplement existing smart card or token deployments by adding strong credential protection to users who don’t currently have it or to deploy Microsoft Passport in scenarios that call for extra protection for sensitive resources or systems (described in the [Design a Microsoft Passport deployment](#design) section).
+Microsoft Passport offers flexibility in the datacenter, too. To deploy it, in some modes you must add Windows Server 2016 domain controllers to your Active Directory environment, but you don’t have to replace or remove your existing Active Directory servers — the servers required for Microsoft Passport build on and add capability to your existing infrastructure. You don’t have to change the domain or forest functional level, and you can either add on-premises servers or use Microsoft Azure Active Directory to deploy Microsoft Passport on your network. The choice of which users you should enable for Microsoft Passport use is completely up to you: you choose the policies and devices to support and which authentication factors you want users to have access to. This makes it easy to use Microsoft Passport to supplement existing smart card or token deployments by adding strong credential protection to users who don’t currently have it or to deploy Microsoft Passport in scenarios that call for extra protection for sensitive resources or systems (described in the [Design a Microsoft Passport deployment](#design) section).
 
 **It’s standardized**
 
-Both software vendors and enterprise customers have come to realize that proprietary identity and authentication systems are a dead end. The future lies with open, interoperable systems that allow secure authentication across a variety of devices, LOBs, and external applications and websites. To this end, a group of industry players formed the Fast IDentity Online Alliance (FIDO), a nonprofit organization intended to address the lack of interoperability among strong authentication devices as well as the problems users face when they have to create and remember multiple user names and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. This new standard for security devices and browser plug ins will allow any website or cloud application to interface with a broad variety of existing and future FIDO-enabled devices that the user has for online security. For more information, see the [FIDO Alliance website](http://go.microsoft.com/fwlink/p/?LinkId=627393).
+Both software vendors and enterprise customers have come to realize that proprietary identity and authentication systems are a dead end. The future lies with open, interoperable systems that allow secure authentication across a variety of devices, LOBs, and external applications and websites. To this end, a group of industry players formed the Fast IDentity Online Alliance (FIDO), a nonprofit organization intended to address the lack of interoperability among strong authentication devices as well as the problems users face when they have to create and remember multiple user names and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. This new standard for security devices and browser plug ins will allow any website or cloud application to interface with a broad variety of existing and future FIDO-enabled devices that the user has for online security. For more information, see the [FIDO Alliance website](https://go.microsoft.com/fwlink/p/?LinkId=627393).
 
 In 2013, Microsoft joined the FIDO Alliance. FIDO standards enable a universal framework that a global ecosystem delivers for a consistent and greatly improved user experience of strong passwordless authentication. The FIDO 1.0 specifications, published in December 2014, provide for two types of authentications: passwordless (known as the Universal Authentication Framework \[UAF\]) and 2nd Factor (U2F). The FIDO Alliance is working on a set of 2.0 proposals to combine the best parts of the U2F and UAF FIDO 1.0 standards. Microsoft is actively contributing to the proposals, and Windows 10 is a reference implementation of these concepts. In addition to supporting those protocols, the Windows implementation covers other aspects of the end-to-end experience that the specification does not cover, including user interface to, storage of, and protection for users’ device keys and the tokens issued after authentication; supporting administrator policies; and providing deployment tools. Microsoft expects to continue working with the FIDO Alliance as the FIDO 2.0 specification moves forward. Interoperability of FIDO products is a hallmark of FIDO authentication. Microsoft believes that bringing a FIDO solution to market will help solve a critical need for enterprises and consumers alike.
 
@@ -177,7 +181,7 @@ Containers can contain several types of key material:
 -   *Secure/Multipurpose Internet Mail Extensions (S/MIME) keys and certificates*, which a certification authority (CA) generates. The keys associated with the user’s S/MIME certificate can be stored in a Microsoft Passport container so they’re available to the user whenever the container is unlocked.
 -   The *IDP key*. These keys can be either symmetric or asymmetric, depending on which IDP you use. A single container may contain zero or more IDP keys, with some restrictions (for example, the enterprise container can contain zero or one IDP keys). IDP keys are stored in the container as illustrated in Figure 3. For certificate-based Microsoft Passport for Work, when the container is unlocked, applications that require access to the IDP key or key pair can request access. IDP keys are used to sign or encrypt authentication requests or tokens sent from this machine to the IDP. IDP keys are typically long lived but could have a shorter lifetime than the authentication key.
 Microsoft accounts, Active Directory accounts, and Azure AD accounts all require the use of asymmetric key pairs. The device generates public and private keys, registers the public key with the IDP (which stores it for later verification), and securely stores the private key. For enterprises, the IDP keys can be generated in two ways:
--   The IDP key pair can be associated with an enterprise CA through the Windows Network Device Enrollment Service (NDES), described more fully in [Network Device Enrollment Service Guidance](http://go.microsoft.com/fwlink/p/?LinkId=733947). In this case, Microsoft Passport requests a new certificate with the same key as the certificate from the existing PKI. This option lets organizations that have an existing PKI continue to use it where appropriate. Given that many applications, such as popular virtual private network systems, require the use of certificates, when you deploy Microsoft Passport in this mode, it allows a faster transition away from user passwords while still preserving certificate-based functionality. This option also allows the enterprise to store additional certificates in the protected container.
+-   The IDP key pair can be associated with an enterprise CA through the Windows Network Device Enrollment Service (NDES), described more fully in [Network Device Enrollment Service Guidance](https://go.microsoft.com/fwlink/p/?LinkId=733947). In this case, Microsoft Passport requests a new certificate with the same key as the certificate from the existing PKI. This option lets organizations that have an existing PKI continue to use it where appropriate. Given that many applications, such as popular virtual private network systems, require the use of certificates, when you deploy Microsoft Passport in this mode, it allows a faster transition away from user passwords while still preserving certificate-based functionality. This option also allows the enterprise to store additional certificates in the protected container.
 -   The IDP can generate the IDP key pair directly, which allows quick, lower-overhead deployment of Microsoft Passport in environments that don’t have or need a PKI.
 
 **How keys are protected**
@@ -239,7 +243,7 @@ The major benefit of this approach is that it provides uniform protection for al
 
 The downside to this approach is its complexity. Smaller organizations may find that managing the rollout of a new operating system across all devices is beyond the scope of their experience and capability. For these organizations, users can self-upgrade, and new users may end up with Windows 10 because they get new devices when they join. Larger organizations, especially those that are highly decentralized or have operations across many physical sites, may have more deployment knowledge and resources but face the challenge of coordinating rollout efforts across a larger user base and footprint.
 
-For more information about desktop deployment of Windows 10, visit the [Windows 10 TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=626581).
+For more information about desktop deployment of Windows 10, visit the [Windows 10 TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=626581).
 
 One key aspect of this deployment strategy is how to get Windows 10 in users’ hands. Because different organizations have wildly differing strategies to refresh hardware and software, there’s no one-size-fits-all strategy. For example, some organizations pursue a coordinated strategy that puts new desktop operating systems in users’ hands every 2–3 years on existing hardware, supplementing with new hardware only where and when required. Others tend to replace hardware and deploy whatever version of the Windows client operating system ships on the purchased devices. In both cases, there are typically separate deployment cycles for servers and server operating systems, and the desktop and server cycles may or may not be coordinated.
 
@@ -303,7 +307,7 @@ Table 1. Deployment requirements for Microsoft Passport
 <td align="left"><p>Azure AD subscription</p></td>
 <td align="left"><ul>
 <li>Azure AD subscription</li>
-<li>[Azure AD Connect](http://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
+<li>[Azure AD Connect](https://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
 <li>A few Windows Server 2016 Technical Preview domain controllers on-site</li>
 <li>A management solution, such as Configuration Manager, Group Policy, or MDM</li>
 <li>Active Directory Certificate Services (AD CS) without Network Device Enrollment Service (NDES)</li>
@@ -318,7 +322,7 @@ Table 1. Deployment requirements for Microsoft Passport
 <p>Intune</p></td>
 <td align="left"><ul>
 <li>Azure AD subscription</li>
-<li>[Azure AD Connect](http://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
+<li>[Azure AD Connect](https://go.microsoft.com/fwlink/p/?LinkId=616792)</li>
 <li>AD CS with NDES</li>
 <li>Configuration Manager (current branch) or Configuration Manager 2016 Technical Preview for domain-joined certificate enrollment, or InTune for non-domain-joined devices, or a non-Microsoft MDM service that supports Passport for Work</li>
 </ul></td>
@@ -333,7 +337,7 @@ Note that the current release of Windows 10 supports the Azure AD–only (RTM)
 
 **Select policy settings**
 
-Another key aspect of Microsoft Passport for Work deployment involves the choice of which policy settings to apply to the enterprise. There are two parts to this choice: which policies you deploy to manage Microsoft Passport itself and which policies you deploy to control device management and registration. A complete guide to selecting effective policies is beyond the scope of this guide, but one example reference that may be useful is [Mobile device management capabilities in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733877).
+Another key aspect of Microsoft Passport for Work deployment involves the choice of which policy settings to apply to the enterprise. There are two parts to this choice: which policies you deploy to manage Microsoft Passport itself and which policies you deploy to control device management and registration. A complete guide to selecting effective policies is beyond the scope of this guide, but one example reference that may be useful is [Mobile device management capabilities in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733877).
 
 ## Implement Microsoft Passport
 
@@ -362,7 +366,7 @@ As of the initial release of Windows 10, you can control the following settings
 -   You can define the complexity and length of the PIN that users generate at registration.
 -   You can control whether Windows Hello use is enabled in your organization.
 
-These settings can be implemented through GPOs or through configuration service providers (CSPs) in MDM systems, so you have a familiar and flexible set of tools you can use to apply them to exactly the users you want. (For details about the Microsoft Passport for Work CSP, see [PassportForWork CSP)](http://go.microsoft.com/fwlink/p/?LinkId=733876).
+These settings can be implemented through GPOs or through configuration service providers (CSPs) in MDM systems, so you have a familiar and flexible set of tools you can use to apply them to exactly the users you want. (For details about the Microsoft Passport for Work CSP, see [PassportForWork CSP)](https://go.microsoft.com/fwlink/p/?LinkId=733876).
 
 ## Roadmap
 
diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
index 1bc9344b78..8fa747d356 100644
--- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -8,39 +8,109 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: iaanw
+localizationpriority: high
 ---
 
 # Minimum requirements for Windows Defender ATP
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
 There are some minimum requirements for onboarding your network and endpoints.
 
 ## Minimum requirements
 
 ### Network and data storage and configuration requirements
-<!---Your organization must use Azure Active Directory (AAD) to manage users. AAD is used during service onboarding to manage user-based access to the [Windows Defender ATP portal](https://securitycenter.windows.com/).--->
-
-<!--If you’d like help with using AAD to set up user access, contact the [Windows Defender ATP Yammer group](https://www.yammer.com/wsscengineering/\#/threads/inGroup?type=in\_group&feedId=7108776&view=all) or email [winatp@microsoft.com](mailto:winatp@microsoft.com).-->
-
-When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: in either a European or United States datacenter.
+When you run the onboarding wizard for the first time, you must choose where your Windows Defender Advanced Threat Protection-related information is stored: either in a European or United States datacenter.
 
 > **Notes**&nbsp;&nbsp;
 -   You cannot change your data storage location after the first-time setup.
 -   Review the [Windows Defender ATP data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md) for more information on where and how Microsoft stores your data.
 
 ### Endpoint hardware and software requirements
-Endpoints on your network must be running Windows 10 Insider Preview Build 14332 or later. The hardware requirements for Windows Defender ATP on endpoints is the same as those for Windows 10 Insider Preview Build 14332 or later.
+The Windows Defender ATP agent only supports the following editions of Windows 10:
 
-> **Note**&nbsp;&nbsp;Endpoints that are running Windows Server and mobile versions of Windows are not supported.
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 
-Internet connectivity on endpoints is also required. See [Configure Windows Defender ATP endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)  for additional proxy configuration settings.
+Endpoints on your network must be running one of these editions.
+
+The hardware requirements for Windows Defender ATP on endpoints is the same as those for the supported editions.
+
+> [!NOTE]
+> Endpoints that are running Windows Server and mobile versions of Windows are not supported.
+
+#### Internet connectivity
+Internet connectivity on endpoints is required.
+
+SENSE can utilize up to 5MB daily of bandwidth  to communicate with the Windows Defender ATP cloud service and report cyber data.
+
+> [!NOTE]
+> SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP.
+
+For more information on additional proxy configuration settings see, [Configure Windows Defender ATP endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) .
 
 Before you configure endpoints, the telemetry and diagnostics service must be enabled. The service is enabled by default in Windows 10, but if it has been disabled you can turn it on by following the instructions in the [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md) section.
 
+### Telemetry and diagnostics settings
+You must ensure that the telemetry and diagnostics service is enabled on all the endpoints in your organization.
+By default, this service is enabled, but it's good practice to check to ensure that you'll get telemetry from them.
 
+**Use the command line to check the Windows 10 telemetry and diagnostics service startup type**:
+
+1.  Open an elevated command-line prompt on the endpoint:
+
+  a.  Go to **Start** and type **cmd**.
+
+  b.  Right-click **Command prompt** and select **Run as administrator**.
+
+2.  Enter the following command, and press **Enter**:
+
+    ```text
+    sc qc diagtrack
+    ```
+
+If the service is enabled, then the result should look like the following screenshot:
+
+![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png)
+
+If the **START_TYPE** is not set to **AUTO_START**, then you'll need to set the service to automatically start.
+
+
+
+**Use the command line to set the Windows 10 telemetry and diagnostics service to automatically start:**
+
+1.  Open an elevated command-line prompt on the endpoint:
+
+	  a. Go to **Start** and type **cmd**.
+
+    b. Right-click **Command prompt** and select **Run as administrator**.
+
+2.  Enter the following command, and press **Enter**:
+
+    ```text
+    sc config diagtrack start=auto
+    ```
+
+3.  A success message is displayed. Verify the change by entering the following command, and press **Enter**:
+
+    ```text
+    sc qc diagtrack
+    ```
+
+## Windows Defender signature updates are configured
+The Windows Defender ATP agent depends on Windows Defender’s ability to scan files and provide information about them. If Windows Defender is not the active antimalware in your organization, you may need to configure the signature updates. For more information see [Configure Windows Defender in Windows 10](windows-defender-in-windows-10.md).
+
+When Windows Defender is not the active antimalware in your organization and you use the Windows Defender ATP service, Windows Defender goes on passive mode. For more information, see the **Compatibility** section in the [Windows Defender in Windows 10 topic](windows-defender-in-windows-10.md# compatibility-with-windows-defender-advanced-threat-protection).
+
+## Windows Defender Early Launch Antimalware (ELAM) driver is enabled
+If you're running Windows Defender as the primary antimalware product on your endpoints, the Windows Defender ATP agent will successfully onboard.
+
+If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender ELAM driver is enabled. For more information on how to validate and enable the Windows Defender ELAM driver see, [Ensure the Windows Defender ELAM driver is enabled](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-the-windows-defender-elam-driver-is-enabled).
diff --git a/windows/keep-secure/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/keep-secure/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
index 95ab7cda01..d2ed73907e 100644
--- a/windows/keep-secure/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
+++ b/windows/keep-secure/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 You must reconfigure your copied GPO so that it contains the correct security group and WMI filters for its new role. If you are creating the GPO for the isolated domain, use the [Block members of a group from applying a GPO](#to-block-members-of-a-group-from-applying-a-gpo) procedure to prevent members of the boundary and encryption zones from incorrectly applying the GPOs for the main isolated domain.
 
diff --git a/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md
new file mode 100644
index 0000000000..2f8775683c
--- /dev/null
+++ b/windows/keep-secure/monitor-onboarding-windows-advanced-threat-protection.md
@@ -0,0 +1,7 @@
+ ---
+ redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection
+ ---
+
+# Monitor the Windows Defender Advanced Threat Protection onboarding
+
+This page has been redirected to [Configure endpoints](https://technet.microsoft.com/itpro/windows/keep-secure/configure-endpoints-windows-defender-advanced-threat-protection)
\ No newline at end of file
diff --git a/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md b/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
index 942dfa02ee..9205bb0153 100644
--- a/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/onboard-configure-windows-defender-advanced-threat-protection.md
@@ -8,19 +8,22 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: iaanw
+localizationpriority: high
 ---
 
 # Onboard and set up Windows Defender Advanced Threat Protection
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
 You need to onboard to Windows Defender ATP before you can use the service.
 
+
 ## In this section
 Topic | Description
 :---|:---
diff --git a/windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md
index f29f5afbb7..420518e4ca 100644
--- a/windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md
+++ b/windows/keep-secure/open-the-group-policy-management-console-to-ip-security-policies.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Procedures in this guide that refer to GPOs for earlier versions of the Windows operating system instruct you to work with the IP Security Policy section in the Group Policy Management Console (GPMC).
 
diff --git a/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
index e179647bac..bbecb7b8ad 100644
--- a/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+++ b/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Most of the procedures in this guide instruct you to use Group Policy settings for Windows Firewall with Advanced Security.
 
diff --git a/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall.md b/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall.md
index 2d848ec539..9712af0076 100644
--- a/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall.md
+++ b/windows/keep-secure/open-the-group-policy-management-console-to-windows-firewall.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To open a GPO to Windows Firewall
 
diff --git a/windows/keep-secure/open-windows-firewall-with-advanced-security.md b/windows/keep-secure/open-windows-firewall-with-advanced-security.md
index cda993d4ad..8f20a73c1c 100644
--- a/windows/keep-secure/open-windows-firewall-with-advanced-security.md
+++ b/windows/keep-secure/open-windows-firewall-with-advanced-security.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This procedure shows you how to open the Windows Firewall with Advanced Security console.
 
diff --git a/windows/keep-secure/optimize-applocker-performance.md b/windows/keep-secure/optimize-applocker-performance.md
index ff8f099f2d..5282b92618 100644
--- a/windows/keep-secure/optimize-applocker-performance.md
+++ b/windows/keep-secure/optimize-applocker-performance.md
@@ -20,7 +20,7 @@ This topic for IT professionals describes how to optimize AppLocker policy enfor
 
 AppLocker policies can be implemented by organization unit (OU) using Group Policy. If so, your Group Policy infrastructure should be optimized and retested for performance when AppLocker policies are added to existing Group Policy Objects (GPOs) or new GPOs are created, as you do with adding any policies to your GPOs.
 
-For more info, see the [Optimizing Group Policy Performance](http://go.microsoft.com/fwlink/p/?LinkId=163238) article in TechNet Magazine.
+For more info, see the [Optimizing Group Policy Performance](https://go.microsoft.com/fwlink/p/?LinkId=163238) article in TechNet Magazine.
 
 ### AppLocker rule limitations
 
diff --git a/windows/keep-secure/optional-create-a-code-signing-certificate-for-code-integrity-policies.md b/windows/keep-secure/optional-create-a-code-signing-certificate-for-code-integrity-policies.md
index f915647f15..89b5072658 100644
--- a/windows/keep-secure/optional-create-a-code-signing-certificate-for-code-integrity-policies.md
+++ b/windows/keep-secure/optional-create-a-code-signing-certificate-for-code-integrity-policies.md
@@ -4,6 +4,7 @@ description: This article describes how to create a code signing certificate for
 keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 author: brianlic-msft
 ---
 
diff --git a/windows/keep-secure/override-mitigation-options-for-app-related-security-policies.md b/windows/keep-secure/override-mitigation-options-for-app-related-security-policies.md
new file mode 100644
index 0000000000..0f98929851
--- /dev/null
+++ b/windows/keep-secure/override-mitigation-options-for-app-related-security-policies.md
@@ -0,0 +1,58 @@
+
+---
+title: Override Process Mitigation Options to help enforce app-related security policies (Windows 10)
+description: How to use Group Policy to override individual Process Mitigation Options settings and to help enforce specific app-related security policies.
+keywords: Process Mitigation Options, Mitigation Options, Group Policy Mitigation Options
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.pagetype: security
+ms.sitesec: library
+---
+
+
+# Override Process Mitigation Options to help enforce app-related security policies
+
+**Applies to:**
+
+-   Windows 10, version 1607
+-   Windows Server 2016
+
+Use Group Policy to override individual **Process Mitigation Options** settings and help to enforce specific app-related security policies.
+
+**To modify Process Mitigation Options**
+
+1. Open your Group Policy editor and go to the **Administrative Templates\System\Mitigation Options\Process Mitigation Options** setting.
+
+    ![Group Policy editor: Process Mitigation Options with setting enabled and Show button active](images/gp-process-mitigation-options.png)
+
+2. Click **Enabled**, and then in the **Options** area, click **Show** to open the **Show Contents** box, where you’ll be able to add your apps and the appropriate bit flag values, as shown in the [Setting the bit field](#setting-the-bit-field) and [Example](#example) sections of this topic.
+
+    **Important**<br>For each app you want to include, you must include:
+    
+    - **Value name.** The app file name, including the extension. For example, iexplore.exe.
+    - **Value.** A bit field with a series of bit flags in particular positions. Bits can be set to 0 (where the setting is forced off), 1 (where the setting is forced on), or ? (where the setting retains the previous, existing value).
+    
+        **Note**<br>Setting bit flags in positions not specified here to anything other than ? might cause undefined behavior.
+
+    ![Group Policy editor: Process Mitigation Options with Show Contents box and example text](images/gp-process-mitigation-options-show.png)
+
+## Setting the bit field
+Here’s a visual representation of the bit flag locations for the various Process Mitigation Options settings:
+
+![Visual representation of the bit flag locations for the Process Mitigation Options settings](images/gp-process-mitigation-options-bit-flag-image.png)
+
+Where the bit flags are read from right to left and are defined as:
+
+|Flag |Bit location |Setting |Details |
+|-----|--------------|--------|--------|
+|A |0 |`PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE (0x00000001)` |Turns on Data Execution Prevention (DEP) for child processes. |
+|B |1 |`PROCESS_CREATION_MITIGATION_POLICY_DEP_ATL_THUNK_ENABLE (0x00000002)` |Turns on DEP-ATL thunk emulation for child processes. DEP-ATL thunk emulation lets the system intercept non-executable (NX) faults that originate from the Active Template Library (ATL) thunk layer, and then emulate and handle the instructions so the process can continue to run. |
+|C |2 |`PROCESS_CREATION_MITIGATION_POLICY_SEHOP_ENABLE (0x00000004)` |Turns on Structured Exception Handler Overwrite Protection (SEHOP) for child processes. SEHOP helps to block exploits that use the Structured Exception Handler (SEH) overwrite technique. |
+|D |8 |`PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON (0x00000100)` |Uses the force Address Space Layout Randomization (ASLR) setting to act as though an image base collision happened at load time, forcibly rebasing images that aren’t dynamic base compatible. Images without the base relocation section won’t be loaded if relocations are required. |
+|E |15 |`PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_ON (0x00010000)` |Turns on the bottom-up randomization policy, which includes stack randomization options and causes a random location to be used as the lowest user address. |
+|F |16 |`PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF (0x00020000)` |Turns off the bottom-up randomization policy, which includes stack randomization options and causes a random location to be used as the lowest user address. |
+    
+## Example
+If you want to turn on the **PROCESS_CREATION_MITIGATION_POLICY_DEP_ENABLE** and **PROCESS_CREATION_MITIGATION_POLICY_FORCE_RELOCATE_IMAGES_ALWAYS_ON** settings, turn off the **PROCESS_CREATION_MITIGATION_POLICY_BOTTOM_UP_ASLR_ALWAYS_OFF** setting, and leave everything else as the default values, you’d want to type a value of `???????????????0???????1???????1`.
+
+
diff --git a/windows/keep-secure/overview-create-edp-policy.md b/windows/keep-secure/overview-create-edp-policy.md
index 02e9e28ec7..74ca414ed7 100644
--- a/windows/keep-secure/overview-create-edp-policy.md
+++ b/windows/keep-secure/overview-create-edp-policy.md
@@ -1,36 +1,5 @@
 ---
 title: Create an enterprise data protection (EDP) policy (Windows 10)
 description: Microsoft Intune and System Center Configuration Manager Technical Preview version 1605 or later helps you create and deploy your enterprise data protection (EDP) policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network.
-ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6
-ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: security
-author: eross-msft
----
-
-# Create an enterprise data protection (EDP) policy
-**Applies to:**
-
--   Windows 10 Insider Preview
--   Windows 10 Mobile Preview
-
-<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-Microsoft Intune and System Center Configuration Manager Technical Preview version 1605 or later helps you create and deploy your enterprise data protection (EDP) policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network.
-
-## In this section
-|Topic |Description |
-|------|------------|
-|[Create an enterprise data protection (EDP) policy using Microsoft Intune](create-edp-policy-using-intune.md) |Intune helps you create and deploy your EDP policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network. |
-|[Create and deploy an enterprise data protection (EDP) policy using System Center Configuration Manager](create-edp-policy-using-sccm.md) |System Center Configuration Manager Technical Preview version 1605 or later helps you create and deploy your EDP policy, including letting you choose your protected apps, your EDP-protection level, and how to find enterprise data on the network. |
- 
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/overview-create-wip-policy
+---
\ No newline at end of file
diff --git a/windows/keep-secure/overview-create-wip-policy.md b/windows/keep-secure/overview-create-wip-policy.md
new file mode 100644
index 0000000000..f0ae686b47
--- /dev/null
+++ b/windows/keep-secure/overview-create-wip-policy.md
@@ -0,0 +1,26 @@
+---
+title: Create a Windows Information Protection (WIP) policy (Windows 10)
+description: Microsoft Intune and System Center Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
+ms.assetid: d2059e74-94bd-4e54-ab59-1a7b9b52bdc6
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+author: eross-msft
+localizationpriority: high
+---
+
+# Create a Windows Information Protection (WIP) policy
+**Applies to:**
+
+-   Windows 10, version 1607
+-   Windows 10 Mobile
+
+Microsoft Intune and System Center Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
+
+## In this section
+|Topic |Description |
+|------|------------|
+|[Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) |Intune helps you create and deploy your WIP policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. |
+|[Create and deploy a Windows Information Protection (WIP) policy using System Center Configuration Manager](create-wip-policy-using-sccm.md) |System Center Configuration Manager helps you create and deploy your WIP policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. |
+|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |Steps to create, verify, and perform a quick recovery using a Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. |
\ No newline at end of file
diff --git a/windows/keep-secure/passport-event-300.md b/windows/keep-secure/passport-event-300.md
index 51e13a8d72..25c9b86986 100644
--- a/windows/keep-secure/passport-event-300.md
+++ b/windows/keep-secure/passport-event-300.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Event ID 300 - Windows Hello successfully created
@@ -34,7 +35,7 @@ This is a normal condition. No further action is required.
 
 ## Related topics
 
-[Manage identity verification using Microsoft Passport](manage-identity-verification-using-microsoft-passport.md)
+[Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
 
 [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)
 
diff --git a/windows/keep-secure/plan-for-applocker-policy-management.md b/windows/keep-secure/plan-for-applocker-policy-management.md
index 96d65e5c32..ba66c70d42 100644
--- a/windows/keep-secure/plan-for-applocker-policy-management.md
+++ b/windows/keep-secure/plan-for-applocker-policy-management.md
@@ -64,13 +64,13 @@ AppLocker event log is located in the following path: **Applications and Service
 2.  **MSI and Script**. Contains events for all files affected by the Windows Installer and script rule collections (.msi, .msp, .ps1, .bat, .cmd, .vbs, and .js).
 3.  **Packaged app-Deployment** or **Packaged app-Execution**, contains events for all Universal Windows apps affected by the packaged app and packed app installer rule collection (.appx).
 
-Collecting these events in a central location can help you maintain your AppLocker policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](http://go.microsoft.com/fwlink/p/?LinkId=145012).
+Collecting these events in a central location can help you maintain your AppLocker policy and troubleshoot rule configuration problems. Event collection technologies such as those available in Windows allow administrators to subscribe to specific event channels and have the events from source computers aggregated into a forwarded event log on a Windows Server operating system collector. For more info about setting up an event subscription, see [Configure Computers to Collect and Forward Events](https://go.microsoft.com/fwlink/p/?LinkId=145012).
 
 ### Policy maintenance
 
 As new apps are deployed or existing apps are updated by the software publisher, you will need to make revisions to your rule collections to ensure that the policy is current.
 
-You can edit an AppLocker policy by adding, changing, or removing rules. However, you cannot specify a version for the policy by importing additional rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more info about Advanced Group Policy Management, see [Advanced Group Policy Management Overview](http://go.microsoft.com/fwlink/p/?LinkId=145013) (http://go.microsoft.com/fwlink/p/?LinkId=145013).
+You can edit an AppLocker policy by adding, changing, or removing rules. However, you cannot specify a version for the policy by importing additional rules. To ensure version control when modifying an AppLocker policy, use Group Policy management software that allows you to create versions of Group Policy Objects (GPOs). An example of this type of software is the Advanced Group Policy Management feature from the Microsoft Desktop Optimization Pack. For more info about Advanced Group Policy Management, see [Advanced Group Policy Management Overview](https://go.microsoft.com/fwlink/p/?LinkId=145013) (https://go.microsoft.com/fwlink/p/?LinkId=145013).
 
 >**Caution:**  You should not edit an AppLocker rule collection while it is being enforced in Group Policy. Because AppLocker controls what files are allowed to run, making changes to a live policy can create unexpected behavior.
  
@@ -100,7 +100,7 @@ A file could be blocked for three reasons:
 -   There may be an existing rule that was created for the file that is too restrictive.
 -   A deny rule, which cannot be overridden, is explicitly blocking the file.
 
-Before editing the rule collection, first determine what rule is preventing the file from running. You can troubleshoot the problem by using the **Test-AppLockerPolicy** Windows PowerShell cmdlet. For more info about troubleshooting an AppLocker policy, see [Testing and Updating an AppLocker Policy](http://go.microsoft.com/fwlink/p/?LinkId=160269) (http://go.microsoft.com/fwlink/p/?LinkId=160269).
+Before editing the rule collection, first determine what rule is preventing the file from running. You can troubleshoot the problem by using the **Test-AppLockerPolicy** Windows PowerShell cmdlet. For more info about troubleshooting an AppLocker policy, see [Testing and Updating an AppLocker Policy](https://go.microsoft.com/fwlink/p/?LinkId=160269) (https://go.microsoft.com/fwlink/p/?LinkId=160269).
 
 ## Next steps
 
diff --git a/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md b/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
index 1fa912d181..77613b4101 100644
--- a/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
+++ b/windows/keep-secure/planning-and-deploying-advanced-security-audit-policies.md
@@ -99,7 +99,7 @@ In addition to your domain model, you should also find out whether your organiza
 
 >**Important:**  Including auditing within your organization's security plan also makes it possible to budget your resources on the areas where auditing can achieve the most positive results.
  
-For additional details about how to complete each of these steps and how to prepare a detailed threat model, download the [IT Infrastructure Threat Modeling Guide](http://go.microsoft.com/fwlink/p/?LinkId=163432).
+For additional details about how to complete each of these steps and how to prepare a detailed threat model, download the [IT Infrastructure Threat Modeling Guide](https://go.microsoft.com/fwlink/p/?LinkId=163432).
 
 ### Data and resources
 
@@ -144,7 +144,7 @@ Security and auditing requirements and audit event volume can vary considerably
 -   If the computers are servers, desktop computers, or portable computers.
 -   The important applications the computers run, such as Exchange Server, SQL Server, or Forefront Identity Manager.
 
-    >**Note:**  If the server applications (including Exchange Server and SQL Server) have audit settings. For more information about auditing in Exchange Server, see the [Exchange 2010 Security Guide](http://go.microsoft.com/fwlink/p/?linkid=128052). For more information about auditing in SQL Server 2008, see [Auditing (Database Engine)](http://go.microsoft.com/fwlink/p/?LinkId=163434). For SQL Server 2012, see [SQL Server Audit (Database Engine)](http://technet.microsoft.com/library/cc280386.aspx).
+    >**Note:**  If the server applications (including Exchange Server and SQL Server) have audit settings. For more information about auditing in Exchange Server, see the [Exchange 2010 Security Guide](https://go.microsoft.com/fwlink/p/?linkid=128052). For more information about auditing in SQL Server 2008, see [Auditing (Database Engine)](https://go.microsoft.com/fwlink/p/?LinkId=163434). For SQL Server 2012, see [SQL Server Audit (Database Engine)](http://technet.microsoft.com/library/cc280386.aspx).
      
 -   The operating system versions.
     
@@ -260,7 +260,7 @@ In the majority of cases, these attempts will be legitimate and a network needs
 
     >**Note:**  There is no failure event for logoff activity because failed logoffs (such as when a system abruptly shuts down) do not generate an audit record. Logoff events are not 100 percent reliable. For example, the computer can be turned off without a proper logoff and shutdown, and a logoff event is not generated.
      
--   Logon/Logoff\\[Audit Special Logon](audit-special-logon.md). A special logon has administrator-equivalent rights and can be used to elevate a process to a higher level. It is recommended to track these types of logons. For more information about this feature, see [article 947223](http://go.microsoft.com/fwlink/p/?linkid=120183) in the Microsoft Knowledge Base.
+-   Logon/Logoff\\[Audit Special Logon](audit-special-logon.md). A special logon has administrator-equivalent rights and can be used to elevate a process to a higher level. It is recommended to track these types of logons. For more information about this feature, see [article 947223](https://go.microsoft.com/fwlink/p/?linkid=120183) in the Microsoft Knowledge Base.
 -   Object Access\\[Audit Certification Services](audit-certification-services.md). This policy setting allows you to track and monitor a wide variety of activities on a computer that hosts Active Directory Certificate Services (AD CS) role services to ensure that only authorized users are performing or attempting to perform these tasks, and that only authorized or desired tasks are being performed.
 -   Object Access\\[Audit File System](audit-file-system.md) and Object Access\\[Audit File Share](audit-file-share.md). These policy settings are described in the previous section.
 -   Object Access\\[Audit Handle Manipulation](audit-handle-manipulation.md). This policy setting and its role in providing "reason for access" audit data is described in the previous section.
@@ -336,7 +336,7 @@ Configuration\\Administrative Templates\\Windows Components\\Event Log Service\\
 -   **Retain old events**. This policy setting controls event log behavior when the log file reaches its maximum size. When this policy setting is enabled and a log file reaches its maximum size, new events are not written to the log and are lost. When this policy setting is disabled and a log file reaches its maximum size, new events overwrite old events.
 -   **Backup log automatically when full**. This policy setting controls event log behavior when the log file reaches its maximum size and takes effect only if the **Retain old events** policy setting is enabled. If you enable these policy settings, the event log file is automatically closed and renamed when it is full. A new file is then started. If you disable or do not configure this policy setting and the **Retain old events** policy setting is enabled, new events are discarded and the old events are retained.
 
-In addition, a growing number of organizations are being required to store archived log files for a number of years. You should consult with regulatory compliance officers in your organization to determine whether such guidelines apply to your organization. For more information, see the [IT Compliance Management Guide](http://go.microsoft.com/fwlink/p/?LinkId=163435).
+In addition, a growing number of organizations are being required to store archived log files for a number of years. You should consult with regulatory compliance officers in your organization to determine whether such guidelines apply to your organization. For more information, see the [IT Compliance Management Guide](https://go.microsoft.com/fwlink/p/?LinkId=163435).
 
 ## <a href="" id="bkmk-5"></a>Deploying the security audit policy
 
diff --git a/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process.md b/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process.md
index 2715141f20..0790236e3f 100644
--- a/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process.md
+++ b/windows/keep-secure/planning-and-getting-started-on-the-device-guard-deployment-process.md
@@ -4,6 +4,7 @@ description: To help you plan and begin the initial test stages of a deployment
 keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 author: brianlic-msft
 ---
 
@@ -15,7 +16,7 @@ author: brianlic-msft
 
 This topic provides a roadmap for planning and getting started on the Device Guard deployment process, with links to topics that provide additional detail. Planning for Device Guard deployment involves looking at both the end-user and the IT pro impact of your choices. Use the following steps to guide you.
 
-**Planning**
+## Planning
 
 1. **Review requirements, especially hardware requirements for VBS**. Review the virtualization-based security (VBS) features described in [How Device Guard features help protect against threats](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md#how-device-guard-features-help-protect-against-threats). Then you can assess your end-user systems to see how many support the VBS features you are interested in, as described in [Hardware, firmware, and software requirements for Device Guard](requirements-and-deployment-planning-guidelines-for-device-guard.md#hardware-firmware-and-software-requirements-for-device-guard). 
 
@@ -32,7 +33,7 @@ This topic provides a roadmap for planning and getting started on the Device Gua
 
 4.  **Identify LOB applications that are currently unsigned**. Although requiring signed code (through code integrity policies) protects against many threats, your organization might use unsigned LOB applications, for which the process of signing might be difficult. You might also have applications that are signed, but you want to add a secondary signature to them. If so, identify these applications, because you will need to create a catalog file for them. For a basic description of catalog files, see the table in [Introduction to Device Guard: virtualization-based security and code integrity policies](introduction-to-device-guard-virtualization-based-security-and-code-integrity-policies.md). For more background information about catalog files, see [Reviewing your applications: application signing and catalog files](requirements-and-deployment-planning-guidelines-for-device-guard.md#reviewing-your-applications-application-signing-and-catalog-files).
 
-**Getting started on the deployment process**
+## Getting started on the deployment process
 
 1.  **Optionally, create a signing certificate for code integrity policies**. As you deploy code integrity policies, you might need to sign catalog files or code integrity policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal CA. If you choose to use an internal CA, you will need to create a code signing certificate. For more information, see [Optional: Create a code signing certificate for code integrity policies](optional-create-a-code-signing-certificate-for-code-integrity-policies.md).
 
diff --git a/windows/keep-secure/planning-certificate-based-authentication.md b/windows/keep-secure/planning-certificate-based-authentication.md
index 69e599b812..ab5b21c69b 100644
--- a/windows/keep-secure/planning-certificate-based-authentication.md
+++ b/windows/keep-secure/planning-certificate-based-authentication.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Sometimes a device cannot join an Active Directory domain, and therefore cannot use Kerberos V5 authentication with domain credentials. However, the device can still participate in the isolated domain by using certificate-based authentication.
 
diff --git a/windows/keep-secure/planning-domain-isolation-zones.md b/windows/keep-secure/planning-domain-isolation-zones.md
index 208265eefb..a18fb27051 100644
--- a/windows/keep-secure/planning-domain-isolation-zones.md
+++ b/windows/keep-secure/planning-domain-isolation-zones.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 After you have the required information about your network, Active Directory, and client and server devices, you can use that information to make decisions about the isolation zones you want to use in your environment.
 
diff --git a/windows/keep-secure/planning-gpo-deployment.md b/windows/keep-secure/planning-gpo-deployment.md
index 050a5550f7..abdff4b8ca 100644
--- a/windows/keep-secure/planning-gpo-deployment.md
+++ b/windows/keep-secure/planning-gpo-deployment.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 You can control which GPOs are applied to devices in Active Directory in a combination of three ways:
 
diff --git a/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md
index fff34a12c7..0718187682 100644
--- a/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md
+++ b/windows/keep-secure/planning-group-policy-deployment-for-your-isolation-zones.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 After you have decided on the best logical design of your isolation environment for the network and device security requirements, you can start the implementation plan.
 
diff --git a/windows/keep-secure/planning-isolation-groups-for-the-zones.md b/windows/keep-secure/planning-isolation-groups-for-the-zones.md
index b4f667a50b..0c4488940a 100644
--- a/windows/keep-secure/planning-isolation-groups-for-the-zones.md
+++ b/windows/keep-secure/planning-isolation-groups-for-the-zones.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Isolation groups in Active Directory are how you implement the various domain and server isolation zones. A device is assigned to a zone by adding its device account to the group which represents that zone.
 
diff --git a/windows/keep-secure/planning-network-access-groups.md b/windows/keep-secure/planning-network-access-groups.md
index 4d9b002e7c..929c583624 100644
--- a/windows/keep-secure/planning-network-access-groups.md
+++ b/windows/keep-secure/planning-network-access-groups.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 A network access group (NAG) is used to identify users and devices that have permission to access an isolated server. The server is configured with firewall rules that allow only network connections that are authenticated as originating from a device, and optionally a user, whose accounts are members of its NAG. A member of the isolated domain can belong to as many NAGs as required.
 
diff --git a/windows/keep-secure/planning-server-isolation-zones.md b/windows/keep-secure/planning-server-isolation-zones.md
index 12688b93c9..9995c0e5fc 100644
--- a/windows/keep-secure/planning-server-isolation-zones.md
+++ b/windows/keep-secure/planning-server-isolation-zones.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Sometimes a server hosts data that is sensitive. If your servers host data that must not be compromised, you have several options to help protect that data. One was already addressed: adding the server to the encryption zone. Membership in that zone prevents the server from being accessed by any devices that are outside the isolated domain, and encrypts all network connections to server.
 
diff --git a/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md b/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md
index 4fcbd977dc..fdcf972088 100644
--- a/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md
+++ b/windows/keep-secure/planning-settings-for-a-basic-firewall-policy.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 After you have identified your requirements, and have the information about the network layout and devices available, you can begin to design the GPO settings and rules that will enable you to enforce your requirements on the devices.
 
diff --git a/windows/keep-secure/planning-the-gpos.md b/windows/keep-secure/planning-the-gpos.md
index b22f0497cd..84b3750822 100644
--- a/windows/keep-secure/planning-the-gpos.md
+++ b/windows/keep-secure/planning-the-gpos.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 When you plan the GPOs for your different isolation zones, you must complete the layout of the required zones and their mappings to the groups that link the devices to the zones.
 
diff --git a/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md
index 1801d2a86a..8423e4b94f 100644
--- a/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md
+++ b/windows/keep-secure/planning-to-deploy-windows-firewall-with-advanced-security.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 After you collect information about your environment and decide on a design by following the guidance in the [Windows Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md), you can begin to plan the deployment of your design. With the completed design and the information in this topic, you can determine which tasks to perform to deploy Windows Firewall with Advanced Security in your organization.
 
diff --git a/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md b/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md
index c800eca94d..736612379f 100644
--- a/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md
+++ b/windows/keep-secure/planning-your-windows-firewall-with-advanced-security-design.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 After you have gathered the relevant information in the previous sections, and understand the basics of the designs as described earlier in this guide, you can select the design (or combination of designs) that meet your needs.
 
diff --git a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
index 6363ce613d..8c9f2086ff 100644
--- a/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/portal-overview-windows-defender-advanced-threat-protection.md
@@ -8,18 +8,19 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: DulceMV
+localizationpriority: high
 ---
 
 # Windows Defender Advanced Threat Protection portal overview
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-
 Enterprise security teams can use the Windows Defender ATP portal to monitor and assist in responding to alerts of potential advanced persistent threat (APT) activity or data breaches.
 
 You can use the [Windows Defender ATP portal](https://securitycenter.windows.com/) to:
@@ -37,19 +38,20 @@ When you open the portal, you’ll see the main areas of the application:
 
  ![Windows Defender Advanced Threat Protection portal](images/portal-image.png)
 
-> **Note**&nbsp;&nbsp;Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/en-us/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
+> [!NOTE]
+> Malware related detections will only appear if your endpoints are using [Windows Defender](https://technet.microsoft.com/library/mt622091(v=vs.85).aspx) as the default real-time protection antimalware product.
 
 You can navigate through the portal using the menu options available in all sections. Refer to the following table for a description of each section.
 
 Area | Description
 :---|:---
 (1) Settings | Provides access to configuration settings such as time zone, alert suppression rules, and license information.
-(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Preferences setup**, and **Endpoint Management**.
+(2) Navigation pane | Use the navigation pane to move between the **Dashboard**, **Alerts queue**, **Machines view**, **Preferences setup**, and **Enpoint Management**.
 **Dashboard**	| Provides clickable tiles that open detailed information on various alerts that have been detected in your organization.
 **Alerts queue** | Enables you to view separate queues of new, in progress, and resolved alerts.
 **Machines view**| Displays the list of machines that are onboarded to Windows Defender ATP, some information about them, and the corresponding number of alerts.
-**Preferences setup**|	Shows the settings you selected <!--during [service onboarding](service-onboarding-windows-defender-advanced-threat-protection.md),-->and lets you update your industry preferences and retention policy period.
-**Endpoint Management**|	Allows you to download the onboarding configuration package.
+**Preferences setup**|	Shows the settings you selected and lets you update your industry preferences and retention policy period.
+**Enpoint Management**|	Allows you to download the onboarding configuration package.
 (3) Main portal| Main area where you will see the different views such as the Dashboard, Alerts queue, and Machines view.
 (4) Search | Search for machines, files, external IP Addresses, or domains across endpoints. The drop-down combo box allows you to select the entity type.
 
diff --git a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
index 85f3ea6a19..f6419c6ced 100644
--- a/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
+++ b/windows/keep-secure/prepare-people-to-use-microsoft-passport.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Prepare people to use Windows Hello
@@ -22,7 +23,7 @@ After enrollment in Hello, users should use their gesture (such as a PIN or fing
 
 Although the organization may require users to change their Active Directory or Azure Active Directory (AD) account password at regular intervals, changes to their passwords have no effect on Hello.
 
-People who are currently using virtual smart cards for authentication can use their virtual smart card to verify their identity when they set up Hello.
+People who are currently using virtual or physical smart cards for authentication can use their virtual smart card to verify their identity when they set up Hello.
 
 ## On devices owned by the organization
 
@@ -34,13 +35,13 @@ Next, they select a way to connect. Tell the people in your enterprise which opt
 
 ![choose how you'll connect](images/connect.png)
 
-They sign in, and are then asked to verify their identity. People have options to choose from, such as a text message, phone call, or authentication app. After verification, they create their PIN. The **Create a work PIN** screen displays any complexity requirements that you have set, such as minimum length.
+They sign in, and are then asked to verify their identity. People have options to choose from, such as a text message, phone call, or authentication app. After verification, they create their PIN. The **Create a PIN** screen displays any complexity requirements that you have set, such as minimum length.
 
 After Hello is set up, people use their PIN to unlock the device, and that will automatically log them on.
 
 ## On personal devices
 
-People who want to access work resources on their personal devices can add a work or school account in **Settings** &gt; **Accounts** &gt; **Work or school**, and then sign in with work credentials. The person selects the method for receiving the verification code, such as text message or email. The verification code is sent and the person then enters the verification code. After verification, the person enters and confirms new PIN. The person can access any token-based resource using this device without being asked for credentials. (This work account gesture doesn't affect the device unlock PIN.)
+People who want to access work resources on their personal devices can add a work or school account in **Settings** &gt; **Accounts** &gt; **Work or school**, and then sign in with work credentials. The person selects the method for receiving the verification code, such as text message or email. The verification code is sent and the person then enters the verification code. After verification, the person enters and confirms new PIN. The person can access any token-based resource using this device without being asked for credentials. 
 
 People can go to **Settings** &gt; **Accounts** &gt; **Work or school**, select the work account, and then select **Unjoin** to remove the account from their device.
 
@@ -50,16 +51,23 @@ If your policy allows it, people can use biometrics (fingerprint, iris, and faci
 
 ![sign in to windows, apps, and services using fingerprint or face](images/hellosettings.png)
 
-## <a href="" id="bmk-remote"></a>Use a phone to sign in to a PC
+## <a href="" id="bmk-remote"></a>Use a phone to sign in to a PC or VPN
 
 If your enterprise enables phone sign-in, users can pair a phone running Windows 10 Mobile to a PC running Windows 10 and then use an app on the phone to sign in to the PC using their Windows Hello credentials.
 
+> [!NOTE]
+> Phone sign-in is currently limited to select Technology Adoption Program (TAP) participants.
+
  
 **Prerequisites:**
--   The PC must be joined to the Active Directory domain or Azure AD cloud domain.
--   The PC must have Bluetooth connectivity.
--   The phone must be joined to the Azure AD cloud domain, or the user must have added a work account to their personal phone.
--   The **Microsoft Authenticator** app must be installed on the phone.
+   
+- Both phone and PC must be running Windows 10, version 1607.
+- The PC must be running Windows 10 Pro, Enterprise, or Education
+- Both phone and PC must have Bluetooth.
+- The **Microsoft Authenticator** app must be installed on the phone.
+- The PC must be joined to an Active Directory domain that is connected to an Azure Active Directory (Azure AD) domain, or the PC must be joined to Azure AD.
+- The phone must be joined to Azure AD or have a work account added.
+- The VPN configuration profile must use certificate-based authentication.
 
 **Pair the PC and phone**
 
@@ -75,11 +83,18 @@ If your enterprise enables phone sign-in, users can pair a phone running Windows
 
 **Sign in to PC using the phone**
 
-1.  Open the **Microsoft Authenticator** app and tap the name of the PC to sign in to.
+
+1.  Open the **Microsoft Authenticator** app, choose your account, and tap the name of the PC to sign in to.
     > **Note: **  The first time that you run the **Microsoft Authenticator** app, you must add an account.
+    
+    ![select a device](images/phone-signin-device-select.png)
      
 2.  Enter the work PIN that you set up when you joined the phone to the cloud domain or added a work account.
 
+**Connect to VPN**
+
+You simply connect to VPN as you normally would. If the phone's certificates are being used, a notification will be pushed to the phone asking if you approve. If you click **allow** in the notification, you will be prompted for your PIN. After you enter your PIN, the VPN session will connect. 
+
 ## Related topics
 
 [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
@@ -97,3 +112,5 @@ If your enterprise enables phone sign-in, users can pair a phone running Windows
 [Event ID 300 - Windows Hello successfully created](passport-event-300.md)
 
 [Windows Hello biometrics in the enterprise](windows-hello-in-enterprise.md) 
+
+
diff --git a/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
index c30af5a4c1..31c04c1c61 100644
--- a/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/keep-secure/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -120,7 +120,7 @@ For a TPM to be usable by BitLocker, it must contain an endorsement key, which i
 
 An endorsement key can be created at various points in the TPM’s lifecycle, but needs to be created only once for the lifetime of the TPM. If an endorsement key does not exist for the TPM, it must be created before TPM ownership can be taken.
 
-For more information about the TPM and the TCG, see the Trusted Computing Group: Trusted Platform Module (TPM) Specifications (<http://go.microsoft.com/fwlink/p/?linkid=69584>).
+For more information about the TPM and the TCG, see the Trusted Computing Group: Trusted Platform Module (TPM) Specifications (<https://go.microsoft.com/fwlink/p/?linkid=69584>).
 
 ## <a href="" id="bkmk-nontpm"></a>Non-TPM hardware configurations
 
diff --git a/windows/keep-secure/procedures-used-in-this-guide.md b/windows/keep-secure/procedures-used-in-this-guide.md
index d19699b94b..7374820ed8 100644
--- a/windows/keep-secure/procedures-used-in-this-guide.md
+++ b/windows/keep-secure/procedures-used-in-this-guide.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 The procedures in this section appear in the checklists found earlier in this document. They should be used only in the context of the checklists in which they appear. They are presented here in alphabetical order.
 
diff --git a/windows/keep-secure/protect-devices-from-unwanted-network-traffic.md b/windows/keep-secure/protect-devices-from-unwanted-network-traffic.md
index a24379dacf..f4134b9ce9 100644
--- a/windows/keep-secure/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/keep-secure/protect-devices-from-unwanted-network-traffic.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Although network perimeter firewalls provide important protection to network resources from external threats, there are network threats that a perimeter firewall cannot protect against. Some attacks might successfully penetrate the perimeter firewall, and at that point what can stop it? Other attacks might originate from inside the network, such as malware that is brought in on portable media and run on a trusted device. Portable device are often taken outside the network and connected directly to the Internet, without adequate protection between the device and security threats.
 
diff --git a/windows/keep-secure/protect-enterprise-data-using-edp.md b/windows/keep-secure/protect-enterprise-data-using-edp.md
index 9e052274d5..3f8df3ef51 100644
--- a/windows/keep-secure/protect-enterprise-data-using-edp.md
+++ b/windows/keep-secure/protect-enterprise-data-using-edp.md
@@ -1,92 +1,5 @@
 ---
 title: Protect your enterprise data using enterprise data protection (EDP) (Windows 10)
 description: With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control.
-ms.assetid: 6cca0119-5954-4757-b2bc-e0ea4d2c7032
-keywords: EDP, Enterprise Data Protection
-ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: security
-author: eross-msft
----
-
-# Protect your enterprise data using enterprise data protection (EDP)
-**Applies to:**
-
--   Windows 10 Insider Preview
--   Windows 10 Mobile Preview
-
-<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
-
-Enterprise data protection (EDP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. EDP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.
-
-## Prerequisites
-You’ll need this software to run EDP in your enterprise:
-
-|Operating system | Management solution |
-|-----------------|---------------------|
-|Windows 10 Insider Preview | Microsoft Intune<br>-OR-<br>System Center Configuration Manager Technical Preview version 1605 or later<br>-OR-<br>Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product. If your 3rd party MDM does not have UI support for the policies, refer to the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt697634.aspx) documentation.|
-
-## How EDP works
-EDP helps address your everyday challenges in the enterprise. Including:
-
--   Helping to prevent enterprise data leaks, even on employee-owned devices that can't be locked down.
-
--   Reducing employee frustrations because of restrictive data management policies on enterprise-owned devices.
-
--   Helping to maintain the ownership and control of your enterprise data.
-
--   Helping control the network and data access and data sharing for apps that aren’t enterprise aware.
-
-### EDP-protection modes
-You can set EDP to 1 of 4 protection and management modes:
-
-|Mode|Description|
-|----|-----------|
-|Block |EDP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing info across non-enterprise-protected apps in addition to sharing enterprise data between apps or attempting to share outside of your organization’s network.|
-|Override |EDP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](http://go.microsoft.com/fwlink/p/?LinkID=746459). |
-|Silent |EDP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or EDP-protected data, are still blocked.|
-|Off |EDP is turned off and doesn't help to protect or audit your data.<p>After you turn off EDP, an attempt is made to decrypt any closed EDP-tagged files on the locally attached drives. |
-<p>**Note**<br>For more info about setting your EDP-protection modes, see either [Create an enterprise data protection (EDP) policy using Intune](create-edp-policy-using-intune.md) or [Create and deploy an enterprise data protection (EDP) policy using Configuration Manager](create-edp-policy-using-sccm.md), depending on your management solution.
-
-## Why use EDP?
-EDP gives you a new way to manage data policy enforcement for apps and documents, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune).
-
--   **Change the way you think about data policy enforcement.** As an enterprise admin, you need to maintain compliance in your data policy and data access. EDP helps make sure that your enterprise data is protected on both corporate and employee-owned devices, even when the employee isn’t using the device. When employees create content on an enterprise-protected device, they can choose to save it as a work document. If it's a work document, it becomes locally-maintained as enterprise data.
-
--   **Manage your enterprise documents, apps, and encryption modes.**
-
-    -   **Copying or downloading enterprise data.** When an employee or an app downloads content from a location like SharePoint, a network share, or an enterprise web location, while using an EDP-protected device, EDP encrypts the data on the device.
-
-    - **Using allowed apps.** Managed apps (apps that you've included on the protected apps list in your EDP policy) are allowed to access your enterprise data and will interact differently when used with unallowed, non-enterprise aware, or personal-only apps. For example, if EDP management is set to **Block**, your employees can copy and paste from one protected app to another protected app, but not to personal apps. Imagine an HR person wants to copy a job description from a protected app to the internal career website, an enterprise-protected location, but goofs and tries to paste into a personal app instead. The paste action fails and a notification pops up, saying that the app couldn’t paste because of a policy restriction. The HR person then correctly pastes to the career website without a problem.
-
-    -   **Managed apps and restrictions.** With EDP you can control which apps can access and use your enterprise data. After adding an app to your **Protected App** list, the app is trusted with enterprise data. All apps that aren’t on this list are blocked from accessing your enterprise network resources and your EDP-protected data.<p>
-    You don’t have to modify line-of-business apps that never touch personal data to list them as protected apps; just include them in the **Protected App** list.
-
-    -   **Deciding your level of data access.** EDP lets you block, allow overrides, or audit employees' data sharing actions. Blocking the action stops it immediately. Allowing overrides let the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without blocking anything that the employee could've overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your **Protected App** list.
-
-    -   **Continuous data encryption.** EDP helps protect enterprise data on local files and on removable media.<p>
-    Apps such as Microsoft Word work with EDP to help continue your data protection across local files and removable media. These apps are being referred to as, enterprise aware. For example, if an employee opens EDP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies EDP to the new document.
-
-    -   **Helping prevent accidental data disclosure to public spaces.** EDP helps protect your enterprise data from being accidentally shared to public spaces, such as public cloud storage. For example, if Dropbox™ isn’t on your **Protected App** list, employees won’t be able to sync encrypted files to their personal cloud storage. Instead, if the employee stores the content to an app on your **Protected Apps** list, like Microsoft OneDrive for Business, the encrypted files can sync freely to the cloud, while maintaining the encryption.
-
-    -   **Helping prevent accidental data disclosure to removable media.** EDP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t.
-
--   **Remove access to enterprise data from enterprise-protected devices.** EDP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.<p>**Note**<br>System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device.
-
-## Current limitations with EDP
-EDP is still in development and is not yet integrated with Azure Rights Management. This means that while you can deploy an EDP-configured policy to a protected device, that protection is restricted to a single user on the device. Additionally, the EDP-protected data must be stored on NTFS, FAT, or ExFAT file systems.
-
-Use the following table to identify the scenarios that require Azure Rights Management, the behavior when Azure Rights Management is not used with EDP, and the recommended workarounds.
-
-|EDP scenario |Without Azure Rights Management |Workaround |
-|-------------|--------------------------------|-----------|
-|Saving enterprise data to USB drives |Data in the new location remains encrypted, but becomes inaccessible on other devices or for other users. For example, the file won't open or the file opens, but doesn't contain readable text. |Share files with fellow employees through enterprise file servers or enterprise cloud locations. If data must be shared via USB, employees can decrypt protected files, but it will be audited.<p>We strongly recommend educating employees about how to limit or eliminate the need for this decryption. |
-|Synchronizing data to other services or public cloud storage |Synchronized files aren't protected on additional services or as part of public cloud storage. |Stop the app from synchronizing or don't add the app to your **Protected App** list.<p>For more info about adding apps to the **Protected App** list, see either the [Create an enterprise data protection (EDP) policy using Intune](create-edp-policy-using-intune.md) or the [Create and deploy an enterprise data protection (EDP) policy using Configuration Manager](create-edp-policy-using-sccm.md) topic, depending on your management solution.
-
-## Next steps
-After deciding to use EDP in your enterprise, you need to:
-
--   [Create an enterprise data protection (EDP) policy](overview-create-edp-policy.md)
\ No newline at end of file
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/protect-enterprise-data-using-wip 
+---
\ No newline at end of file
diff --git a/windows/keep-secure/protect-enterprise-data-using-wip.md b/windows/keep-secure/protect-enterprise-data-using-wip.md
new file mode 100644
index 0000000000..b6d01bc4cc
--- /dev/null
+++ b/windows/keep-secure/protect-enterprise-data-using-wip.md
@@ -0,0 +1,139 @@
+---
+title: Protect your enterprise data using Windows Information Protection (WIP) (Windows 10)
+description: With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control.
+ms.assetid: 6cca0119-5954-4757-b2bc-e0ea4d2c7032
+keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection, DLP, data loss prevention, data leakage protection
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+author: eross-msft
+localizationpriority: high
+---
+
+# Protect your enterprise data using Windows Information Protection (WIP)
+**Applies to:**
+
+-   Windows 10, version 1607
+-   Windows 10 Mobile
+
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
+With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
+
+Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside WIP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client.
+
+## Prerequisites
+You’ll need this software to run WIP in your enterprise:
+
+|Operating system | Management solution |
+|-----------------|---------------------|
+|Windows 10, version 1607 | Microsoft Intune<br>-OR-<br>System Center Configuration Manager<br>-OR-<br>Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product. If your 3rd party MDM does not have UI support for the policies, refer to the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt697634.aspx) documentation.|
+
+## What is enterprise data control?
+Effective collaboration means that you need to share data with others in your enterprise. This sharing can be from one extreme where everyone has access to everything without any security, all the way to the other extreme where people can’t share anything and it’s all highly secured. Most enterprises fall somewhere in between the two extremes, where success is balanced between providing the necessary access with the potential for improper data disclosure.
+
+As an admin, you can address the question of who gets access to your data by using access controls, such as employee credentials. However, just because someone has the right to access your data doesn’t guarantee that the data will remain within the secured locations of the enterprise. This means that while access controls are a great start, they’re not enough.
+
+In the end, all of these security measures have one thing in common: employees will tolerate only so much inconvenience before looking for ways around the security restrictions. For example, if you don’t allow employees to share files through a protected system, employees will turn to an outside app that more than likely lacks security controls.
+
+### Using data loss prevention systems
+To help address this security insufficiency, company’s developed data loss prevention (also known as DLP) systems. Data loss prevention systems require:
+- **A set of rules about how the system can identify and categorize the data that needs to be protected.** For example, a rule set might contain a rule that identifies credit card numbers and another rule that identifies Social Security numbers.
+
+- **A way to scan company data to see whether it matches any of your defined rules.** Currently, Microsoft Exchange Server and Exchange Online provide this service for email in transit, while Microsoft SharePoint and SharePoint Online provide this service for content stored in document libraries.
+
+- **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft data loss prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry).
+
+Unfortunately, data loss prevention systems have their own problems. For example, the more detailed the rule set, the more false positives are created, leading employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. But perhaps the biggest problem with data loss preventions systems is that it provides a jarring experience that interrupts the employees’ natural workflow by blocking some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn’t see and can’t understand.
+
+### Using information rights management systems
+To help address the potential data loss prevention system problems, company’s developed information rights management (also known as IRM) systems. Information rights management systems embed protection directly into documents, so that when an employee creates a document, he or she determines what kind of protection to apply. For example, an employee can choose to stop the document from being forwarded, printed, shared outside of the organization, and so on. 
+
+After the type of protection is set, the creating app encrypts the document so that only authorized people can open it, and even then, only in compatible apps. After an employee opens the document, the app becomes responsible for enforcing the specified protections. Because protection travels with the document, if an authorized person sends it to an unauthorized person, the unauthorized person won’t be able to read or change it. However, for this to work effectively information rights management systems require you to deploy and set up both a server and client environment. And, because only compatible clients can work with protected documents, an employees’ work might be unexpectedly interrupted if he or she attempts to use a non-compatible app.
+
+### And what about when an employee leaves the company or unenrolls a device?
+Finally, there’s the risk of data leaking from your company when an employee leaves or unenrolls a device. Previously, you would simply erase all of the corporate data from the device, along with any other personal data on the device.
+
+## Benefits of WIP
+WIP provides:
+- Obvious separation between personal and corporate data, without requiring employees to switch environments or apps.
+
+- Additional data protection for existing line-of-business apps without a need to update the apps.
+
+- Ability to wipe corporate data from devices while leaving personal data alone.
+
+- Use of audit reports for tracking issues and remedial actions.
+
+- Integration with your existing management system (Microsoft Intune, System Center Configuration Manager, or your current mobile device management (MDM) system) to configure, deploy, and manage WIP for your company.
+
+## Why use WIP?
+WIP gives you a new way to manage data policy enforcement for apps and documents, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune).
+
+-   **Change the way you think about data policy enforcement.** As an enterprise admin, you need to maintain compliance in your data policy and data access. WIP helps make sure that your enterprise data is protected on both corporate and employee-owned devices, even when the employee isn’t using the device. When employees create content on an enterprise-protected device, they can choose to save it as a work document. If it's a work document, it becomes locally-maintained as enterprise data.
+
+-   **Manage your enterprise documents, apps, and encryption modes.**
+
+    -   **Copying or downloading enterprise data.** When an employee or an app downloads content from a location like SharePoint, a network share, or an enterprise web location, while using a WIP-protected device, WIP encrypts the data on the device.
+
+    - **Using allowed apps.** Managed apps (apps that you've included on the Allowed Apps list in your WIP policy) are allowed to access your enterprise data and will interact differently when used with unallowed, non-enterprise aware, or personal-only apps. For example, if WIP management is set to **Block**, your employees can copy and paste from one protected app to another allowed app, but not to personal apps. Imagine an HR person wants to copy a job description from an allowed app to the internal career website, an enterprise-protected location, but goofs and tries to paste into a personal app instead. The paste action fails and a notification pops up, saying that the app couldn’t paste because of a policy restriction. The HR person then correctly pastes to the career website without a problem.
+
+    -   **Managed apps and restrictions.** With WIP you can control which apps can access and use your enterprise data. After adding an app to your allowed apps list, the app is trusted with enterprise data. All apps not on this list are blocked from accessing your enterprise data, depending on your WIP management-mode.
+    
+        You don’t have to modify line-of-business apps that never touch personal data to list them as allowed apps; just include them in the allowed apps list.
+
+    -   **Deciding your level of data access.** WIP lets you block, allow overrides, or audit employees' data sharing actions. Blocking the action stops it immediately. Allowing overrides lets the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without blocking anything that the employee could've overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your allowed apps list.
+
+    -   **Data encryption at rest.** WIP helps protect enterprise data on local files and on removable media.
+    
+        Apps such as Microsoft Word work with WIP to help continue your data protection across local files and removable media. These apps are being referred to as, enterprise aware. For example, if an employee opens WIP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies WIP to the new document.
+
+    -   **Helping prevent accidental data disclosure to public spaces.** WIP helps protect your enterprise data from being accidentally shared to public spaces, such as public cloud storage. For example, if Dropbox™ isn’t on your allowed apps list, employees won’t be able to sync encrypted files to their personal cloud storage. Instead, if the employee stores the content to an app on your allowed apps list, like Microsoft OneDrive for Business, the encrypted files can sync freely to the business cloud, while maintaining the encryption locally.
+
+    -   **Helping prevent accidental data disclosure to removable media.** WIP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t.
+
+-   **Remove access to enterprise data from enterprise-protected devices.** WIP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.
+    > **Note**<br>System Center Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device.
+
+## How WIP works
+WIP helps address your everyday challenges in the enterprise. Including:
+
+- Helping to prevent enterprise data leaks, even on employee-owned devices that can't be locked down.
+
+- Reducing employee frustrations because of restrictive data management policies on enterprise-owned devices.
+
+- Helping to maintain the ownership and control of your enterprise data.
+
+- Helping control the network and data access and data sharing for apps that aren’t enterprise aware
+
+### Enterprise scenarios
+WIP currently addresses these enterprise scenarios:
+- You can encrypt enterprise data on employee-owned and corporate-owned devices.
+
+- You can remotely wipe enterprise data off managed computers, including employee-owned computers, without affecting the personal data.
+
+- You can select specific apps that can access enterprise data, called "allowed apps" that are clearly recognizable to employees. You can also block non-protected apps from accessing enterprise data.
+
+- Your employees won't have their work otherwise interrupted while switching between personal and enterprise apps while the enterprise policies are in place. Switching environments or signing in multiple times isn’t required.
+
+### WIP-protection modes
+Enterprise data is automatically encrypted after it’s loaded on a device from an enterprise source or if an employee marks the data as corporate. Then, when the enterprise data is written to disk, WIP uses the Windows-provided Encrypting File System (EFS) to protect it and associate it with your enterprise identity.
+
+Your WIP policy includes a list of trusted apps that are allowed to access and process corporate data. This list of apps is implemented through the [AppLocker](applocker-overview.md) functionality, controlling what apps are allowed to run and letting the Windows operating system know that the apps can edit corporate data. Apps included on this list don’t have to be modified to open corporate data because their presence on the list allows Windows to determine whether to grant them access. However, new for Windows 10, app developers can use a new set of application programming interfaces (APIs) to create *enlightened* apps that can use and edit both enterprise and personal data. A huge benefit to working with enlightened apps is that dual-use apps, like Microsoft Word, can be used with less concern about encrypting personal data by mistake because the APIs allow the app to determine whether data is owned by the enterprise or if it’s personally owned.
+
+You can set your WIP policy to use 1 of 4 protection and management modes:
+
+|Mode|Description|
+|----|-----------|
+|Block |WIP looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing enterprise data to non-enterprise-protected apps in addition to sharing enterprise data between apps or attempting to share outside of your organization’s network.|
+|Override |WIP looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log, accessible through the [Reporting CSP](https://go.microsoft.com/fwlink/p/?LinkID=746459). |
+|Silent |WIP runs silently, logging inappropriate data sharing, without blocking anything that would’ve been prompted for employee interaction while in Override mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still blocked.|
+|Off |WIP is turned off and doesn't help to protect or audit your data.<p>After you turn off WIP, an attempt is made to decrypt any closed WIP-tagged files on the locally attached drives.<p>**Note**<br>For more info about setting your WIP-protection modes, see either [Create a Windows Information Protection (WIP) policy using Intune](create-wip-policy-using-intune.md) or [Create and deploy a Windows Information Protection (WIP) policy using Configuration Manager](create-wip-policy-using-sccm.md), depending on your management solution. |
+
+## Turn off WIP
+You can turn off all Windows Information Protection and restrictions, reverting to where you were pre-WIP, with no data loss. However, turning off WIP isn't recommended. If you choose to turn it off, you can always turn it back on, but WIP won't retain your decryption and policies info.
+
+## Next steps
+After deciding to use WIP in your enterprise, you need to:
+
+-   [Create a Windows Information Protection (WIP) policy](overview-create-wip-policy.md)
diff --git a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index 61313be105..0ebb719b2e 100644
--- a/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/keep-secure/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -123,7 +123,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware li
     -   The first TPM specification, version 1.2, was published in February 2005 by the TCG and standardized under ISO / IEC 11889 standard.
     -   The latest TPM specification, referred to as TPM 2.0, was released in April 2014 and has been approved by the ISO/IEC Joint Technical Committee (JTC) as ISO/IEC 11889:2015.
 
-    Windows 10 uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Microsoft Passport, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=733948).
+    Windows 10 uses the TPM for cryptographic calculations as part of health attestation and to protect the keys for BitLocker, Microsoft Passport, virtual smart cards, and other public key certificates. For more information, see [TPM requirements in Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=733948).
 
     Windows 10 recognizes versions 1.2 and 2.0 TPM specifications produced by the TCG. For the most recent and modern security features, Windows 10 supports only TPM 2.0. TPM 2.0 is required for device health attestation.
 
@@ -183,7 +183,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware li
 
     HVCI uses virtualization-based security to isolate Code Integrity, the only way kernel memory can become executable is through a Code Integrity verification. This means that kernel memory pages can never be Writable and Executable (W+X) and executable code cannot be directly modified.
 
-    >**Note:**  Device Guard devices that run Kernel Mode Code Integrity with virtualization-based security must have compatible drivers. For additional information, please read the [Driver compatibility with Device Guard in Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=691612) blog post.
+    >**Note:**  Device Guard devices that run Kernel Mode Code Integrity with virtualization-based security must have compatible drivers. For additional information, please read the [Driver compatibility with Device Guard in Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=691612) blog post.
      
     The Device Guard Code Integrity feature lets organizations control what code is trusted to run into the Windows kernel and what applications are approved to run in user mode. It’s configurable by using a policy.
     Device Guard Code Integrity policy is a binary file that Microsoft recommends you sign. The signing of the Code Integrity policy aids in the protection against a malicious user with Administrator privileges trying to modify or remove the current Code Integrity policy.
@@ -198,7 +198,7 @@ Windows 10 supports features to help prevent sophisticated low-level malware li
 
     Windows 10 takes measurements of the UEFI firmware and each of the Windows and antimalware components are made as they load during the boot process. Additionally, they are taken and measured sequentially, not all at once. When these measurements are complete, their values are digitally signed and stored securely in the TPM and cannot be changed unless the system is reset.
 
-    For more information, see [Secured Boot and Measured Boot: Hardening Early Boot Components Against Malware](http://go.microsoft.com/fwlink/p/?LinkId=733950).
+    For more information, see [Secured Boot and Measured Boot: Hardening Early Boot Components Against Malware](https://go.microsoft.com/fwlink/p/?LinkId=733950).
 
     During each subsequent boot, the same components are measured, which allows comparison of the measurements against an expected baseline. For additional security, the values measured by the TPM can be signed and transmitted to a remote server, which can then perform the comparison. This process, called *remote device health attestation*, allows the server to verify health status of the Windows device.
 
@@ -216,7 +216,7 @@ The following Windows 10 services are protected with virtualization-based secur
 
 -   **Credential Guard** (LSA Credential Isolation): prevents pass-the-hash attacks and enterprise credential theft that happens by reading and dumping the content of lsass memory
 -   **Device Guard** (Hyper-V Code Integrity): Device Guard uses the new virtualization-based security in Windows 10 to isolate the Code Integrity service from the Windows kernel itself, which lets the service use signatures defined by your enterprise-controlled policy to help determine what is trustworthy. In effect, the Code Integrity service runs alongside the kernel in a Windows hypervisor-protected container.
--   **Other isolated services**: for example, on Windows Server Technical Preview 2016, there is the vTPM feature that allows you to have encrypted virtual machines (VMs) on servers.
+-   **Other isolated services**: for example, on Windows Server 2016, there is the vTPM feature that allows you to have encrypted virtual machines (VMs) on servers.
 
 >**Note:**  Virtualization-based security is only available with Windows 10 Enterprise. Virtualization-based security requires devices with UEFI (2.3.1 or higher) with Secure Boot enabled, x64 processor with Virtualization Extensions and SLAT enabled. IOMMU, TPM 2.0. and support for Secure Memory overwritten are optional, but recommended.
  
@@ -245,7 +245,7 @@ The trust decision to execute code is performed by using Hyper-V Code Integrity,
 
 Hyper-V Code Integrity is a feature that validates the integrity of a driver or system file each time it is loaded into memory. Code integrity detects whether an unsigned driver or system file is being loaded into the kernel, or whether a system file has been modified by malicious software that is being run by a user account with Administrator privileges. On x64-based versions of Windows 10 kernel-mode drivers must be digitally signed.
 
->**Note:**  Independently of activation of Device Guard Policy, [Windows 10 by default raises the bar for what runs in the kernel](http://go.microsoft.com/fwlink/p/?LinkId=691613). Windows 10 drivers must be signed by Microsoft, and more specifically, by the WHQL (Windows Hardware Quality Labs) portal. Additionally, starting in October 2015, the WHQL portal will only accept driver submissions, including both kernel and user mode driver submissions, that have a valid Extended Validation (“EV”) Code Signing Certificate.
+>**Note:**  Independently of activation of Device Guard Policy, [Windows 10 by default raises the bar for what runs in the kernel](https://go.microsoft.com/fwlink/p/?LinkId=691613). Windows 10 drivers must be signed by Microsoft, and more specifically, by the WHQL (Windows Hardware Quality Labs) portal. Additionally, starting in October 2015, the WHQL portal will only accept driver submissions, including both kernel and user mode driver submissions, that have a valid Extended Validation (“EV”) Code Signing Certificate.
  
 With Device Guard in Windows 10, organizations are now able to define their own Code Integrity policy for use on x64 systems running Windows 10 Enterprise. Organizations have the ability to configure the policy that determines what is trusted to run. These include drivers and system files, as well as traditional desktop applications and scripts. The system is then locked down to only run applications that the organization trusts.
 
@@ -325,7 +325,7 @@ For more information on device health attestation, see the [Detect an unhealthy
 
 ### <a href="" id="hardware-req"></a>Hardware requirements
 
-The following table details the hardware requirements for both virtualization-based security services and the health attestation feature. For more information, see [Minimum hardware requirements](http://go.microsoft.com/fwlink/p/?LinkId=733951).
+The following table details the hardware requirements for both virtualization-based security services and the health attestation feature. For more information, see [Minimum hardware requirements](https://go.microsoft.com/fwlink/p/?LinkId=733951).
 
 <table>
 <colgroup>
@@ -475,7 +475,7 @@ The TPM has an embedded unique cryptographic key called the endorsement key. The
 
 The endorsement key public key is generally used for sending securely sensitive parameters, such as when taking possession of the TPM that contains the defining hash of the owner password. The EK private key is used when creating secondary keys like AIKs.
 
-The endorsement key acts as an identity card for the TPM. For more information, see [Understand the TPM endorsement key](http://go.microsoft.com/fwlink/p/?LinkId=733952).
+The endorsement key acts as an identity card for the TPM. For more information, see [Understand the TPM endorsement key](https://go.microsoft.com/fwlink/p/?LinkId=733952).
 
 The endorsement key is often accompanied by one or two digital certificates:
 
@@ -573,7 +573,7 @@ The Health Attestation Service provides the following information to an MDM solu
 -   Safe Mode boot, DEP enablement, test signing enablement
 -   Device TPM has been provisioned with a trusted endorsement certificate
 
-For completeness of the measurements, see [Health Attestation CSP](http://go.microsoft.com/fwlink/p/?LinkId=733949).
+For completeness of the measurements, see [Health Attestation CSP](https://go.microsoft.com/fwlink/p/?LinkId=733949).
 
 The following table presents some key items that can be reported back to MDM depending on the type of Windows 10-based device.
 
@@ -662,7 +662,7 @@ Today’s access control technology, in most cases, focuses on ensuring that the
 
 The remote device health attestation process uses measured boot data to verify the health status of the device. The health of the device is then available for an MDM solution like Intune.
 
->**Note:**  For the latest information on Intune and Windows 10 features support, see the [Microsoft Intune blog](http://go.microsoft.com/fwlink/p/?LinkId=691614) and [What's new in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733956).
+>**Note:**  For the latest information on Intune and Windows 10 features support, see the [Microsoft Intune blog](https://go.microsoft.com/fwlink/p/?LinkId=691614) and [What's new in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733956).
  
 The figure below shows how the Health Attestation Service is expected to work with Microsoft’s cloud-based Intune MDM service.
 
@@ -679,9 +679,9 @@ Windows 10 has an MDM client that ships as part of the operating system. This e
 
 ### Third-party MDM server support
 
-Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a compatible server that supports the OMA-DM protocol to perform enterprise management tasks. For additional information, see [Azure Active Directory integration with MDM](http://go.microsoft.com/fwlink/p/?LinkId=733954).
+Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a compatible server that supports the OMA-DM protocol to perform enterprise management tasks. For additional information, see [Azure Active Directory integration with MDM](https://go.microsoft.com/fwlink/p/?LinkId=733954).
 
->**Note:**  MDM servers do not need to create or download a client to manage Windows 10. For more information, see [Mobile device management](http://go.microsoft.com/fwlink/p/?LinkId=733955).
+>**Note:**  MDM servers do not need to create or download a client to manage Windows 10. For more information, see [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=733955).
  
 The third-party MDM server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users.
 
@@ -689,7 +689,7 @@ The third-party MDM server will have the same consistent first-party user experi
 
 This management infrastructure makes it possible for IT pros to use MDM-capable products like Intune, to manage health attestation, Device Guard, or Windows Defender on Windows 10-based devices, including BYODs that aren’t domain joined. IT pros will be able to manage and configure all of the actions and settings they are familiar with customizing by using Intune with Intune Endpoint Protection on down-level operating systems. Admins that currently only manage domain joined devices through Group Policy will find it easy to transition to managing Windows 10-based devices by using MDM because many of the settings and actions are shared across both mechanisms.
 
-For more information on how to manage Windows 10 security and system settings with an MDM solution, see [Custom URI settings for Windows 10 devices](http://go.microsoft.com/fwlink/p/?LinkId=733953).
+For more information on how to manage Windows 10 security and system settings with an MDM solution, see [Custom URI settings for Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkId=733953).
 
 ### Conditional access control
 
@@ -710,7 +710,7 @@ When a user requests access to an Office 365 service from a supported device pla
 
 When a user enrolls, the device is registered with Azure AD, and enrolled with a compatible MDM solution like Intune.
 
->**Note**  Microsoft is working with third-party MDM ISVs to support automated MDM enrollment and policy based access checks. Steps to turn on auto-MDM enrollment with Azure AD and Intune are explained in the [Windows 10, Azure AD And Microsoft Intune: Automatic MDM Enrollment Powered By The Cloud!](http://go.microsoft.com/fwlink/p/?LinkId=691615) blog post.
+>**Note**  Microsoft is working with third-party MDM ISVs to support automated MDM enrollment and policy based access checks. Steps to turn on auto-MDM enrollment with Azure AD and Intune are explained in the [Windows 10, Azure AD And Microsoft Intune: Automatic MDM Enrollment Powered By The Cloud!](https://go.microsoft.com/fwlink/p/?LinkId=691615) blog post.
  
 When a user enrolls a device successfully, the device becomes trusted. Azure AD provides single-sign-on to access company applications and enforces conditional access policy to grant access to a service not only the first time the user requests access, but every time the user requests to renew access.
 
@@ -732,7 +732,7 @@ To get to a compliant state, the Windows 10-based device needs to:
 -   Register with Azure AD.
 -   Be compliant with the device policies set by the MDM solution.
 
->**Note:**  At the present time, conditional access policies are selectively enforced on users on iOS and Android devices. For more information, see the [Azure AD, Microsoft Intune and Windows 10 – Using the cloud to modernize enterprise mobility!](http://go.microsoft.com/fwlink/p/?LinkId=691616) blog post.
+>**Note:**  At the present time, conditional access policies are selectively enforced on users on iOS and Android devices. For more information, see the [Azure AD, Microsoft Intune and Windows 10 – Using the cloud to modernize enterprise mobility!](https://go.microsoft.com/fwlink/p/?LinkId=691616) blog post.
  
 ### <a href="" id="cloud-and-on-premises-apps-conditional-access-control-"></a>Cloud and on-premises apps conditional access control
 
@@ -740,14 +740,14 @@ Conditional access control is a powerful policy evaluation engine built into Azu
 
 IT pros can configure conditional access control policies for cloud SaaS applications secured by Azure AD and even on-premises applications. Access rules in Azure AD leverage the conditional access engine to check device health and compliance state reported by a compatible MDM solution like Intune in order to determine whether to allow access.
 
-For more information about conditional access, see [Azure Conditional Access Preview for SaaS Apps.](http://go.microsoft.com/fwlink/p/?LinkId=524807)
+For more information about conditional access, see [Azure Conditional Access Preview for SaaS Apps.](https://go.microsoft.com/fwlink/p/?LinkId=524807)
 
->**Note:**  Conditional access control is an Azure AD Premium feature that's also available with EMS. If you don't have an Azure AD Premium subscription, you can get a trial from the [Microsoft Azure](http://go.microsoft.com/fwlink/p/?LinkId=691617) site.
+>**Note:**  Conditional access control is an Azure AD Premium feature that's also available with EMS. If you don't have an Azure AD Premium subscription, you can get a trial from the [Microsoft Azure](https://go.microsoft.com/fwlink/p/?LinkId=691617) site.
  
 For on-premises applications there are two options to enable conditional access control based on a device's compliance state:
 
--   For on-premises applications that are published through the Azure AD Application Proxy, you can configure conditional access control policies as you would for cloud applications. For more details, see the [Azure AD Conditional Access preview updated: Now supports On-Premises and Custom LOB apps](http://go.microsoft.com/fwlink/p/?LinkId=691618) blog post.
--   Additionally, Azure AD Connect will sync device compliance information from Azure AD to on-premises AD. ADFS on Windows Server Technical Preview 2016 will support conditional access control based on a device's compliance state. IT pros will configure conditional access control policies in ADFS that use the device's compliance state reported by a compatible MDM solution to secure on-premises applications.
+-   For on-premises applications that are published through the Azure AD Application Proxy, you can configure conditional access control policies as you would for cloud applications. For more details, see the [Azure AD Conditional Access preview updated: Now supports On-Premises and Custom LOB apps](https://go.microsoft.com/fwlink/p/?LinkId=691618) blog post.
+-   Additionally, Azure AD Connect will sync device compliance information from Azure AD to on-premises AD. ADFS on Windows Server 2016 will support conditional access control based on a device's compliance state. IT pros will configure conditional access control policies in ADFS that use the device's compliance state reported by a compatible MDM solution to secure on-premises applications.
 
 ![figure 13](images/hva-fig12-conditionalaccess12.png)
 
@@ -768,7 +768,7 @@ The following process describes how Azure AD conditional access works:
 13. If the device is compliant and the user is authorized, an access token is generated.
 14. User can access the corporate managed asset.
 
-For more information about Azure AD join, see the [Azure AD & Windows 10: Better Together for Work or School](http://go.microsoft.com/fwlink/p/?LinkId=691619) white paper.
+For more information about Azure AD join, see the [Azure AD & Windows 10: Better Together for Work or School](https://go.microsoft.com/fwlink/p/?LinkId=691619) white paper.
 
 Conditional access control is a topic that many organizations and IT pros may not know as well as they should. The different attributes that describe a user, a device, compliance, and context of access are very powerful when used with a conditional access engine. Conditional access control is an essential step that helps organizations secure their environment.
 
@@ -822,4 +822,4 @@ Health attestation is a key feature of Windows 10 that includes client and clou
 
 - [Protect derived domain credentials with Credential Guard](credential-guard.md)
 - [Device Guard deployment guide](device-guard-deployment-guide.md)
-- [Trusted Platform Module technology overview](http://go.microsoft.com/fwlink/p/?LinkId=733957)
+- [Trusted Platform Module technology overview](https://go.microsoft.com/fwlink/p/?LinkId=733957)
diff --git a/windows/keep-secure/remote-credential-guard.md b/windows/keep-secure/remote-credential-guard.md
new file mode 100644
index 0000000000..575cb5f7f2
--- /dev/null
+++ b/windows/keep-secure/remote-credential-guard.md
@@ -0,0 +1,103 @@
+---
+title: Protect Remote Desktop credentials with Remote Credential Guard (Windows 10)
+description: Remote Credential Guard helps to secure your Remote Desktop credentials by never sending them to the target device.
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+author: brianlic-msft
+---
+#  Protect Remote Desktop credentials with Remote Credential Guard
+
+**Applies to**
+-   Windows 10
+-   Windows Server 2016
+
+Introduced in Windows 10, version 1607, Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that's requesting the connection. It also provides single sign on experiences for Remote Desktop sessions. If the target device is compromised, your credentials are not exposed because both credential and credential derivatives are never sent to the target device.
+
+You can use Remote Credential Guard in the following ways:
+
+- Administrator credentials are highly privileged and must be protected. By using Remote Credential Guard to connect, you can be assured that your credentials are not passed over the network to the target device.
+
+- Helpdesk employees in your organization must connect to domain-joined devices that could be compromised. With Remote Credential Guard, the helpdesk employee can use RDP to connect to the target device without compromising their credentials to malware.
+
+Use the following diagrams to help understand how Remote Credential Guard works and what it helps protect against.
+
+![Remote Credential Guard](images/remote-credential-guard.png)
+
+## Hardware and software requirements
+
+The Remote Desktop client and server must meet the following requirements in order to use Remote Credential Guard:
+
+- They must be joined to an Active Directory domain
+    - Both devices must either joined to the same domain or the Remote Desktop server must be joined to a domain with a trust relationship to the client device's domain.
+- They must use Kerberos authentication.
+- They must be running at least Windows 10, version 1607 or Windows Server 2016.
+- The Remote Desktop classic Windows app is required. The Remote Desktop Universal Windows Platform app doesn't support Remote Credential Guard.
+
+
+## Enable Remote Credential Guard
+
+You must enable Remote Credential Guard on the target device by using the registry.
+
+1. Open Registry Editor.
+2. Enable Remote Credential Guard:
+    - Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Lsa.
+    - Add a new DWORD value named **DisableRestrictedAdmin**. Set the value of this registry setting to 0 to turn on Remote Credential Guard.
+3. Close Registry Editor.
+
+You can add this by running the following from an elevated command prompt:
+
+```
+reg add HKLM\SYSTEM\CurrentControlSet\Control\Lsa /v DisableRestrictedAdmin /d 0 /t REG_DWORD
+```
+
+## Using Remote Credential Guard
+
+You can use Remote Credential Guard on the client device by setting a Group Policy or by using a parameter with Remote Desktop Connection. 
+
+### Turn on Remote Credential Guard by using Group Policy
+
+1. From the Group Policy Management Console, go to **Computer Configuration** -> **Administrative Templates** -> **System** -> **Credentials Delegation**.
+2. Double-click **Restrict delegation of credentials to remote servers**.
+3. In the **Use the following restricted mode** box:
+    - If you want to require either [Restricted Admin mode](http://social.technet.microsoft.com/wiki/contents/articles/32905.how-to-enable-restricted-admin-mode-for-remote-desktop.aspx) or Remote Credential Guard, choose **Require Remote Credential Guard**. In this configuration, Remote Credential Guard is preferred, but it will use Restricted Admin mode (if supported) when Remote Credential Guard cannot be used.
+
+        > **Note:**  Neither Remote Credential Guard nor Restricted Admin mode will send credentials in clear text to the Remote Desktop server.
+        
+    - If you want to allow Remote Credential Guard, choose **Prefer Remote Credential Guard**.
+4. Click **OK**.
+
+    ![Remote Credential Guard Group Policy](images/remote-credential-guard-gp.png)
+
+5. Close the Group Policy Management Console.
+
+6. From a command prompt, run **gpupdate.exe /force** to ensure that the Group Policy object is applied.
+
+
+### Use Remote Credential Guard with a parameter to Remote Desktop Connection 
+
+If you don't use Group Policy in your organization, you can add the remoteGuard parameter when you start Remote Desktop Connection to turn on Remote Credential Guard for that connection.
+
+```
+mstsc.exe /remoteGuard
+```
+
+
+## Considerations when using Remote Credential Guard
+
+- Remote Credential Guard does not include device claims. For example, if you’re trying to access a file server from the remote and the file server requires device claim, access will be denied.
+
+- Remote Credential Guard cannot be used to connect to a device that is joined to Azure Active Directory.
+
+- Remote Desktop Credential Guard only works with the RDP protocol.
+
+- No credentials are sent to the target device, but the target device still acquires the Kerberos Service Tickets on its own.
+
+- Remote Desktop Gateway is not compatible with Remote Credential Guard.
+
+- You cannot used saved credentials or credentials that are different than yours. You must use the credentials of the user who is logged into the device.
+
+- Both the client and the server must be joined to the same domain or the domains must have a trust relationship.
+
+- The server and client must authenticate using Kerberos.
\ No newline at end of file
diff --git a/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md b/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
index 890eaf1d99..42da77aa05 100644
--- a/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/keep-secure/require-encryption-when-accessing-sensitive-network-resources.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 The use of authentication in the previously described goal ([Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)) enables a device in the isolated domain to block traffic from untrusted devices. However, it does not prevent an untrusted device from eavesdropping on the network traffic shared between two trusted devices, because by default network packets are not encrypted.
 
diff --git a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md
index 444e4cc534..13b3f05f42 100644
--- a/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md
+++ b/windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md
@@ -4,6 +4,7 @@ description: To help you plan a deployment of Microsoft Device Guard, this artic
 keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
+localizationpriority: high
 author: brianlic-msft
 ---
 
@@ -22,7 +23,9 @@ This article describes the following:
 - [Reviewing your applications: application signing and catalog files](#reviewing-your-applications-application-signing-and-catalog-files)
 - [Code integrity policy formats and signing](#code-integrity-policy-formats-and-signing)
 
-The information in this article provides a foundation for [Planning and getting started on the Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md).
+The information in this article is intended for IT professionals, and provides a foundation for [Planning and getting started on the Device Guard deployment process](planning-and-getting-started-on-the-device-guard-deployment-process.md).
+
+>**Note**&nbsp;&nbsp;If you are an OEM, see the requirements information at [PC OEM requirements for Device Guard and Credential Guard](https://msdn.microsoft.com/library/windows/hardware/mt767514(v=vs.85).aspx).
 
 ## Hardware, firmware, and software requirements for Device Guard
 
@@ -55,7 +58,7 @@ The following tables provide more information about the hardware, firmware, and
 
 The following tables describes additional hardware and firmware requirements, and the improved security that is available when those requirements are met.
 
-### 2015 Additional Qualification Requirements for Device Guard (Windows 10, version 1507 and Windows 10, version 1511)
+### 2015 Additional Qualification Requirements for Device Guard (starting with Windows 10, version 1507, and Windows Server 2016, Technical Preview 4)
 
 | Protections for Improved Security - requirement         | Description                                        |
 |---------------------------------------------|----------------------------------------------------|
@@ -63,7 +66,7 @@ The following tables describes additional hardware and firmware requirements, an
 
 <br>
 
-### 2016 Additional Qualification Requirements for Device Guard (Windows 10, version 1607)
+### 2016 Additional Qualification Requirements for Device Guard (starting with Windows 10, version 1607, and Windows Server 2016)
 
 > **Important**&nbsp;&nbsp;The following tables list requirements for improved security, beyond the level of protection described in the preceding tables. You can use Device Guard with hardware, firmware, and software that do not support the following protections for improved security. As your systems meet more requirements, more protections become available to them.
 
diff --git a/windows/keep-secure/requirements-to-use-applocker.md b/windows/keep-secure/requirements-to-use-applocker.md
index 6389eb2755..60ac319a63 100644
--- a/windows/keep-secure/requirements-to-use-applocker.md
+++ b/windows/keep-secure/requirements-to-use-applocker.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: high
 author: brianlic-msft
 ---
 
@@ -32,7 +33,7 @@ The following table show the on which operating systems AppLocker features are s
 
 | Version | Can be configured | Can be enforced | Available rules | Notes |
 | - | - | - | - | - |
-| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10. You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise and Windows Server 2016 Technical Preview. |
+| Windows 10| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| You can use the [AppLocker CSP](http://msdn.microsoft.com/library/windows/hardware/dn920019.aspx) to configure AppLocker policies on any edition of Windows 10. You can only manage AppLocker with Group Policy on devices running Windows 10 Enterprise and Windows Server 2016. |
 | Windows Server 2012 R2| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| | 
 | Windows 8.1| Yes| Yes| Packaged apps<br/>Executable<br/>Windows Installer<br/>Script<br/>DLL| Only the Enterprise edition supports AppLocker| 
 | Windows RT 8.1| No| No| N/A||  
diff --git a/windows/keep-secure/restrict-access-to-only-specified-users-or-devices.md b/windows/keep-secure/restrict-access-to-only-specified-users-or-devices.md
index 049625343b..fa2225b9c4 100644
--- a/windows/keep-secure/restrict-access-to-only-specified-users-or-devices.md
+++ b/windows/keep-secure/restrict-access-to-only-specified-users-or-devices.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Domain isolation (as described in the previous goal [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)) prevents devices that are members of the isolated domain from accepting network traffic from untrusted devices. However, some devices on the network might host sensitive data that must be additionally restricted to only those users and computers that have a business requirement to access the data.
 
diff --git a/windows/keep-secure/restrict-access-to-only-trusted-devices.md b/windows/keep-secure/restrict-access-to-only-trusted-devices.md
index d2b47a2dbe..dc34b9ac84 100644
--- a/windows/keep-secure/restrict-access-to-only-trusted-devices.md
+++ b/windows/keep-secure/restrict-access-to-only-trusted-devices.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Your organizational network likely has a connection to the Internet. You also likely have partners, vendors, or contractors who attach devices that are not owned by your organization to your network. Because you do not manage those devices, you cannot trust them to be free of malicious software, maintained with the latest security updates, or in any way in compliance with your organization's security policies. These untrustworthy devices both on and outside of your physical network must not be permitted to access your organization's devices except where it is truly required.
 
diff --git a/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md b/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md
index 85d7267abb..57d1bc1e9d 100644
--- a/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md
+++ b/windows/keep-secure/restrict-server-access-to-members-of-a-group-only.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 After you have configured the IPsec connection security rules that force client devices to authenticate their connections to the isolated server, you must configure the rules that restrict access to only those devices or users who have been identified through the authentication process as members of the isolated server’s access group.
 
diff --git a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md
index 9e6debeb0f..2234eebd86 100644
--- a/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md
+++ b/windows/keep-secure/run-cmd-scan-windows-defender-for-windows-10.md
@@ -1,13 +1,14 @@
 ---
-title: Run a scan from the command line in Windows Defender in Windows 10 (Windows 10)
-description: IT professionals can run a scan using the command line in Windows Defender in Windows 10.
-keywords: scan, command line, mpcmdrun, defender
+title: Learn how to run a scan from command line in Windows Defender (Windows 10)
+description: Windows Defender utility enables IT professionals to use command line to run antivirus scans.
+keywords: run windows defender scan, run antivirus scan from command line, run windows defender scan from command line, mpcmdrun, defender
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: mjcaparas
 ---
 
@@ -19,19 +20,19 @@ author: mjcaparas
 
 IT professionals can use a command-line utility to run a Windows Defender scan. 
 
-The utility is available in _%Program Files%\Windows Defender\MpCmdRun.exe_
+The utility is available in _%Program Files%\Windows Defender\MpCmdRun.exe_.
 
 This utility can be handy when you want to automate the use of Windows Defender. 
 
-**To run a full system scan from the command line**
+**To run a quick scan from the command line**
 
 1. Click **Start**, type **cmd**, and press **Enter**.
 2. Navigate to _%ProgramFiles%\Windows Defender_ and enter the following command, and press **Enter**:
 
 ```
-C:\Program Files\Windows Defender\mpcmdrun.exe -scan -scantype 2
+C:\Program Files\Windows Defender\mpcmdrun.exe -scan -scantype 1
 ```
-The full scan will start. When the scan completes, you'll see a message indicating that the scan is finished. 
+The quick scan will start. When the scan completes, you'll see a message indicating that the scan is finished. 
 
 
 The utility also provides other commands that you can run:
@@ -43,12 +44,12 @@ MpCmdRun.exe [command] [-options]
 Command | Description 
 :---|:---
 \- ? / -h | Displays all available options for the tool
-\-Scan [-ScanType #] [-File <path> [-DisableRemediation] [-BootSectorScan]][-Timeout <days>] | Scans for malicious softare
+\-Scan [-ScanType #] [-File <path> [-DisableRemediation] [-BootSectorScan]][-Timeout <days>] | Scans for malicious software
 \-Trace  [-Grouping #] [-Level #]| Starts diagnostic tracing
 \-GetFiles | Collects support information
 \-RemoveDefinitions [-All] | Restores the installed signature definitions to a previous backup copy or to the original default set of signatures
-\-AddDynamicSignature [-Path] | Loads a dyanmic signature
+\-AddDynamicSignature [-Path] | Loads a dynamic signature
 \-ListAllDynamicSignature [-Path] | Lists the loaded dynamic signatures
 \-RemoveDynamicSignature [-SignatureSetID] | Removes a dynamic signature
-\-EnableIntegrityServices | Enables integrity services
-\-SubmitSamples | Submit all sample requests 
\ No newline at end of file
+<br>
+The command-line utility provides detailed information on the other commands supported by the tool. 
diff --git a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2.md
index fa9c66bfb4..c6875dfdd6 100644
--- a/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2.md
+++ b/windows/keep-secure/securing-end-to-end-ipsec-connections-by-using-ikev2.md
@@ -12,7 +12,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 IKEv2 offers the following:
 
@@ -40,7 +40,7 @@ You can use IKEv2 as a virtual private network (VPN) tunneling protocol that sup
 
 -   [Troubleshooting](#troubleshooting)
 
->**Note:**  This topic includes sample Windows PowerShell cmdlets. For more info, see [How to Run a Windows PowerShell Cmdlet](http://go.microsoft.com/fwlink/p/?linkid=230693).
+>**Note:**  This topic includes sample Windows PowerShell cmdlets. For more info, see [How to Run a Windows PowerShell Cmdlet](https://go.microsoft.com/fwlink/p/?linkid=230693).
 
 ## Prerequisites
 
diff --git a/windows/keep-secure/security-considerations-for-applocker.md b/windows/keep-secure/security-considerations-for-applocker.md
index f7c0df0eab..c959f1bfd0 100644
--- a/windows/keep-secure/security-considerations-for-applocker.md
+++ b/windows/keep-secure/security-considerations-for-applocker.md
@@ -40,6 +40,8 @@ AppLocker can only control VBScript, JScript, .bat files, .cmd files, and Window
 AppLocker rules either allow or prevent an application from launching. AppLocker does not control the behavior of applications after they are launched. Applications could contain flags passed to functions that signal AppLocker to circumvent the rules and allow another .exe or .dll to be loaded. In practice, an application that is allowed by AppLocker could use these flags to bypass AppLocker rules and launch child processes. You must thoroughly examine each application before allowing them to run by using AppLocker rules.
 
 >**Note:**  Two flags that illustrate this condition are `SANDBOX_INERT`, which can be passed to `CreateRestrictedToken`, and `LOAD_IGNORE_CODE_AUTHZ_LEVEL`, which can be passed to `LoadLibraryEx`. Both of these flags signal AppLocker to circumvent the rules and allow a child .exe or .dll to be loaded.
+
+You can block the Windows Subsystem for Linux by blocking LxssManager.dll.
  
 ## Related topics
 
diff --git a/windows/keep-secure/server-isolation-gpos.md b/windows/keep-secure/server-isolation-gpos.md
index 149730d1a5..e0075d930f 100644
--- a/windows/keep-secure/server-isolation-gpos.md
+++ b/windows/keep-secure/server-isolation-gpos.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Each set of devices that have different users or devices accessing them require a separate server isolation zone. Each zone requires one GPO for each version of Windows running on devices in the zone. The Woodgrove Bank example has an isolation zone for their devices that run SQL Server. The server isolation zone is logically considered part of the encryption zone. Therefore, server isolation zone GPOs must also include rules for encrypting all isolated server traffic. Woodgrove Bank copied the encryption zone GPOs to serve as a starting point, and renamed them to reflect their new purpose.
 
diff --git a/windows/keep-secure/server-isolation-policy-design-example.md b/windows/keep-secure/server-isolation-policy-design-example.md
index 4d38ed4c99..f6ddc73bf4 100644
--- a/windows/keep-secure/server-isolation-policy-design-example.md
+++ b/windows/keep-secure/server-isolation-policy-design-example.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This design example continues to use the fictitious company Woodgrove Bank, as described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section and the [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) section.
 
diff --git a/windows/keep-secure/server-isolation-policy-design.md b/windows/keep-secure/server-isolation-policy-design.md
index a2397773da..de45c1b7c7 100644
--- a/windows/keep-secure/server-isolation-policy-design.md
+++ b/windows/keep-secure/server-isolation-policy-design.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 In the server isolation policy design, you assign servers to a zone that allows access only to users and devices that authenticate as members of an approved network access group (NAG).
 
diff --git a/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md b/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
index 81d0358abb..a5df900c1d 100644
--- a/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/settings-windows-defender-advanced-threat-protection.md
@@ -8,17 +8,19 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: DulceMV
+localizationpriority: high
 ---
 
 # Windows Defender Advanced Threat Protection settings
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
 Use the **Settings** menu ![Settings icon](images/settings.png) to configure the time zone, suppression rules, and view license information.
 
 ## Time zone settings
@@ -52,7 +54,7 @@ To set the time zone:
 3.	The time zone indicator changes to **Timezone:Local**. Click it again to change back to **Timezone:UTC**.
 
 ## Suppression rules
-The suppression rules control what alerts are suppressed. You can suppress alerts so that certain activities are not flagged as suspicious. See [Suppress alerts](manage-alerts-windows-defender-advanced-threat-protection.md#suppress-alerts).
+The suppression rules control what alerts are suppressed. You can suppress alerts so that certain activities are not flagged as suspicious. For more information see, [Suppress alerts](manage-alerts-windows-defender-advanced-threat-protection.md#suppress-alerts).
 
 ## License
 Click the license link in the **Settings** menu to view the license agreement information for Windows Defender ATP.
diff --git a/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md
index b6b9fd71e5..b60489c882 100644
--- a/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/keep-secure/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -21,7 +21,7 @@ PCR\[N\] = HASHalg( PCR\[N\] || ArgumentOfExtend )
 
 The existing value is concatenated with the argument of the TPM Extend operation. The resulting concatenation is then used as input to the associated hashing algorithm, which computes a digest of the input. This computed digest becomes the new value of the PCR.
 
-The [TCG PC Client Specific Platform TPM Profile for TPM 2.0](http://go.microsoft.com/fwlink/p/?LinkId=746577) defines the inclusion of at least one PCR bank with 24 registers. The only way to reset the first 16 PCRs is to reset the TPM itself. This restriction helps ensure that the value of those PCRs can only be modified via the TPM Extend operation.
+The [TCG PC Client Specific Platform TPM Profile for TPM 2.0](https://go.microsoft.com/fwlink/p/?LinkId=746577) defines the inclusion of at least one PCR bank with 24 registers. The only way to reset the first 16 PCRs is to reset the TPM itself. This restriction helps ensure that the value of those PCRs can only be modified via the TPM Extend operation.
 
 Some TPM PCRs are used as checksums of log events. The log events are extended in the TPM as the events occur. Later, an auditor can validate the logs by computing the expected PCR values from the log and comparing them to the PCR values of the TPM. Since the first 16 TPM PCRs cannot be modified arbitrarily, a match between an expected PCR value in that range and the actual TPM PCR value provides assurance of an unmodified log.
 
diff --git a/windows/keep-secure/testing-scenarios-for-edp.md b/windows/keep-secure/testing-scenarios-for-edp.md
index e2187af349..3d16ef00df 100644
--- a/windows/keep-secure/testing-scenarios-for-edp.md
+++ b/windows/keep-secure/testing-scenarios-for-edp.md
@@ -1,49 +1,5 @@
 ---
 title: Testing scenarios for enterprise data protection (EDP) (Windows 10)
 description: We've come up with a list of suggested testing scenarios that you can use to test enterprise data protection (EDP) in your company.
-ms.assetid: 53db29d2-d99d-4db6-b494-90e2b3962ca2
-keywords: EDP, Enterprise Data Protection
-ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: security
-author: eross-msft
----
-
-# Testing scenarios for enterprise data protection (EDP)
-**Applies to:**
-
--   Windows 10 Insider Preview
--   Windows 10 Mobile Preview
-
-<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-We've come up with a list of suggested testing scenarios that you can use to test enterprise data protection (EDP) in your company.
-
-## Testing scenarios
-You can try any of the processes included in these scenarios, but you should focus on the ones that you might encounter in your organization.
-
-|Scenario |Processes |
-|---------|----------|
-|Automatically encrypt files from enterprise apps |<ol><li>Start an unmodified (for example, EDP-unaware) line-of-business app that's on your **Protected Apps** list and then create, edit, write, and save files.</li><li>Make sure that all of the files you worked with from the EDP-unaware app are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.</li><li>Open File Explorer and make sure your modified files are appearing with a **Lock** icon.<p>**Note**<br>Some file types, like .exe and .dll, along with some file paths, like `%windir%` and `%programfiles%`, are excluded from automatic encryption.</li></ol> |
-|Block enterprise data from non-enterprise apps |<ol><li>Start an app that doesn't appear on your **Protected Apps** list, and then try to open an enterprise-encrypted file.<p>The app shouldn't be able to access the file.</li><li>Try double-clicking or tapping on the enterprise-encrypted file.<p>If your default app association is an app not on your **Protected Apps** list, you should get an **Access Denied** error message.</li></ol> |
-|Copy and paste from enterprise apps to non-enterprise apps |<ol><li>Copy (CTRL+C) content from an app on your **Protected Apps** list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your **Protected Apps** list.<p>You should see an EDP-related warning box, asking you to click either **Got it** or **Cancel**.</li><li>Click **Cancel**.<p>The content isn't pasted into the non-enterprise app.</li><li>Repeat Step 1, but this time click **Got it**, and try to paste the content again.<p>The content is pasted into the non-enterprise app.</li><li>Try copying and pasting content between apps on your **Protected Apps** list.<p>The content should copy and paste between apps without any warning messages.</li></ol> |
-|Drag and drop from enterprise apps to non-enterprise apps |<ol><li>Drag content from an app on your **Protected Apps** list, and then try to drop the content into an app that doesn't appear on your **Protected Apps** list.<p>You should see an EDP-related warning box, asking you to click either **Drag Anyway** or **Cancel**.</li><li>Click **Cancel**.<p>The content isn't dropped into the non-enterprise app.</li><li>Repeat Step 1, but this time click **Drag Anyway**, and try to drop the content again.<p>The content is dropped into the non-enterprise app.</li><li>Try dragging and dropping content between apps on your **Protected Apps** list.<p>The content should move between the apps without any warning messages.</li></ol> |
-|Share between enterprise apps and non-enterprise apps |<ol><li>Open an app on your **Protected Apps** list, like Microsoft Photos, and try to share content with an app that doesn't appear on your **Protected Apps** list, like Facebook.<p>You should see an EDP-related warning box, asking you to click either **Share Anyway** or **Cancel**.</li><li>Click **Cancel**.<p>The content isn't shared into Facebook.</li><li>Repeat Step 1, but this time click **Share Anyway**, and try to share the content again.<p>The content is shared into Facebook.</li><li>Try sharing content between apps on your **Protected Apps** list.<p>The content should share between the apps without any warning messages.</li></ol> | 
-|Use the **Encrypt to** functionality |<ol><li>Open File Explorer on the desktop, right-click a decrypted file, and then click **Encrypt to** from the **Encrypt to** menu.<p>EDP should encrypt the file to your Enterprise Identity.</li><li>Make sure that the newly encrypted file has a **Lock** icon.</li><li>In the **Encrypted to** column of File Explorer on the desktop, look for the enterprise ID value.</li><li>Right-click the encrypted file, and then click **Not encrypted** from the **Encrypt to** menu.<p>The file should be decrypted and the **Lock** icon should disappear.</li></ol> |
-|Verify that Windows system components can use EDP |<ol><li>Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.</li><li>Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.</li><li>Open File Explorer and make sure your modified files are appearing with a **Lock** icon</li><li>Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the **Protected Apps** list.<p>**Note**<br>Most Windows-signed components like Windows Explorer (when running in the user’s context), should have access to enterprise data.<p>A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your **Protected Apps** list.</li></ol> |
-|Use EDP on FAT/exFAT systems |<ol><li>Start an app that uses the FAT or exFAT file system and appears on your **Protected Apps** list.</li><li>Create, edit, write, save, and move files.<p>Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.</li><li>Try copying and moving files or folders between apps that use NTFS, FAT and exFAT file systems.</li></ol> |
-|Use EDP on NTFS systems |<ol><li>Start an app that uses the NTFS file system and appears on your **Protected Apps** list.</li><li>Create, edit, write, save, and move files.<p>Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.</li><li>Try copying and moving files or folders between apps that use NTFS, FAT and exFAT file systems.</li></ol> |
-|Unenroll client devices from EDP |<ul><li>Unenroll a device from EDP by going to **Settings**, click **Accounts**, click **Work**, click the name of the device you want to unenroll, and then click **Remove**.<p>The device should be removed and all of the enterprise content for that managed account should be gone.<p>**Important**<br>Unenrolling a device revokes and erases all of the enterprise data for the managed account.</li></ul> |
-|Verify that app content is protected when a Windows 10 Mobile phone is locked |<ul><li>Check that protected app data doesn't appear on the **Lock** screen of a Windows 10 Mobile phone</li></ul> |
-
- 
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/testing-scenarios-for-wip
+---
\ No newline at end of file
diff --git a/windows/keep-secure/testing-scenarios-for-wip.md b/windows/keep-secure/testing-scenarios-for-wip.md
new file mode 100644
index 0000000000..45737291cf
--- /dev/null
+++ b/windows/keep-secure/testing-scenarios-for-wip.md
@@ -0,0 +1,166 @@
+---
+title: Testing scenarios for Windows Information Protection (WIP) (Windows 10)
+description: A list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company.
+ms.assetid: 53db29d2-d99d-4db6-b494-90e2b3962ca2
+keywords: WIP, Windows Information Protection, EDP, Enterprise Data Protection
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+ms.pagetype: security
+author: eross-msft
+localizationpriority: high
+---
+
+# Testing scenarios for Windows Information Protection (WIP)
+**Applies to:**
+
+-   Windows 10, version 1607
+-   Windows 10 Mobile
+
+We've come up with a list of suggested testing scenarios that you can use to test Windows Information Protection (WIP) in your company.
+
+## Testing scenarios
+You can try any of the processes included in these scenarios, but you should focus on the ones that you might encounter in your organization.
+
+<table>
+    <tr>
+        <th>Scenario</th>
+        <th>Processes</th>
+    </tr>
+    <tr>
+        <td>Encrypt and decrypt files using File Explorer.</td>
+        <td><strong>For desktop:</strong><p>
+            <ol>
+                <li>Open File Explorer, right-click a work document, and then click <strong>Work</strong> from the <strong>File Ownership</strong> menu.<br>Make sure the file is encrypted by right-clicking the file again, clicking <strong>Advanced</strong> from the <strong>General</strong> tab, and then clicking <strong>Details</strong> from the <strong>Compress or Encrypt attributes</strong> area. The file should show up under the heading, <strong>This enterprise domain can remove or revoke access:</strong> <em>&lt;your_enterprise_identity&gt;</em>. For example, contoso.com.</li>
+                <li>In File Explorer, right-click the same document, and then click <strong>Personal</strong> from the <strong>File Ownership</strong> menu.<br>Make sure the file is decrypted by right-clicking the file again, clicking <strong>Advanced</strong> from the <strong>General</strong> tab, and then verifying that the <strong>Details</strong> button is unavailable.</li>
+            </ol>
+            <strong>For mobile:</strong><p>
+            <ol>
+                <li>Open the File Explorer app, browse to a file location, click the elipsis (...), and then click <strong>Select</strong> to mark at least one file as work-related.</li>
+                <li>Click the elipsis (...) again, click <strong>File ownership</strong> from the drop down menu, and then click <strong>Work</strong>.<br>Make sure the file is encrypted, by locating the <strong>Briefcase</strong> icon next to the file name.</li>
+                <li>Select the same file, click <strong>File ownership</strong> from the drop down menu, and then click <strong>Personal</strong>.<br>Make sure the file is decrypted and that you're no longer seeing the <strong>Briefcase</strong> icon next to file name.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Create work documents in enterprise-allowed apps.</td>
+        <td><strong>For desktop:</strong><p>
+            <ul>
+                <li>Start an unenlightened but allowed app, such as a line-of-business app, and then create a new document, saving your changes.<br>Make sure the document is encrypted to your Enterprise Identity. This might take a few minutes and require you to close and re-open the file.<p><strong>Important</strong><br>Certain file types like <code>.exe</code> and <code>.dll</code>, along with certain file paths, such as <code>%windir%</code> and <code>%programfiles%</code> are excluded from automatic encryption.<p>For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune.md) or [Create a Windows Information Protection (WIP) policy using Microsoft System Center Configuration Manager](create-wip-policy-using-sccm.md), based on your deployment system.</li>
+            </ul>
+            <strong>For mobile:</strong><p>
+            <ol>
+                <li>Start an allowed mobile app, such as Word Mobile, create a new document, and then save your changes as <strong>Work</strong> to a local, work-related location.<br>Make sure the document is encrypted, by locating the <strong>Briefcase</strong> icon next to the file name.</li>
+                <li>Open the same document and attempt to save it to a non-work-related location.<br>WIP should stop you from saving the file to this location.</li>
+                <li>Open the same document one last time, make a change to the contents, and then save it again using the <strong>Personal</strong> option.<br>Make sure the file is decrypted and that you're no longer seeing the <strong>Briefcase</strong> icon next to file name.</li>
+            </ol>
+        </td>        
+    </tr>
+    <tr>
+        <td>Block enterprise data from non-enterprise apps.</td>
+        <td>
+            <ol>
+                <li>Start an app that doesn't appear on your allowed apps list, and then try to open a work-encrypted file.<br>The app shouldn't be able to access the file.</li>
+                <li>Try double-clicking or tapping on the work-encrypted file.<br>If your default app association is an app not on your allowed apps list, you should get an <strong>Access Denied</strong> error message.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Copy and paste from enterprise apps to non-enterprise apps.</td>
+        <td>
+            <ol>
+                <li>Copy (CTRL+C) content from an app on your allowed apps list, and then try to paste (CTRL+V) the content into an app that doesn't appear on your allowed apps list.<br>You should see a WIP-related warning box, asking you to click either <strong>Change to personal</strong> or <strong>Keep at work</strong>.</li>
+                <li>Click <strong>Keep at work</strong>.<br>The content isn't pasted into the non-enterprise app.</li>
+                <li>Repeat Step 1, but this time click <strong>Change to personal</strong>, and try to paste the content again.<br>The content is pasted into the non-enterprise app.</li>
+                <li>Try copying and pasting content between apps on your allowed apps list.<br>The content should copy and paste between apps without any warning messages.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Drag and drop from enterprise apps to non-enterprise apps.</td>
+        <td>
+            <ol>
+                <li>Drag content from an app on your allowed apps list, and then try to drop the content into an app that doesn't appear on your allowed apps list.<br>You should see a WIP-related warning box, asking you to click either <strong>Keep at work</strong> or <strong>Change to personal</strong>.</li>
+                <li>Click <strong>Keep at work</strong>.<br>The content isn't dropped into the non-enterprise app.</li>
+                <li>Repeat Step 1, but this time click <strong>Change to personal</strong>, and try to drop the content again.<br>The content is dropped into the non-enterprise app.</li>
+                <li>Try dragging and dropping content between apps on your allowed apps list.<br>The content should move between the apps without any warning messages.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Share between enterprise apps and non-enterprise apps.</td>
+        <td>
+            <ol>
+                <li>Open an app on your allowed apps list, like Microsoft Photos, and try to share content with an app that doesn't appear on your allowed apps list, like Facebook.<br>You should see a WIP-related warning box, asking you to click either <strong>Keep at work</strong> or <strong>Change to personal</strong>.</li>
+                <li>Click <strong>Keep at work</strong>.<br>The content isn't shared into Facebook.</li>
+                <li>Repeat Step 1, but this time click <strong>Change to personal</strong>, and try to share the content again.<br>The content is shared into Facebook.</li>
+                <li>Try sharing content between apps on your allowed apps list.<br>The content should share between the apps without any warning messages.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Verify that Windows system components can use WIP.</td>
+        <td>
+            <ol>
+                <li>Start Windows Journal and Internet Explorer 11, creating, editing, and saving files in both apps.<br>Make sure that all of the files you worked with are encrypted to your configured Enterprise Identity. In some cases, you might need to close the file and wait a few moments for it to be automatically encrypted.</li>
+                <li>Open File Explorer and make sure your modified files are appearing with a <strong>Lock</strong> icon.</li>
+                <li>Try copying and pasting, dragging and dropping, and sharing using these apps with other apps that appear both on and off the allowed apps list.<p><strong>Note</strong><br>Most Windows-signed components like File Explorer (when running in the user’s context), should have access to enterprise data.<p>A few notable exceptions include some of the user-facing in-box apps, like Wordpad, Notepad, and Microsoft Paint. These apps don't have access by default, but can be added to your allowed apps list.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Use WIP on NTFS, FAT, and exFAT systems.</td>
+        <td>
+            <ol>
+                <li>Start an app that uses the FAT or exFAT file system (for example a SD card or USB flash drive), and appears on your allowed apps list.</li>
+                <li>Create, edit, write, save, copy, and move files.<br>Basic file and folder operations like copy, move, rename, delete, and so on, should work properly on encrypted files.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Verify your shared files can use WIP.</td>
+        <td>
+            <ol>
+                <li>Download a file from a protected file share, making sure the file is encrypted by locating the <strong>Briefcase</strong> icon next to the file name.</li>
+                <li>Open the same file, make a change, save it and then try to upload it back to the file share. Again, this should work without any warnings.</li>
+                <li>Open an app that doesn't appear on your allowed apps list and attempt to access a file on the WIP-enabled file share.<br>The app shouldn't be able to access the file share.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Verify your cloud resources can use WIP.</td>
+        <td>
+            <ol>
+                <li>Add both Internet Explorer 11 and Microsoft Edge to your allowed apps list.</li>
+                <li>Open SharePoint (or another cloud resource that's part of your policy) and access a WIP-enabled resource by using both IE11 and Microsoft Edge.<br>Both browsers should respect the enterprise and personal boundary.</li>
+                <li>Remove Internet Explorer 11 from your allowed app list and then try to access an intranet site or enterprise-related cloud resource.<br>IE11 shouldn't be able to access the sites.<p><strong>Note</strong><br>Any file downloaded from your work SharePoint site, or any other WIP-enabled cloud resource, is automatically marked as <strong>Work</strong>.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Verify your Virtual Private Network (VPN) can be auto-triggered.</td>
+        <td>
+            <ol>
+                <li>Set up your VPN network to start based on the <strong>WIPModeID</strong> setting.<br>For specific info about how to do this, see the [Create and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune](create-wip-policy-using-intune.md) topic.</li>
+                <li>Start an app from your allowed apps list.<br>The VPN network should automatically start.</li>
+                <li>Disconnect from your network and then start an app that isn't on your allowed apps list.<br>The VPN shouldn't start and the app shouldn't be able to access your enterprise network.</li>
+            </ol>
+        </td>
+    </tr>
+    <tr>
+        <td>Unenroll client devices from WIP.</td>
+        <td>
+            <ul>
+                <li>Unenroll a device from WIP by going to <strong>Settings</strong>, click <strong>Accounts</strong>, click <strong>Work</strong>, click the name of the device you want to unenroll, and then click <strong>Remove</strong>.<br>The device should be removed and all of the enterprise content for that managed account should be gone.<p><strong>Important</strong><br>On desktop devices, the data isn't removed and can be recovered, so you must make sure they content is marked as <strong>Revoked</strong> and that access is denied for the employee. On mobile devices, the data is removed.</li>
+            </ul>
+        </td>
+    </tr>
+    <tr>
+        <td>Verify that app content is protected when a Windows 10 Mobile phone is locked.</td>
+        <td>
+            <ul>
+                <li>Check that protected app data doesn't appear on the Lock screen of a Windows 10 Mobile phone.</li>
+            </ul>
+        </td>
+    </tr>
+</table>    
\ No newline at end of file
diff --git a/windows/keep-secure/tpm-fundamentals.md b/windows/keep-secure/tpm-fundamentals.md
index 6969c89924..92a6fe9b1d 100644
--- a/windows/keep-secure/tpm-fundamentals.md
+++ b/windows/keep-secure/tpm-fundamentals.md
@@ -195,5 +195,5 @@ You can fix this by clearing the TPM.
 - [Trusted Platform Module Services Group Policy Settings](trusted-platform-module-services-group-policy-settings.md)
 - [TPM Cmdlets in Windows PowerShell](http://technet.microsoft.com/library/jj603116.aspx)
 - [Schema Extensions for Windows Server 2008 R2 to support AD DS backup of TPM information from Windows 8 clients](ad-ds-schema-extensions-to-support-tpm-backup.md)
-- [TPM WMI providers](http://go.microsoft.com/fwlink/p/?LinkId=93478)
+- [TPM WMI providers](https://go.microsoft.com/fwlink/p/?LinkId=93478)
 - [Prepare your organization for BitLocker: Planning and Policies - TPM configurations](http://technet.microsoft.com/library/jj592683.aspx)
diff --git a/windows/keep-secure/tpm-recommendations.md b/windows/keep-secure/tpm-recommendations.md
index 81b6385faf..acf27319d7 100644
--- a/windows/keep-secure/tpm-recommendations.md
+++ b/windows/keep-secure/tpm-recommendations.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: high
 author: brianlic-msft
 ---
 
@@ -14,7 +15,7 @@ author: brianlic-msft
 **Applies to**
 -   Windows 10
 -   Windows 10 Mobile
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 -   Windows 10 IoT Core (IoT Core)
 
 This topic provides recommendations for Trusted Platform Module (TPM) technology for Windows 10.
@@ -83,7 +84,7 @@ For more info, see [fTPM: A Firmware-based TPM 2.0 Implementation](http://resear
 
 ## Is there any importance for TPM for consumer?
 
-For end consumers, TPM is behind the scenes but still very relevant for Hello, Passport and in the future, many other key features in Windows 10. It offers the best Passport experience, helps encrypt passwords, secures streaming high quality 4K content and builds on our overall Windows 10 experience story for security as a critical pillar.  Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
+For end consumers, TPM is behind the scenes but still very relevant for Hello, Passport and in the future, many other key features in Windows 10. It offers the best Passport experience, helps encrypt passwords, and builds on our overall Windows 10 experience story for security as a critical pillar.  Using Windows on a system with a TPM enables a deeper and broader level of security coverage.
 
 ## TPM 2.0 Compliance for Windows 10
 
@@ -104,7 +105,7 @@ For end consumers, TPM is behind the scenes but still very relevant for Hello, P
 
 -   TPM is optional on IoT Core.
 
-### Windows Server 2016 Technical Preview
+### Windows Server 2016
 
 -   TPM is optional for Windows Server SKUs unless the SKU meets the additional qualification (AQ) criteria for the Host Guardian Services scenario in which case TPM 2.0 is required.
 
diff --git a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
index b9baeb947e..7e351ee5aa 100644
--- a/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-onboarding-windows-defender-advanced-threat-protection.md
@@ -7,58 +7,49 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-author: iaanw
+author: mjcaparas
+localizationpriority: high
 ---
 
 # Troubleshoot Windows Defender Advanced Threat Protection onboarding issues
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
+You might need to troubleshoot the Windows Defender ATP onboarding process if you encounter issues.
+This page provides detailed steps to troubleshoot onboarding issues that might occur when deploying with one of the deployment tools and common errors that might occur on the endpoints.
 
-You might need to troubleshoot the Windows Defender Advanced Threat Protection onboarding process if you encounter issues.
-This page provides detailed steps for troubleshooting endpoints that aren't reporting correctly, and common error codes encountered during onboarding. <!--and steps for resolving problems with Azure Active Directory (AAD).-->
+If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, it might indicate an endpoint onboarding or connectivity problem.
 
-## Endpoints are not reporting to the service correctly
+## Troubleshoot onboarding when deploying with Group Policy
+Deployment with Group Policy is done by running the onboarding script on the endpoints.  The Group Policy console does not indicate if the deployment has succeeded or not.
 
-If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) after 20 minutes, it might indicate an endpoint onboarding or connectivity problem.
+If you have completed the endpoint onboarding process and don't see endpoints in the [Machines view](investigate-machines-windows-defender-advanced-threat-protection.md) after an hour, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint).
 
-Go through the following verification topics to address this issue:
+If the script completes successfully, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur.
 
-- [Ensure the endpoint is onboarded successfully](#Ensure-that-the-endpoint-is-onboarded-successfully)
-- [Ensure the Windows Defender ATP service is enabled](#Ensure-that-the-Windows-Defender-ATP-service-is-enabled)
-- [Ensure the telemetry and diagnostics service is enabled](#Ensure-that-telemetry-and-diagnostics-service-is-enabled)
-- [Ensure the endpoint has an Internet connection](#Ensure-that-the-Windows-Defender-ATP-endpoint-has-internet-connection)
+## Troubleshoot onboarding issues when deploying with System Center Configuration Manager
+When onboarding endpoints using the following versions of System Center Configuration Manager:
+- System Center 2012 Configuration Manager
+- System Center 2012 R2 Configuration Manager
+- System Center Configuration Manager (current branch) version 1511
+- System Center Configuration Manager (current branch) version 1602
 
 
-### Ensure the endpoint is onboarded successfully
-If the endpoints aren't reporting correctly, you might need to check that the Windows Defender ATP service was successfully onboarded onto the endpoint.
+Deployment with the above-mentioned versions of System Center Configuration Manager is done by running the onboarding script on the endpoints. You can track the deployment in the Configuration Manager Console.
 
-**Check the onboarding state in Registry**:
+If the deployment fails, you can check the output of the script on the endpoints. For more information, see [Troubleshoot onboarding when deploying with a script on the endpoint](#troubleshoot-onboarding-when-deploying-with-a-script-on-the-endpoint).
 
-1. Click **Start**, type **Run**, and press **Enter**.
+If the onboarding completed successfully but the endpoints are not showing up in the **Machines view** after an hour, see [Troubleshoot onboarding issues on the endpoint](#troubleshoot-onboarding-issues-on-the-endpoint) for additional errors that might occur.
 
-2. From the **Run** dialog box, type **regedit** and press **Enter**.
-
-4. In the **Registry Editor** navigate to the Status key under:
-
-   ```text
-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Advanced Threat Protection
-```
-
-5. Check the **OnboardingState** value is set to **1**.
-
-  ![Image of OnboardingState status in Registry Editor](images/onboardingstate.png)
-
-If the **OnboardingState** value is not set to **1**, you can use Event Viewer to review errors on the endpoint.
-
-If you configured your endpoints with a deployment tool that required a script, you can check  the event viewer for the onboarding script results.
-<br>
-**Check the result of the script**:
+## Troubleshoot onboarding when deploying with a script on the endpoint
 
+**Check the result of the script on the endpoint**:
 1. Click **Start**, type **Event Viewer**, and press **Enter**.
 
 2. Go to **Windows Logs** > **Application**.
@@ -66,25 +57,82 @@ If you configured your endpoints with a deployment tool that required a script,
 3. Look for an event from **WDATPOnboarding** event source.
 
 If the script fails and the event is an error, you can check the event ID in the following table to help you troubleshoot the issue.
-> **Note**&nbsp;&nbsp;The following event IDs are specific to the onboarding script only. 
+> [!NOTE]
+> The following event IDs are specific to the onboarding script only.
 
 Event ID | Error Type | Resolution steps
 :---|:---|:---
-5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```
-10 | Onboarding data couldn't be written to registry |  Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat```. Verify that the script was ran as an administrator.
-15 |  Failed to start SENSE service |Check the service status (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights). 
+5 | Offboarding data was found but couldn't be deleted | Check the permissions on the registry, specifically ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```.
+10 | Onboarding data couldn't be written to registry |  Check the permissions on the registry, specifically<br> ```HKLM\SOFTWARE\Policies\Microsoft\Windows Advanced Threat```.<br>Verify that the script was ran as an administrator.
+15 |  Failed to start SENSE service |Check the service status (```sc query sense``` command). Make sure it's not in an intermediate state (*'Pending_Stopped'*, *'Pending_Running'*) and try to run the script again (with administrator rights).
+15 | Failed to start SENSE service | If the message of the error is: System error 577 has occurred. You need to enable the Windows Defender ELAM driver, see [Ensure the Windows Defender ELAM driver is enabled](#ensure-the-windows-defender-elam-driver-is-enabled) for instructions.
 30 |  The script failed to wait for the service to start running | The service could have taken more time to start or has encountered errors while trying to start. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
-35 |  The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location ```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```. The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer].(event-error-codes-windows-defender-advanced-threat-protection.md). 
-40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md). 
+35 |  The script failed to find needed onboarding status registry value | When the SENSE service starts for the first time, it writes onboarding status to the registry location<br>```HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection\Status```.<br>The script failed to find it after several seconds. You can manually test it and check if it's there. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
+40 | SENSE service onboarding status is not set to **1** | The SENSE service has failed to onboard properly. For more information on events and errors related to SENSE, see [Review events and errors on endpoints with Event viewer](event-error-codes-windows-defender-advanced-threat-protection.md).
+65 | Insufficient privileges| Run the script again with administrator privileges.
+
+## Troubleshoot onboarding issues using Microsoft Intune
+You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue.
+
+Use the following tables to understand the possible causes of issues while onboarding:
+
+- Microsoft Intune error codes and OMA-URIs table
+- Known issues with non-compliance table
+- Mobile Device Management (MDM) event logs table
+
+If none of the event logs and troubleshooting steps work, download the Local script from the **Endpoint Management** section of the portal, and run it in an elevated command prompt.  
+
+**Microsoft Intune error codes and OMA-URIs**:
+
+Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps
+:---|:---|:---|:---|:---
+0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding <br> Offboarding |  **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields. <br><br> **Troubleshooting steps:** <br> Check the event IDs in the [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log) section. <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
+ | | | Onboarding <br> Offboarding <br> SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it. <br><br> **Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```. <br> <br> If it doesn't exist, open an elevated command and add the key.
+  | | | SenseIsRunning <br> OnboardingState <br> OrgId |  **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed. <br><br> **Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues). <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
+   | | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms:  Enterprise, Education, and Professional. <br> Server is not supported.
+   0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient.  | All |  **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms:  Enterprise, Education, and Professional.
 
 <br>
-**Use Event Viewer to identify and adress onboarding errors**:   
+**Known issues with non-compliance**
+
+The following table provides information on issues with non-compliance and how you can address the issues.
+
+Case | Symptoms | Possible cause and troubleshooting steps
+:---|:---|:---
+1 | Machine is compliant by SenseIsRunning OMA-URI. But is non-compliant by OrgId, Onboarding and OnboardingState OMA-URIs. | **Possible cause:** Check that user passed OOBE after Windows installation or upgrade. During OOBE onboarding couldn't be completed but SENSE is running already. <br><br> **Troubleshooting steps:** Wait for OOBE to complete.
+2 |  Machine is compliant by OrgId, Onboarding, and OnboardingState OMA-URIs, but is non-compliant by SenseIsRunning OMA-URI. |  **Possible cause:** Sense service's startup type is set as "Delayed Start". Sometimes this causes the Microsoft Intune server to report the machine as non-compliant by SenseIsRunning when DM session occurs on system start. <br><br> **Troubleshooting steps:** The issue should automatically be fixed within 24 hours.
+3 | Machine is non-compliant | **Troubleshooting steps:** Ensure that Onboarding and Offboarding policies are not deployed on the same machine at same time.
+
+<br>
+**Mobile Device Management (MDM) event logs**
+
+View the MDM event logs to troubleshoot issues that might arise during onboarding:
+
+Log name: Microsoft\Windows\DeviceManagement-EnterpriseDiagnostics-Provider
+
+Channel name: Admin
+
+ID | Severity | Event description | Troubleshooting steps
+:---|:---|:---|:---
+1819 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Windows Defender ELAM driver needs to be enabled see, [Ensure the Windows Defender ELAM driver is enabled](#ensure-the-windows-defender-elam-driver-is-enabled) for instructions.
+
+## Troubleshoot onboarding issues on the endpoint
+If the deployment tools used does not indicate an error in the onboarding process, but endpoints are still not appearing in the machines view an hour, go through the following verification topics to check if an error occurred with the Windows Defender ATP agent:
+- [View agent onboarding errors in the endpoint event log](#view-agent-onboarding-errors-in-the-endpoint-event-log)
+- [Ensure the telemetry and diagnostics service is enabled](#ensure-the-telemetry-and-diagnostics-service-is-enabled)
+- [Ensure the service is set to start](#ensure-the-service-is-set-to-start)
+- [Ensure the endpoint has an Internet connection](#ensure-the-endpoint-has-an-internet-connection)
+- [Ensure the Windows Defender ELAM driver is enabled](#ensure-the-windows-defender-elam-driver-is-enabled)
+
+
+### View agent onboarding errors in the endpoint event log
 
 1. Click **Start**, type **Event Viewer**, and press **Enter**.
 
 2. In the **Event Viewer (Local)** pane, expand **Applications and Services Logs** > **Microsoft** > **Windows** > **SENSE**.
 
-    > **Note**&nbsp;&nbsp;SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP.
+  > [!NOTE]
+	> SENSE is the internal name used to refer to the behavioral sensor that powers Windows Defender ATP.
 
 3. Select **Operational** to load the log.
 
@@ -98,101 +146,16 @@ Event ID | Error Type | Resolution steps
 
 Event ID | Message | Resolution steps
 :---|:---|:---
-5 | Windows Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection).
-6 | Windows Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md#manual).
-7 |  Windows Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again.
-15 | Windows Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection).
+5 | Windows Defender Advanced Threat Protection service failed to connect to the server at _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection).
+6 | Windows Defender Advanced Threat Protection service is not onboarded and no onboarding parameters were found. Failure code: _variable_ | [Run the onboarding script again](configure-endpoints-windows-defender-advanced-threat-protection.md#manual).
+7 |  Windows Defender Advanced Threat Protection service failed to read the onboarding parameters. Failure code: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection), then run the entire onboarding process again.
+15 | Windows Defender Advanced Threat Protection cannot start command channel with URL: _variable_ | [Ensure the endpoint has Internet access](#ensure-the-endpoint-has-an-internet-connection).
 25 | Windows Defender Advanced Threat Protection service failed to reset health status in the registry. Failure code: _variable_ | Contact support.
-
-
-### Ensure the Windows Defender ATP service is enabled
-If the endpoints aren't reporting correctly, you might need to check that the Windows Defender ATP service is set to automatically start and is running on the endpoint.
-
-You can use the SC command line program for checking and managing the startup type and running state of the service.
-
-**Check the Windows Defender ATP service startup type from the command line:**
-
-1.  Open an elevated command-line prompt on the endpoint:
-
-  a.  Click **Start**, type **cmd**, and press **Enter**.
-
-  b.  Right-click **Command prompt** and select **Run as administrator**.
-
-2.  Enter the following command, and press **Enter**:
-
-    ```text
-    sc qc sense
-    ```
-
-If the the service is running, then the result should look like the following screenshot:
-
-  ![Result of the sq query sense command](images/sc-query-sense-autostart.png)
-
-If the service ```START_TYPE``` is not set to ```AUTO_START```, then you'll need to set the service to automatically start.
-
-**Change the Windows Defender ATP service startup type from the command line:**
-
-1.  Open an elevated command-line prompt on the endpoint:
-
-  a.  Click **Start**, type **cmd**, and press **Enter**.
-
-  b.  Right-click **Command prompt** and select **Run as administrator**.
-
-2.  Enter the following command, and press **Enter**:
-
-    ```text
-    sc config sense start=auto
-    ```
-
-3.  A success message is displayed. Verify the change by entering the following command and press **Enter**:
-
-    ```text
-    sc qc sense
-    ```
-
-**Check the Windows Defender ATP service is running from the command line:**
-
-1.  Open an elevated command-line prompt on the endpoint:
-
-  a.  Click **Start**, type **cmd**, and press **Enter**.
-
-  b.  Right-click **Command prompt** and select **Run as administrator**.
-
-2.  Enter the following command, and press **Enter**:
-
-    ```text
-    sc query sense
-    ```
-
-If the service is running, the result should look like the following screenshot:
-
-![Result of the sc query sense command](images/sc-query-sense-running.png)
-
-If the service **STATE** is not set to **RUNNING**, then you'll need to start it.
-
-**Start the Windows Defender ATP service from the command line:**
-
-1.  Open an elevated command-line prompt on the endpoint:
-
-  a.  Click **Start**, type **cmd**, and press **Enter**.
-
-  b.  Right-click **Command prompt** and select **Run as administrator**.
-
-2.  Enter the following command, and press **Enter**:
-
-    ```text
-    sc start sense
-    ```
-
-3.  A success message is displayed. Verify the change by entering the following command and press **Enter**:
-
-    ```text
-    sc qc sense
-    ```
+<br>
+There are additional components on the endpoint that the Windows Defender ATP agent depends on to function properly. If there are no onboarding related errors in the Windows Defender ATP agent event log, proceed with the following steps to ensure that the additional components are configured correctly.
 
 ### Ensure the telemetry and diagnostics service is enabled
-If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint. The service may have been disabled by other programs or user configuration changes.
-
+If the endpoints aren't reporting correctly, you might need to check that the Windows 10 telemetry and diagnostics service is set to automatically start and is running on the endpoint. The service might have been disabled by other programs or user configuration changes.
 
 First, you should check that the service is set to start automatically when Windows starts, then you should check that the service is currently running (and start it if it isn't).
 
@@ -212,12 +175,11 @@ First, you should check that the service is set to start automatically when Wind
     sc qc diagtrack
     ```
 
-If the service is enabled, then the result should look like the following screenshot:
+    If the service is enabled, then the result should look like the following screenshot:
 
-![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png)
-
-If the ```START_TYPE``` is not set to ```AUTO_START```, then you'll need to set the service to automatically start.
+    ![Result of the sc query command for diagtrack](images/windefatp-sc-qc-diagtrack.png)
 
+    If the `START_TYPE` is not set to `AUTO_START`, then you'll need to set the service to automatically start.
 
 
 **Use the command line to set the Windows 10 telemetry and diagnostics service to automatically start:**
@@ -240,109 +202,13 @@ If the ```START_TYPE``` is not set to ```AUTO_START```, then you'll need to set
     sc qc diagtrack
     ```
 
-**Use the Windows Services console to check the Windows 10 telemetry and diagnostics service startup type**:
+4. Start the service.
 
-1.  Open the services console:
-
-  a. Click **Start** and type **services**.
-
-  b. Press **Enter** to open the console.
-
-2.  Scroll through the list of services until you find **Connected User Experiences and Telemetry**.
-
-3.  Check the **Startup type** column - the service should be set as **Automatic**.
-
-If the startup type is not set to **Automatic**, you'll need to change it so the service starts when the endpoint does.
-
-
-**Use the Windows Services console to set the Windows 10 telemetry and diagnostics service to automatically start:**
-
-1.  Open the services console:
-
-  a. Click **Start** and type **services**.
-
-  b. Press **Enter** to open the console.
-
-2.  Scroll through the list of services until you find **Connected User Experiences and Telemetry**.
-
-3.  Right-click on the entry and click **Properties**.
-
-4.  On the **General** tab, change the **Startup type:** to **Automatic**, as shown in the following image. Click OK.
-
-    ![Select Automatic to change the startup type in the Properties dialog box for the service](images/windefatp-utc-console-autostart.png)
-
-### Ensure the service is running
-
-**Use the command line to check the Windows 10 telemetry and diagnostics service is running**:
-
-1.  Open an elevated command-line prompt on the endpoint:
-
-  a.  **Click **Start** and type **cmd**.**
-
-  b.  Right-click **Command prompt** and select **Run as administrator**.
-
-2.  Enter the following command, and press **Enter**:
-
-    ```text
-    sc query diagtrack
-    ```
-
-If the service is running, the result should look like the following screenshot:
-
-![Result of the sc query command for sc query diagtrack](images/windefatp-sc-query-diagtrack.png)
-
-If the service **STATE** is not set to **RUNNING**, then you'll need to start it.
-
-
-**Use the command line to start the Windows 10 telemetry and diagnostics service:**
-
-1.  Open an elevated command-line prompt on the endpoint:
-
-  a.  **Click **Start** and type **cmd**.**
-
-  b.  Right-click **Command prompt** and select **Run as administrator**.
-
-2.  Enter the following command, and press **Enter**:
-
-    ```text
-    sc start diagtrack
-    ```
-
-3. A success message is displayed. Verify the change by entering the following command, and press **Enter**:
-
-    ```text
-    sc query diagtrack
-    ```
-
-**Use the Windows Services console to check the Windows 10 telemetry and diagnostics service is running**:
-
-1.  Open the services console:
-
-  a. Click **Start** and type **services**.
-
-  b. Press **Enter** to open the console.
-
-2.  Scroll through the list of services until you find **Connected User Experiences and Telemetry**.
-
-3.  Check the **Status** column - the service should be marked as **Running**.
-
-If the service is not running, you'll need to start it.
-
-
-**Use the Windows Services console to start the Windows 10 telemetry and diagnostics service:**
-
-1.  Open the services console:
-
-  a. Click **Start** and type **services**.
-
-  b. Press **Enter** to open the console.
-
-2.  Scroll through the list of services until you find **Connected User Experiences and Telemetry**.
-
-3.  Right-click on the entry and click **Start**, as shown in the following image.
-
-![Select Start to start the service](images/windef-utc-console-start.png)
+  a. In the command prompt, type the following command and press **Enter**:
 
+  ```text
+  sc start diagtrack
+  ```
 
 ### Ensure the endpoint has an Internet connection
 
@@ -352,90 +218,103 @@ WinHTTP is independent of the Internet browsing proxy settings and other user co
 
 To ensure that sensor has service connectivity, follow the steps described in the [Verify client connectivity to Windows Defender ATP service URLs](configure-proxy-internet-windows-defender-advanced-threat-protection.md#verify-client-connectivity-to-windows-defender-atp-service-urls) topic.
 
-If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) topic.    
+If the verification fails and your environment is using a proxy to connect to the Internet, then follow the steps described in [Configure proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md) topic.
 
-## Troubleshoot onboarding issues using Microsoft Intune
-You can use Microsoft Intune to check error codes and attempt to troubleshoot the cause of the issue.
+### Ensure the Windows Defender ELAM driver is enabled
+If your endpoints are running a third-party antimalware client, the Windows Defender ATP agent needs the Windows Defender Early Launch Antimalware (ELAM) driver to be enabled.
 
-Use the following tables to understand the possible causes of issues while onboarding:
+**Check the ELAM driver status:**
 
-- Microsoft Intune error codes and OMA-URIs table
-- Known issues with non-compliance table
-- Mobile Device Management (MDM) event logs table
+1.	Open a command-line prompt on the endpoint:
 
-If none of the event logs and troubleshooting steps work, download the Local script from the **Endpoint Management** section of the portal, and run it in an elevated command prompt.  
+  a. Click **Start**, type **cmd**, and select **Command prompt**.
 
-**Microsoft Intune error codes and OMA-URIs**:
+2.	Enter the following command, and press Enter:
+    ```
+    sc qc WdBoot
+    ```
+    If the ELAM driver is enabled, the output will be:
 
-Error Code Hex | Error Code Dec | Error Description | OMA-URI | Possible cause and troubleshooting steps
-:---|:---|:---|:---|:---
-0x87D1FDE8 | -2016281112 | Remediation failed | Onboarding <br> Offboarding |  **Possible cause:** Onboarding or offboarding failed on a wrong blob: wrong signature or missing PreviousOrgIds fields. <br><br> **Troubleshooting steps:** <br> Check the event IDs in the [Ensure the endpoint is onboarded successfully](#ensure-the-endpoint-is-onboarded-successfully) section. <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
- | | | Onboarding <br> Offboarding <br> SampleSharing | **Possible cause:** Windows Defender ATP Policy registry key does not exist or the OMA DM client doesn't have permissions to write to it. <br><br> **Troubleshooting steps:** Ensure that the following registry key exists: ```HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows Advanced Threat Protection```. <br> <br> If it doesn't exist, open an elevated command and add the key. 
-  | | | SenseIsRunning <br> OnboardingState <br> OrgId |  **Possible cause:** An attempt to remediate by read-only property. Onboarding has failed. <br><br> **Troubleshooting steps:** Check the troubleshooting steps in [Troubleshoot Windows Defender Advanced Threat Protection onboarding issues](#troubleshoot-windows-defender-advanced-threat-protection-onboarding-issues). <br><br> Check the MDM event logs in the following table or follow the instructions in [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx).
-   | | | All | **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms:  Enterprise, Education, and Professional. <br> Server is not supported. 
-   0x87D101A9 | -2016345687 |Syncml(425): The requested command failed because the sender does not have adequate access control permissions (ACL) on the recipient.  | All |  **Possible cause:** Attempt to deploy Windows Defender ATP on non-supported SKU/Platform, particularly Holographic SKU. <br><br> Currently is supported platforms:  Enterprise, Education, and Professional. 
+    ```
+    [SC] QueryServiceConfig SUCCESS
 
-<br>
-**Known issues with non-compliance**
+    SERVICE_NAME: WdBoot
+            TYPE               : 1  KERNEL_DRIVER
+            START_TYPE         : 0   BOOT_START
+            ERROR_CONTROL      : 1   NORMAL
+            BINARY_PATH_NAME   : \SystemRoot\system32\drivers\WdBoot.sys
+            LOAD_ORDER_GROUP   : Early-Launch
+            TAG                : 0
+            DISPLAY_NAME       : Windows Defender Boot Driver
+            DEPENDENCIES       :
+            SERVICE_START_NAME :
+    ```
+    If the ELAM driver is disabled the output will be:
+    ```
+    [SC] QueryServiceConfig SUCCESS
 
-The following table provides information on issues with non-compliance and how you can address the issues.
+    SERVICE_NAME: WdBoot
+            TYPE               : 1  KERNEL_DRIVER
+            START_TYPE         : 0   DEMAND_START
+            ERROR_CONTROL      : 1   NORMAL
+            BINARY_PATH_NAME   : \SystemRoot\system32\drivers\WdBoot.sys
+            LOAD_ORDER_GROUP   : _Early-Launch
+            TAG                : 0
+            DISPLAY_NAME       : Windows Defender Boot Driver
+            DEPENDENCIES       :
+            SERVICE_START_NAME :
+    ```
 
-Case | Symptoms | Possible cause and troubleshooting steps
-:---|:---|:---
-1 | Machine is compliant by SenseIsRunning OMA-URI. But is non-compliant by OrgId, Onboarding and OnboardingState OMA-URIs. | **Possible cause:** Check that user passed OOBE after Windows installation or upgrade. During OOBE onboarding couldn't be completed but SENSE is running already. <br><br> **Troubleshooting steps:** Wait for OOBE to complete.
-2 |  Machine is compliant by OrgId, Onboarding, and OnboardingState OMA-URIs, but is non-compliant by SenseIsRunning OMA-URI. |  **Possible cause:** Sense service's startup type is set as "Delayed Start". Sometimes this causes the Microsoft Intune server to report the machine as non-compliant by SenseIsRunning when DM session occurs on system start. <br><br> **Troubleshooting steps:** The issue should automatically be fixed within 24 hours.
-3 | Machine is non-compliant | **Troubleshooting steps:** Ensure that Onboarding and Offboarding policies are not deployed on the same machine at same time.
+#### Enable the ELAM driver
 
-<br>
-**Mobile Device Management (MDM) event logs**
+1. Open an elevated PowerShell console on the endpoint:
 
-View the MDM event logs to troubleshoot issues that might arise during onboarding:
+  a. Click **Start**, type **powershell**.
 
-Log name: Microsoft\Windows\DeviceManagement-EnterpriseDiagnostics-Provider 
+  b. Right-click **Command prompt** and select **Run as administrator**.
 
-Channel name: Admin
+2. Run the following PowerShell cmdlet:
 
-ID | Severity | Event description | Description
-:---|:---|:---|:---
-1801 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Get Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3) | Windows Defender ATP has failed to get specific node's value. <br> TokenName: Contains node name that caused the error. <br> Result: Error details.  
-1802 | Information | Windows Defender Advanced Threat Protection CSP: Get Node's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3) |  Windows Defender ATP has completed to get specific node's value. <br> TokenName: Contains node name <br><br> Result: Error details or succeeded.
-1819 | Error | Windows Defender Advanced Threat Protection CSP: Failed to Set Node's Value. NodeId: (%1), TokenName: (%2), Result: (%3). | Windows Defender ATP has completed to get specific node's value. <br><br> TokenName: Contains node name that caused the error <br><br> Result: Error details.
-1820 | Information | Windows Defender Advanced Threat Protection CSP: Set Nod's Value complete. NodeId: (%1), TokenName: (%2), Result: (%3). | Windows Defender ATP has completed to get specific node's value. <br><br> TokenName: Contains node name <br><br> Result: Error details or succeeded.
+    ```text
+    'Set-ExecutionPolicy -ExecutionPolicy Bypass’
+    ```
+3. Run the following PowerShell script:
+
+    ```text
+    Add-Type @'
+    using System;
+    using System.IO;
+    using System.Runtime.InteropServices;
+    using Microsoft.Win32.SafeHandles;
+    using System.ComponentModel;
+
+    public static class Elam{
+        [DllImport("Kernel32", CharSet=CharSet.Auto, SetLastError=true)]
+        public static extern bool InstallELAMCertificateInfo(SafeFileHandle handle);
+
+        public static void InstallWdBoot(string path)
+        {
+            Console.Out.WriteLine("About to call create file on {0}", path);
+            var stream = File.Open(path, FileMode.Open, FileAccess.Read, FileShare.Read);
+            var handle = stream.SafeFileHandle;
+
+            Console.Out.WriteLine("About to call InstallELAMCertificateInfo on handle {0}", handle.DangerousGetHandle());
+            if (!InstallELAMCertificateInfo(handle))
+            {
+                Console.Out.WriteLine("Call failed.");
+                throw new Win32Exception(Marshal.GetLastWin32Error());
+            }
+            Console.Out.WriteLine("Call successful.");
+        }
+    }
+    '@
+
+    $driverPath = $env:SystemRoot + "\System32\Drivers\WdBoot.sys"
+    [Elam]::InstallWdBoot($driverPath)
+    ```
 
 
-<!--
-
-## There are no users in the Azure Active Directory
-If you don't see any users in the [Azure Management Portal](https://manage.windowsazure.com/) during the service onboarding stage, you might need to add users to the directory first.
-
-1.  Go to the Azure Management Portal and select the directory you want to manage.
-
-2.  Click **Users** from the top menu bar.
-
-    ![Example Azure Management Portal organization](images/contoso-users.png)
-
-3.  Click **Add user** from the menu bar at the bottom.
-
-    ![Add user menu](images/add-user.png)
-
-4.  Select the type of user and enter their details. There might be multiple steps in the **Add user** dialog box depending on the type of user. When you're done, click **Complete** ![Check icon](images/check-icon.png) or **OK**.
-
-5.  Continue to add users. They will now appear in the **Users** section of the **Windows ATP Service** application. You must assign the user a role before they can access the [Windows Defender ATP portal](https://securitycenter.windows.com/).
-
-## The Windows Defender ATP app doesn't appear in the Azure Management Portal
-If you remove access for all users to the Windows ATP Service application (by clicking Manage access), you will not see the application in the list of applications in your directory in the [Azure Management Portal](https://manage.windowsazure.com/).
-
-Log in to the application in the Azure Management Portal again:
-
-1.  Sign in to the [Windows Defender ATP portal](https://securitycenter.windows.com/) with the user account you want to give access to.
-
-2.  Confirm that you have signed in with the correct details, and click **Accept**.
-
-3.  Go to the [Azure Management Portal](https://manage.windowsazure.com/) and navigate to your directory. You will see the **Windows ATP Service** application in the **Applications** section again.
-
--->
 
 ## Related topics
 - [Configure Windows Defender ATP endpoints](configure-endpoints-windows-defender-advanced-threat-protection.md)
 - [Configure endpoint proxy and Internet connectivity settings](configure-proxy-internet-windows-defender-advanced-threat-protection.md)
-
diff --git a/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md b/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
index 8340e9dcc0..150079eaff 100644
--- a/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/troubleshoot-windows-defender-advanced-threat-protection.md
@@ -8,16 +8,18 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 # Troubleshoot Windows Defender Advanced Threat Protection
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
 This section addresses issues that might arise as you use the Windows Defender Advanced Threat service.
 
 ### Server error - Access is denied due to invalid credentials
@@ -39,9 +41,11 @@ U.S. region:
 - sevillefeedback-prd.trafficmanager.net			
 - sevillesettings-prd.trafficmanager.net			
 - threatintel-cus-prd.cloudapp.net			
-- threatintel-eus-prd.cloudapp.net			
-
-
+- threatintel-eus-prd.cloudapp.net
+- winatpauthorization.windows.com
+- winatpfeedback.windows.com
+- winatpmanagement.windows.com
+- winatponboarding.windows.com
 
 EU region:
 
@@ -52,7 +56,10 @@ EU region:
 - sevillesettings-prd.trafficmanager.net
 - threatintel-neu-prd.cloudapp.net
 - threatintel-weu-prd.cloudapp.net
-
+- winatpauthorization.windows.com
+- winatpfeedback.windows.com
+- winatpmanagement.windows.com
+- winatponboarding.windows.com
 
 ### Windows Defender ATP service shows event or error logs in the Event Viewer
 
diff --git a/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md b/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md
index e60c0f663c..df382bc1fe 100644
--- a/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md
+++ b/windows/keep-secure/troubleshoot-windows-defender-in-windows-10.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: jasesso
 ---
 
@@ -316,8 +317,8 @@ Description of the error. </dt>
 <p>To troubleshoot this event:
 <ol>
 <li>Run the scan again.</li>
-<li>If it fails in the same way, go to the <a href="http://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
-<li>Contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
+<li>If it fails in the same way, go to the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
+<li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
 </p>
@@ -1013,8 +1014,40 @@ Result code associated with threat status. Standard HRESULT values.</dt>
 Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
-</dl>
+<p>NOTE:
+<p>Whenever Windows Defender, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services which the malware might have changed:<ul>
+<li>Default Internet Explorer or Edge setting</li>
+<li>User Access Control settings</li>
+<li>Chrome settings</li>
+<li>Boot Control Data</li>
+<li>Regedit and Task Manager registry settings</li>
+<li>Windows Update, Background Intelligent Transfer Service, and Remote Procedure Call service</li>
+<li>Windows Operating System files</li></ul>
+The above context applies to the following client and server versions:
+<table>
+<tr>
+<th>Operating system</th>
+<th>Operating system version</th>
+</tr>
+<tr>
+<td>
+<p>Client Operating System </p>
+</td>
+<td>
+<p>Windows Vista (Service Pack 1, or Service Pack 2), Windows 7 and later</p>
+</td>
+</tr>
+<tr>
+<td>
+<p>Server Operating System</p>
+</td>
+<td>
+<p>Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and Windows Server 2016</p>
+</td>
+</tr>
+</table>
 </p>
+</dl>
 </td>
 </tr>
 <tr>
@@ -1258,8 +1291,8 @@ Description of the error. </dt>
 <p> </p>
 <p>If this event persists:<ol>
 <li>Run the scan again.</li>
-<li>If it fails in the same way, go to the <a href="http://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
-<li>Contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
+<li>If it fails in the same way, go to the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
+<li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
 </p>
@@ -1472,13 +1505,13 @@ Description of the error. </dt>
 <li>Update the definitions. Either:<ol>
 <li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
 </li>
-<li>Download the latest definitions from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
+<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
 </li>
 </ol>
 </li>
 <li>Review the entries in the %Windir%\WindowsUpdate.log file for more information about this error.</li>
-<li>Contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
+<li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
 </p>
@@ -1575,12 +1608,12 @@ Description of the error. </dt>
 <li>Update the definitions. Either:<ol>
 <li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
 </li>
-<li>Download the latest definitions from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
+<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
 </li>
 </ol>
 </li>
-<li>Contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
+<li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
 </p>
@@ -1631,10 +1664,10 @@ Description of the error. </dt>
 <p>To troubleshoot this event:
 <ol>
 <li>Restart the computer and try again.</li>
-<li>Download the latest definitions from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
+<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
 </li>
-<li>Contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
+<li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
 </p>
@@ -2290,7 +2323,7 @@ Description of the error. </dt>
 <p>User action:</p>
 </td>
 <td colspan="2">
-<p>The real-time protection feature has restarted. If this event happens again, contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>. </p>
+<p>The real-time protection feature has restarted. If this event happens again, contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>. </p>
 </td>
 </tr>
 <tr>
@@ -2466,7 +2499,7 @@ or Hang</dt>
 </li>
 </ul>
 </li>
-<li>If it fails in the same way, look up the error code by accessing the <a href="http://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support Site</a>  and entering the error number in the <b>Search</b> box, and contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.</li>
+<li>If it fails in the same way, look up the error code by accessing the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support Site</a>  and entering the error number in the <b>Search</b> box, and contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.</li>
 </ol>
 </p>
 </td>
@@ -2480,8 +2513,8 @@ or Hang</dt>
 <p>To troubleshoot this event:
 <ol>
 <li>Run the scan again.</li>
-<li>If it fails in the same way, go to the <a href="http://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
-<li>Contact <a href="http://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
+<li>If it fails in the same way, go to the <a href="https://go.microsoft.com/fwlink/?LinkId=215163">Microsoft Support site</a>, enter the error number in the <b>Search</b> box to look for the error code.</li>
+<li>Contact <a href="https://go.microsoft.com/fwlink/?LinkId=215491">Microsoft Technical Support</a>.
 </li>
 </ol>
 </p>
@@ -2663,6 +2696,7 @@ Description of the error. </dt>
 </td>
 </tr>
 </table>
+
 ## Windows Defender client error codes
 If Windows Defender experiences any issues it will usually give you an error code to help you troubleshoot the issue. Most often an error means there was a problem installing an update.
 This section provides the following information about Windows Defender client errors.
@@ -2720,8 +2754,8 @@ Use the information in these tables to help troubleshoot Windows Defender error
 <li>Update the definitions. Either:<ol>
 <li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
 </li>
-<li>Download the latest definitions from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
+<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
 </li>
 </ol>
 </li>
@@ -2963,8 +2997,8 @@ article</a>.</p>
 <li>Update the definitions. Either:<ol>
 <li>Click the <b>Update definitions</b> button on the <b>Update</b> tab in Windows Defender. <img src="images/defender-updatedefs2.png" alt="Update definitions in Windows Defender"/><p>Or,</p>
 </li>
-<li>Download the latest definitions from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
-<p>Note: The size of the definitions file downloaded from the <a href="http://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
+<li>Download the latest definitions from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a>.
+<p>Note: The size of the definitions file downloaded from the <a href="https://go.microsoft.com/fwlink/?LinkID=200965">Microsoft Malware Protection Center</a> can exceed 60 MB and should not be used as a long-term solution for updating definitions.</p>
 </li>
 </ol>
 </li>
diff --git a/windows/keep-secure/trusted-platform-module-overview.md b/windows/keep-secure/trusted-platform-module-overview.md
index e7b6e784ff..8b0098f582 100644
--- a/windows/keep-secure/trusted-platform-module-overview.md
+++ b/windows/keep-secure/trusted-platform-module-overview.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: high
 author: brianlic-msft
 ---
 
diff --git a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
index ff626bb1de..5973f94f6f 100644
--- a/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/keep-secure/trusted-platform-module-services-group-policy-settings.md
@@ -22,33 +22,38 @@ The TPM Services Group Policy settings are located at:
 
 **Computer Configuration\\Administrative Templates\\System\\Trusted Platform Module Services\\**
 
-| Setting | Windows 10 | Windows Server 2012 R2, Windows 8.1 and Windows RT | Windows Server 2012, Windows 8 and Windows RT | Windows Server 2008 R2 and Windows 7 | Windows Server 2008 and Windows Vista |
-| - | - | - | - | - | - |
-| [Turn on TPM backup to Active Directory Domain Services](#bkmk-tpmgp-addsbu) | X| X| X| X| X| 
-| [Configure the list of blocked TPM commands](#bkmk-tpmgp-clbtc)| X| X| X| X| X| 
-| [Ignore the default list of blocked TPM commands](#bkmk-tpmgp-idlb) | X| X| X| X| X| 
-| [Ignore the local list of blocked TPM commands](#bkmk-tpmgp-illb) | X| X| X| X| X| 
-| [Configure the level of TPM owner authorization information available to the operating system](#bkmk-tpmgp-oauthos)| X| X| X|||  
-| [Standard User Lockout Duration](#bkmk-tpmgp-suld)| X| X| X|||  
-| [Standard User Individual Lockout Threshold](#bkmk-tpmgp-suilt)| X| X| X|||  
-| [Standard User Total Lockout Threshold](#bkmk-tpmgpsutlt)| X| X| X||||
- 
+| Setting | Windows 10, version 1607 | Windows 10, version 1511 and Windows 10, version 1507 | Windows Server 2012 R2, Windows 8.1 and Windows RT | Windows Server 2012, Windows 8 and Windows RT | Windows Server 2008 R2 and Windows 7 | Windows Server 2008 and Windows Vista |
+| - | - | - | - | - | - | - |
+| [Turn on TPM backup to Active Directory Domain Services](#bkmk-tpmgp-addsbu) | | X| X| X| X| X| 
+| [Configure the list of blocked TPM commands](#bkmk-tpmgp-clbtc)| X| X| X| X| X| X| 
+| [Ignore the default list of blocked TPM commands](#bkmk-tpmgp-idlb) | X| X| X| X| X| X| 
+| [Ignore the local list of blocked TPM commands](#bkmk-tpmgp-illb) | X| X| X| X| X| X| 
+| [Configure the level of TPM owner authorization information available to the operating system](#bkmk-tpmgp-oauthos)| | X| X| X|||  
+| [Standard User Lockout Duration](#bkmk-tpmgp-suld)| X| X| X| X|||  
+| [Standard User Individual Lockout Threshold](#bkmk-tpmgp-suilt)| X| X| X| X|||  
+| [Standard User Total Lockout Threshold](#bkmk-tpmgpsutlt)| X| X| X| X||||
+
 ### <a href="" id="bkmk-tpmgp-addsbu"></a>Turn on TPM backup to Active Directory Domain Services
 
 This policy setting allows you to manage the Active Directory Domain Services (AD DS) backup of TPM owner information.
 
->**Note:**  This policy setting applies to the Windows operating systems listed in the [version table](#bkmk-version-table).
- 
+>[!NOTE]  
+>This policy setting applies to the Windows operating systems listed in the [version table](#bkmk-version-table).
+
+
 TPM owner information includes a cryptographic hash of the TPM owner password. Certain TPM commands can be run only by the TPM owner. This hash authorizes the TPM to run these commands.
 
->**Important:**  To back up TPM owner information from a computer running Windows 10, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. Windows Server 2012 R2 and Windows Server 2012 include the required schema extensions by default. For more information, see [AD DS schema extensions to support TPM backup](ad-ds-schema-extensions-to-support-tpm-backup.md).
- 
-The TPM cannot be used to provide enhanced security features for BitLocker Drive Encryption and other applications without first setting an owner. To take ownership of the TPM with an owner password, on a local computer at the command prompt, type **tpm.msc** to open the TPM Management Console and select the action to **Initialize TPM**. If the TPM owner information is lost or is not available, limited TPM management is possible by running **tpm.msc**.
+>[!IMPORTANT]  
+>To back up TPM owner information from a computer running Windows 10, version 1507, Windows 10, version 1511, Windows 8.1, or Windows 8, you might need to first set up appropriate schema extensions and access control settings on the domain so that the AD DS backup can succeed. Windows Server 2012 R2 and Windows Server 2012 include the required schema extensions by default. For more information, see [AD DS schema extensions to support TPM backup](ad-ds-schema-extensions-to-support-tpm-backup.md). This functionality is discontinued starting with Windows 10, version 1607.
 
 If you enable this policy setting, TPM owner information will be automatically and silently backed up to AD DS when you use Windows to set or change a TPM owner password. When this policy setting is enabled, a TPM owner password cannot be set or changed unless the computer is connected to the domain and the AD DS backup succeeds.
 
 If you disable or do not configure this policy setting, TPM owner information will not be backed up to AD DS.
 
+>[!NOTE]  
+> The **Turn on TPM backup to Active Directory Domain Services** is not available in the Windows 10, version 1607 and Windows Server 2016 and later versions of the ADMX files.
+
+
 ### <a href="" id="bkmk-tpmgp-clbtc"></a>Configure the list of blocked TPM commands
 
 This policy setting allows you to manage the Group Policy list of Trusted Platform Module (TPM) commands that are blocked by Windows.
@@ -99,10 +104,10 @@ This policy setting configures how much of the TPM owner authorization informati
 There are three TPM owner authentication settings that are managed by the Windows operating system. You can choose a value of **Full**, **Delegate**, or **None**.
 
 -   **Full**   This setting stores the full TPM owner authorization, the TPM administrative delegation blob, and the TPM user delegation blob in the local registry. With this setting, you can use the TPM without requiring remote or external storage of the TPM owner authorization value. This setting is appropriate for scenarios that do not require you to reset the TPM anti-hammering logic or change the TPM owner authorization value. Some TPM-based applications may require that this setting is changed before features that depend on the TPM anti-hammering logic can be used.
--   **Delegated**   This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. When you use this setting, we recommend using external or remote storage for the full TPM owner authorization value—for example, backing up the value in Active Directory Domain Services (AD DS).
+-   **Delegated**   This setting stores only the TPM administrative delegation blob and the TPM user delegation blob in the local registry. This setting is appropriate for use with TPM-based applications that depend on the TPM antihammering logic. This is the default setting in Windows.
 -   **None**   This setting provides compatibility with previous operating systems and applications. You can also use it for scenarios when TPM owner authorization cannot be stored locally. Using this setting might cause issues with some TPM-based applications.
 
->**Note:**  If the operating system managed TPM authentication setting is changed from **Full** to **Delegated**, the full TPM owner authorization value will be regenerated, and any copies of the previously set TPM owner authorization value will be invalid. If you are backing up the TPM owner authorization value to AD DS, the new owner authorization value is automatically backed up to AD DS when it is changed.
+>**Note:**  If the operating system managed TPM authentication setting is changed from **Full** to **Delegated**, the full TPM owner authorization value will be regenerated, and any copies of the previously set TPM owner authorization value will be invalid.
  
 **Registry information**
 
@@ -132,8 +137,6 @@ authorization to the TPM.
  
 The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it is global for all users (including administrators) and for Windows features such as BitLocker Drive Encryption.
 
-The number of authorization failures that a TPM allows and how long it stays locked vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time, with fewer authorization failures, depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require that the system is on so enough clock cycles elapse before the TPM exits the lockout mode.
-
 This setting helps administrators prevent the TPM hardware from entering a lockout mode by slowing the speed at which standard users can send commands that require authorization to the TPM.
 
 For each standard user, two thresholds apply. Exceeding either threshold prevents the user from sending a command that requires authorization to the TPM. Use the following policy settings to set the lockout duration:
@@ -176,8 +179,6 @@ For each standard user two thresholds apply. Exceeding either threshold will pre
 The TPM is designed to protect itself against password guessing attacks by entering a hardware lockout mode when it receives too many commands with an incorrect authorization value. When the TPM enters a lockout mode, it is global for all users (including administrators) and for Windows features 
 such as BitLocker Drive Encryption..
 
-The number of authorization failures a TPM allows and how long it stays locked out vary by TPM manufacturer. Some TPMs may enter lockout mode for successively longer periods of time with fewer authorization failures depending on past failures. Some TPMs may require a system restart to exit the lockout mode. Other TPMs may require the system to be on so enough clock cycles elapse before the TPM exits the lockout mode.
-
 An administrator with the TPM owner password can fully reset the TPM's hardware lockout logic by using the TPM Management Console (tpm.msc). Each time an administrator resets the TPM's hardware lockout logic, all prior standard user TPM authorization failures are ignored. This allows standard users to immediately use the TPM normally.
 
 If you do not configure this policy setting, a default value of 9 is used. A value of zero means that the operating system will not allow standard users to send commands to the TPM, which might cause an authorization failure.
diff --git a/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md
index 758bffcd66..618894db96 100644
--- a/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md
+++ b/windows/keep-secure/turn-on-windows-firewall-and-configure-default-behavior.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 To enable Windows Firewall and configure its default behavior, use the Windows Firewall with Advanced Security node in the Group Policy Management console.
 
diff --git a/windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md b/windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md
index e81dff792a..0ab40df034 100644
--- a/windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md
+++ b/windows/keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md
@@ -8,6 +8,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: iaanw
 ---
 
@@ -23,7 +24,8 @@ For a list of the cmdlets and their functions and available parameters, see the
 
 PowerShell cmdlets are most useful in Windows Server environments that don't rely on a graphical user interface (GUI) to configure software. 
 
-> **Note:**&nbsp;&nbsp;PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as [System Center Configuration Manager](https://technet.microsoft.com/en-us/library/gg682129.aspx), [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx), or [Windows Defender Group Policy ADMX templates](https://support.microsoft.com/en-us/kb/927367).
+> [!NOTE]
+> PowerShell cmdlets should not be used as a replacement for a full network policy management infrastructure, such as [System Center Configuration Manager](https://technet.microsoft.com/en-us/library/gg682129.aspx), [Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc731212.aspx), or [Windows Defender Group Policy ADMX templates](https://support.microsoft.com/en-us/kb/927367).
 
 PowerShell is typically installed under the folder _%SystemRoot%\system32\WindowsPowerShell_.
 
@@ -32,7 +34,8 @@ PowerShell is typically installed under the folder _%SystemRoot%\system32\Window
 
 1. Click **Start**, type **powershell**, and press **Enter**.
 2. Click **Windows PowerShell** to open the interface. 
-    > **Note:**&nbsp;&nbsp;You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
+    > [!NOTE]
+    > You may need to open an administrator-level version of PowerShell. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt.
 3. Enter the command and parameters.
 
 To open online help for any of the cmdlets type the following:
@@ -41,3 +44,7 @@ To open online help for any of the cmdlets type the following:
 Get-Help <cmdlet> -Online
 ```
 Omit the `-online` parameter to get locally cached help.
+
+## Related topics
+
+- [Windows Defender in Windows 10](windows-defender-in-windows-10.md)
\ No newline at end of file
diff --git a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
index 717abdaec8..2f238a4d6d 100644
--- a/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/use-windows-defender-advanced-threat-protection.md
@@ -8,17 +8,19 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Use the Windows Defender Advanced Threat Protection portal
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
 A typical security breach investigation requires a member of a security operations team to:
 
 1. View an alert on the **Dashboard** or **Alerts queue**
@@ -41,6 +43,6 @@ Topic | Description
 [Investigate alerts](investigate-alerts-windows-defender-advanced-threat-protection.md)| Investigate alerts in Windows Defender ATP which might indicate possible security breaches on endpoints in your organization.
 [Investigate machines](investigate-machines-windows-defender-advanced-threat-protection.md) | The **Machines view** shows a list of the machines in your network, the corresponding number of active alerts for each machine categorized by alert severity levels, as well as the number of threats.
 [Investigate files](investigate-files-windows-defender-advanced-threat-protection.md) | Investigate the details of a file associated with a specific alert, behavior, or event to help determine if the file exhibits malicious activities, identify the attack motivation, and understand the potential scope of the breach.
-[Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between your machines and external internet protocol (IP) addresses.
+[Investigate an IP address](investigate-ip-windows-defender-advanced-threat-protection.md) | Examine possible communication between your machines and external Internet protocol (IP) addresses.
 [Investigate a domain](investigate-domain-windows-defender-advanced-threat-protection.md) | Investigate a domain to see if machines and servers in your enterprise network have been communicating with a known malicious domain.
 [Manage alerts](manage-alerts-windows-defender-advanced-threat-protection.md) | The **Manage Alert** menu on every alert lets you change an alert's status, resolve it, suppress it, or contribute comments about the alert.
diff --git a/windows/keep-secure/user-account-control-group-policy-and-registry-key-settings.md b/windows/keep-secure/user-account-control-group-policy-and-registry-key-settings.md
index e2e57dd1bd..3aabc0a07e 100644
--- a/windows/keep-secure/user-account-control-group-policy-and-registry-key-settings.md
+++ b/windows/keep-secure/user-account-control-group-policy-and-registry-key-settings.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 **Applies to**
 
 - Windows 10
-- Windows Server 2016 Technical Preview
+- Windows Server 2016
 
 ## Group Policy settings
 There are 10 Group Policy settings that can be configured for User Account Control (UAC). The table lists the default for each of the policy settings, and the following sections explain the different UAC policy settings and provide recommendations. These policy settings are located in **Security Settings\\Local Policies\\Security Options** in the Local Security Policy snap-in. For more information about each of the Group Policy settings, see the Group Policy description. For information about the registry key settings, see [Registry key settings](#registry-key-settings).
diff --git a/windows/keep-secure/user-account-control-overview.md b/windows/keep-secure/user-account-control-overview.md
index 32edfe0160..66f1abdc16 100644
--- a/windows/keep-secure/user-account-control-overview.md
+++ b/windows/keep-secure/user-account-control-overview.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: operate
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: high
 author: brianlic-msft
 ---
 
@@ -13,7 +14,7 @@ author: brianlic-msft
 
 **Applies to**
 - Windows 10
-- Windows Server 2016 Technical Preview
+- Windows Server 2016
 
 User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.
 
diff --git a/windows/keep-secure/verify-that-network-traffic-is-authenticated.md b/windows/keep-secure/verify-that-network-traffic-is-authenticated.md
index 44e4ba7803..88ab773159 100644
--- a/windows/keep-secure/verify-that-network-traffic-is-authenticated.md
+++ b/windows/keep-secure/verify-that-network-traffic-is-authenticated.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 After you have configured your domain isolation rule to request, rather than require, authentication, you must confirm that the network traffic sent by the devices on the network is being protected by IPsec authentication as expected. If you switch your rules to require authentication before all of the devices have received and applied the correct GPOs, or if there are any errors in your rules, then communications on the network can fail. By first setting the rules to request authentication, any network connections that fail authentication can continue in clear text while you diagnose and troubleshoot.
 
@@ -25,7 +25,7 @@ In these procedures, you confirm that the rules you deployed are working correct
 
 -   **Encryption zone.** Similar to the main isolation zone, after you confirm that the network traffic to zone members is properly authenticated and encrypted, you must convert your zone rules from request mode to require mode.
 
->**Note:**  In addition to the steps shown in this procedure, you can also use network traffic capture tools such as Microsoft Network Monitor, which can be downloaded from <http://go.microsoft.com/fwlink/?linkid=94770>. Network Monitor and similar tools allow you to capture, parse, and display the network packets received by the network adapter on your device. Current versions of these tools include full support for IPsec. They can identify encrypted network packets, but they cannot decrypt them.
+>**Note:**  In addition to the steps shown in this procedure, you can also use network traffic capture tools such as Microsoft Network Monitor, which can be downloaded from <https://go.microsoft.com/fwlink/?linkid=94770>. Network Monitor and similar tools allow you to capture, parse, and display the network packets received by the network adapter on your device. Current versions of these tools include full support for IPsec. They can identify encrypted network packets, but they cannot decrypt them.
 
  
 
diff --git a/windows/keep-secure/vpn-profile-options.md b/windows/keep-secure/vpn-profile-options.md
index 5ad97a8461..90c8e2aa2d 100644
--- a/windows/keep-secure/vpn-profile-options.md
+++ b/windows/keep-secure/vpn-profile-options.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security, networking
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # VPN profile options
@@ -51,9 +52,16 @@ A VPN profile configured with LockDown secures the device to only allow network
 -   Only one VPN LockDown profile is allowed on a device.
 > **Note:**  For inbox VPN, Lockdown VPN is only available for the Internet Key Exchange version 2 (IKEv2) tunnel type.
  
+## Learn about VPN and the Conditional Access Framework in Azure Active Directory
+
+- [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 1)](https://blogs.technet.microsoft.com/tip_of_the_day/2016/03/12/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn/)
+- [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 2)](https://blogs.technet.microsoft.com/tip_of_the_day/2016/03/14/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-2/)
+- [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 3)](https://blogs.technet.microsoft.com/tip_of_the_day/2016/03/15/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-3/)
+- [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 4)](https://blogs.technet.microsoft.com/tip_of_the_day/2016/03/16/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-4/)
+
 ## Learn more
 
-- [Learn how to configure VPN connections in Microsoft Intune](https://docs.microsoft.com/en-us/intune/deploy-use/vpn-connections-in-microsoft-intune)
-- [VPNv2 configuration service provider (CSP) reference](http://go.microsoft.com/fwlink/p/?LinkId=617588)
-- [How to Create VPN Profiles in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=618028)
+- [Learn how to configure VPN connections in Microsoft Intune](https://docs.microsoft.com/intune/deploy-use/vpn-connections-in-microsoft-intune)
+- [VPNv2 configuration service provider (CSP) reference](https://go.microsoft.com/fwlink/p/?LinkId=617588)
+- [How to Create VPN Profiles in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=618028)
 
diff --git a/windows/keep-secure/why-a-pin-is-better-than-a-password.md b/windows/keep-secure/why-a-pin-is-better-than-a-password.md
index d254ddcb1a..4fb387f147 100644
--- a/windows/keep-secure/why-a-pin-is-better-than-a-password.md
+++ b/windows/keep-secure/why-a-pin-is-better-than-a-password.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Why a PIN is better than a password
@@ -29,7 +30,7 @@ Even you can't use that PIN anywhere except on that specific device. If you want
 
 A password is transmitted to the server -- it can be intercepted in transmission or stolen from a server. A PIN is local to the device -- it isn't transmitted anywhere and it isn't stored on the server.
 When the PIN is created, it establishes a trusted relationship with the identity provider and creates an asymmetric key pair that is used for authentication. When you enter your PIN, it unlocks the authentication key and uses the key to sign the request that is sent to the authenticating server.
-> **Note:**  For details on how Hello uses asymetric key pairs for authentication, see [Microsoft Passport guide](http://go.microsoft.com/fwlink/p/?LinkId=691928).
+> **Note:**  For details on how Hello uses asymetric key pairs for authentication, see [Microsoft Passport guide](https://go.microsoft.com/fwlink/p/?LinkId=691928).
  
 ## PIN is backed by hardware
 
@@ -69,7 +70,7 @@ If you only had a biometric sign-in configured and, for any reason, were unable
 
 ## Related topics
 
-[Manage identity verification using Microsoft Passport](manage-identity-verification-using-microsoft-passport.md)
+[Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
 
 [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)
  
\ No newline at end of file
diff --git a/windows/keep-secure/windows-10-mobile-security-guide.md b/windows/keep-secure/windows-10-mobile-security-guide.md
index 16389caf95..85ff61bf41 100644
--- a/windows/keep-secure/windows-10-mobile-security-guide.md
+++ b/windows/keep-secure/windows-10-mobile-security-guide.md
@@ -1,254 +1,167 @@
 ---
 title: Windows 10 Mobile security guide (Windows 10)
-description: This guide provides a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security.
+description: This guide provides a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security.
 ms.assetid: D51EF508-699E-4A68-A7CD-91D821A97205
 keywords: data protection, encryption, malware resistance, smartphone, device, Windows Store
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security, mobile
+localizationpriority: high
 author: AMeeus
 ---
-
 # Windows 10 Mobile security guide
 
-**Applies to**
--   Windows 10 Mobile
+*Applies to Windows 10 Mobile, version 1511 and Windows Mobile, version 1607*
 
-This guide provides a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security.
+>This guide provides a detailed description of the most important security features in the Windows 10 Mobile operating system—identity access and control, data protection, malware resistance, and app platform security.
 
-## Overview
+Smartphones now serve as a primary productivity tool for business workers and, just like desktops or laptops, need to be secured against malware and data theft. Protecting these devices can be challenging due to the wide range of device operating systems and configurations and the fact that many employees use their own personal devices. IT needs to secure corporate assets on every device, but also ensure the privacy of the user’s personal apps and data. 
+Windows 10 Mobile addresses these security concerns directly, whether workers are using personal or corporate-owned devices. It uses the same security technologies as the Windows 10 operating system to help protect against known and emerging security threats across the spectrum of attack vectors. These technologies include:
+-	**Windows Hello for Business** Enhanced identity and access control features ensure that only authorized users can access corporate data and resources. Windows Hello simplifies multifactor authentication (MFA) deployment and use, offering PIN, companion device, and biometric authentication methods. 
+-	**Windows Information Protection** Automatic data separation keeps corporate information from being shared with personal data and apps.
+-	**Malware resistance** Multi-layered protections built into the device hardware, startup processes, and app platform help reduce the threat of malware that can compromise employee devices. 
 
-Windows 10 Mobile is specifically designed for smartphones and small tablets. It uses the same security technologies as the Windows 10 operating system to help protect against known and emerging security threats across the spectrum of attack vectors. Several broad categories of security work went into Windows 10 Mobile:
+This guide helps IT administrators better understand the security features in Windows 10 Mobile, which can be used to improve protection against unauthorized access, data leakage, and malware. 
 
--   **Identity and access control.** Microsoft has greatly enhanced identity and access control features to simplify and improve the security of user authentication. These features include Windows Hello and Microsoft Passport, which better protect user identities through easy-to-deploy and easy-to-use multifactor authentication (MFA). (Windows Hello requires either a specialized illuminated infrared \[IR\] camera for facial recognition and iris detection or a finger print reader that supports the Windows Biometric Framework.)
--   **Data protection.** Confidential data is better protected from compromise than ever before. Windows 10 Mobile uses several data-protection technologies and delivers them in a user-friendly and IT-manageable way.
--   **Malware resistance.**Windows 10 Mobile helps protect critical system resources and apps to reduce the threat of malware, including support for enterprise-grade secure hardware and Secure Boot.
--   **App platform security.** The Windows 10 Mobile enterprise-grade secure app platform provides multiple layers of security. For example, Windows Store checks all apps for malware to help prevent malware from reaching devices. 
+**In this article:**
+-	Windows Hello for Business
+-	Windows Information Protection
+-	Malware resistance
 
-In addition, AppContainer application isolation helps prevent any malicious app from compromising other apps.
+## Windows Hello
 
-This guide explains each of these technologies and how they help protect your Windows 10 Mobile devices.
+Windows 10 Mobile includes Windows Hello, a simple, yet powerful, multifactor authentication solution that confirms a user’s identity before allowing access to corporate confidential information and resources. Multifactor authentication is a more secure alternative to password-based device security. Users dislike having to enter long, complex passwords – particularly on a mobile device touch screen – that corporate policy requires they change frequently. This leads to poor security practices like password reuse, written down passwords, or weak password creation. 
 
-## Identity and access control
+Windows Hello offers a simple, cost-effective way to deploy multifactor authentication across your organization. Unlike smart cards, it does not require public key infrastructure or the implementation of additional hardware. Workers use a PIN, a companion device (like Microsoft Band), or biometrics to validate their identity for accessing corporate resources on their Azure Active Directory (Azure AD) registered Windows 10 Mobile device. 
 
-A fundamental component of security is the notion that a user has a unique identity and that that identity is either allowed or denied access to resources. This notion is traditionally known as access control, which has three parts:
--   **Identification.** The user (subject) asserts a unique identity to the computer system for the purpose of accessing a resource (object), such as a file or an app.
--   **Authentication.** Authentication is the process of proving the asserted identity and verifying that the subject is indeed the subject.
--   **Authorization.** The system compares the authenticated subject’s access rights against the object’s permissions and either allows or denies the requested access.
+Because Windows Hello is supported across all Windows 10 devices, organizations can uniformly implement multifactor authentication across their environment. Deploying Windows Hello on Windows 10 Mobile devices does require Azure AD (sold separately), but you can use Azure AD Connect to synchronize with your on-premises Active Directory services.
 
-The way an operating system implements these components makes a difference in preventing attackers from accessing corporate data. Only users who prove their identities and are authorized to access that data can access it. In security, however, there are varying degrees of identity proof and many different requirements for authorization limits. The access control flexibility most corporate environments need presents a challenge for any operating system. Table 1 lists typical Windows access control challenges and the solutions that Windows 10 Mobile offers.
+Windows Hello supports iris scan, fingerprint, and facial recognition-based authentication for devices that have biometric sensors. 
 
-Table 1. Windows 10 Mobile solutions for typical access control challenges
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Access control challenge</th>
-<th align="left">Windows 10 Mobile solutions</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Organizations frequently use passwords to authenticate users and provide access to business applications or the corporate network, because more trustworthy authentication alternatives are too complex and costly to deploy.</p></td>
-<td align="left"><p>Windows Hello provides biometrics to identify the user and unlock the device that closely integrates with Microsoft Passport to identify, authenticate, and authorize users to access the corporate network or applications from their Windows 10 Mobile device with supporting biometric hardware.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>When an organization uses smart cards, it must purchase a smart card reader, smart cards, and smart card management software. These solutions are complex and costly to implement; they also tend to delay mobile productivity.</p></td>
-<td align="left"><p>Windows Hello with Microsoft Passport enables a simple and cost-effective MFA deployment across the organization, enhancing the business’ security stance.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Mobile device users must enter their password on a touch keyboard. Entering complex passwords in this way is error prone and less efficient than a keyboard.</p></td>
-<td align="left"><p>Windows Hello helps enable iris scan, fingerprint, and facial recognition-based authentication for devices that have biometric sensors. These biometric identification options are more convenient and more efficient than password-based logon.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Users dislike the need to enter long, complex passwords to log on to corporate services, especially passwords that must change frequently. This frustration often leads to password reuse, passwords written on notepads, and weak password composition.</p></td>
-<td align="left"><p>Microsoft Passport allows users to sign in once and gain access to corporate resources without having to re-enter complex passwords. Authentication credentials are bound to the device through a built-in Trusted Platform Module (TPM) and cannot be removed.</p></td>
-</tr>
-</tbody>
-</table>
- 
-The following sections describe these challenges and solutions in more detail.
+>**Note:** When Windows 10 first shipped, it included **Microsoft Passport** and **Windows Hello**, which worked together to provide multifactor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the **Windows Hello** name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
 
-### Microsoft Passport
+### <a href="" id="secured-credentials"></a>Secured credentials
 
-Microsoft Passport provides strong MFA, fully integrated into Windows devices, to replace passwords. To authenticate, the user must have a Microsoft Azure Active Directory (Azure AD)–registered device and either a PIN or Windows Hello biometric gesture to unlock the device. Microsoft Passport is conceptually similar to a smart card but more flexible, as it doesn’t require a public key infrastructure or the implementation of additional hardware and supports biometric identification.
+Windows Hello eliminates the use of passwords for login, reducing the risk that an attacker will steal and reuse a user’s credentials. Windows 10 Mobile devices are required to have a Trusted Platform Module (TPM), a microchip that enables advanced security features. The TPM creates encryption keys that are “wrapped” with the TPM’s own storage root key, which is itself stored within the TPM to prevent credentials from being compromised. Encryption keys created by the TPM can only be decrypted by the same TPM, which protects the key material from attackers who want to capture and reuse it. 
 
-Microsoft Passport offers three significant advantages over the previous state of Windows authentication: it’s more flexible, it’s based on industry standards, and it more effectively mitigates risks.
-### It's effective
+To compromise Windows Hello credentials, an attacker would need access to the physical device, and then find a way to spoof the user’s biometric identity or guess his or her PIN. All of this would have to be accomplished before TPM brute-force resistance capabilities lock the mobile device, the theft-protection mechanism kicks in, or the user or corporate administrator remotely wipes the device. With TPM-based protection, an attacker’s window of opportunity for compromising a user’s credentials is greatly reduced.
 
-Microsoft Passport eliminates the use of passwords for logon and so reduces the risk that an attacker will steal and reuse a user’s credentials. User key material, which includes the user’s private key, is available only on the device that generated it. The key material is protected with the TPM, which protects the key material from attackers who want to capture and reuse it. It is a Windows Hardware Certification Program requirement that every Windows 10 Mobile device include a TPM.
+### <a href="" id="support-for-biometrics"></a>Support for biometrics
 
-To compromise a Microsoft Passport credential that the TPM protects, an attacker must have access to the physical device, and then find a way to spoof the user’s biometrics identity or guess his or her PIN—and all of this must be done before TPM brute-force resistance capabilities lock the mobile device, the theft-protection mechanism kicks in, or the user or corporate administrator remotely wipes the device. This technology greatly reduces an attacker’s window of opportunity for compromising a user’s credentials.
+Biometrics help prevent credential theft and make it easier for users to login to their devices. Users always have their biometric identity with them – there is nothing to forget, lose, or leave behind. Attackers would need to have both access to the user’s device and be able to impersonate the user’s biometric identity to gain access to corporate resources, which is far more difficult than stealing a password.  
 
-### It's flexible
+Windows Hello supports three biometric sensor scenarios:
+-	**Facial recognition** uses special IR cameras to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major manufacturers are already shipping laptops with integrated facial-recognition technology. Both Surface Pro 4 and Surface Book support this technology.
+-	**Fingerprint recognition** uses a sensor to scan the user’s fingerprint. Although fingerprint readers have been available for computers running the Windows operating system for years, the detection, anti-spoofing, and recognition algorithms in Windows 10 are more advanced than in previous Windows versions. Most existing fingerprint readers (whether external to or integrated into laptops or USB keyboards) that support the Windows Biometric Framework will work with Windows Hello.
+-	**Iris scanning** uses cameras designed to scan the user’s iris, the colorful and highly detailed portion of the eye. Because the data must be accurate, iris scanning uses a combination of an IR light source and a high-quality camera. Microsoft Lumia 950 and 950 XL devices support this technology.
 
-Microsoft Passport offers unprecedented flexibility along with enterprise-grade security.
+>Users must create an unlock PIN while they enroll a biometric gesture. The device uses this PIN as a fallback mechanism in situations where it cannot capture the biometric gesture.
 
-Most importantly, Microsoft Passport works with biometrics or PINs and gives you options beyond long, complex passwords. Instead of users memorizing and retyping often-changed passwords, Microsoft Passport enables PIN- and biometrics-based identification through Windows Hello to identify users more securely.
+All three of these biometric factors – face, finger, and iris – are unique to an individual. To capture enough data to uniquely identify an individual, a biometric scanner might initially capture images in multiple conditions or with additional details. For example, an iris scanner will capture images of both eyes or both eyes with and without eyeglasses or contact lenses.
 
-The Windows 10 Mobile device that the user logs on to is an authentication factor, as well. The credentials used and the private key on the device are device specific and bound to the device’s TPM.
+Spoofing biometric data is often a big concern in enterprise environments. Microsoft employs several anti-spoofing techniques in Windows 10 Mobile that verify the trustworthiness of the biometric device, as well as guard against intentional collision with stored biometric measurements. These techniques help improve the false-acceptance rate (the rate at which spoofed biometric data is accepted as authentic) while maintaining the overall usability and manageability of MFA.
 
-In the future, Microsoft Passport will also enable people to use Windows 10 Mobile devices as a remote credential when signing in to PCs running Windows 10. Users will use their PINs or biometrics to unlock their phones, and their phones will unlock their PCs. Phone sign-in with Microsoft Passport will make implementing MFA for scenarios where the user’s credentials must be physically separate from the PC the user is signing in to less costly and complex than other solutions. Phone sign-in will also make it easier for users and IT pros because users can use their phones to sign in to any corporate device instead of enrolling a user credential on each.
+The biometric image collected at enrollment is converted into an algorithmic form that cannot be converted back into the original image. Only the algorithmic form is kept; the actual biometric image is removed from the device after conversion. Windows 10 Mobile devices both encrypt the algorithmic form of the biometric data and bind the encrypted data to the device, both of which help prevent someone from removing the data from the phone. As a result, the biometric information that Windows Hello uses is a local gesture and doesn’t roam among the user’s devices.
 
-With Microsoft Passport, you gain flexibility in the data center, too. To deploy it for Windows 10 Mobile devices, you must set up Azure AD, but you don’t have to replace or remove your existing Active Directory environment. Using Azure AD Connect, organizations can synchronize these two directory services. Microsoft Passport builds on and adds to your existing infrastructure and allows you to federate with Azure AD.
+### <a href="" id="companion-devices"></a>Companion devices
 
-Microsoft Passport is also supported on the desktop, giving organizations a uniform way to implement strong authentication on all devices. This flexibility makes it simpler for Microsoft Passport to supplement existing smart card or token deployments for on-premises Windows PC scenarios, adding MFA to mobile devices and users who don’t currently have it for extra protection of sensitive resources or systems that these mobile devices access.
+A Windows Hello companion device enables a physical device, like a wearable, to serve as a factor for validating the user’s identity before granting them access to their credentials. For instance, when the user has physical possession of a companion device they can easily, possibly even automatically, unlock their PC and authenticate with apps and websites. This type of device can be useful for smartphones or tablets that don’t have integrated biometric sensors or for industries where users need a faster, more convenient sign-in experience, such as retail.
 
-### It's standardized
+In some cases, the companion device for Windows Hello enables a physical device, like a phone, wearable, or other types of device to store all of the user’s credentials. Storage of the credentials on a mobile device makes it possible to use them on any supporting device, like a kiosk or family PC, and eliminates the need to enroll Windows Hello on each device. Companion devices also help enable organizations to meet regulatory requirements, such as Federal Information Processing Standard (FIPS) Publication 140-2, (FIPS 140-2).
 
-Both software vendors and enterprise customers have come to realize that proprietary identity and authentication systems are a dead end: the future lies with open, interoperable systems that allow secure authentication across a variety of devices, line-of-business (LOB) apps, and external applications and websites. To this end, a group of industry players formed the Fast Identity Online (FIDO) Alliance. The FIDO Alliance is a nonprofit organization that works to address the lack of interoperability among strong authentication devices as well as the problems users face in creating and remembering multiple user names and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to authenticate users of online services securely. This new standard can allow any business network, app, website, or cloud application to interface with a broad variety of existing and future FIDO-enabled devices and operating system platforms using a standardized set of interfaces and protocols.
-In 2014, Microsoft joined the board of the FIDO Alliance. FIDO standards enable a universal framework that a global ecosystem delivers for a consistent and greatly improved user experience of strong password-less authentication. The FIDO 1.0 specifications, published in December 2014, provide for two types of authentications: password-less (known as UAF) and second factor (U2F). The FIDO Alliance is working on a set of 2.0 proposals that incorporate the best ideas from its U2F and UAF FIDO 1.0 standards and of course new ideas. Microsoft has contributed Microsoft Passport technology to the FIDO 2.0 specification workgroup for review and feedback and continues to work with the FIDO Alliance as the FIDO 2.0 specification moves forward. Interoperability of FIDO products is a hallmark of FIDO authentication. Microsoft believes that bringing a FIDO solution to market will help solve a critical need for enterprises and consumers alike.
+### <a href="" id="standards-based-approach"></a>Standards-based approach 
 
-### Windows Hello
+The Fast Identity Online (FIDO) Alliance is a nonprofit organization that works to address the lack of interoperability among strong authentication devices and the problems users face in creating and remembering multiple user names and passwords. FIDO standards help reduce reliance on passwords to authenticate users of online services securely, allowing any business network, app, website, or cloud application to interface with a broad variety of existing and future FIDO-enabled devices and operating system platforms. 
 
-Windows Hello is the new biometric framework for Windows 10. Because biometric identification is built directly into the operating system, it allows you to use your iris, face, or fingerprint to unlock your mobile device. Windows Hello unlocks Microsoft Passport credentials, which enable authentication to resources or relying parties such as software-as-a-service applications like Microsoft Office 365.
-Windows Hello supports three biometric sensor options that are suitable for enterprise scenarios:
+In 2014, Microsoft joined the board of the FIDO Alliance. The FIDO 1.0 specifications, published in December 2014, provide for two types of authentications: password-less (known as UAF) and second factor (U2F). The FIDO Alliance is working on a set of 2.0 proposals that incorporate the best ideas from its U2F and UAF FIDO 1.0 standards. Microsoft has contributed Windows Hello technology to the FIDO 2.0 specification workgroup for review and feedback and continues to work with the FIDO Alliance as the FIDO 2.0 specification moves forward. Interoperability of FIDO products is a hallmark of FIDO authentication. Microsoft believes that bringing a FIDO solution to market will help solve a critical need for both enterprises and consumers.
 
--   **Facial recognition** uses special IR cameras to reliably tell the difference between a photograph or scan and a living person. Several vendors are shipping external cameras that incorporate this technology, and major manufacturers are already shipping laptops with integrated facial-recognition technology. Both Surface Pro 4 and Surface Book support this technology.
--   **Fingerprint recognition** uses a sensor to scan the user’s fingerprint. Although fingerprint readers have been available for computers running the Windows operating system for years, the detection, anti-spoofing, and recognition algorithms in Windows 10 are more advanced than in previous Windows versions. Most existing fingerprint readers (whether external to or integrated into laptops or USB keyboards) that support the Windows Biometric Framework will work with Windows Hello.
--   **Iris scanning** uses cameras designed to scan the user’s iris, the colorful and highly detailed portion of the eye. Because the data must be accurate, iris scanning uses a combination of an IR light source and a high-quality camera. Microsoft Lumia 950 and 950 XL devices support this technology.
-> **Note:**  Users must create an unlock PIN before they enroll a biometric gesture. The device uses this PIN as a fallback mechanism in situations where it cannot capture the biometric gesture.
- 
-All three of these biometric factors—the face, the finger, and the iris—are unique to an individual. To capture enough data to uniquely identify an individual, a biometric scanner might initially capture images in multiple conditions or with additional details. For example, an iris scanner will capture images of both eyes; or both with and without eyeglasses or contact lenses.
+## Windows Information Protection
 
-Spoofing biometric data is often a big concern in enterprise environments. Microsoft employs several anti-spoofing techniques in Windows 10 Mobile that verify the trustworthiness of the biometric device as well as guard against intentional collision with stored biometric measurements. These techniques help improve the false-acceptance rate (the rate at which spoofed biometric data is accepted as authentic) while maintaining the overall usability and manageability of MFA.
+Enterprises have seen huge growth in the convergence of personal and corporate data storage. Personal data is frequently stored on corporate devices and vice versa. This fluidity increases the potential for sensitive corporate data to be accidentally compromised.
 
-The biometric image collected at enrollment is converted into an algorithmic form that cannot be converted back into the original image. Only the algorithmic form is kept; the actual biometric image is removed from the device after conversion. Windows 10 Mobile devices both encrypt the algorithmic form of the biometric data and bind the encrypted data to the device, both of which help prevent someone from removing the data from the phone. As a result, the biometric information that Windows Hello uses is a local gesture and doesn’t roam among the user’s devices.
+Inadvertent disclosure is rapidly becoming the biggest source of confidential data leakage as organizations allow personal devices to access corporate resources. It’s easy to imagine that an employee using work email on their personal phone could unintentionally save an attachment containing sensitive company information to personal cloud storage, which could be shared with unauthorized people. This accidental sharing of corporate data is just one example of the challenges common to using mobile devices in the workplace. To prevent this type of data leakage, most solutions require users to login with a separate username and password to a container that stores all corporate apps and data, an experience that degrades user productivity. 
 
-Windows Hello offers several major benefits. First, it helps to address the problems of credential theft and sharing because an attacker must obtain the mobile phone and impersonate the user’s biometric identity, which is more difficult than stealing a device unlock password. Second, the use of biometrics gives users an authenticator that’s always with them—there’s nothing to forget, lose, or leave behind. Instead of worrying about memorizing long, complex passwords, users can take advantage of a convenient, enterprise-grade secure method for logging on to their Windows 10 Mobile device. Finally, there’s nothing additional to deploy, because Microsoft built Windows Hello support directly into the operating system. All you need is a device that includes a supported biometric sensor.
+Windows 10 Mobile includes Windows Information Protection to transparently keep corporate data secure and personal data private. Because corporate data is always protected, users cannot inadvertently copy it or share it with unauthorized users or apps. Key features include:
+-	Automatically tag personal and corporate data.
+-	Protect data while it’s at rest on local or removable storage.
+-	Control which apps can access corporate data.
+-	Control which apps can access a virtual private network (VPN) connection.
+-	Prevent users from copying corporate data to public locations.
+-	Help ensure business data is inaccessible when the device is in a locked state. 
 
-The device that senses the biometric factors must report the data to Windows Hello quickly and accurately. For this reason, Microsoft determines which factors and devices are trustworthy and accurate prior to their inclusion in Windows Hello. For more information, see [Windows 10 specifications](http://go.microsoft.com/fwlink/p/?LinkId=722908).
+### <a href="" id="enlightened-apps"></a>Enlightened apps
 
-## Data protection
+Third-party data loss protection solutions usually require developers to wrap their apps. However, Windows Information Protection builds this intelligence right into Windows 10 Mobile so most apps require nothing extra to prevent inappropriate corporate data sharing.
 
-Windows 10 Mobile continues to provide solutions that help protect information against unauthorized access and disclosure.
+Windows Information Protection classifies apps into two categories: enlightened and unenlightened. Enlighted apps can differentiate between corporate and personal data, correctly determining which to protect based on internal policies. Corporate data will be encrypted on the managed device and attempts to copy/paste or share this information with non-corporate apps or users will fail. Unenlightened apps, when marked as corporate-managed, consider all data corporate and encrypt everything by default. 
 
+When you do not want all data encrypted by default – because it would create a poor user experience – developers should consider enlightening apps by adding code and compiling them using the Windows Information Protection application programming interfaces. The most likely candidates for enlightenment are apps that:
+-	Don’t use common controls for saving files.
+-	Don’t use common controls for text boxes.
+-	Work on personal and enterprise data simultaneously (e.g., contact apps that display personal and enterprise data in a single view or a browser that displays personal and enterprise web pages on tabs within a single instance).
 
-### Device encryption
-Windows 10 Mobile uses device encryption, based on BitLocker technology, to encrypt all internal storage, including operating system and data storage partitions. The user can activate device encryption, or the IT department can activate and enforce encryption for company-managed devices through MDM tools. When device encryption is turned on, all data stored on the phone is encrypted automatically. A Windows 10 Mobile device with encryption turned on helps protect the confidentiality of data stored if the device is lost or stolen. The combination of Windows Hello lock and data encryption makes it extremely difficult for an unauthorized party to retrieve sensitive information from the device.
+In many cases, most apps don’t require enlightenment for them to use Windows Information Protection. Simply adding them to the allow list is the only step you need to take. Line-of-Business (LOB) apps are a good example of where this works well because they only handle corporate data.
 
-You can customize how device encryption works to meet your unique security requirements. Device encryption even enables you to define your own cipher suite. For example, you can specify the algorithm and key size that Windows 10 Mobile uses for data encryption, which Transport Layer Security (TLS) cipher suites are permitted, and whether Federal Information Processing Standard (FIPS) policy is enabled. Table 2 lists the policies you can change to customize device encryption on Windows 10 Mobile devices.
+**When is app enlightenment required?** 
+-	**Required** 
+    -	App needs to work with both personal and enterprise data.
+-	**Recommended** 
+    -	App handles only corporate data, but needs to modify a file (such as a configuration file) in order to launch, uninstall itself, update etc. Without enlightenment you wouldn’t be able to properly revoke these apps.
+    -	App needs to access enterprise data, while protection under lock is activated.
+-	**Not required**
+    -	App handles only corporate data 
+    -	App handles only personal data
 
-Table 2. Windows 10 cryptography policies
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Area name</th>
-<th align="left">Policy name</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Cryptography</p></td>
-<td align="left"><p>Allow FIPS Algorithm Policy</p></td>
-<td align="left"><p>Enable or disable the FIPS policy. A restart is needed to enforce this policy. The default value is disabled.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>BitLocker</p></td>
-<td align="left"><p>Encryption Method</p></td>
-<td align="left"><p>Configures the BitLocker Drive Encryption Method and cipher strength. The default value is AES-CBC 128-bit. If the device cannot use the value specified, it will use another one.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Cryptography</p></td>
-<td align="left"><p>TLS Cipher Suite</p></td>
-<td align="left"><p>This policy contains a list of the cryptographic cipher algorithms allowed for Secure Sockets Layer connections.</p></td>
-</tr>
-</tbody>
-</table>
- 
-For a complete list of policies available, see [Policy CSP](http://go.microsoft.com/fwlink/p/?LinkId=733963).
+### <a href="" id="companion-devices"></a>Data leakage control
 
-### <a href="" id="enterprise-data-protection--"></a>Enterprise data protection
+To configure Windows Information Protection in a Mobile Device Management (MDM) solution that supports it, simply add authorized apps to the allow list. When a device running Windows 10 Mobile enrolls in the MDM solution, unauthorized apps will not have access to enterprise data.
 
-Enterprises have seen huge growth in the convergence of personal and corporate data storage. Personal data is frequently stored on corporate devices and vice versa. This situation increases the potential for compromise of sensitive corporate data.
+Windows Information Protection works seamlessly until users try to access enterprise data with or paste enterprise data into unauthorized apps or locations on the web. For example, copying enterprise data from an authorized app to another authorized app works as usual, but Window Information Protection can block users from copying enterprise data from an authorized app to an unauthorized app. Likewise, it will block users from using an unauthorized app to open a file that contains enterprise data.
 
-One growing risk is authorized users’ accidental disclosure of sensitive data—a risk that is rapidly becoming the biggest source of confidential data leakage as organizations allow personal devices to access corporate resources. One example is common among organizations: an employee connects his or her personal phone to the company’s Microsoft Exchange Server instance for email. He or she uses the phone to work on email that includes attachments with sensitive data. When sending the email, the user accidentally copies a supplier. Content protection is only as strong as the weakest link, and in this example, the unintended sharing of sensitive data with unauthorized people might not have been prevented with standard data encryption.
+The extent to which users will be prevented from copying and pasting data from authorized apps to unauthorized apps or locations on the web depends on which protection level is set:
+-	**Block.** Windows Information Protection blocks users from completing the operation.
+-	**Override.** Windows Information Protection notifies users that the operation is inappropriate but allows them to override the policy, although it logs the operation in the audit log.
+-	**Audit.** Windows Information Protection does not block or notify users but logs the operation in the audit log.
+-	**Off.** Windows Information Protection does not block or notify users and does not log operations in the audit log.
 
-In Windows 10 Mobile, enterprise data protection (EDP) helps separate personal and enterprise data and prevent data leakage. Key features include its ability to:
+### <a href="" id="companion-devices"></a>Data separation
 
--   Automatically tag personal and corporate data.
--   Protect data while it’s at rest on local or removable storage.
--   Control which apps can access corporate data.
--   Control which apps can access a virtual private network (VPN) connection.
--   Prevent users from copying corporate data to public locations.
+Most third-party solutions require an app wrapper that directs enterprise data into a password-protected container and keeps personal data outside the container. Depending on the implementation, this may require two different versions of the same apps to be running on the device: one for personal data and another for enterprise data.
 
-> **Note:**  EDP is currently being tested in select customer evaluation programs. For more information about EDP, see [Enterprise data protection overview](../whats-new/edp-whats-new-overview.md).
- 
-### <a href="" id="enlightenment--"></a>Enlightenment
+Windows Information Protection provides data separation without requiring a container or special version of an app to access business or personal data. There is no separate login required to see your corporate data or open your corporate applications. Windows Information Protection identifies enterprise data and encrypts it to only enterprise use. Data separation is automatic and seamless. 
 
-Third-party data loss protection solutions usually require developers to wrap their apps. In contrast, EDP puts the intelligence in Windows 10 Mobile so that it doesn’t require wrappers. As a result, most apps require nothing extra to work with EDP.
+### <a href="" id="companion-devices"></a>Encryption
 
-EDP can enforce policy without the need for an app to change. This means that an app that always handles business data (such as an LOB app) can be added to the allowed list and will always encrypt all data that it handles. However, if the app does not use common controls, cut and paste operations from this app to a non-enterprise app will silently fail. In addition, if the app needs to handle personal data, this data will also be encrypted.
-Therefore, to improve the user experience, in some cases, developers should enlighten their apps by adding code to and compiling them to use the EDP application programming interfaces. Those cases include apps that:
--   Don’t use common controls for saving files.
--   Don’t use common controls for text boxes.
--   Work on personal and enterprise data simultaneously (for example, contact apps that display personal and enterprise data in a single view; a browser that displays personal and enterprise web pages on tabs within a single instance).
+Windows 10 Mobile uses device encryption, based on BitLocker technology, to encrypt all internal storage, including operating systems and data storage partitions. The user can activate device encryption, or the IT department can activate and enforce encryption for company-managed devices through MDM tools. When device encryption is turned on, all data stored on the phone is encrypted automatically. A Windows 10 Mobile device with encryption turned on helps protect the confidentiality of data stored – even if the device is lost or stolen. The combination of Windows Hello lock and data encryption makes it extremely difficult for an unauthorized party to retrieve sensitive information from the device.
 
-Figure 1 summarizes when an app might require enlightenment to work with EDP. Microsoft Word is a good example. Not only can Word access personal and enterprise data simultaneously, but it can also transmit enterprise data (for example, email attachments containing enterprise data).
+You can customize how device encryption works to meet your unique security requirements. Device encryption even enables you to define your own cipher suite. For example, you can specify the algorithm and key size that Windows 10 Mobile uses for data encryption, which Transport Layer Security (TLS) cipher suites are permitted, and whether Federal Information Processing Standard (FIPS) policy is enabled. The list below shows the policies you can change to customize device encryption on Windows 10 Mobile devices.
+-	Cryptography 
+    -	Allow FIPS Algorithm: This policy enables or disable the FIPS policy. A restart is needed to enforce this policy. The default value is disabled.
+    -	TLS Cipher Suite: This policy contains a list of the cryptographic cipher algorithms allowed for Secure Sockets Layer connections.
+-	BitLocker 
+    -	Encryption Method: Configures the BitLocker Drive Encryption Method and cipher strength. The default value is AES-CBC 128-bit. If the device cannot use the value specified, it will use another one.
 
-In any case, most apps don’t require enlightenment for them to use EDP protection. Simply adding them to the EDP allow list is all you must do. Because unenlightened apps cannot automatically tag data as personal or enterprise, if they are in an EDP policy, they treat all data as enterprise data. An LOB app is a good example. Adding an LOB app to an EDP policy protects all data that the app handles. Another example is a legacy app that cannot be updated, which you can add to an EDP policy and use without even being aware that EDP exists.
+To help make the device even more secured against outside interference, Windows 10 Mobile also now includes protection-under-lock. That means that encryption keys are removed from memory whenever a device is locked. Apps are unable to access sensitive data while the device is in a locked state, so hackers and malware have no way to find and co-opt keys. Everything is locked up tight with the TPM until the user unlocks the device with Windows Hello.
 
-![figure 1](images/mobile-security-guide-fig1.png)
+### <a href="" id="companion-devices"></a>Government Certifications
 
-Figure 1. When is enlightenment required?
-
-### Data leakage control
-
-To configure EDP in an MDM solution that supports it, add authorized apps to the EDP allow list. When a device running Windows 10 Mobile enrolls in the MDM solution, apps that this policy doesn’t authorize won’t have access to enterprise data.
-
-EDP works seamlessly until users try to access enterprise data with or try to paste enterprise data into unauthorized apps or locations on the web. For example, copying enterprise data from an authorized app to another authorized app works as usual, but EDP blocks users from copying enterprise data from an authorized app to an unauthorized app. Likewise, EDP blocks users from using an unauthorized app to open a file that contains enterprise data.
-In addition, users cannot copy and paste data from authorized apps to unauthorized apps or locations on the Web without triggering one of the EDP protection levels:
--   **Block.** EDP blocks users from completing the operation.
--   **Override.** EDP notifies users that the operation is inappropriate but allows them to override the policy, although it logs the operation in the audit log.
--   **Audit.** EDP does not block or notify users but logs the operation in the audit log.
--   **Off.** EDP does not block or notify users and does not log operations in the audit log.
-
-### Data separation
-
-As the name suggests, data separation separates personal from enterprise data. Most third-party solutions require an app wrapper, and from here, enterprise data goes in a container while personal data is outside the container. Often, people must use two different apps for the same purpose: one for personal data and another for enterprise data.
-
-EDP provides the same data separation but neither uses containers nor requires a special version of an app to access business data, and then a second instance of it to access personal data. There are no containers, partitions, or special folders to physically separate personal and business data. Instead, Windows 10 Mobile is the access control broker, identifying enterprise data because it’s encrypted to the enterprise. Therefore, EDP provides data separation by virtue of encrypting enterprise data.
-
-### Visual cues
-
-In Windows 10 Mobile, visual cues indicate the status of EDP to users (see Figure 2):
-
--   **Start screen.** On the Start screen, apps that an EDP policy manages display a visual cue.
--   **Files.** In File Explorer, a visual cue indicates whether a file or folder contains enterprise data and is therefore encrypted.
-For example, Erwin is an employee at Fabrikam. He opens Microsoft Edge from the Start screen and sees that the tile indicates that an EDP policy manages the browser. Erwin opens the Fabrikam sales website and downloads a spreadsheet. In File Explorer, Erwin sees that the file he downloaded has a visual cue which indicates that it’s encrypted and contains enterprise data. When Erwin tries to paste data from that spreadsheet into an app that no EDP policy manages (for example, his Twitter app), Erwin might see a message that allows him to override protection while logging the action, depending on the protection level configured in the EDP policy.
-
-![figure 2](images/mobile-security-guide-fig2.png)
-
-Figure 2. Visual cues in EDP
+Windows 10 Mobile supports both [FIPS 140 standards](http://csrc.nist.gov/groups/STM/cavp/validation.html) for cryptography and [Common Criteria](https://www.niap-ccevs.org/Product/Compliant.cfm?pid=10694) The FIPS 140 certification validates the effectiveness of the cryptographic algorithms used in Windows 10 Mobile. Microsoft has also received Common Criteria certification for Windows 10 Mobile running on Lumia 950, 950 XL, 550, 635, as well as Surface Pro 4, giving customers assurance that securety functionality is implemented properly.
 
 ## Malware resistance
 
-Just as software has automated so much of our lives, malware has automated attacks on our devices. Those attacks are relentless. Malware is constantly changing, and when it infects a device, it can be difficult to detect and remove.
-The best way to fight malware is to prevent the infection from happening. Windows 10 Mobile provides strong malware resistance because it takes advantage of secured hardware and protects both the startup process and the core operating system architecture.
-
-Table 3 lists specific malware threats and the mitigation that Windows 10 Mobile provides.
-
-Table 3. Threats and Windows 10 Mobile mitigations
+The best way to fight malware is prevention. Windows 10 Mobile provides strong malware resistance through secured hardware, startup process defenses, core operating system architecture, and application-level protections.
+The table below outlines how Windows 10 Mobile mitigates specific malware threats.
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="40%" />
+<col width="60%" />
 </colgroup>
 <thead>
 <tr class="header">
 <th align="left">Threat</th>
-<th align="left">Windows 10 Mobile mitigation</th>
+<th align="left">Windows 10 Mobile mitigation</th>
 </tr>
 </thead>
 <tbody>
@@ -266,11 +179,11 @@ Table 3. Threats and Windows 10 Mobile mitigations
 </tr>
 <tr class="even">
 <td align="left"><p>An app infects other apps or the operating system with malware.</p></td>
-<td align="left"><p>All Windows 10 Mobile apps run inside an AppContainer that isolates them from all other processes and sensitive operating system components. Apps cannot access any resources outside their AppContainer.</p></td>
+<td align="left"><p>All Windows 10 Mobile apps run inside an AppContainer that isolates them from all other processes and sensitive operating system components. Apps cannot access any resources outside their AppContainer.</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>An unauthorized app or malware attempts to start on the device.</p></td>
-<td align="left"><p>All Windows 10 Mobile apps must come from Windows Store or Windows Store for Business. Device Guard enforces administrative policies to select exactly which apps are allowed to run.</p></td>
+<td align="left"><p>All Windows 10 Mobile apps must come from Windows Store or Windows Store for Business. Device Guard enforces administrative policies to select exactly which apps are allowed to run.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>User-level malware exploits a vulnerability in the system or an application and owns the device.</p></td>
@@ -291,249 +204,164 @@ Table 3. Threats and Windows 10 Mobile mitigations
 </tr>
 </tbody>
 </table>
- 
-> **Note:**  Windows 10 Mobile devices use a System on a Chip (SoC) design provided by SoC vendors such as Qualcomm. With this architecture, the SoC vendor and device manufacturers provide the pre-UEFI bootloaders and the UEFI environment. The UEFI environment implements the UEFI Secure Boot standard described in section 27 of the UEFI specification, which can be found at [http://www.uefi.org/specsandtesttools](http://go.microsoft.com/fwlink/p/?LinkId=722912). This standard describes the process by which all UEFI drivers and applications are validated against keys provisioned into a UEFI-based device before they are executed.
- 
-The following sections describe these improvements in more detail.
 
-### <a href="" id="secure-hardware"></a>Enterprise-grade secure hardware
+>**Note:** The Windows 10 Mobile devices use a System on a Chip (SoC) design provided by SoC vendors such as Qualcomm. With this architecture, the SoC vendor and device manufacturers provide the pre-UEFI bootloaders and the UEFI environment. The UEFI environment implements the UEFI Secure Boot standard described in section 27 of the UEFI specification, which can be found at [www.uefi.org/specs]( http://www.uefi.org/specs). This standard describes the process by which all UEFI drivers and applications are validated against keys provisioned into a UEFI-based device before they are executed.
 
-Taking full advantage of Windows 10 Mobile security features requires advancements in hardware-based security. These advances include UEFI with Secure Boot, TPM, and biometric sensors (hardware dependent).
+### <a href="" id="companion-devices"></a>UEFI with Secure Boot
 
-### <a href="" id="uefi-with-secure-boot--"></a>UEFI with Secure Boot
+When a Windows 10 Mobile device starts, it begins the process of loading the operating system by locating the bootloader in the device’s storage system. Without safeguards in place, the phone might simply hand control over to the bootloader without even determining whether it’s a trusted operating system or malware.
 
-When a Windows 10 Mobile device starts, it begins the process of loading the operating system by locating the bootloader in the device’s storage system. Without safeguards in place, the phone might simply hand control over to the bootloader without even determining whether it’s a trusted operating system or malware.
+UEFI is a standards-based solution that offers a modern-day replacement for the BIOS. In fact, it provides the same functionality as BIOS while adding security features and other advanced capabilities. Like BIOS, UEFI initializes devices, but UEFI components with the Secure Boot feature (version 2.3.1 or later) also helps to ensure that only trusted firmware in Option ROMs, UEFI apps, and operating system bootloaders can start on the mobile phone.
+
+UEFI can run internal integrity checks that verify the firmware’s digital signature before running it. Because only the mobile phone’s manufacturer has access to the digital certificate required to create a valid firmware signature, UEFI has protection against firmware-based malware that loads before Windows 10 Mobile and to try and hide its malicious behavior from the operating system. Firmware-based malware of this nature is typically called bootkits.
 
-UEFI is a standards-based solution that offers a modern-day replacement for the BIOS. In fact, it provides the same functionality as BIOS while adding security features and other advanced capabilities. Like BIOS, UEFI initializes devices, but UEFI components with the Secure Boot feature (version 2.3.1 or later) also help ensure that only trusted firmware in Option ROMs, UEFI apps, and operating system bootloaders can start on the mobile phone.
-UEFI can run internal integrity checks that verify the firmware’s digital signature before running it. Because only the mobile phone’s manufacturer has access to the digital certificate required to create a valid firmware signature, UEFI has protection against firmware-based malware that loads before Windows 10 Mobile and can successfully hide its malicious behavior from Windows 10 Mobile. Firmware-based malware of this nature is typically called a bootkit.
 When a mobile device with UEFI and Secure Boot starts, the UEFI firmware verifies the bootloader’s digital signature to verify that no one has modified it after it was digitally signed. The firmware also verifies that a trusted authority issued the bootloader’s digital signature. This check helps to ensure that the system starts only after checking that the bootloader is both trusted and unmodified since signing.
-All Windows 10 Mobile devices always have Secure Boot enabled. In addition, they trust only the Windows operating system signature.
 
-Neither Windows 10 Mobile, apps, or even malware can change the UEFI configuration. For more information about UEFI with Secure Boot, read [Protecting the pre-OS environment with UEFI](http://go.microsoft.com/fwlink/p/?LinkId=722909).
+All Windows 10 Mobile devices always have Secure Boot enabled. In addition, they trust only the Windows operating system signature. Neither Windows 10 Mobile, apps, or even malware can change the UEFI configuration. For more information about UEFI with Secure Boot, read [Protecting the pre-OS environment with UEFI](http://blogs.msdn.com/b/b8/archive/2011/09/22/protecting-the-pre-os-environment-with-uefi.aspx)
 
-### <a href="" id="trusted-platform-module--"></a>Trusted Platform Module
+### <a href="" id="companion-devices"></a>Trusted Platform Module
 
-A Trusted Platform Module is a tamper-resistant cryptographic module that enhances the security and privacy of computing platforms. The TPM is incorporated as a component in a trusted computing platform like a PC, tablet, or mobile phone. A trusted computing platform is specially designed to work with the TPM to support privacy and security scenarios that software alone cannot achieve. It is a Windows 10 Mobile device hardware certification requirement to include a TPM in every Windows 10 Mobile device.
+A Trusted Platform Module (TPM) is a tamper-resistant cryptographic module that enhances the security and privacy of computing platforms. The TPM is incorporated as a component in a trusted computing platform like a PC, tablet, or smartphone. A trusted computing platform is specially designed to work with the TPM to support privacy and security scenarios that software alone cannot achieve. A TPM is required to receive Windows 10 Mobile device hardware certification.
 
-A proper implementation of a TPM as part of a trusted computing platform provides a hardware root of trust, meaning that the hardware behaves in a trusted way. For example, if you create a key in a TPM with the property that no one can export that key from the TPM, the key absolutely cannot leave the TPM. The close integration of a TPM with a platform increases the transparency of the boot process and supports device health scenarios by enabling reliable report of the software used to start a platform.
+A proper implementation of a TPM as part of a trusted computing platform provides a hardware root of trust, meaning that the hardware behaves in a trusted way. For example, if you create a key in a TPM with the property that no one can export that key from the TPM, the key absolutely cannot leave the TPM. The close integration of a TPM with a platform increases the transparency of the boot process and supports device health scenarios by enabling a reliable report of the software used to start a platform.
 
-The following list describes key functionality that a TPM provides in Windows 10 Mobile:
--   **Manage cryptographic keys.** A TPM can create, store, and permit the use of keys in defined ways. Windows 10 Mobile uses the TPM to protect the encryption keys for BitLocker volumes, virtual smart cards, certificates, and various other keys.
--   **Safeguard and report integrity measurements.**Windows 10 Mobile uses the TPM to record and help protect integrity-related measurements of select hardware and Windows boot components for the Measured Boot feature. In this scenario, Measured Boot measures each component, from firmware up through the drivers, and then stores those measurements in the device’s TPM. From here, you can test the measurement log remotely so that a separate system verifies the boot state of the Windows 10 Mobile device.
--   **Prove a TPM is really a TPM.** Managing cryptographic keys and measuring integrity are so central to protecting privacy and security that a TPM must differentiate itself from malware that masquerades as a TPM.
+The following list describes key functionality that a TPM provides in Windows 10 Mobile:
+-	**Managing cryptographic keys.** A TPM can create, store, and permit the use of keys in defined ways. Windows 10 Mobile uses the TPM to protect the encryption keys for BitLocker volumes, virtual smart cards, certificates, and various other keys.
+-	**Safeguarding and reporting integrity measurements.** Windows 10 Mobile uses the TPM to record and help protect integrity-related measurements of select hardware and Windows boot components for the Measured Boot feature. In this scenario, Measured Boot measures each component – from firmware up through the drivers – and then stores those measurements in the device’s TPM. From here, you can test the measurement log remotely so that a separate system verifies the boot state of the Windows 10 Mobile device.
+-	**Proving a TPM is really a TPM.** Managing cryptographic keys and measuring integrity are so central to protecting privacy and security that a TPM must differentiate itself from malware masquerading as a TPM.
 
-Windows 10 Mobile supports TPM implementations that comply with the 2.0 standard. The TPM 2.0 standard includes several improvements that make it superior to the 1.2 standard, the most notable of which is cryptographic agility. TPM 1.2 is restricted to a fixed set of encryption and hash algorithms. At the time the TPM 1.2 standard appeared in the early 2000s, the security community considered these algorithms cryptographically strong. Since that time, advances in cryptographic algorithms and cryptanalysis attacks have increased expectations for stronger cryptography. TPM 2.0 supports additional algorithms that offer stronger cryptographic protection as well as the ability to plug in algorithms that certain geographies or industries may prefer. It also opens the possibility for inclusion of future algorithms without changing the TPM component itself.
-Many people assume that original equipment manufacturers (OEMs) must implant a TPM in hardware on a motherboard as a discrete module, but TPM can also be effective when implemented in firmware. Windows 10 Mobile supports only firmware TPM that complies with the 2.0 standard. Windows does not differentiate between discrete and firmware-based solutions because both must meet the same implementation and security requirements; therefore, any Windows 10 feature that can take advantage of TPM can be used with Windows 10 Mobile.
+Windows 10 Mobile supports TPM implementations that comply with the 2.0 standard. The TPM 2.0 standard includes several improvements that make it superior to the 1.2 standard, the most notable of which is cryptographic agility. TPM 1.2 is restricted to a fixed set of encryption and hash algorithms. When the TPM 1.2 standard appeared in the early 2000s, the security community considered these algorithms cryptographically strong. Since then, advances in cryptographic algorithms and cryptanalysis attacks have increased expectations for stronger cryptography. TPM 2.0 supports additional algorithms that offer stronger cryptographic protection, as well as the ability to plug-in algorithms that certain geographies or industries may prefer. It also opens the possibility for inclusion of future algorithms without changing the TPM component itself.
 
-> **Note:**  Microsoft requires TPM 2.0 on devices running any version of Windows 10 Mobile. For more information, see [Minimum hardware requirements](http://go.microsoft.com/fwlink/p/?LinkId=733964).
- 
-Several Windows 10 Mobile security features require TPM:
--   Virtual smart cards
--   Measured Boot
--   Health attestation (requires TPM 2.0 or later)
-Still other features will use the TPM if it is available. For example, Microsoft Passport does not require TPM but uses it if it’s available. Organizations can configure policy to require TPM for Microsoft Passport.
+Many assume that original equipment manufacturers (OEMs) must implant a TPM in hardware on a motherboard as a discrete module, but TPM can also be effective when implemented in firmware. Windows 10 Mobile supports only firmware TPM that complies with the 2.0 standard. Windows does not differentiate between discrete and firmware-based solutions because both must meet the same implementation and security requirements. Therefore, any Windows 10 feature that can take advantage of TPM can be used with Windows 10 Mobile.
 
-### <a href="" id="biometrics--"></a>Biometrics
+>Microsoft requires TPM 2.0 on devices running any version of Windows 10 Mobile. For more information, see [minimum hardware requirements](https://technet.microsoft.com/library/dn915086.aspx)
 
-Windows 10 Mobile makes biometrics a core security feature. Microsoft has fully integrated biometrics into the Windows 10 Mobile security components, not just tacked it on top of the platform (as was the case in previous versions of Windows). This is a big change. Earlier biometric implementations were largely front-end methods that simplified authentication. Under the hood, the system used biometrics to access a password, which it then used for authentication behind the scenes. Biometrics may have provided convenience but not necessarily enterprise-grade authentication.
-Microsoft has been evangelizing the importance of enterprise-grade biometric sensors to the OEMs that create Windows 10 Mobile devices. These facial-recognition and iris-scanning sensors are fully supported by MFA features such as Microsoft Passport and Windows Hello.
-In the future, Microsoft expects OEMs to produce even more advanced enterprise-grade biometric sensors and to continue to integrate them into mobile devices. As a result, biometrics will become a commonplace authentication method as part of an MFA system.
+Several Windows 10 Mobile security features require TPM:
+-	Virtual smart cards
+-	Measured Boot
+-	Health attestation (requires TPM 2.0 or later)
 
-### <a href="" id="enterprise-grade-secure-windows-startup--"></a>Enterprise-grade secure Windows startup
+Still other features will use the TPM if it is available. For example, Windows Hello does not require TPM but uses it if it’s available. Organizations can configure policy to require TPM for Windows Hello.
 
-UEFI with Secure Boot uses hardware technologies to help protect users from bootkits. Secure Boot can validate the integrity of the devices, firmware, and bootloader. After the bootloader launches, users must rely on the operating system to protect the integrity of the remainder of the system.
+### <a href="" id="companion-devices"></a>Biometrics
 
-### <a href="" id="trusted-boot--"></a>Trusted Boot
+Windows 10 Mobile makes biometrics a core security feature. Microsoft has fully integrated biometrics into the Windows 10 Mobile security components, not just tacked it on top of the platform (as was the case in previous versions of Windows). This is a big change. Earlier biometric implementations were largely front-end methods that simplified authentication. Under the hood, the system used biometrics to access a password, which it then used for authentication behind the scenes. Biometrics may have provided convenience, but not necessarily enterprise-grade authentication.
 
-When UEFI with Secure Boot verifies that it trusts the bootloader and starts Windows 10 Mobile, the Windows Trusted Boot feature protects the rest of the startup process by verifying that all Windows startup components are trustworthy (for example, signed by a trusted source) and have integrity. The bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, and startup files.
+Microsoft has been evangelizing the importance of enterprise-grade biometric sensors to the OEMs that create Windows 10 Mobile devices. These facial-recognition and iris-scanning sensors are fully supported by Windows Hello.
 
-If someone has modified a file (for example, if malware has tampered with it or it has been corrupted), Trusted Boot will detect the problem and attempt to automatically repair the corrupted component. When repaired, Windows will start normally after only a brief delay.
+In the future, Microsoft expects OEMs to produce even more advanced enterprise-grade biometric sensors and to continue integrating them into mobile devices. As a result, biometrics will become a commonplace authentication method as part of an MFA system.
 
-### <a href="" id="measured-boot--"></a>Measured Boot
+### <a href="" id="trusted-boot"></a>Trusted Boot
 
-The biggest challenge with rootkits and bootkits in earlier versions of Windows was that they could frequently be undetectable to the client. Because they often started before Windows defenses and the antimalware solution—and they had system-level privileges—rootkits and bootkits could completely disguise themselves while continuing to access system resources. Although UEFI with Secure Boot and Trusted Boot could prevent most rootkits and bootkits, intruders could still potentially exploit a few attack vectors (for example, if someone compromised the signature used to sign a boot component, such as a non-Microsoft driver, and used it to sign a malicious one).
-Windows 10 Mobile implements the Measured Boot feature, which uses the TPM hardware component to record a series of measurements for critical startup-related components, including firmware, Windows boot components, and drivers. Because Measured Boot uses the hardware-based security capabilities of TPM, which isolates and protects the measurement data against malware attacks, the log data is well protected against even sophisticated attacks.
-Measured Boot focuses on acquiring the measurement data and protecting it against tampering. You must couple it, however, with a service that can analyze the data to determine device health and provide a more complete security service. The next section introduces just such a service.
+UEFI with Secure Boot uses hardware technologies to help protect users from bootkits. Secure Boot can validate the integrity of the device, firmware, and bootloader. After the bootloader launches, users must rely on the operating system to protect the integrity of the remainder of the system.
 
-### <a href="" id="device-health-attestation--"></a>Device health attestation
+When UEFI with Secure Boot verifies that it trusts the bootloader and starts Windows 10 Mobile, the Windows Trusted Boot feature protects the rest of the startup process by verifying that all Windows startup components are trustworthy (e.g., signed by a trusted source) and have integrity. The bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, and startup files.
 
-Device health attestation is new feature in Windows 10 Mobile that helps prevent low-level malware infections. Device health attestation uses a device’s TPM and firmware to measure the critical security properties of the device’s BIOS and Windows startup processes. These measurements are made in such a way that even on a system infected with kernel-level malware or a rootkit, an attacker is unlikely to spoof the properties.
-You can integrate Device health attestation with Microsoft Intune or non-Microsoft MDM solutions and combine these hardware-measured security properties with other device properties to gain an overall view of the device’s health and compliance state. From there, you can use this integration in a variety of scenarios, from detecting jailbroken devices to monitoring device compliance, generating compliance reports, alerting users or administrators, initiating corrective action on the device, and managing conditional access to resources such as Office 365.
+### <a href="" id="measured-boot"></a>Measured Boot
 
-### <a href="" id="conditional-access--"></a>Conditional Access
+In earlier versions of Windows, the biggest challenge with rootkits and bootkits was that they could frequently be undetectable to the client. Because they often started before Windows defenses and the antimalware solution – and they had system-level privileges – rootkits and bootkits could completely disguise themselves while continuing to access system resources. Although UEFI with Secure Boot and Trusted Boot could prevent most rootkits and bootkits, intruders could still potentially exploit a few attack vectors (e.g., if someone compromised the signature used to sign a boot component, such as a non-Microsoft driver, and used it to sign a malicious one).
 
-The example that follows shows how Windows 10 protective measures integrate and work with Intune and non-Microsoft MDM solutions. It demonstrates how the phone security architecture in Windows 10 Mobile helps you monitor and verify compliance and how the security and trust rooted in the device hardware protect corporate resources end to end.
+Windows 10 Mobile implements the Measured Boot feature, which uses the TPM hardware component to record a series of measurements for critical startup-related components, including firmware, Windows boot components, and drivers. Because Measured Boot uses the hardware-based security capabilities of TPM, which isolates and protects the measurement data against malware attacks, the log data is well protected against even sophisticated attacks.
 
-When a user turns on a phone:
-1.  The Secure Boot feature in Windows 10 Mobile helps protect the startup sequence, allows the device to boot into a defined and trusted configuration, and loads a factory-trusted boot loader.
-2.  Windows 10 Mobile Trusted Boot takes control when the Secure Boot process is complete, verifying the digital signature of the Windows kernel and the components that are loaded and executed during the startup process.
-3.  In parallel to steps 1 and 2, the phone’s TPM runs independently in a hardware-protected security zone (isolated from the boot execution path, which monitors boot activities). It creates a protected, tamper-evident audit trail, signed with a secret that only the TPM can access.
-4.  Devices that a Device health attestation-enabled MDM solution manage send a copy of this audit trail to the Microsoft Health Attestation Service (HAS) in a protected, tamper-resistant, and tamper-evident communication channel.
-5.  HAS reviews the audit trails, issues an encrypted and signed report, and forwards it to the device.
-6.  From your Device health attestation-enabled MDM solution, you can review the report in a protected, tamper-resistant, and tamper-evident communication channel to assess whether the device is running in a compliant (healthy) state, allow access, or trigger corrective action aligned with the organization’s security needs and policies.
-Because this solution can detect and prevent low-level malware that may be extremely difficult to detect any other way, Microsoft recommends that you consider implementing a Device health attestation-enabled MDM system like Intune that takes advantage of the Windows 10 Mobile cloud-based health attestation server feature to detect and block devices infected with advanced malware.
+Measured Boot focuses on acquiring the measurement data and protecting it against tampering. To provide more complete security, it must be coupled with a service that can analyze the data to determine device health. 
 
-## <a href="" id="app-platform-security--"></a>App platform security
+### <a href="" id="device-health-attestation"></a>Device Health Attestation
 
-Applications built for Windows are designed to be secure and free of defects, but the reality is that human error can create vulnerabilities in code. When malicious users and software identify such vulnerabilities, they may attempt to manipulate data in memory in the hope that they can compromise the system and take control.
+Device Health Attestation (DHA) is a new feature in Windows 10 Mobile that helps prevent low-level malware infections. DHA uses a device’s TPM and firmware to measure the critical security properties of the device’s BIOS and Windows startup processes. These measurements are made in such a way that even on a system infected with kernel-level malware or a rootkit, an attacker is unlikely to spoof the properties.
 
-To mitigate these risks, Windows 10 Mobile includes a series of improvements to make it more difficult for malware to compromise the device. Windows 10 Mobile even enables organizations to choose which apps are allowed to run on mobile devices. In addition, it includes improvements that can dramatically reduce the likelihood that newly discovered vulnerabilities can be successful exploited. It takes detailed knowledge of operating system architecture and malware exploit techniques to fully appreciate the impact of these improvements, but the sections that follow explain them at a high level.
+You can use DHA with Microsoft Intune (sold separately) or a third-party MDM solution to combine hardware-measured security properties with other device properties and gain an overall view of the device’s health and compliance state. This integration can be useful in a variety of scenarios, including detecting jailbroken devices, monitoring device compliance, generating compliance reports, alerting users or administrators, initiating corrective action on the device, and managing conditional access to resources such as Office 365.
 
-### <a href="" id="device-guard--"></a>Device Guard
+The example that follows shows how Windows 10 protective measures integrate and work with Intune and third-party MDM solutions. It demonstrates how the phone security architecture in Windows 10 Mobile can help you monitor and verify compliance and how the security and trust rooted in the device hardware can protect end-to-end corporate resources.
 
-Device Guard is a feature set that consists of both hardware and software system integrity-hardening features. These features revolutionize Windows operating system security by moving the entire operating system to a trust-nothing model.
+When a user turns a phone on:
+1.	The Secure Boot feature in Windows 10 Mobile helps protect the startup sequence, allows the device to boot into a defined and trusted configuration, and loads a factory-trusted boot loader.
+2.	Windows 10 Mobile Trusted Boot takes control when the Secure Boot process is complete, verifying the digital signature of the Windows kernel and the components that are loaded and executed during the startup process.
+3.	In parallel to steps 1 and 2, the phone’s TPM runs independently in a hardware-protected security zone (isolated from the boot execution path, which monitors boot activities). It creates a protected, tamper-evident audit trail, signed with a secret that only the TPM can access.
+4.	Devices that are DHA-enabled send a copy of this audit trail to the Microsoft Health Attestation service (HAS) in a protected, tamper-resistant, and tamper-evident communication channel.
+5.	HAS reviews the audit trails, issues an encrypted and signed report, and forwards it to the device.
+6.	From your DHA-enabled MDM solution, you can review the report in a protected, tamper-resistant, and tamper-evident communication channel to assess whether the device is running in a compliant (healthy) state, allow access, or trigger corrective action aligned with the organization’s security needs and policies.
+Because this solution can detect and prevent low-level malware that may be extremely difficult to detect any other way, Microsoft recommends that you consider implementing a DHA-enabled MDM system like Intune. It can take advantage of the Windows 10 Mobile cloud-based health attestation server feature to detect and block devices infected with advanced malware.
 
-All apps on Windows 10 Mobile must be digitally signed and come from Windows Store or a trusted enterprise store. Device Guard implements policies that further restrict this. By default, Device Guard supports all apps from Windows Store. You can create policies that define the apps that can and cannot run on the Windows 10 Mobile device. If the app doesn’t have a digital signature or is prevented by policy, or it does not come from a trusted store, it will not run on Windows 10 Mobile.
+### <a href="" id="device-guard"></a>Device Guard
 
-Advanced hardware features (described earlier in the [Enterprise-grade secure hardware](#secure-hardware) section) drive these security offerings. By integrating these hardware features further into the core operating system, Windows 10 Mobile can use them in new ways. To deliver this additional security, Device Guard requires UEFI with Secure Boot.
+Device Guard is a feature set that consists of both hardware and software system integrity–hardening features. These features revolutionize Windows operating system security by moving the entire operating system to a trust-nothing model.
 
-### <a href="" id="appcontainer--"></a>AppContainer
+All apps on Windows 10 Mobile must be digitally signed and come from Windows Store or a trusted enterprise store. Device Guard implements policies that further restrict this. By default, Device Guard supports all apps from Windows Store. You can create policies that define the apps that can and cannot run on the Windows 10 Mobile device. If the app does not have a digital signature, is prevented by policy, or does not come from a trusted store, it will not run on Windows 10 Mobile.
 
-The Windows 10 Mobile security model is based on the principle of least privilege and uses isolation to achieve it. Every app and even portions of the operating system itself run inside their own isolated sandbox called an AppContainer—a secured isolation boundary within which an app and its processes can run. Each AppContainer is defined and implemented through a security policy.
+Advanced hardware features, described above, drive these security offerings. By integrating these hardware features further into the core operating system, Windows 10 Mobile can use them in new ways. To deliver this additional security, Device Guard requires UEFI with Secure Boot.
 
-The security policy of a specific AppContainer defines the operating system capabilities that apps have access to from within the AppContainer. A capability is a Windows 10 Mobile device resource such as geographical location information, camera, microphone, networking, and sensors.
+### <a href="" id="address-space-layout-randomaization"></a>Address Space Layout Randomization
 
-A set of default permissions are granted to all AppContainers, including access to a unique, isolated storage location. In addition, access to other capabilities can be declared within the app code itself. Access to additional capabilities and privileges cannot be requested at run time, as can be done with traditional desktop applications.
+One of the most common techniques used by attackers to gain access to a system is to find a vulnerability in a privileged process that is already running, guess or find a location in memory where important system code and data reside, and overwrite that information with a malicious payload. In the early days of operating systems, any malware that could write directly to the system memory could do such a thing; the malware would simply overwrite system memory in well-known and predictable locations.
 
-The AppContainer concept is advantageous for the following reasons:
-
--   **Attack surface reduction.** Apps can access only those capabilities that are declared in the application code and needed to perform their functions.
--   **User consent and control.** Capabilities that apps use are automatically published to the app details page in the Windows Store. App access to capabilities that may expose sensitive information automatically prompt the user to acknowledge and provide consent.
--   **App isolation.** Communication between Windows apps is tightly controlled. Apps are isolated from one another and can communicate only by using predefined communications channels and data types.
-
-Apps receive the minimal privileges they need to perform their legitimate tasks. This means that even if a malicious attacker exploits an app, the potential damage is limited because the app cannot elevate its privileges and is contained within its AppContainer. Windows Store displays the permissions that the app requires along with the app’s age rating and publisher.
-
-The combination of Device Guard and AppContainer help to prevent unauthorized apps from running. In the event malware slips into the app ecosystem, the AppContainer helps to constrain the app and limit potential damage. The Windows 10 Mobile trust-nothing model doesn’t assume that any component is perfect, however, potential vulnerabilities in apps, AppContainers, and Windows 10 Mobile itself could give an attacker a chance to compromise a system. For this reason, we need redundant vulnerability mitigations. The next several topics describe some of the redundant mitigations in Windows 10 Mobile.
-
-### <a href="" id="address-space-layout-randomization--"></a>Address Space Layout Randomization
-One of the most common techniques attackers use to gain access to a system is to find a vulnerability in a privileged process that is already running, guess or find a location in memory where important system code and data reside, and then overwrite that information with a malicious payload. In the early days of operating systems, any malware that could write directly to the system memory could do such a thing; the malware would simply overwrite system memory in well-known and predictable locations.
-
-Address Space Layout Randomization (ASLR) makes that type of attack much more difficult because it randomizes how and where important data is stored in memory. With ASLR, it is more difficult for malware to find the specific location it needs to attack. Figure 3 illustrates how ASLR works, showing how the locations of different critical Windows components can change in memory between restarts.
+Address Space Layout Randomization (ASLR) makes that type of attack much more difficult because it randomizes how and where important data is stored in memory. With ASLR, it is more difficult for malware to find the specific location it needs to attack. The below diagram illustrates how ASLR works, showing how the locations of different critical Windows components can change in memory between restarts.
 
 ![figure 3](images/mobile-security-guide-figure3.png)
 
-Figure 3. ASLR at work
+Microsoft has substantively improved the ASLR implementation in Windows 10 Mobile over previous versions, applying it across the entire system rather than only in specific apps. With 64bit system and application processes that can take advantage of a vastly increased memory space, it is even more difficult for malware to predict where Windows 10 Mobile stores vital data. When used on systems that have TPMs, ASLR memory randomization becomes increasingly unique across devices, adding additional degrees of difficulty for repurposing successful exploits to another system.
 
-Microsoft has substantively improved the ASLR implementation in Windows 10 Mobile over previous versions, especially with 64-bit system and application processes that can take advantage of a vastly increased memory space, making it even more difficult for malware to predict where Windows 10 Mobile stores vital data. When used on systems that have TPMs, ASLR memory randomization will be increasingly unique across devices, making it even more difficult for a successful exploit that works on one system to work reliably on another. Microsoft also holistically applied ASLR across the entire system in Windows 10 Mobile rather than it working only on specific apps.
+### <a href="" id="data-execution-prevention"></a>Data Execution Prevention
 
-### <a href="" id="data-execution-prevention--"></a>Data Execution Prevention
+Malware depends on its ability to insert a malicious payload into memory with the hope that an unsuspecting user will execute it later. While ASLR makes that more difficult, Windows 10 Mobile extends that protection to prevent malware from running if written to an area that you have allocated solely for the storage of information. Data Execution Prevention (DEP) substantially reduces the range of memory that malicious code can use for its benefit. DEP uses the **No execute** bit on modern CPUs to mark blocks of memory as read-only so that malware can’t use those blocks to execute malicious code. All Windows 10 and Windows 10 Mobile devices support DEP.
 
-Malware depends on its ability to put a malicious payload into memory with the hope that an unsuspecting user will execute it later. ASLR makes that much more difficult.
-
-Extending that protection, it would be great if you could prevent malware from running if it wrote to an area that you have allocated solely for the storage of information. Data Execution Prevention (DEP) does exactly that, substantially reducing the range of memory that malicious code can use for its benefit. DEP uses the **No execute** bit on modern CPUs to mark blocks of memory as read only so that malware can’t use those blocks to execute malicious code. All Windows 10 and Windows 10 Mobile devices support DEP.
-
-### <a href="" id="windows-heap--"></a>Windows heap
+### <a href="" id="companion-devices"></a>Windows heap
 
 The heap is a location in memory that Windows uses to store dynamic application data. Microsoft continues to improve on earlier Windows heap designs by further mitigating the risk of heap exploits that an attacker could use.
-Windows 10 Mobile has several important improvements to the security of the heap over previous versions of Windows:
+Windows 10 Mobile has made several important improvements to the security of the heap over previous versions of Windows:
+-	Internal data structures that the heap uses are better protected against memory corruption.
+-	Heap memory allocations have randomized locations and sizes, making it more difficult for an attacker to predict the location of critical memory to overwrite. Specifically, Windows 10 Mobile adds a random offset to the address of a newly allocated heap, making the allocation much less predictable.
+-	Windows 10 Mobile uses “guard pages” before and after blocks of memory as tripwires. If an attacker attempts to write past a block of memory (a common technique known as a buffer overflow), the attacker will have to overwrite a guard page. Any attempt to modify a guard page is considered a memory corruption, and Windows 10 Mobile responds by instantly terminating the app.
 
--   Internal data structures that the heap uses are better protected against memory corruption.
--   Heap memory allocations have randomized locations and sizes, making it more difficult for an attacker to predict the location of critical memory to overwrite. Specifically, Windows 10 Mobile adds a random offset to the address of a newly allocated heap, which makes the allocation much less predictable.
--   Windows 10 Mobile uses “guard pages” before and after blocks of memory as tripwires. If an attacker attempts to write past a block of memory (a common technique known as a buffer overflow), the attacker will have to overwrite a guard page. Any attempt to modify a guard page is considered a memory corruption, and Windows 10 Mobile responds by instantly terminating the app.
+### <a href="" id="memeory-reservation"></a>Memory reservations
 
-### <a href="" id="memory-reservations--"></a>Memory reservations
+Microsoft reserves the lowest 64 KB of process memory for the operating system. Apps are no longer allowed to allocate that portion of the memory, making it more difficult for malware to overwrite critical system data structures in memory.
 
-Microsoft reserves the lowest 64 KB of process memory for the operating system. Apps are no longer allowed to allocate that portion of the memory, which makes it more difficult for malware to overwrite critical system data structures in memory.
+### <a href="" id="control-flow-guard"></a>Control Flow Guard
 
-### <a href="" id="control-flow-guard--"></a>Control Flow Guard
+When Windows loads applications into memory, it allocates space to those applications based on the size of the code, requested memory, and other factors. When an application begins to execute code, it calls additional code located in other memory addresses. The relationships among the code locations are well known – they are written in the code itself. However, until Windows 10 Mobile, the operating system didn’t enforce the flow among these locations, giving attackers the opportunity to change the flow to meet their needs. In other words, an application exploit takes advantage of this behavior by running code that the application may not typically run.
 
-When Windows loads applications into memory, it allocates space to those applications based on the size of the code, requested memory, and other factors. When an application begins to execute code, it calls additional code located in other memory addresses. The relationships among the code locations are well known—they are written in the code itself—but until Windows 10 Mobile, the operating system didn’t enforce the flow among these locations, giving attackers the opportunity to change the flow to meet their needs. In other words, an application exploit takes advantage of this behavior by running code that the application may not typically run.
-Windows 10 Mobile mitigates this kind of threat through the Control Flow Guard (CFG) feature. When a trusted application that its creator compiled to use CFG calls code, CFG verifies that the code location called is trusted for execution. If CFG doesn’t trust the location, it immediately terminates the application as a potential security risk.
+Windows 10 Mobile mitigates this kind of threat through Control Flow Guard (CFG). When a trusted application that its creator compiled to use CFG calls code, CFG verifies that the code location called is trusted for execution. If CFG doesn’t trust the location, it immediately terminates the application as a potential security risk.
 
-You cannot configure CFG; rather, an application developer can take advantage of CFG by configuring it when he or she compiles the application. Consider asking application developers and software vendors to deliver trustworthy Windows applications compiled with CFG enabled. Of course, browsers are a key entry point for attacks; thus Microsoft Edge and other Windows features take full advantage of CFG.
+You cannot configure CFG; rather, an application developer can take advantage of CFG by configuring it when he or she compiles the application. Because browsers are a key entry point for attacks, Microsoft Edge takes full advantage of CFG.
 
-### <a href="" id="protected-processes--"></a>Protected processes
+### <a href="" id="protected-processes"></a>Protected Processes
 
-In general, preventing a computer security incident is more cost-effective than repairing the damage an incident can cause. For malware in particular, most security controls are designed to prevent an attack from being initially successful. The reasoning is that if malware cannot infect the system, the system is immune to malware.
+Unfortunately, no device is immune to malware. Despite all the best preventative controls, malware can eventually find a way to infect any operating system or hardware platform. So, although prevention with a defense-in-depth strategy is important, additional malware controls are required. 
+If malware is running on a system, you need to limit what it can do Protected Processes prevents untrusted processes from tampering with those that have been specially signed. Protected Processes defines levels of trust for processes: it prevents less trusted processes from interacting with and therefore attacking more trusted processes. Windows 10 Mobile uses Protected Processes broadly throughout the operating system.
 
-Unfortunately, no device is immune to malware. Despite all the best preventative controls, malware can eventually find a way to infect any operating system or hardware platform. So, although prevention with a defense-in-depth strategy is important, it cannot be the only type of malware control.
+### <a href="" id="appcontainer"></a>AppContainer
 
-The key security scenario is to assume that malware is running on a system but limit what it can do. Windows 10 Mobile has security controls and design features in place to reduce compromise from existing malware infections. Protected Processes is one such feature.
+The Windows 10 Mobile security model is based on the principle of least privilege and uses isolation to achieve it. Every app and even portions of the operating system itself run inside their own isolated sandbox called an AppContainer – a secured isolation boundary within which an app and its processes can run. Each AppContainer is defined and implemented through a security policy.
 
-With Protected Processes, Windows 10 Mobile prevents untrusted processes from interacting or tampering with those that have been specially signed. Protected Processes defines levels of trust for processes: it prevents less trusted processes from interacting with and therefore attacking more trusted processes. Windows 10 Mobile uses Protected Processes more broadly across the operating system.
+The security policy of a specific AppContainer defines the operating system capabilities that apps have access to from within the AppContainer, such as geographical location information, camera, microphone, networking, or sensors.
 
-### Store for Business
+A set of default permissions are granted to all AppContainers, including access to a unique, isolated storage location. Access to other capabilities can be declared within the app code itself. Unlike traditional desktop applications, access to additional capabilities and privileges cannot be requested at run time.
 
-Store for Business allows IT pros to find, acquire, distribute, and manage apps for their organization. The model provides flexible ways to distribute apps, depending on the size of your organization, and does not require additional infrastructure in some scenarios.
+The AppContainer concept is advantageous because it provides:
+-	**Attack surface reduction.** Apps can access only those capabilities that are declared in the application code and needed to perform their functions.
+-	**User consent and control.** Capabilities that apps use are automatically published to the app details page in the Windows Store. App access to capabilities that may expose sensitive information automatically prompt the user to acknowledge and provide consent.
+-	**App isolation.** Communication between Windows apps is tightly controlled. Apps are isolated from one another and can communicate only by using predefined communication channels and data types.
 
-UWP apps are inherently more secure than typical applications because they are sandboxed, which restricts the app’s risk of compromise or tampering with in a way that would put the system, data, and other applications at risk. Windows Store can further reduce the likelihood that malware will infect devices by reviewing all applications that enter the Windows Store ecosystem before making them available. Store for Business extends this concept by enabling you to distribute custom LOB apps, and even some Windows Store apps, to Windows 10 Mobile devices through the same Windows Store infrastructure.
+Apps receive the minimal privileges they need to perform their legitimate tasks. This means that even if a malicious attacker exploits an app, the potential damage is limited because the app cannot elevate its privileges and is contained within its AppContainer. Windows Store displays the permissions that the app requires along with the app’s age rating and publisher.
 
-Regardless of how users acquire UWP apps, they can use them with increased confidence. UWP apps run in an AppContainer sandbox with limited privileges and capabilities. For example, the apps have no system-level access, have tightly controlled interactions with other apps, and have no access to data unless the user explicitly grants the application permission.
+The combination of Device Guard and AppContainer help to prevent unauthorized apps from running. In the event malware slips into the app ecosystem, the AppContainer helps to constrain the app and limit potential damage. The Windows 10 Mobile trust-nothing model doesn’t assume that any component is perfect. However, potential vulnerabilities in apps, AppContainers, and Windows 10 Mobile itself could give an attacker a chance to compromise a system. For this reason, redundant vulnerability mitigations are needed. The next several topics describe some of the redundant mitigations in Windows 10 Mobile.
 
-In addition, all UWP apps follow the security principle of least privilege. Apps receive only the minimum privileges they need to perform their legitimate tasks, so even if an attacker exploits an app, the damage the exploit can do is significantly limited and should be contained within the sandbox. Windows Store displays the exact capabilities the app requires (for example, access to the camera), along with the app’s age rating and publisher.
+### <a href="" id="microsoft-edge"></a>Microsoft Edge
 
-The Windows Store app-distribution process and the app sandboxing capabilities of Windows 10 Mobile can dramatically reduce the likelihood that users encounter malicious apps on the system.
+The web browser is a critical component of any security strategy. It is the user’s interface to the Internet, an environment teeming with malicious sites and potentially dangerous content. Most users cannot perform at least part of their job without a browser, and many users are completely reliant on one. This reality has made the browser the number one pathway from which malicious hackers initiate their attacks.
 
-For more information about Store for Business, see [Windows Store for Business overview](../whats-new/windows-store-for-business-overview.md).
+Windows 10 Mobile includes Microsoft Edge, an entirely new web browser that goes beyond browsing with features like Reading View. Microsoft Edge is more secure than previous Microsoft web browsers in several ways:
+-	**Microsoft Edge on Windows 10 Mobile does not support extensions.** Microsoft Edge has built-in PDF viewing capability. 
+-	**Microsoft Edge is designed as a UWP app.** It is inherently compartmentalized and runs in an AppContainer that sandboxes the browser from the system, data, and other apps.
+-	**Microsoft Edge simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, fewer security settings are required. In addition, Microsoft established Microsoft Edge default settings that align with security best practices, making it more secure by design.
 
-### App management
+## Summary
 
-An enterprise typically exerts some configuration and control over the apps installed on devices. In this way, the organization accomplishes several business goals, such managing software licenses, ensuring mandatory app deployment on required devices, and preventing the installation of unacceptable apps on corporate devices.
+Windows 10 Mobile provides security on personal and corporate-owned devices to protect against unauthorized access, data leakage, and malware threats. All of the features covered in this paper – multifactor authentication, data separation, and malware resistance – are seamlessly incorporated into the operating system. This means enterprises are protected without compromising the productivity and ease of use that drives users to bring mobile devices into the workplace. 
 
-An important component in delivering on these goals is Store for Business, which builds on the Windows Store infrastructure that Microsoft hosts and enables you to deploy Windows Store apps across your Windows 10-based devices. Store for Business is both powerful and highly flexible. It allows you to extend and customize features without having to stand up new on-premises infrastructure. It supports and integrates with your existing MDM service but doesn’t require one. (Ask your MDM service vendor about integration with Store for Business.) You can configure Store for Business for a wide variety of scenarios, including online and offline licensing and different app-distribution options. For a more detailed description of the available Store for Business scenarios, see [Windows Store for Business overview](../whats-new/windows-store-for-business-overview.md).
+## Revision History
 
-A web-based portal for IT pros simplifies Windows 10 Mobile app deployment. The familiar look of Windows Store was used to design the Store for Business experience. It showcases apps relevant to business use, hand-selected and sorted by category. The store can use Azure AD accounts for all users, linking them to a single, unique organizational identity.
+November 2015 		Updated for Windows 10 Mobile (version 1511)
 
-Another key benefit is licensing. Store for Business enables you to track and manage licenses for all UWP apps. You can easily determine which users have installed specific apps, track remaining licenses left, and acquire new licenses directly through the web interface. Those new licenses are added within Store for Business and do not require complex export and import processes. As long as your clients are online and have Internet connectivity, the licensing scenario with Store for Business is a great improvement over manual licensing tasks.
+July 2016		Updated for Windows 10 Mobile Anniversary Update (version 1607)
 
-Store for Business allows you to find the right apps for your users, acquire them, manage app licenses, and distribute apps to individuals. The best way to understand Store for Business is to look at the steps involved in a common scenario: delivering apps to Windows 10 Mobile users without an MDM—specifically, deploying apps to Windows 10 Mobile users. In this scenario, you identify several apps that must be on each mobile device that are currently available for free in the Windows Store (for example, a VPN app for your Dell SonicWALL solution) and some internally developed LOB apps.
-
-### The IT side
-
-You begin the app deployment process by preparing the private store and the apps before your users receive their new Windows 10 Mobile devices.
-
-First, you open [Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkId=722910) and use an Azure AD account to log in. This account is linked to the company’s unique organizational identity and must have an Azure AD tenant. In addition, the account must have Azure AD Enterprise Admin permissions if this is the first time you’re using Store for Business. You can delegate later access through permissions within Store for Business.
-Next, you locate and acquire any apps you want to deploy to the mobile devices, adding the apps and licenses to the organization’s inventory.
-
-Along with existing Windows Store apps, you can use Store for Business to manage custom LOB apps that are developed for your organization. First, you grant permission for a trusted app developer to submit the apps. You and the developer submit these apps through the [Windows Dev Center](http://go.microsoft.com/fwlink/p/?LinkId=722911), and they must be digitally signed with a trusted certificate. These apps are not published to the retail Windows Store catalog and are not visible to anyone outside the organization.
-
-You can deliver the apps through a private store within Windows Store. The next step, then, is for you to mark the app to be available in the private store, which you do through the Store for Business web portal.
-
-Alternatively, you can choose one of two other app-distribution options in Store for Business web portal:
--   Assign the app to people in your organization by selecting one or more Azure AD identities
--   Add the app to the organization’s private store, and allow all users to discover and install it.
-For details about app distribution, see [Distribute apps using your private store](../manage/distribute-apps-from-your-private-store.md).
-
-The IT process for preparing Store for Business for app deployment is shown in Figure 4.
-
-![figure 4](images/mobile-security-guide-figure4.png)
-
-Figure 4. The IT process for Store for Business
-
-For details about the process of distributing apps through Store for Business, see [Find and acquire apps](../manage/find-and-acquire-apps-overview.md).
-
-### <a href="" id="the-user-side--"></a>The user side
-
-After you have prepared Store for Business, the user side of the process takes over. This side of the process is designed to be user friendly, with the primary app deployment method—through Store for Business—streamlined and straightforward. This process doesn’t require an MDM system or any on-premises infrastructure. In fact, the user never sees the “for Business” label, just the familiar Windows Store.
-
-1.  The user opens the Windows Store app on his or her Windows 10 Mobile device.
-
-2.  The same Windows Store interface appears, with the addition of the private store you created. The private store appears as a new page, similar to Games and Music. The interface integrates the public Windows Store with the organization’s private store, which contains curated apps.
-
-3.  The user simply selects and installs apps as usual.
-
-If the user wants to make a private purchase of apps, music, movies, or TV shows with his or her Microsoft account, that’s an option, as well. The user pays for and owns his or her purchase, independent of the company. This flexibility enables hybrid scenarios for devices in many bring your own device environments.
-
-### Microsoft Edge
-
-Windows 10 Mobile includes critical improvements designed to thwart attacks and malware. The environment is now more resistant to malware thanks to significant improvements to SmartScreen Filters. Internet browsing is a safer experience thanks to Microsoft Edge, a completely new browser.
-
-Windows 10 Mobile includes Microsoft Edge, an entirely new web browser that goes beyond browsing with features like Reading View. Microsoft Edge is more secure than previous Microsoft web browsers in several ways:
--   **Microsoft Edge does not support non-Microsoft binary extensions.** Microsoft Edge supports Flash content and PDF viewing by default through built-in extensions but includes no non-Microsoft binary extensions, such as ActiveX controls or Java.
--   **Microsoft Edge is designed as a UWP app.** It is inherently compartmentalized and runs in an AppContainer that sandboxes the browser from the system, data, and other apps.
--   **Microsoft Edge simplifies security configuration tasks.** Because Microsoft Edge uses a simplified application structure and a single sandbox configuration, fewer security settings are required. In addition, Microsoft established Microsoft Edge default settings that align with security best practices, making it more secure by design.
-
-The web browser is a critical component of any security strategy, and for good reason: it is the user’s interface to the Internet, an environment teeming with malicious sites and nefarious content. Most users cannot perform at least part of their job without a browser, and many users are completely reliant on one. This reality has made the browser the number one pathway from which malicious hackers initiate their attacks.
-
-## Related topics
-
-
-[Windows 10 security overview](windows-10-security-guide.md)
-
-[Windows 10 Mobile and MDM](../manage/windows-10-mobile-and-mdm.md)
-
-[Windows 10 and Windows 10 Mobile](../index.md)
-
-[Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkId=722910)
-
-[Windows Store for Business overview](../whats-new/windows-store-for-business-overview.md)
diff --git a/windows/keep-secure/windows-10-security-guide.md b/windows/keep-secure/windows-10-security-guide.md
index bb757267bb..5ad7eddc7a 100644
--- a/windows/keep-secure/windows-10-security-guide.md
+++ b/windows/keep-secure/windows-10-security-guide.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: high
 author: challum
 ---
 
@@ -17,14 +18,14 @@ author: challum
 
 This guide provides a detailed description of the most important security improvements in the Windows 10 operating system, with links to more detailed articles about many of its security features. Wherever possible, specific recommendations are provided to help you implement and configure Windows 10 security features.
 
-## Introduction
+#### Introduction
 
 Windows 10 is designed to protect against known and emerging security threats across the spectrum of attack vectors. Three broad categories of security work went into Windows 10:
 -   [**Identity and access control**](#identity) features have been greatly expanded to both simplify and enhance the security of user authentication. These features include Windows Hello and Microsoft Passport, which better protect user identities through easy-to-deploy and easy-to-use multifactor authentication (MFA). Another new feature is Credential Guard, which uses virtualization-based security (VBS) to help protect the Windows authentication subsystems and users’ credentials.
 -   [**Information protection**](#information) that guards information at rest, in use, and in transit. In addition to BitLocker and BitLocker To Go for protection of data at rest, Windows 10 includes file-level encryption with Enterprise Data Protection that performs data separation and containment and, when combined with Rights Management services, can keep data encrypted when it leaves the corporate network. Windows 10 can also help keep data secure by using virtual private networks (VPNs) and Internet Protocol Security.
 -   [**Malware resistance**](#malware) includes architectural changes that can isolate critical system and security components from threats. Several new features in Windows 10 help reduce the threat of malware, including VBS, Device Guard, Microsoft Edge, and an entirely new version of Windows Defender. In addition, the many antimalware features from the Windows 8.1 operating system— including AppContainers for application sandboxing and numerous boot-protection features, such as Trusted Boot—have been carried forward and improved in Windows 10.
 
-## <a href="" id="identity"></a>Identity and access control
+## Identity and access control
 
 Traditionally, access control is a process that has three components:
 -   **Identification** - when a user asserts a unique identity to the computer system for the purpose of gaining access to a resource, such as a file or a printer. In some definitions, the user is called the subject and the resource is the object.
@@ -73,14 +74,14 @@ Table 1. Windows 10 solutions to typical access control challenges
  
 The sections that follow describe these challenges and solutions in more detail.
 
-**Microsoft Passport**
+### Microsoft Passport
 
 Microsoft Passport provides strong two-factor authentication (2FA), fully integrated into Windows, and replaces passwords with the combination of an enrolled device and either a PIN or Windows Hello. Microsoft Passport is conceptually similar to smart cards but more flexible. Authentication is performed by using an asymmetric key pair instead of a string comparison (for example, password), and the user’s key material can be secured by using hardware.
 Unlike smart cards, Microsoft Passport does not require the extra infrastructure components required for smart card deployment. In particular, you do not need public key infrastructure (PKI). If you already use PKI – for example, in secure email or VPN authentication – you can use the existing infrastructure with Microsoft Passport. Microsoft Passport combines the major advantages of smart card technology – deployment flexibility for virtual smart cards and robust security for physical smart cards – without any of their drawbacks.
 
 Microsoft Passport offers three significant advantages over the current state of Windows authentication: It’s more flexible, it’s based on industry standards, and it effectively mitigates risks. The sections that follow look at each of these advantages in more detail.
 
-**It’s flexible**
+#### It’s flexible
 
 Microsoft Passport offers unprecedented flexibility. Although the format and use of passwords and smart cards is fixed, Microsoft Passport gives both administrators and users options to manage authentication. First and foremost, Microsoft Passport works with biometric sensors and PINs. Next, you can use your PC or even your phone as one of the factors to authenticate on your PC. Finally, your user credentials can come from your PKI infrastructure, or Windows can create the credential itself.
 
@@ -88,21 +89,19 @@ Microsoft Passport gives you options beyond long, complex passwords. Instead of
 
 With Microsoft Passport, you gain flexibility in the data center, too. To deploy it, you must add Windows Server 2016 domain controllers to your Active Directory environment, but you do not have to replace or remove your existing Active Directory servers: Microsoft Passport builds on and adds to your existing infrastructure. You can either add on premises servers or use Microsoft Azure Active Directory to deploy Microsoft Passport to your network. The choice of which users to enable for Microsoft Passport use is completely up to you – you choose which items to protect and which authentication factors you want to support. This flexibility makes it easy to use Microsoft Passport to supplement existing smart card or token deployments by adding 2FA to users who do not currently have it, or to deploy Microsoft Passport in scenarios that call for extra protection for sensitive resources or systems.
 
-**It’s standardized**
+#### It’s standardized
 
 Both software vendors and enterprise customers have come to realize that proprietary identity and authentication systems are a dead end: The future lies with open, interoperable systems that allow secure authentication across a variety of devices, line of business (LOB) apps, and external applications and websites. To this end, a group of industry players formed FIDO, the Fast IDentity Online Alliance. The FIDO Alliance is a nonprofit organization intended to address the lack of interoperability among strong authentication devices, as well as the problems users face when they need to create and remember multiple user names and passwords. The FIDO Alliance plans to change the nature of authentication by developing specifications that define an open, scalable, interoperable set of mechanisms that supplant reliance on passwords to securely authenticate users of online services. This new standard for security devices and browser plug ins will allow any website or cloud application to interface with a broad variety of existing and future FIDO-enabled devices that the user has for online security.
 
-In 2014, Microsoft joined the board of the [FIDO Alliance](http://go.microsoft.com/fwlink/p/?LinkId=626934). FIDO standards enable a universal framework that a global ecosystem delivers for a consistent and greatly improved user experience of strong password-less authentication. The FIDO 1.0 specifications, published in December 2014, provide for two types of authentications: password-less (known as UAF) and second factor (U2F). The FIDO Alliance is working on a set of 2.0 proposals that incorporate the best ideas from its U2F and UAF FIDO 1.0 standards, and of course, on new ideas. Microsoft has contributed Microsoft Passport technology to the FIDO 2.0 specification workgroup for review and feedback and continues to work with the FIDO Alliance as the FIDO 2.0 specification moves forward. Interoperability of FIDO products is a hallmark of FIDO authentication. Microsoft believes that bringing a FIDO solution to market will help solve a critical need for enterprises and consumers alike.
+In 2014, Microsoft joined the board of the [FIDO Alliance](https://go.microsoft.com/fwlink/p/?LinkId=626934). FIDO standards enable a universal framework that a global ecosystem delivers for a consistent and greatly improved user experience of strong password-less authentication. The FIDO 1.0 specifications, published in December 2014, provide for two types of authentications: password-less (known as UAF) and second factor (U2F). The FIDO Alliance is working on a set of 2.0 proposals that incorporate the best ideas from its U2F and UAF FIDO 1.0 standards, and of course, on new ideas. Microsoft has contributed Microsoft Passport technology to the FIDO 2.0 specification workgroup for review and feedback and continues to work with the FIDO Alliance as the FIDO 2.0 specification moves forward. Interoperability of FIDO products is a hallmark of FIDO authentication. Microsoft believes that bringing a FIDO solution to market will help solve a critical need for enterprises and consumers alike.
 
-**It’s effective**
+#### It’s effective
 
 Microsoft Passport effectively mitigates two major security risks. First, it eliminates the use of passwords for logon and so reduces the risk that a nefarious attacker will steal and reuse the user’s credentials. User key material is generated and available within the Trusted Platform Module (TPM) of the user device, which protects it from attackers who want to capture the key material and reuse it. Second, because Microsoft Passport uses asymmetrical key pairs, users credentials can’t be stolen in cases where the identity provider or websites the user accesses have been compromised.
 
 To compromise a Microsoft Passport credential that TPM protects, an attacker must have access to the physical device, and then must find a way to spoof the user’s biometrics or guess his or her PIN—and all of this must be done before TPM anti-hammer capabilities lock the device. This sets the bar magnitudes of order higher than password phishing attacks.
 
-### <a href="" id="windows-hello"></a>
-
-**Windows Hello**
+### Windows Hello
 
 Windows Hello is the name given to the new biometric sign-in option for Microsoft Passport. Because biometric authentication is built directly into the operating system, Windows Hello allows users to unlock their devices by using their face or fingerprint. From here, authentication to the devices and resources is enabled through a combination of the user’s unique biometric identifier and the device itself.
 
@@ -116,7 +115,7 @@ Windows Hello supports two biometric sensor options that are suitable for enterp
 Windows Hello offers several major benefits. First, it addresses the problems of credential theft and sharing, because an attacker must obtain the device and impersonate the user’s biometric identity, which is more difficult than stealing a password or PIN. Second, the use of biometrics gives users an authenticator that’s always with them – there’s nothing to forget, lose, or leave behind. Instead of worrying about memorizing long, complex passwords, users can take advantage of a convenient, secure method for logging in to all their Windows devices. Finally, there’s nothing additional to deploy or manage. Because Windows Hello support is built directly into the operating system, 
 there are no additional drivers to deploy.
 
-**Brute-force attack resistance**
+### Brute-force attack resistance
 
 A brute-force attack is the process used to break into a device simply by guessing a user’s password, PIN, or even his or her biometric identity over and over until the attacker gets it right. Over the last several versions of Windows, Microsoft has added features that dramatically reduce the chances that such an attack would succeed.
 
@@ -125,7 +124,7 @@ Windows 8.1 and Windows 10 support an even more powerful – but optional –
 
 If you’re interested in learning how to configure brute-force protection, use a test Windows 10 PC on which BitLocker protection is enabled for the system drive, and then print the BitLocker recovery key to ensure that you have it available. Then, open the Local Group Policy Editor by running **gpedit.msc**, and go to Computer Configuration\\Windows Settings\\Security Settings\\Security Options. Open the policy **Interactive Login: Machine Account Lockout Threshold**, and set the value to **5**, as shown in Figure 1.
 
-![figure 1](images/security-fig1-invalidaccess.png)
+![Machine lockout threshold](images/security-fig1-invalidaccess.png "Machine lockout threshold")
 
 Figure 1. Set the number of invalid access attempts prior to lockout
 
@@ -187,92 +186,105 @@ Table 2. Data Protection in Windows 10 and Windows 7
 </tr>
 </tbody>
 </table>
- 
+
 The sections that follow describe these improvements in more detail.
 
-**Prepare for drive and file encryption**
+### Prepare for drive and file encryption
 
 The best type of security measures are transparent to the user during implementation and use. Every time there is a possible delay or difficulty because of a security feature, there is strong likelihood that users will try to bypass security. This situation is especially true for data protection, and that’s a scenario that organizations need to avoid.
 Whether you’re planning to encrypt entire volumes, removable devices, or individual files, Windows 10 meets your needs by providing streamlined, usable solutions. In fact, you can take several steps in advance to prepare for data encryption and make the deployment quick and smooth.
 
-**TPM pre-provisioning**
+#### TPM pre-provisioning
 
 In Windows 7, preparing the TPM for use offered a couple of challenges:
--   You can turn on the TPM in the BIOS, which requires someone to either go into the BIOS settings to turn it on or to install a driver to turn it on from within Windows.
--   When you enable the TPM, it may require one or more restarts.
+
+* You can turn on the TPM in the BIOS, which requires someone to either go into the BIOS settings to turn it on or to install a driver to turn it on from within Windows.
+* When you enable the TPM, it may require one or more restarts.
+
 Basically, it was a big hassle. If IT staff were provisioning new PCs, they could handle all of this, but if you wanted to add BitLocker to devices that were already in users’ hands, those users would have struggled with the technical challenges and would either call IT for support or simply leave BitLocker disabled.
+
 Microsoft includes instrumentation in Windows 10 that enables the operating system to fully manage the TPM. There is no need to go into the BIOS, and all scenarios that required a restart have been eliminated.
 
-**Deploy hard drive encryption**
+### Deploy hard drive encryption
 
 BitLocker is capable of encrypting entire hard drives, including both system and data drives. BitLocker pre-provisioning can drastically reduce the time required to provision new PCs with BitLocker enabled. With Windows 10, administrators can turn on BitLocker and the TPM from within the Windows Preinstallation Environment before they install Windows or as part of an automated deployment task sequence without any user interaction. Combined with Used Disk Space Only encryption and a mostly empty drive (because Windows is not yet installed), it takes only a few seconds to enable BitLocker.
 With earlier versions of Windows, administrators had to enable BitLocker after Windows had been installed. Although this process could be automated, BitLocker would need to encrypt the entire drive, a process that could take anywhere from several hours to more than a day depending on drive size and performance, which significantly delayed deployment. Microsoft has improved this process through multiple features in Windows 10.
 
-**Device encryption**
+#### Device encryption
 
 Beginning in Windows 8.1, Windows automatically enables BitLocker device encryption on devices that support InstantGo. With Windows 10, Microsoft offers device encryption support on a much broader range of devices, including those that are InstantGo. Microsoft expects that most devices in the future will pass the testing requirements, which makes device encryption pervasive across modern Windows devices. Device encryption further protects the system by transparently implementing device-wide data encryption.
 
 Unlike a standard BitLocker implementation, device encryption is enabled automatically so that the device is always protected. The following list outlines how this happens:
--   When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, device encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state).
--   If the device is not domain joined, a Microsoft account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to the online Microsoft account, and a TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key by using his or her Microsoft account credentials.
--   If the user uses a domain account to sign in, the clear key is not removed until the user joins the device to a domain and the recovery key is successfully backed up to Active Directory Domain Services (AD DS). You must enable the **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** Group Policy setting, and select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** option. With this configuration, the recovery password is created automatically when the computer joins the domain, and then the recovery key is backed up to AD DS, the TPM protector is created, and the clear key is removed.
--   Similar to signing in with a domain account, the clear key is removed when the user logs on to an Azure AD account on the device. As described in the bullet point above, the recovery password is created automatically when the user authenticates to Azure AD. Then, the recovery key is backed up to Azure AD, the TPM protector is created, and the clear key is removed.
+
+* When a clean installation of Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, device encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state).
+* If the device is not domain joined, a Microsoft account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to the online Microsoft account, and a TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key by using his or her Microsoft account credentials.
+* If the user uses a domain account to sign in, the clear key is not removed until the user joins the device to a domain and the recovery key is successfully backed up to Active Directory Domain Services (AD DS). You must enable the **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** Group Policy setting, and select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** option. With this configuration, the recovery password is created automatically when the computer joins the domain, and then the recovery key is backed up to AD DS, the TPM protector is created, and the clear key is removed.
+* Similar to signing in with a domain account, the clear key is removed when the user logs on to an Azure AD account on the device. As described in the bullet point above, the recovery password is created automatically when the user authenticates to Azure AD. Then, the recovery key is backed up to Azure AD, the TPM protector is created, and the clear key is removed.
+
 Microsoft recommends that device encryption be enabled on any systems that support it, but the automatic device encryption process can be prevented by changing the following registry setting:
--   **Subkey**: HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\BitLocker
--   **Value**: PreventDeviceEncryption equal to True (1)
--   **Type**: REG\_DWORD
+- **Subkey**: HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\BitLocker
+- **Value**: PreventDeviceEncryption equal to True (1)
+- **Type**: REG\_DWORD
+
 Administrators can manage domain-joined devices that have device encryption enabled through Microsoft BitLocker Administration and Monitoring (MBAM). In this case, device encryption automatically makes additional BitLocker options available. No conversion or encryption is required, and MBAM can manage the full BitLocker policy set if any configuration changes are required.
 
-**Used Disk Space Only encryption**
+#### Used Disk Space Only encryption
 
 BitLocker in earlier Windows versions could take a long time to encrypt a drive, because it encrypted every byte on the volume (including parts that did not have data). That is still the most secure way to encrypt a drive, especially if a drive has previously contained confidential data that has since been moved or deleted, in which case traces of the confidential data could remain on portions of the drive marked as unused.
 But why encrypt a new drive when you can simply encrypt the data as it is being written? To reduce encryption time, BitLocker in Windows 10 lets users choose to encrypt just their data. Depending on the amount of data on the drive, this option can reduce encryption time by more than 99 percent.
 Exercise caution when encrypting only used space on an existing volume on which confidential data may have already been stored in an unencrypted state, however, because those sectors can be recovered through disk-recovery tools until they are overwritten by new encrypted data. In contrast, encrypting only used space on a brand-new volume can significantly decrease deployment time without the security risk because all new data will be encrypted as it is written to the disk.
 
-**Encrypted hard drive support**
+#### Encrypted hard drive support
 
 SEDs have been available for years, but Microsoft couldn’t support their use with some earlier versions of Windows because the drives lacked important key management features. Microsoft worked with storage vendors to improve the hardware capabilities, and now BitLocker supports the next generation of SEDs, which are called encrypted hard drives.
 Encrypted hard drives provide onboard cryptographic capabilities to encrypt data on drives, which improves both drive and system performance by offloading cryptographic calculations from the PC’s processor to the drive itself and rapidly encrypting the drive by using dedicated, purpose-built hardware. If you plan to use whole-drive encryption with Windows 10, Microsoft recommends that you investigate hard drive manufacturers and models to determine whether any of their encrypted hard drives meet your security and budget requirements.
-For more information about encrypted hard drives, see [Encrypted Hard Drive](http://go.microsoft.com/fwlink/p/?LinkId=733880).
+For more information about encrypted hard drives, see [Encrypted Hard Drive](https://go.microsoft.com/fwlink/p/?LinkId=733880).
 
-**Preboot information protection**
+### Preboot information protection
 
 An effective information protection implementation, like most security controls, considers usability as well as security. Users typically prefer a simple security experience. In fact, the more transparent a security solution becomes, the more likely users are to conform to it.
 It is crucial that organizations protect information on their PCs regardless of the state of the computer or the intent of users. This protection should not be cumbersome to users. One undesirable and previously commonplace situation is when the user is prompted for input during preboot, and then again during Windows logon. Challenging users for input more than once should be avoided.
 Windows 10 can enable a true SSO experience from the preboot environment on modern devices and in some cases even on older devices when robust information protection configurations are in place. The TPM in isolation is able to securely protect the BitLocker encryption key while it is at rest, and it can securely unlock the operating system drive. When the key is in use and thus in memory, a combination of hardware and Windows capabilities can secure the key and prevent unauthorized access through cold-boot attacks. Although other countermeasures like PIN-based unlock are available, they are not as user-friendly; depending on the devices’ configuration they may not offer additional security when it comes to key protection. For more information about how to configure BitLocker for SSO, see [BitLocker Countermeasures](bitlocker-countermeasures.md).
 
-**Manage passwords and PINs**
+### Manage passwords and PINs
 
 When BitLocker is enabled on a system drive and the PC has a TPM, you can choose to require that users type a PIN before BitLocker will unlock the drive. Such a PIN requirement can prevent an attacker who has physical access to a PC from even getting to the Windows logon, which makes it virtually impossible for the attacker to access or modify user data and system files.
+
 Requiring a PIN at startup is a useful security feature because it acts as a second authentication factor (a second “something you know”). This configuration comes with some costs, however. One of the most significant is the need to change the PIN regularly. In enterprises that used BitLocker with Windows 7 and the Windows Vista operating system, users had to contact systems administrators to update their BitLocker PIN or password. This requirement not only increased management costs but made users less willing to change their BitLocker PIN or password on a regular basis.
 Windows 10 users can update their BitLocker PINs and passwords themselves, without administrator credentials. Not only will this feature reduce support costs, but it could improve security, too, because it encourages users to change their PINs and passwords more often. In addition, InstantGo devices do not require a PIN for startup: They are designed to start infrequently and have other mitigations in place that further reduce the attack surface of the system.
 For more information about how startup security works and the countermeasures that Windows 10 provides, see [Protect BitLocker from pre-boot attacks](protect-bitlocker-from-pre-boot-attacks.md).
 
-**Configure Network Unlock**
+### Configure Network Unlock
 
 Some organizations have location-specific data security requirements. This is most common in environments where high-value data is stored on PCs. The network environment may provide crucial data protection and enforce mandatory authentication; therefore, policy states that those PCs should not leave the building or be disconnected from the corporate network. Safeguards like physical security locks and geofencing may help enforce this policy as reactive controls. Beyond these, a proactive security control that grants data access only when the PC is connected to the corporate network is necessary.
 
 Network Unlock enables BitLocker-protected PCs to start automatically when connected to a wired corporate network on which Windows Deployment Services runs. Anytime the PC is not connected to the corporate network, a user must type a PIN to unlock the drive (if PIN-based unlock is enabled).
 Network Unlock requires the following infrastructure:
--   Client PCs that have Unified Extensible Firmware Interface (UEFI) firmware version 2.3.1 or later, which supports Dynamic Host Configuration Protocol (DHCP)
--   A server running Windows Server 2012 with the Windows Deployment Services role
--   A server with the DHCP server role installed
-For more information about how to configure Network Unlock, see [BitLocker: How to enable Network Unlock](http://go.microsoft.com/fwlink/p/?LinkId=733905).
-**Microsoft BitLocker Administration and Monitoring**
-Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage and support BitLocker and BitLocker To Go. MBAM 2.5 with Service Pack 1, the latest version, has the following key features:
--   Enables administrators to automate the process of encrypting volumes on client computers across the enterprise.
--   Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself.
--   Provides centralized reporting and hardware management with Microsoft System Center Configuration Manager.
--   Reduces the workload on the help desk to assist end users with BitLocker recovery requests.
--   Enables end users to recover encrypted devices independently by using the Self-Service Portal.
--   Enables security officers to easily audit access to recovery key information.
--   Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected.
--   Enforces the BitLocker encryption policy options that you set for your enterprise.
--   Integrates with existing management tools, such as System Center Configuration Manager.
--   Offers an IT-customizable recovery user experience.
--   Supports Windows 10.
 
-For more information about MBAM, including how to obtain it, see [Microsoft BitLocker Administration and Monitoring](http://go.microsoft.com/fwlink/p/?LinkId=626935) on the MDOP TechCenter.
+* Client PCs that have Unified Extensible Firmware Interface (UEFI) firmware version 2.3.1 or later, which supports Dynamic Host Configuration Protocol (DHCP)
+* A server running Windows Server 2012 with the Windows Deployment Services role
+* A server with the DHCP server role installed
+
+For more information about how to configure Network Unlock, see [BitLocker: How to enable Network Unlock](https://go.microsoft.com/fwlink/p/?LinkId=733905).
+
+### Microsoft BitLocker Administration and Monitoring
+
+>>>>>>> refs/remotes/origin/master
+Part of the Microsoft Desktop Optimization Pack, MBAM makes it easier to manage and support BitLocker and BitLocker To Go. MBAM 2.5 with Service Pack 1, the latest version, has the following key features:
+
+* Enables administrators to automate the process of encrypting volumes on client computers across the enterprise.
+* Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself.
+* Provides centralized reporting and hardware management with Microsoft System Center Configuration Manager.
+* Reduces the workload on the help desk to assist end users with BitLocker recovery requests.
+* Enables end users to recover encrypted devices independently by using the Self-Service Portal.
+* Enables security officers to easily audit access to recovery key information.
+* Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected.
+* Enforces the BitLocker encryption policy options that you set for your enterprise.
+* Integrates with existing management tools, such as System Center Configuration Manager.
+* Offers an IT-customizable recovery user experience.
+* Supports Windows 10.
+
+For more information about MBAM, including how to obtain it, see [Microsoft BitLocker Administration and Monitoring](https://go.microsoft.com/fwlink/p/?LinkId=626935) on the MDOP TechCenter.
 
 ## <a href="" id="malware"></a>Malware resistance
 
@@ -334,24 +346,26 @@ The sections that follow describe these improvements in more detail.
 
 **SMB hardening improvements for SYSVOL and NETLOGON connections**
 
-In Windows 10 and Windows Server 2016 Technical Preview, client connections to the Active Directory Domain Services default SYSVOL and NETLOGON shares on domain controllers now require Server Message Block (SMB) signing and mutual authentication (such as Kerberos).
+In Windows 10 and Windows Server 2016, client connections to the Active Directory Domain Services default SYSVOL and NETLOGON shares on domain controllers now require Server Message Block (SMB) signing and mutual authentication (such as Kerberos).
 - **What value does this change add?**
 This change reduces the likelihood of man-in-the-middle attacks.
 - **What works differently?**
 If SMB signing and mutual authentication are unavailable, a Windows 10 or Windows Server 2016 computer won’t process domain-based Group Policy and scripts.
-> **Note:** The registry values for these settings aren’t present by default, but the hardening rules still apply until overridden by Group Policy or other registry values.
+>[!NOTE]
+>The registry values for these settings aren’t present by default, but the hardening rules still apply until overridden by Group Policy or other registry values.
 
-For more information on these security improvements, (also referred to as UNC hardening), see [Microsoft Knowledge Base article 3000483](http://go.microsoft.com/fwlink/p/?LinkId=789216) and [MS15-011 & MS15-014: Hardening Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=789215).
+For more information on these security improvements, (also referred to as UNC hardening), see [Microsoft Knowledge Base article 3000483](https://go.microsoft.com/fwlink/p/?LinkId=789216) and [MS15-011 & MS15-014: Hardening Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=789215).
  
-**Secure hardware**
+#### Secure hardware
 
 Although Windows 10 is designed to run on almost any hardware capable of running Windows 8, Windows 7, or Windows Vista, taking full advantage of Windows 10 security requires advancements in hardware-based security, including UEFI with Secure Boot, CPU virtualization features (for example, Intel VT-x), CPU memory-protection features (for example, Intel VT-d), TPM, and biometric sensors.
 
-**UEFI with Secure Boot**
+#### UEFI with Secure Boot
 
 When a PC starts, it begins the process of loading the operating system by locating the bootloader on the PC’s hard drive. Without safeguards in place, the PC may simply hand control over to the bootloader without even determining whether it is a trusted operating system or malware.
 
 UEFI is a standards-based solution that offers a modern-day replacement for the BIOS. In fact, it provides the same functionality as BIOS while adding security features and other advanced capabilities. Like BIOS, UEFI initializes devices, but UEFI components with the Secure Boot feature (version 2.3.1 or later) also ensure that only trusted firmware in Option ROMs, UEFI apps, and operating system bootloaders can start on the device.
+
 UEFI can run internal integrity checks that verify the firmware’s digital signature before running it. Because only the PC’s hardware manufacturer has access to the digital certificate required to create a valid firmware signature, UEFI has protection from firmware bootkits. Thus, UEFI is the first link in the chain of trust.
 
 UEFI with Secure Boot became a hardware requirement starting with Windows 8 devices. If a PC supports UEFI, it must be enabled by default. It is possible to disable the Secure Boot feature on many devices, but Microsoft strongly discourages doing so because it dramatically reduces the security of the startup process.
@@ -359,32 +373,36 @@ UEFI with Secure Boot became a hardware requirement starting with Windows 8 dev
 When a PC with UEFI and Secure Boot starts, the UEFI firmware verifies the bootloader’s digital signature to verify that it has not been modified after it was digitally signed. The firmware also verifies that a trusted authority issued the bootloader’s digital signature. This check helps to ensure that the system starts only after checking that the bootloader is both trusted and unmodified since signing.
 
 All Windows 8 certified PCs must meet several requirements related to Secure Boot:
--   They must have Secure Boot enabled by default.
--   They must trust Microsoft’s certification authority (CA) and thus any bootloader Microsoft has signed.
--   They must allow the user to add signatures and hashes to the UEFI database.
--   They must allow the user to completely disable Secure Boot (although administrators can restrict this).
+
+* They must have Secure Boot enabled by default.
+* They must trust Microsoft’s certification authority (CA) and thus any bootloader Microsoft has signed.
+* They must allow the user to add signatures and hashes to the UEFI database.
+* They must allow the user to completely disable Secure Boot (although administrators can restrict this).
 
 This behavior doesn’t limit the choice of operating system. In fact, users typically have three options for running non-Microsoft operating systems:
--   **Use an operating system with a Microsoft-signed bootloader.** Microsoft offers a service to sign non-Microsoft bootloaders so that they can be used on the device. In this case, a signature from the Microsoft third-party UEFI 
-CA is used to sign the non-Microsoft bootloader, and the signature itself is added to the UEFI database. Several non-Microsoft operating systems, including several varieties of Linux, have had their bootloaders signed by Microsoft so that they can take advantage of the Secure Boot capability. For more information about the Microsoft third-party UEFI signing policy, read [Microsoft UEFI CA Signing policy updates](http://go.microsoft.com/fwlink/p/?LinkId=626936) and [Pre-submission testing for UEFI submissions](http://go.microsoft.com/fwlink/p/?LinkId=626937).
 
-    **Note**  
-    PCs configured to use Device Guard boot only a secured version of Windows and do not permit a third-party bootloader. For more information, see the [Device Guard](#device-guard) section of this document.
-     
--   **Configure UEFI to trust a non–Microsoft-signed bootloader or hashes.** Some Certified For Windows 8 or later PCs allow users to add noncertified bootloaders through a signature or hashes sent to the UEFI database, which allows them to run any operating system without Microsoft signing it.
--   **Turn off Secure Boot.**Windows 8 certified PCs allow users to turn off Secure Boot so they can run unsigned operating systems. In this mode, the behavior is identical to PCs that have BIOS: The PC simply runs the bootloader without any verification. Microsoft strongly recommends that Secure Boot remain enabled whenever the device starts so that it can help prevent bootkit infections.
+- **Use an operating system with a Microsoft-signed bootloader.** Microsoft offers a service to sign non-Microsoft bootloaders so that they can be used on the device. In this case, a signature from the Microsoft third-party UEFI 
+CA is used to sign the non-Microsoft bootloader, and the signature itself is added to the UEFI database. Several non-Microsoft operating systems, including several varieties of Linux, have had their bootloaders signed by Microsoft so that they can take advantage of the Secure Boot capability. For more information about the Microsoft third-party UEFI signing policy, read [Microsoft UEFI CA Signing policy updates](https://go.microsoft.com/fwlink/p/?LinkId=626936) and [Pre-submission testing for UEFI submissions](https://go.microsoft.com/fwlink/p/?LinkId=626937).
 
-    **Note**  
-    With Windows 10, original equipment manufacturers (OEMs) have the ability to ship built-to-order PCs that lock down UEFI Secure Boot so that it cannot be disabled and allows only the operating system of the customer’s choice to start on the device.
+   >[!NOTE] 
+   >PCs configured to use Device Guard boot only a secured version of Windows and do not permit a third-party bootloader. For more information, see the [Device Guard](#device-guard) section of this document.
      
-Windows, apps, and even malware cannot change the UEFI configuration. Instead, users must be physically present to manually boot a PC into a UEFI shell, and then change UEFI firmware settings. For more information about UEFI Secure Boot, read [Protecting the pre-OS environment with UEFI](http://go.microsoft.com/fwlink/p/?LinkId=626938).
-**Virtualization-based security**
+- **Configure UEFI to trust a non–Microsoft-signed bootloader or hashes.** Some Certified For Windows 8 or later PCs allow users to add noncertified bootloaders through a signature or hashes sent to the UEFI database, which allows them to run any operating system without Microsoft signing it.
+- **Turn off Secure Boot.**Windows 8 certified PCs allow users to turn off Secure Boot so they can run unsigned operating systems. In this mode, the behavior is identical to PCs that have BIOS: The PC simply runs the bootloader without any verification. Microsoft strongly recommends that Secure Boot remain enabled whenever the device starts so that it can help prevent bootkit infections.
+
+>[!NOTE]  
+>With Windows 10, original equipment manufacturers (OEMs) have the ability to ship built-to-order PCs that lock down UEFI Secure Boot so that it cannot be disabled and allows only the operating system of the customer’s choice to start on the device.
+     
+Windows, apps, and even malware cannot change the UEFI configuration. Instead, users must be physically present to manually boot a PC into a UEFI shell, and then change UEFI firmware settings. For more information about UEFI Secure Boot, read [Protecting the pre-OS environment with UEFI](https://go.microsoft.com/fwlink/p/?LinkId=626938).
+
+#### Virtualization-based security
 
 One of the most powerful changes to Windows 10 is virtual-based security. Virtual-based security (VBS) takes advantage of advances in PC virtualization to change the game when it comes to protecting system components from compromise. VBS is able to isolate some of the most sensitive security components of Windows 10. These security components aren’t just isolated through application programming interface (API) restrictions or a middle-layer: They actually run in a different virtual environment and are isolated from the Windows 10 operating system itself.
 
 VBS and the isolation it provides is accomplished through the novel use of the Hyper V hypervisor. In this case, instead of running other operating systems on top of the hypervisor as virtual guests, the hypervisor supports running the VBS environment in parallel with Windows and enforces a tightly limited set of interactions and access between the environments.
 
 Think of the VBS environment as a miniature operating system: It has its own kernel and processes. Unlike Windows, however, the VBS environment runs a micro-kernel and only two processes called trustlets:
+
 -   **Local Security Authority (LSA)** enforces Windows authentication and authorization policies. LSA is a well-known security component that has been part of Windows since 1993. Sensitive portions of LSA are isolated within the VBS environment and are protected by a new feature called Credential Guard.
 -   **Hypervisor-enforced code integrity** verifies the integrity of kernel-mode code prior to execution. This is a part of the [Device Guard](#device-guard) feature described later in this document.
 VBS provides two major improvements in Windows 10 security: a new trust boundary between key Windows system components and a secure execution environment within which they run. A trust boundary between key Windows system components is enabled though the VBS environment’s use of platform virtualization to isolate the VBS environment from the Windows operating system. Running the VBS environment and Windows operating system as guests on top of Hyper-V and the processor’s virtualization extensions inherently prevents the guests from interacting with each other outside the limited and highly structured communication channels between the trustlets within the VBS environment and Windows operating system.
@@ -393,23 +411,25 @@ VBS acts as a secure execution environment because the architecture inherently p
 
 The VBS architecture is illustrated in Figure 2.
 
-![figure 2](images/security-fig2-vbsarchitecture.png)
+![Example of VBS architecture](images/security-fig2-vbsarchitecture-redo.png "Example of VBS architecture")
 
 Figure 2. The VBS architecture
 
 Note that VBS requires a system that includes:
--   Windows 10 Enterprise Edition
--   A-64-bit processor
--   UEFI with Secure Boot
--   Second-Level Address Translation (SLAT) technologies (for example, Intel Extended Page Tables \[EPT\], AMD Rapid Virtualization Indexing \[RVI\])
--   Virtualization extensions (for example, Intel VT-x, AMD RVI)
--   I/O memory management unit (IOMMU) chipset virtualization (Intel VT-d or AMD-Vi)
--   TPM 2.0
 
-**Trusted Platform Module**
+* Windows 10 Enterprise Edition
+* A 64-bit processor
+* UEFI with Secure Boot
+* Second-Level Address Translation (SLAT) technologies (for example, Intel Extended Page Tables \[EPT\], AMD Rapid Virtualization Indexing \[RVI\])
+* Virtualization extensions (for example, Intel VT-x, AMD RVI)
+* I/O memory management unit (IOMMU) chipset virtualization (Intel VT-d or AMD-Vi)
+* TPM 2.0
+
+#### Trusted Platform Module
 
 A TPM is a tamper-resistant cryptographic module designed to enhance the security and privacy of computing platforms. The TPM is incorporated as a component in a trusted computing platform like a personal computer, tablet, or phone. The computing platform is specially designed to work with the TPM to support privacy and security scenarios that cannot be achieved through software alone. A proper implementation of a TPM as part of a trusted computing platform provides a hardware root of trust, meaning that the hardware behaves in a trusted way. For example, a key created in a TPM with the property that it can never be exported from the TPM really means the key cannot leave the TPM. The close integration of a TPM with a platform increases the transparency of the boot process and supports device health scenarios by enabling reliable report of the software used to start a platform.
 The functionality a TPM provides includes:
+
 -   **Cryptographic key management.** Create, store, and permit the use of keys in defined ways.
 -   **Safeguarding and reporting integrity measurements.** Software used to boot the platform can be recorded in the TPM and used to establish trust in the software running on the platform.
 -   **Prove a TPM is really a TPM.** The TPM’s capabilities are so central to protecting privacy and security that a TPM needs to be able to differentiate itself from malware that masquerades as a TPM.
@@ -417,95 +437,112 @@ The functionality a TPM provides includes:
 Microsoft combined this small list of TPM benefits with Windows 10 and other hardware security technologies to provide practical security and privacy benefits.
 
 Among other functions, Windows 10 uses the TPM to protect the encryption keys for BitLocker volumes, virtual smart cards, certificates, and the many other keys that the TPM is used to generate. Windows 10 also uses the TPM to securely record and protect integrity-related measurements of select hardware and Windows boot components for the [Measured Boot](#measure-boot) feature described later in this document. In this scenario, Measured Boot measures each component, from firmware up through the drivers, and then stores those measurements in the PC’s TPM. From there, you can test the measurement log remotely so that a separate system verifies the boot state of the Windows 10 PC.
+
 Windows 10 supports TPM implementations that comply with either the 1.2 or 2.0 standards. Several improvements have been made in the TPM 2.0 standard, the most notable of which is cryptographic agility. TPM 1.2 is restricted to a fixed set of encryption and hash algorithms. At the time the TPM 1.2 standard was created in the early 2000s, these algorithms were considered cryptographically strong. Since that time, advances in cryptographic algorithms and cryptanalysis attacks have increased expectations for stronger cryptography. TPM 2.0 supports additional algorithms that offer stronger cryptographic protection as well as the ability to plug in algorithms that may be preferred in certain geographies or industries. It also opens the possibility for inclusion of future algorithms without changing the TPM component itself.
 
 TPM is usually assumed to be implanted in hardware on a motherboard as a discrete module, but TPM can also be effective when implemented in firmware. Windows 10 supports both discrete and firmware TPM that complies with the 2.0 standard (1.2 can only be discrete). Windows does not differentiate between discrete and firmware-based solutions because they must meet the same requirements; therefore, any Windows feature that can take advantage of TPM can use either implementation.
 
-**Note**  
-Microsoft will not initially require new Windows 10 PCs to include TPM support. Microsoft will require systems to include a TPM 2.0 beginning one year from the launch of Windows 10, however, to give manufacturers enough time to incorporate this critical functionality and to give IT pros enough time to determine which benefits they will leverage.
+>[!NOTE] 
+>Microsoft will not initially require new Windows 10 PCs to include TPM support. Microsoft will require systems to include a TPM 2.0 beginning one year from the launch of Windows 10, however, to give manufacturers enough time to incorporate this critical functionality and to give IT pros enough time to determine which benefits they will leverage.
  
 Several Windows 10 security features require TPM:
--   Virtual smart cards
--   Measured Boot
--   Health attestation (requires TPM 2.0 or later)
--   InstantGo (requires TPM 2.0 or later)
+* Virtual smart cards
+* Measured Boot
+* Health attestation (requires TPM 2.0 or later)
+* InstantGo (requires TPM 2.0 or later)
 
 Other Windows 10 security features like BitLocker may take advantage of TPM if it is available but do not require it to work. An example of this is Microsoft Passport.
 
 All of these features are covered in this document.
 
-**Biometrics**
+#### Biometrics
 
 You read in the [Windows Hello](#windows-hello) section of this document that Windows 10 has built-in support for biometric hardware. Windows has included some amount of built-in biometric support since the Windows XP operating system, so what’s different about this in Windows 10?
+
 Windows 10 makes biometrics a core security feature. Biometrics is fully integrated into the Windows 10 security components, not just tacked on as an extra part of a larger scheme. This is a big change. Earlier biometric implementations were largely front-end methods to simplify authentication. Under the hood, biometrics was used to access a password, which was then used for authentication behind the scenes. Biometrics may have provided convenience but not necessarily enterprise-grade authentication.
+
 Microsoft has evangelized the importance of enterprise-grade biometric sensors to the OEMs that create Windows PCs and peripherals. Many OEMs already ship systems that have integrated fingerprint sensors and are transitioning from swipe-based to touch-based sensors. Facial-recognition sensors were already available when Windows 10 launched and are becoming more commonplace as integrated system components.
+
 In the future, Microsoft expects OEMs to produce even more enterprise-grade biometric sensors and to continue to integrate them into systems as well as provide separate peripherals. As a result, biometrics will become a commonplace authentication method as part of an MFA system.
 
-**Secure Windows startup**
+#### Secure Windows startup
 
 UEFI Secure Boot uses hardware technologies to help protect users from bootkits. Secure Boot can validate the integrity of the devices, firmware, and bootloader. After the bootloader launches, users must rely on the operating system to protect the integrity of the remainder of the system.
 
-**Trusted Boot**
+#### Trusted Boot
 
 When UEFI Secure Boot verifies that the bootloader is trusted and starts Windows, the Windows Trusted Boot feature protects the rest of the startup process by verifying that all Windows startup components are trustworthy (for example, signed by a trusted source) and have integrity. The bootloader verifies the digital signature of the Windows kernel before loading it. The Windows kernel, in turn, verifies every other component of the Windows startup process, including the boot drivers, startup files, and ELAM component.
+
 If a file has been modified (for example, if malware has tampered with it or it has been corrupted), Trusted Boot will detect the problem and automatically repair the corrupted component. When repaired, Windows will start normally after only a brief delay.
 
-**Early Launch Antimalware**
+#### Early Launch Antimalware
 
 Malware that targeted previous versions of Windows often attempted to start before the antimalware solution. To do this, some types of malware would update or replace a non-Microsoft–related driver that starts during the Windows startup process. The malicious driver would then use its system access privileges to modify critical parts of the system and disguise its presence so it could not be detected when the antimalware solution later started.
+
 Early Launch Antimalware (ELAM) is part of the Trusted Boot feature set and is designed to enable the antimalware solution to start before all non-Microsoft drivers and apps. ELAM checks the integrity of non-Microsoft drivers to determine whether the drivers are trustworthy. Because Windows needs to start as fast as possible, ELAM cannot be a complicated process of checking the driver files against known malware signatures; doing so would delay startup too much. Instead, ELAM has the simple task of examining every boot driver and determining whether it is on the list of trusted drivers. If malware modifies a boot-related driver, ELAM will detect the change, and Windows will prevent the driver from starting, thus blocking driver-based rootkits. ELAM also allows the registered antimalware provider to scan drivers that are loaded after the boot process is complete.
+
 The design is simple but effective. ELAM is a component of a full-featured antimalware solution, and it helps prevent malicious drivers and apps from starting before the rest of the antimalware solution starts later during the boot process. Indeed, ELAM runs only for a few seconds each time a PC starts. Windows Defender in Windows 10 supports ELAM, as does Microsoft System Center 2012 Endpoint Protection and several non-Microsoft antimalware apps.
+
 If you want to learn how to configure ELAM, you can use Group Policy settings to configure how ELAM responds to potentially malicious boot drivers. In the Group Policy Management Editor, go to Computer Configuration\\Administrative Templates\\System\\Early Launch Antimalware, and enable the **Boot-Start Driver Initialization Policy** setting. Now, you can select which driver classifications ELAM loads. When you select the **Good Only** setting, it provides the highest level of security, but test it thoroughly to ensure that it does not prevent users with healthy PCs from starting.
 
-### <a href="" id="measure-boot"></a>
-
-**Measured Boot**
+#### Measured Boot
 
 The biggest challenge with rootkits and bootkits in earlier versions of Windows is that they can frequently be undetectable to the client. Because they often start before Windows defenses and the antimalware solution and they have system-level privileges, rootkits and bootkits can completely disguise themselves while continuing to access system resources. Although UEFI Secure Boot and Trusted Boot can prevent most rootkits and bootkits, intruders could still potentially exploit a few attack vectors (for example, if UEFI with Secure Boot is disabled or if the signature used to sign a boot component, such as a non-Microsoft driver, has been compromised and is used to sign a malicious one).
+
 Windows 10 implements the Measured Boot feature, which uses the TPM hardware component built into newer PCs to record a series of measurements for critical startup-related components, including firmware, Windows boot components, drivers, and even the ELAM driver. Because Measured Boot leverages the hardware-based security capabilities of TPM, which isolates and protects the measurement data from malware attacks, the log data is well protected against even sophisticated attacks.
 
 Measured Boot focuses on acquiring the measurement data and protecting it from tampering. It must be coupled with a service that can analyze the data to determine device health and provide a more complete security service. The next section introduces just such a service.
 
-**Verify device compliance for conditional access to corporate resources**
+#### Verify device compliance for conditional access to corporate resources
 
 Measured Boot itself does not prevent malware from loading during the startup process – that is the job of Secure Boot, Device Guard, and ELAM. Instead, Measured Boot provides a TPM-protected audit log that allows a trusted remote health attestation service to evaluate the PC’s startup components, state, and overall configuration. If the health attestation service detects that the PC loaded an untrustworthy component and is therefore out of compliance, the service can block the PC’s access to specific network resources or the entire network. You can even couple a health attestation service with a management system to facilitate conditional access capabilities that can initiate the quarantine and remediation processes to fix an infected PC and return it to a compliant state.
 
-![figure 3](images/security-fig3-healthattestation.png)
+![Health Attestation in Windows 10](images/security-fig3-healthattestation.png "Health Attestation in Windows 10")
 
 Figure 3. Health Attestation in Windows 10
 
 Figure 3 illustrates the following process for device compliance verification and conditional access implementation:
 
 1.  The PC uses the TPM to record measurements of the bootloader, boot drivers, and ELAM driver. The TPM prevents anyone from tampering with these measurements, so even if malware is successfully loaded, it will not be able to modify the measurements. These measurements are signed with an Attestation Identity Key (AIK) that is stored in the TPM. Because the TPM hardware has signed the measurements, malware cannot modify them without being detected.
+
 2.  Health Attestation is not enabled by default and requires an enrollment with a mobile device management (MDM) server in order to enable it. If it is enabled, the health attestation client will contact a remote server, called a health attestation server. Microsoft provides a cloud-based Windows Health Attestation service that can help evaluate the health of a device. The health attestation client sends the signed measurements, the device’s TPM boot log, and an AIK certificate (if present), which lets the health attestation server verify that the key used to sign the measurements was issued to a trusted TPM.
+
 3.  The health attestation server analyzes the measurements and boot log and creates a statement of device health. This statement is encrypted to help ensure the confidentiality of the data.
+
 4.  A management system, such as an MDM server, can request that an enrolled device present a statement of device health. Windows 10 supports both Microsoft and non-Microsoft MDM server requests for device health. To prevent theft of device health statements and reuse from other devices, an MDM server sends the enrolled device a “number used only once” (nonce) request along with this request for the device health statement.
+
 5.  The enrolled device digitally signs the nonce with its AIK (which is stored in the TPM) and sends the MDM server the encrypted statement of device health, the digitally signed nonce, and a signed boot counter, which asserts that the device has not been restarted since it obtained the statement of health.
+
 6.  The MDM server can send the same data to the health attestation server. The server decrypts the statement of health, asserts that the boot counter in the statement matches the boot counter that was sent to the MDM server, and compiles a list of health attributes.
+
 7.  The health attestation server sends this list of health attributes back to the MDM server. The MDM server now enforces access and compliance policies if configured to do so.
 
+
 For a list of data points that the health attestation server verifies, along with a description of the data, see the [HealthAttestation CSP article on MSDN](http://go.microsoft.com/fwlink/p/?LinkId=626940).
+
 The management system’s implementation determines which attributes within the statement of device health are evaluated when assessing a device’s health. Broadly speaking, the management server receives information about how the device booted, what kind of policy is enforced on the device, and how data on the device is secured. Depending on the implementation, the management server may add checks that go beyond what the statement of device health provides—for example, Windows patch level and other device attributes.
+
 Based on these data points, the management server can determine whether the client is healthy and grant it access to either a limited quarantine network or to the full network. Individual network resources, such as servers, can also grant or deny access based on whether the remote attestation client were able to retrieve a valid health certification from the remote attestation server.
+
 Because this solution can detect and prevent low-level malware that may be extremely difficult to detect any other way, Microsoft recommends that you consider the implementation of a management system, like Microsoft Intune, or any management solutions that take advantage of the Windows 10 cloud-based Health Attestation Server feature to detect and block devices that have been infected with advanced malware from network resources.
 
-## Secure the Windows core
+### Secure the Windows core
 
 Applications built for Windows are designed to be secure and free of defects, but the reality is that as long as human beings are writing code, vulnerabilities will continue to crop up. When identified, malicious users and software may attempt to exploit vulnerabilities by manipulating data in memory in the hope that they can bootstrap a successful exploit.
+
 To mitigate these risks, Windows 10 includes core improvements to make it more difficult for malware to perform buffer overflow, heap spraying, and other low-level attacks and even which code is allowed to run on the PC. In addition, these improvements dramatically reduce the likelihood that newly discovered vulnerabilities result in a successful exploit. It takes detailed knowledge of operating system architecture and malware exploit techniques to fully appreciate the impact of these improvements, but the sections that follow explain them at a high level.
 
-### <a href="" id="device-guard"></a>
-
-**Device Guard**
+#### Device Guard
 
 Today’s security threat landscape is more aggressive than ever before. Modern malicious attacks are focused on revenue generation, intellectual property theft, and targeted system degradation resulting in financial loss. Many of these nefarious attackers are sponsored by nation states that have ulterior motives and large cyber-terrorism budgets. These threats can enter a company through something as simple as an email and can permanently damage the organization’s reputation for securing employee and customer data and intellectual property, not to mention having a significant financial impact. The Windows 10 operating system introduces several new security features that help mitigate a large percentage of today’s known threats.
 
 It is estimated that more than 300,000 new malware variants are discovered daily. Unfortunately, companies currently use an ancient method to discover this infectious software and prevent its use. In fact, current PCs trust everything that runs until antimalware signatures determine whether a threat exists; then, the antimalware software attempts to clean the PC, often after the malicious software’s effect has already occurred. This signature-based system focuses on reacting to an infection and then ensuring that that particular infection does not happen again. In this model, the system that drives malware detection relies on the discovery of malicious software; only then can a signature be provided to the client to remediate it, which implies that a computer has often already been infected. The time between detection of the malware and a client being issued a signature could mean the difference between losing data and staying safe.
 
 In addition to antimalware solutions, “app control” or “whitelisting” technologies are available, including AppLocker. These perform single-instance or blanket allow or deny rules for running applications. In Windows 10, these types of solutions are most effective when deployed alongside the Windows 10 Device Guard feature.
+
 Device Guard breaks the current model of detection first-block later and allows only trusted applications to run, period. This methodology is consistent with the successful prevention strategy for mobile phone security. With Device Guard, Microsoft has changed how the Windows operating system handles untrusted applications, which makes its defenses difficult for malware to penetrate. This new prevention versus detection model will provide Windows clients with the necessary security for modern threats and, when implemented, mitigates many of today’s threats from day one.
 
-**Device Guard overview**
+#### Device Guard overview
 
 Device Guard is a feature set that consists of both hardware and software system integrity hardening features. These features revolutionize the Windows operating system’s security by taking advantage of new VBS options to protect the system core and the processes and drivers running in kernel mode—the trust-nothing model you see in mobile device operating systems. A key feature used with Device Guard is *configurable code integrity*, which allows your organization to choose exactly which software from trusted software publishers is allowed to run code on your client machines—exactly what has made mobile phone security on some platforms, such as Windows Mobile, so successful. Trusted applications are those signed directly (in other words, binaries) or indirectly by using a signed file that lists the hash values for application binaries that are considered trustworthy. In addition, Device Guard offers organizations a way to sign existing LOB applications so that they can trust their own code without the requirement that the application be rebuilt or packaged. Also, this same method of signing can provide organizations a way to trust non-Microsoft applications, including those that may not have been signed directly. Device Guard with configurable code integrity, Credential Guard, and AppLocker present the most complete security defense that any Microsoft product has ever been able to offer a Windows client.
 
@@ -525,7 +562,7 @@ To deliver this additional security, Device Guard has the following hardware and
 
 Along with these new features, some components of Device Guard are existing tools or technologies that have been included in this strategic security offering to provide customers with the most secure Windows operating system possible. Device Guard is intended as a set of client security features to be used in conjunction with the other threat-resistance features available in the Windows operating system, some of which are mentioned in this guide.
 
-**Configurable code integrity**
+#### Configurable code integrity
 
 The Windows operating system consists of two operating modes: user mode and kernel mode. The base of the operating system runs within the kernel mode, which is where the Windows operating system directly interfaces with hardware resources. User mode is primarily responsible for running applications and brokering information to and from the kernel mode for hardware resource requests. For example, when an application running in user mode needs additional memory, the user mode process must request the resources from the kernel, not directly from RAM.
 
@@ -533,33 +570,32 @@ Code integrity is the component of the Windows operating system that verifies th
 
 Historically, most malware has been unsigned. Simply by deploying code integrity policies, organizations will immediately protect themselves against unsigned malware, which is estimated to be responsible for the vast majority of current attacks. By using code integrity policies, an enterprise can also select exactly which binaries are allowed to run in both user mode and kernel mode based on the signer, binary hash, or both. When completely enforced, it makes user mode in Windows function like some mobile platforms, trusting and running only specific applications or specific signatures. This feature alone fundamentally changes security in an enterprise. This additional security is *not* limited to Windows apps and does *not* require an application rewrite to be compatible with your existing and possibly unsigned applications. You can run configurable code integrity independent of Device Guard, thus making it available to devices that don’t meet Device Guard hardware requirements.
 
-**Hardware security features and VBS**
+#### Hardware security features and VBS
 
 The core functionality and protection of Device Guard starts at the hardware level. Devices that have processors equipped with SLAT technologies and virtualization extensions, such as Intel VT x and AMD V, will be able to take advantage of a VBS environment that dramatically enhances Windows security by isolating critical Windows services from the operating system itself. This isolation is necessary, because you must assume that the operating system kernel will be compromised, and you need assurance that some processes will remain secure.
 
-Device Guard leverages VBS to isolate its Hypervisor Code Integrity (HVCI) service, which enables Device Guard to protect all kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s IOMMU functionality to force all software running in kernel mode to safely allocate memory. This means that after memory has been allocated, its state must be changed from writable to read only or execute only. By forcing memory into these states, it helps ensure that attacks are unable to inject malicious code into kernel mode processes and drivers through techniques such as buffer overruns or heap spraying. In the end, the VBS environment protects the Device Guard HVCI service from tampering even if the operating system’s kernel has been fully compromised, and HVCI protects kernel mode processes and drivers so that a compromise of this magnitude can’t happen in the first place.
+Device Guard leverages VBS to isolate its Hypervisor Code Integrity (HVCI) service, which enables Device Guard to help protect kernel mode processes and drivers from vulnerability exploits and zero days. HVCI uses the processor’s IOMMU functionality to force all software running in kernel mode to safely allocate memory. This means that after memory has been allocated, its state must be changed from writable to read only or execute only. By forcing memory into these states, it helps ensure that attacks are unable to inject malicious code into kernel mode processes and drivers through techniques such as buffer overruns or heap spraying. In the end, the VBS environment protects the Device Guard HVCI service from tampering even if the operating system’s kernel has been fully compromised, and HVCI protects kernel mode processes and drivers so that a compromise of this magnitude can't happen in the first place.
+
 Another Windows 10 feature that employs VBS is Credential Guard. Credential Guard protects credentials by running the Windows authentication service known as LSA, and then storing the user’s derived credentials (for example, NTLM hashes; Kerberos tickets) within the same VBS environment that Device Guard uses to protect its HVCI service. By isolating the LSA service and the user’s derived credentials from both user mode and kernel mode, an attacker that has compromised the operating system core will still be unable to tamper with authentication or access derived credential data. Credential Guard prevents pass-the-hash and ticket types of attacks, which are central to the success of nearly every major network breach you’ve read about, which makes Credential Guard one of the most impactful and important features to deploy within your environment. For more information about how Credential Guard complements Device Guard, see the [Device Guard with Credential Guard](#dgwithcg) section.
 
-**Device Guard with AppLocker**
+#### Device Guard with AppLocker
 
 Although AppLocker is not considered a new Device Guard feature, you can use it to complement configurable code integrity functionality when enforced code integrity cannot be fully implemented or its functionality does not cover every desired scenario. There are many scenarios in which you could use code integrity policies alongside AppLocker rules. As a best practice, enforce code integrity policies at the most restrictive level possible for your organization, and then use AppLocker to fine-tune the restrictions to an even lower level.
 
-**Note**  
-One example in which Device Guard functionality needs AppLocker supplementation is when your organization would like to limit which universal applications from the Windows Store users can install on a device. Microsoft has already validated universal applications from the Windows Store as trustworthy to run, but an organization may not want to allow specific universal applications to run in its environment. You could use an AppLocker rule to enforce such a stance.
+>[!NOTE]  
+>One example in which Device Guard functionality needs AppLocker supplementation is when your organization would like to limit which universal applications from the Windows Store users can install on a device. Microsoft has already validated universal applications from the Windows Store as trustworthy to run, but an organization may not want to allow specific universal applications to run in its environment. You could use an AppLocker rule to enforce such a stance.
 
 In another example, you could enable a configurable code integrity policy to allow users to run all the apps from a specific publisher. To do so, you would add the publisher’s signature to the policy. If your organization decides that only specific apps from that publisher should be allowed to run, you would add the signature for the publisher to the configurable code integrity policy, and then use AppLocker to determine which specific apps can run.
  
 AppLocker and Device Guard can run side-by-side in your organization, which offers the best of both security features at the same time and provides the most comprehensive security to as many devices as possible. In addition to these features, Microsoft recommends that you continue to maintain an enterprise antivirus solution for a well-rounded enterprise security portfolio.
 
-### <a href="" id="dgwithcg"></a>
-
-**Device Guard with Credential Guard**
+#### Device Guard with Credential Guard
 
 Although Credential Guard isn’t a feature within Device Guard, many organizations will likely deploy Credential Guard alongside Device Guard for additional protection against derived credential theft. Similar to virtualization-based protection of kernel mode through the Device Guard HVCI service, Credential Guard leverages hypervisor technology to protect the Windows authentication service (the LSA) and users’ derived credentials. This mitigation is targeted at preventing the use of pass-the-hash and pass-the-ticket techniques.
 
 Because Credential Guard uses VBS, it is decisive in its ability to prevent pass-the-hash and pass-the-ticket attacks from occurring on Windows 10 devices. Microsoft recognizes, however, that most organizations will have a blend of Windows versions running in their environments. Mitigations for devices not capable of running Credential Guard on both the client side and the server side are available to help with this scenario. Microsoft will be releasing details to TechNet regarding these additional mitigations in the near future.
 
-**Unified manageability through Device Guard**
+#### Unified manageability through Device Guard
 
 You can easily manage Device Guard features through the familiar enterprise and client-management tools that IT pros use every day. Use the following management tools to enable and manage Device Guard:
 -   **Group Policy.**Windows 10 provides an administrative template that you can use to configure and deploy the configurable code integrity policies for your organization. This template also allows you to specify which hardware-based security features you would like to enable and deploy. You can manage these settings with your existing Group Policy objects, which makes it simple to implement Device Guard features. In addition to the code integrity and hardware-based security features, Group Policy can help you manage your catalog files.
@@ -568,19 +604,19 @@ You can easily manage Device Guard features through the familiar enterprise and
 -   **Windows PowerShell.** You use Windows PowerShell primarily to create and service code integrity policies. These policies represent the most impactful component of Device Guard.
 These options provide the same experience you’re used to for management of your existing enterprise management solutions.
 
-**Address Space Layout Randomization**
+#### Address Space Layout Randomization
 
 One of the most common techniques used to gain access to a system is to find a vulnerability in a privileged process that is already running, guess or find a location in memory where important system code and data have been placed, and then overwrite that information with a malicious payload. In the early days of operating systems, any malware that could write directly to the system memory could do such a thing; the malware would simply overwrite system memory in well-known and predictable locations.
 Address Space Layout Randomization (ASLR) makes that type of attack much more difficult because it randomizes how and where important data is stored in memory. With ASLR, it is more difficult for malware to find the specific location it needs to attack. Figure 4 illustrates how ASLR works by showing how the locations of different critical Windows components can change in memory between restarts.
 
-![image 4](images/security-fig4-aslr.png)
+![ASLR at work](images/security-fig4-aslr.png "ASLR at work")
 
 Figure 4. ASLR at work
 
 Although the ASLR implementation in Windows 7 was effective, it wasn’t applied holistically across the operating system, and the level of entropy (cryptographic randomization) wasn’t always at the highest possible level. To decrease the likelihood that sophisticated attacks such as heap spraying could succeed in the Windows 8 operating system, Microsoft applied ASLR holistically across the system and increased the level of entropy many times.
 The ASLR implementation in Windows 8 and Windows 10 is greatly improved over Windows 7, especially with 64-bit system and application processes that can take advantage of a vastly increased memory space, which makes it even more difficult for malware to predict where Windows 10 stores vital data. When used on systems that have TPMs, ASLR memory randomization will be increasingly unique across devices, which makes it even more difficult for a successful exploit that works on one system to work reliably on another.
 
-**Data Execution Prevention**
+#### Data Execution Prevention
 
 Malware depends on its ability to put a malicious payload into memory with the hope that it will be executed later, and ASLR will make that much more difficult. Wouldn’t it be great if you could prevent malware from running if it wrote to an area that has been allocated solely for the storage of information?
 
@@ -597,11 +633,11 @@ If you want to see which apps use DEP, complete these steps:
 
 You can now see which processes have DEP enabled. Figure 5 shows the processes running on a Windows 10 PC with a single process that does not support DEP.
 
-![figure 5](images/security-fig5-dep.png)
+![Processes with DEP enabled in Windows 10](images/security-fig5-dep.png "Processes with DEP enabled in Windows 10")
 
 Figure 5. Processes on which DEP has been enabled in Windows 10
 
-**Windows Heap**
+#### Windows Heap
 
 The *heap* is a location in memory that Windows uses to store dynamic application data. Windows 10 continues to improve on earlier Windows heap designs by further mitigating the risk of heap exploits that could be used as part of an attack.
 
@@ -612,17 +648,19 @@ Windows 10 has several important improvements to the security of the heap over
 
 Windows 10 resolves known heap attacks that could be used to compromise a PC running previous versions of Windows.
 
-**Memory reservations**
+#### Memory reservations
 
 The lowest 64 KB of process memory is reserved for the system. Apps are no longer allowed to allocate that portion of the memory, which makes it more difficult for malware to overwrite critical system data structures in memory.
 
-**Control Flow Guard**
+#### Control Flow Guard
 
 When applications are loaded into memory, they are allocated space based on the size of the code, requested memory, and other factors. When an application begins to execute code, it calls additional code located in other memory addresses. The relationships between the code locations are well known—they are written in the code itself—but previous to Windows 10, the flow between these locations was not enforced, which gives attackers the opportunity to change the flow to meet their needs. In other words, an application exploit takes advantage of this behavior by running code that the application may not typically run.
+
 This kind of threat is mitigated in Windows 10 through the Control Flow Guard (CFG) feature. When a trusted application that was compiled to use CFG calls code, CFG verifies that the code location called is trusted for execution. If the location is not trusted, the application is immediately terminated as a potential security risk.
+
 An administrator cannot configure CFG; rather, an application developer can take advantage of CFG by configuring it when the application is compiled. Administrators should consider asking application developers and software vendors to deliver trustworthy Windows applications compiled with CFG enabled. Of course, browsers are a key entry point for attacks; thus Microsoft Edge, IE, and other Windows features take full advantage of CFG.
 
-**Protected Processes**
+#### Protected Processes
 
 Benjamin Franklin once said that "an ounce of prevention is worth a pound of cure." His wisdom directly applies to PC security. Most security controls are designed to prevent the initial infection point. The reasoning is that if malware cannot infect the system, the system is immune to malware.
 
@@ -632,12 +670,12 @@ The key security scenario is to assume that malware is running on a system but l
 
 With Protected Processes, Windows 10 prevents untrusted processes from interacting or tampering with those that have been specially signed. Protected Processes defines levels of trust for processes. Less trusted processes are prevented from interacting with and therefore attacking more trusted processes. Windows 10 uses Protected Processes more broadly across the operating system, and for the first time, you can put antimalware solutions into the protected process space, which helps make the system and antimalware solutions less susceptible to tampering by malware that does manage to get on the system.
 
-## Secure the Windows desktop
+### Secure the Windows desktop
 
-Windows 10 includes critical improvements to the Windows core and the desktop environment, where attacks and malware most frequently enter. The desktop environment is now more resistant to malware thanks to significant improvements to Windows Defender and SmartScreen Filters. Internet browsing is a safer experience because of Microsoft Edge, a completely new browser. The Windows Store reduces the likelihood that malware will infect devices by ensuring that all applications that enter the Windows Store ecosystem have been thoroughly reviewed before being made available. Universal Windows applications are inherently more secure than typical applications because they are sandboxed. Sandboxing restricts the application’s risk of being compromised or tampered with in a way that would put the system, data, and other applications at risk.
+Windows 10 includes critical improvements to the Windows core and the desktop environment, where attacks and malware most frequently enter. The desktop environment is now more resistant to malware thanks to significant improvements to Windows Defender and SmartScreen Filters. Internet browsing is a safer experience because of Microsoft Edge, a completely new browser. The Windows Store reduces the likelihood that malware will infect devices by ensuring that all applications that enter the Windows Store ecosystem have been thoroughly reviewed before being made available. Universal Windows apps are inherently more secure than typical applications because they are sandboxed. Sandboxing restricts the application’s risk of being compromised or tampered with in a way that would put the system, data, and other applications at risk.
 The sections that follow describe Windows 10 improvements to application security in more detail.
 
-**Microsoft Edge and Internet Explorer 11**
+### Microsoft Edge and Internet Explorer 11
 
 Browser security is a critical component of any security strategy, and for good reason: The browser is the user’s interface to the Internet, an environment that is quite literally overwhelmed with malicious sites and content waiting to attack. Most users cannot perform at least part of their job without a browser, and many users are completely reliant on one. This reality has made the browser the number one pathway from which malicious hackers initiate their attacks.
 
@@ -652,45 +690,49 @@ Microsoft includes an entirely new browser, Microsoft Edge, in Windows 10. Micr
 
 In addition to Microsoft Edge, Microsoft includes IE11 in Windows 10 primarily for backwards-compatibility with websites and binary extensions that do not work with Microsoft Edge. It should not be configured as the primary browser but rather as an optional or automatic switchover, as shown in Figure 6.
 
-![figure 6](images/security-fig6-edge2.png)
+![Configure Windows 10 for backwards-compatibility with IE11](images/security-fig6-edge2.png "Configure Windows 10 for backwards-compatibility with IE11")
 
 Figure 6. Configure Windows 10 to switch from Microsoft Edge to IE11 for backwards-compatibility.
 
 Microsoft’s recommendation is to use Microsoft Edge as the primary web browser because it provides compatibility with the modern web and the best possible security. For sites that require IE11 compatibility, including those that require binary extensions and plug ins, enable Enterprise mode and use the Enterprise Mode Site List to define which sites have the dependency. When configured, when users use Microsoft Edge and it identifies a site that requires IE11, they will automatically be switched to IE11.
 
-**The SmartScreen Filter**
+### The SmartScreen Filter
 
 Recent versions of Windows have many effective techniques to prevent malware from installing itself without the user’s knowledge. To work around those restrictions, malware attacks often use social engineering techniques to trick users into running software. For example, malware known as a Trojan horse pretends to be something useful, such as a utility, but carries an additional, malicious payload.
+
 Starting with Windows Internet Explorer 8, the SmartScreen Filter has helped protect users from both malicious applications and nefarious websites by using the SmartScreen Filter’s application and URL reputation services. The SmartScreen Filter in Internet Explorer would check URLs and newly downloaded apps against an online reputation service that Microsoft maintained. If the app or URL were not known to be safe, SmartScreen Filter would warn the user or even prevent the app or URL from loading, depending on how systems administrators had configured Group Policy settings.
+
 For Windows 10, Microsoft further developed the SmartScreen Filter by integrating its app reputation abilities into the operating system itself, which allows the filter to protect users regardless of the web browser they are using or the path that the app uses to arrive on the device (for example, email, USB flash drive). The first time a user runs an app that originates from the Internet, even if the user copied it from another PC, the SmartScreen Filter checks the reputation of the application by using digital signatures and other factors against a service that Microsoft maintains. If the app lacks a reputation or is known to be malicious, the SmartScreen Filter warns the user or blocks execution entirely, depending on how the administrator has configured Group Policy (see Figure 7).
 
-![figure 7](images/security-fig7-smartscreenfilter.png)
+![SmartScreen Filter at work in Windows 10](images/security-fig7-smartscreenfilter.png "SmartScreen Filter at work in Windows 10")
 
 Figure 7. The SmartScreen Filter at work in Windows 10
 
 By default, users have the option to bypass SmartScreen Filter protection so that it will not prevent a user from running a legitimate app. You can use Control Panel or Group Policy settings to disable the SmartScreen Filter or to completely prevent users from running apps that the SmartScreen Filter does not recognize. The Control Panel settings are shown in Figure 8.
 
-![figure 8](images/security-fig8-smartscreenconfig.png)
+![SmartScreen configuration options](images/security-fig8-smartscreenconfig.png "SmartScreen configuration options")
 
 Figure 8. The Windows SmartScreen configuration options in Control Panel
 
-If you want to try the SmartScreen Filter, use Windows 7 to download this simulated (but not dangerous) malware file:[freevideo.exe](http://go.microsoft.com/fwlink/p/?LinkId=626943). Save it to your computer, and then run it from Windows Explorer. As shown in Figure 9, Windows runs the app without much warning. In Windows 7, you might receive a warning message about the app not having a certificate, but you can easily bypass it.
+If you want to try the SmartScreen Filter, use Windows 7 to download this simulated (but not dangerous) malware file:[freevideo.exe](https://go.microsoft.com/fwlink/p/?LinkId=626943). Save it to your computer, and then run it from Windows Explorer. As shown in Figure 9, Windows runs the app without much warning. In Windows 7, you might receive a warning message about the app not having a certificate, but you can easily bypass it.
 
-![figure 9](images/security-fig9-windows7allow.png)
+![Windows 7 allows the app to run](images/security-fig9-windows7allow.png "Windows 7 allows the app to run")
 
 Figure 9. Windows 7 allows the app to run
 
 Now, repeat the test on a computer running Windows 10 by copying the file to a Windows 10 PC or by downloading the file again and saving it to your local computer. Run the file directly from File Explorer, and the SmartScreen Filter will warn you before it allows it to run. Microsoft’s data shows that for a vast majority of users, that extra warning is enough to save them from a malware infection.
 
-**Universal Windows apps**
+### Universal Windows apps
 
 The good news is that the download and use of Universal Windows apps or even Windows Classic applications (Win32) from the Windows Store will dramatically reduce the likelihood that you encounter malware on your PC because all apps go through a careful screening process before being made available in the store. Apps that organizations build and distribute through sideloading processes will need to be reviewed internally to ensure that they meet organizational security requirements.
 
 Regardless of how users acquire Universal Windows apps, they can use them with increased confidence. Unlike Windows Classic applications, which can run with elevated privileges and have potentially sweeping access to the system and data, Universal Windows apps run in an AppContainer sandbox with limited privileges and capabilities. For example, Universal Windows apps have no system-level access, have tightly controlled interactions with other apps, and have no access to data unless the user explicitly grants the application permission.
+
 In addition, all Universal Windows apps follow the security principle of least privilege. Apps receive only the minimum privileges they need to perform their legitimate tasks, so even if an attacker exploits an app, the damage the exploit can do is severely limited and should be contained within the sandbox. The Windows Store displays the exact capabilities the app requires (for example, access to the camera), along with the app’s age rating and publisher.
+
 In the end, the Windows Store app distribution process and the app sandboxing capabilities of Windows 10 will dramatically reduce the likelihood that users encounter malicious apps on the system.
 
-**Windows Defender**
+### Windows Defender
 
 Antimalware software, also generically called virus scanners, antivirus, and a host of other names, has been around for a long time. Microsoft shipped its first program in this category, Microsoft Anti-Virus, in 1993 for MS DOS 6.0. At the time, the approach of running a standalone MS DOS program to locate and remove viruses was sufficient.
 
@@ -719,9 +761,9 @@ Figure 10. Windows Defender opt-in settings in Windows 10
 
 Of course, system administrators have centralized control of all Windows Defender settings through Group Policy. The Windows Defender configuration settings are shown under Computer Configuration/Windows Components/Windows Defender, as shown in Figure 11.
 
-![figure 11](images/security-fig11-defendersettings.png)
+![Windows Defender settings in Group Policy](images/security-fig11-defendersettings.png "Windows Defender settings in Group Policy")
 
-Figure 11. Windows Defender settings in Group Policy– the sample submission options are listed under MAPS
+Figure 11. Windows Defender settings in Group Policy – the sample submission options are listed under MAPS
 
 **Tamper proofing** is the safeguarding of Windows Defender itself against malware attacks. Malware creators assume that antimalware software is implemented on most PCs. Many malware creators choose to overcome that obstacle by designing malware that modifies the antimalware software in some way, such as disabling real-time scanning or by hiding specific processes. Some malware goes as far as completely disabling the antimalware software while making it appear fully functional to the user.
 
@@ -729,11 +771,12 @@ Windows Defender is designed to resist tampering; it uses several security techn
 
 **Empowerment of IT security professionals** means that Windows Defender gives IT pros the tools and configuration options necessary to make it an enterprise-class antimalware solution. It has numerous enterprise-level features 
 that put it on par with the top products in this category:
--   Integration with centralized management software, including Microsoft Intune, System Center Configuration Manager, and Microsoft System Center Operations Manager. Unlike Windows 8.1, no additional client is necessary, because Windows Defender is now integrated into Windows and only a management layer needs to be added.
--   Windows Defender supports the Open Mobile Alliance Device Management standard for centralized management by many non-Microsoft device management solutions.
--   It includes integrated classic command-line and Windows PowerShell cmdlet support.
--   Support for Windows Management Instrumentation reporting and application management is built in.
--   Full integration with Group Policy offers complete IT configuration management.
+
+* Integration with centralized management software, including Microsoft Intune, System Center Configuration Manager, and Microsoft System Center Operations Manager. Unlike Windows 8.1, no additional client is necessary, because Windows Defender is now integrated into Windows and only a management layer needs to be added.
+* Windows Defender supports the Open Mobile Alliance Device Management standard for centralized management by many non-Microsoft device management solutions.
+* It includes integrated classic command-line and Windows PowerShell cmdlet support.
+* Support for Windows Management Instrumentation reporting and application management is built in.
+* Full integration with Group Policy offers complete IT configuration management.
 
 In addition, Windows Defender now integrates the Windows Defender Offline Tool, which formerly required the creation of a bootable, standalone version of Windows Defender into the Windows Recovery Environment. This simplifies the process of remediating low-level malware infections, which may prove difficult to detect and remove with the antimalware solution running on the Windows desktop. You can update signatures for this environment automatically from within the Windows Defender Offline experience.
 
@@ -746,16 +789,16 @@ Another security threat that customers face particularly in consumer and bring y
 
 Whenever non-Microsoft real-time protection is in an inoperable state (for example, disabled, expired) for 24 hours, Windows Defender automatically turns on to ensure that the device is protected. Windows attempts to help the user remediate the issue with the non-Microsoft antimalware solution by notifying him or her as early as 5 days before the software expires. If the solution expires, Windows enables Windows Defender and continues to remind the user to renew the non-Microsoft solution. When the user updates or reactivates the solution, Windows Defender is automatically disabled. In the end, the goal is to make sure that an operable antimalware solution is running at all times.
 
-## Conclusion
+#### Conclusion
 
 Windows 10 is the culmination of many years of effort from Microsoft, and its impact from a security perspective will be significant. Many of us still remember the years of Windows XP, when the attacks on the Windows operating system, applications, and data increased in volume and matured into serious threats. With the existing platforms and security solutions that you’ve likely deployed, you’re better defended than ever. But as attackers have become more advanced, there is no doubt that they have exceeded your ability to defend your organization and users. Evidence of this fact can be found in the news virtually every day as yet another major organization falls victim. Microsoft specifically designed Windows 10 to address these modern threats and tactics from the most advanced adversaries. It can truly change the game for your organization, and it can restore your advantage against those would like to make you their next victim.
 
 ## Related topics
 
-[Windows 10 Specifications](http://go.microsoft.com/fwlink/p/?LinkId=625077 )
+[Windows 10 Specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077 )
 
-[HealthAttestation CSP](http://go.microsoft.com/fwlink/p/?LinkId=626940 )
+[HealthAttestation CSP](https://go.microsoft.com/fwlink/p/?LinkId=626940 )
 
-[Making Windows 10 More Personal and More Secure with Windows Hello](http://go.microsoft.com/fwlink/p/?LinkId=626945)
+[Making Windows 10 More Personal and More Secure with Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=626945)
 
 [Protect BitLocker from pre-boot attacks](protect-bitlocker-from-pre-boot-attacks.md)
diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md
index bae239bf1c..4d3345f8a1 100644
--- a/windows/keep-secure/windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md
@@ -8,18 +8,21 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: mjcaparas
+localizationpriority: high
 ---
 
 # Windows Defender Advanced Threat Protection
 
 **Applies to:**
 
-- Windows 10 Insider Preview Build 14332 or later
+- Windows 10 Enterprise
+- Windows 10 Education
+- Windows 10 Pro
+- Windows 10 Pro Education
 - Windows Defender Advanced Threat Protection (Windows Defender ATP)
+>For more info about Windows 10 Enterprise Edition features and functionality, see [Windows 10 Enterprise edition](https://www.microsoft.com/WindowsForBusiness/buy).
 
-<span style="color:#ED1C24;">[Some information relates to pre-released product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks.
+Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.
 
 Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
 
@@ -63,7 +66,7 @@ detect sophisticated cyber-attacks, providing:
 
 - Behavior-based, cloud-powered, advanced attack detection
 
-    Finds the attacks that made it past all other defenses (post breach detection),provides actionable, correlated alerts for known and unknown adversaries trying to hide their activities on endpoints.
+    Finds the attacks that made it past all other defenses (post breach detection), provides actionable, correlated alerts for known and unknown adversaries trying to hide their activities on endpoints.
 
 - Rich timeline for forensic investigation and mitigation
 
@@ -78,10 +81,12 @@ detect sophisticated cyber-attacks, providing:
 Topic | Description
 :---|:---
 [Minimum requirements](minimum-requirements-windows-defender-advanced-threat-protection.md) | This overview topic for IT professionals provides information on the minimum requirements to use Windows Defender ATP such as network and data storage configuration, and endpoint hardware and software requirements, and deployment channels.
-[Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md) | You'll need to onboard and configure the Windows Defender ATP service and the endpoints in your network before you can use the service. Learn about how you can assign users to the Windows Defender ATP service in Azure Active Directory (AAD) and using a configuration package to configure endpoints.
 [Data storage and privacy](data-storage-privacy-windows-defender-advanced-threat-protection.md)| Learn about how Windows Defender ATP collects and handles information and where data is stored.
+[Assign user access to the Windows Defender ATP portal](assign-portal-access-windows-defender-advanced-threat-protection.md)| Before users can access the portal, they'll need to be granted specific roles in Azure Active Directory.
+[Onboard endpoints and set up access](onboard-configure-windows-defender-advanced-threat-protection.md) | You'll need to onboard and configure the Windows Defender ATP service and the endpoints in your network before you can use the service. Learn about how you can assign users to the Windows Defender ATP service in Azure Active Directory (AAD) and using a configuration package to configure endpoints.
 [Portal overview](portal-overview-windows-defender-advanced-threat-protection.md) | Understand the main features of the service and how it leverages Microsoft technology to protect enterprise endpoints from sophisticated cyber attacks.
 [Use the Windows Defender Advanced Threat Protection portal](use-windows-defender-advanced-threat-protection.md) | Learn about the capabilities of Windows Defender ATP to help you investigate alerts that might be indicators of possible breaches in your enterprise.
 [Windows Defender Advanced Threat Protection settings](settings-windows-defender-advanced-threat-protection.md) | Learn about setting the time zone and configuring the suppression rules to configure the service to your requirements.  
 [Troubleshoot Windows Defender Advanced Threat Protection](troubleshoot-windows-defender-advanced-threat-protection.md) | This topic contains information to help IT Pros find workarounds for the known issues and troubleshoot issues in Windows Defender ATP.
 [Review events and errors on endpoints with Event Viewer](event-error-codes-windows-defender-advanced-threat-protection.md)| Review events and errors associated with event IDs to determine if further troubleshooting steps are required.
+[Windows Defender compatibility](defender-compatibility-windows-defender-advanced-threat-protection.md) | Learn about how Windows Defender works in conjunction with Windows Defender ATP.
diff --git a/windows/keep-secure/windows-defender-block-at-first-sight.md b/windows/keep-secure/windows-defender-block-at-first-sight.md
new file mode 100644
index 0000000000..8abf7c0806
--- /dev/null
+++ b/windows/keep-secure/windows-defender-block-at-first-sight.md
@@ -0,0 +1,127 @@
+---
+title: Enable the Block at First Sight feature to detect malware within seconds
+description: In Windows 10 the Block at First Sight feature determines and blocks new malware variants in seconds. You can enable the feature with Group Policy.
+keywords: scan, BAFS, malware, first seen, first sight, cloud, MAPS, defender
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+---
+
+# Block at First Sight
+
+**Applies to**
+
+- Windows 10, version 1607
+
+**Audience**
+
+- Network administrators
+
+Block at First Sight is a feature of Windows Defender cloud protection that provides a way to detect and block new malware within seconds. 
+
+It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention.
+
+## How it works
+
+When a Windows Defender client encounters a suspicious but undetected file, it queries our cloud protection backend. The cloud backend will apply heuristics, machine learning, and automated analysis of the file to determine the files as malicious or clean.
+
+If the cloud backend is unable to make a determination, the file will be locked by Windows Defender while a copy is uploaded to the cloud. Only after the cloud has received the file will Windows Defender release the lock and let the file run. The cloud will perform additional analysis to reach a determination, blocking all future encounters of that file. 
+
+In many cases this process can reduce the response time to new malware from hours to seconds.
+
+> [!NOTE]
+> Suspicious file downloads requiring additional backend processing to reach a determination will be locked by Windows Defender on the first machine where the file is encountered, until it is finished uploading to the backend. Users will see a longer "Running security scan" message in the browser while the file is being uploaded. This might result in what appear to be slower download times for some files.
+
+
+## Confirm Block at First Sight is enabled
+
+Block at First Sight requires a number of Group Policy settings to be configured correctly or it will not work. Usually, these settings are already enabled in most default Windows Defender deployments in enterprise networks.
+
+> [!IMPORTANT]
+> There is no specific individual setting in System Center Configuration Manager to enable Block at First Sight. It is enabled by default when the pre-requisite settings are configured correctly.
+
+### Confirm Block at First Sight is enabled with Group Policy
+
+1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+
+3.  In the **Group Policy Management Editor** go to **Computer configuration**.
+
+4.  Click **Policies** then **Administrative templates**.
+
+5.  Expand the tree to **Windows components > Windows Defender > MAPS** and configure the following Group Policies:
+    
+    1.  Double-click the **Join Microsoft MAPS** setting and ensure the option is set to **Enabled**. Click **OK**.
+    
+    1.  Double-click the **Send file samples when further analysis is required** setting and ensure the option is set to **Enabled** and the additional options are either of the following:
+    
+        1. Send safe samples (1)
+        
+        1. Send all samples (3)
+
+        > [!WARNING]
+        > Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means the "Block at First Sight" feature will not function.
+
+    1. Click **OK**.
+
+1.  In the **Group Policy Management Editor**, expand the tree to **Windows components > Windows Defender > Real-time Protection**:
+    
+    1.  Double-click the **Scan all downloaded files and attachments** setting and ensure the option is set to **Enabled**. Click **OK**.
+    
+    1.  Double-click the **Turn off real-time protection** setting and ensure the option is set to **Disabled**. Click **OK**.
+
+If you had to change any of the settings, you should re-deploy the Group Policy Object across your network to ensure all endpoints are covered.
+
+
+### Confirm Block at First Sight is enabled with Windows Settings
+
+> [!NOTE]
+> If the pre-requisite settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings.
+
+You can confirm that Block at First Sight is enabled in Windows Settings. The feature is automatically enabled, as long as **Cloud-based protection** and **Automatic sample submission** are both turned on.
+
+**Confirm Block at First Sight is enabled on individual clients**
+
+1. Open Windows Defender settings:
+
+    a. Open the Windows Defender app and click **Settings**.
+    
+    b. On the main Windows Settings page, click **Update & Security** and then **Windows Defender**.
+
+2.	Confirm that **Cloud-based Protection** and **Automatic sample submission** are switched to **On**.
+
+## Disable Block at First Sight
+
+> [!WARNING]
+> Disabling the Block at First Sight feature will lower the protection state of the endpoint and your network.
+
+> [!NOTE]
+> You cannot disable Block at First Sight with System Center Configuration Manager
+
+You may choose to disable the Block at First Sight feature if you want to retain the pre-requisite settings without using Block at First Sight protection. You might wish to do this if you are experiencing latency issues or you want to test the feature's impact on your network.
+
+**Disable Block at First Sight with Group Policy**
+
+1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+
+3.  In the **Group Policy Management Editor** go to **Computer configuration**.
+
+4.  Click **Policies** then **Administrative templates**.
+
+5.  Expand the tree through **Windows components > Windows Defender > MAPS**.
+
+1.  Double-click the **Configure the ‘Block at First Sight’ feature** setting and set the option to **Disabled**.
+
+    > [!NOTE]
+    > Disabling the Block at First Sight feature will not disable or alter the pre-requisite group policies.
+
+
+## Related topics
+
+- [Windows Defender in Windows 10](windows-defender-in-windows-10.md)
+
+
diff --git a/windows/keep-secure/windows-defender-enhanced-notifications.md b/windows/keep-secure/windows-defender-enhanced-notifications.md
new file mode 100644
index 0000000000..e70fede4fd
--- /dev/null
+++ b/windows/keep-secure/windows-defender-enhanced-notifications.md
@@ -0,0 +1,46 @@
+---
+title: Configure enhanced notifications for Windows Defender
+description: In Windows 10, you can enable advanced notifications for endpoints throughout your enterprise network.
+keywords: notifications, defender, endpoint, management, admin
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+---
+
+# Configure enhanced notifications for Windows Defender in Windows 10
+
+**Applies to:**
+
+- Windows 10, version 1607
+
+In Windows 10, application notifications about malware detection and remediation by Windows Defender are more robust, consistent, and concise.
+
+Notifications will appear on endpoints when manually triggered and scheduled scans are completed and threats are detected. These notifications will also be seen in the **Notification Center**, and a summary of scans and threat detections will also appear at regular time intervals.
+
+You can enable and disable enhanced notifications in Windows Settings. 
+
+## Disable notifications
+
+You can disable enhanced notifications on individual endpoints in Windows Settings. 
+
+**Use Windows Settings to disable enhanced notifications on individual endpoints**
+
+1. Open the **Start** menu and click or type **Settings**.
+
+1. Click **Update & Security** and then **Windows Defender**. Scroll to the bottom of the settings page until you see the **Enhanced notifications** section.
+
+1. Toggle the setting between **On** and **Off**.
+
+![Windows Defender enhanced notifications](images/defender/enhanced-notifications.png)
+
+
+
+
+## Related topics
+
+- [Windows Defender in Windows 10](windows-defender-in-windows-10.md)
diff --git a/windows/keep-secure/windows-defender-in-windows-10.md b/windows/keep-secure/windows-defender-in-windows-10.md
index 0f5d4d28f0..7ad3e53061 100644
--- a/windows/keep-secure/windows-defender-in-windows-10.md
+++ b/windows/keep-secure/windows-defender-in-windows-10.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: medium
 author: jasesso
 ---
 
@@ -31,6 +32,23 @@ Windows Defender provides the most protection when cloud-based protection is ena
 -   Reports and report management
 
 When you enable endpoint protection for your clients, it will install an additional management layer on Windows Defender to manage the in-box Windows Defender agent. While the client user interface will still appear as Windows Defender, the management layer for Endpoint Protection will be listed in the **Add/Remove Programs** control panel, though it will appear as if the full product is installed.
+
+
+### Compatibility with Windows Defender Advanced Threat Protection
+
+Windows Defender Advanced Threat Protection (ATP) is an additional service that helps enterprises to detect, investigate, and respond to advanced persistent threats on their network. 
+
+See the [Windows Defender Advanced Threat Protection](windows-defender-advanced-threat-protection.md) topics for more information about the service.
+
+If you are enrolled in Windows Defender ATP, and you are not using Windows Defender as your real-time protection service on your endpoints, Windows Defender will automatically enter into a passive mode. 
+
+In passive mode, Windows Defender will continue to run (using the *msmpeng.exe* process), and will continue to be updated, however there will be no Windows Defender user interface, scheduled scans won’t run, and Windows Defender will not provide real-time protection from malware.
+
+You can [configure updates for Windows Defender](configure-windows-defender-in-windows-10.md), however you can't move Windows Defender into the normal active mode if your endpoints have an up-to-date third-party product providing real-time protection from malware.
+
+If you uninstall the other product, and choose to use Windows Defender to provide protection to your endpoints, Windows Defender will automatically return to its normal active mode.
+
+
  
 ### Minimum system requirements
 
@@ -48,37 +66,14 @@ For more information about what's new in Windows Defender in Windows 10, see [W
 
 ## In this section
 
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)</p></td>
-<td align="left"><p>IT professionals can manage Windows Defender on Windows 10 endpoints in their organization using Active Directory or WSUS, apply updates to endpoints, and manage scans using:</p>
-<ul>
-<li>Group Policy Settings</li>
-<li>Windows Management Instrumentation (WMI)</li>
-<li>PowerShell</li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md)</p></td>
-<td align="left"><p>IT professionals can configure definition updates and cloud-based protection in Windows Defender in Windows 10 through Active Directory and WSUS.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)</p></td>
-<td align="left"><p>IT professionals can review information about <em>event IDs</em> in Windows Defender for Windows 10 and see any relevant action they can take.</p></td>
-</tr>
-</tbody>
-</table>
- 
- 
- 
+Topic | Description
+:---|:---
+[Update and manage Windows Defender in Windows 10](get-started-with-windows-defender-for-windows-10.md)|Use Active Directory or Windows Server Update Services to manage and deploy updates to endpoints on your network. Configure and run special scans, including archive and email scans.
+[Configure updates for Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md)|Configure definition updates and cloud-based protection with Active Directory and Windows Server Update Services.
+[Windows Defender Offline in Windows 10](windows-defender-offline.md)|Manually run an offline scan directly from winthin Windows without having to download and create bootable media.
+[Use PowerShell cmdlets for Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md)|Run scans and configure Windows Defender options with Windows PowerShell cmdlets in Windows 10.
+[Enable the Block at First Sight feature in Windows 10](windows-defender-block-at-first-sight.md)|Use the Block at First Sight feature to leverage the Windows Defender cloud.
+[Configure enhanced notifications for Windows Defender in Windows 10](windows-defender-enhanced-notifications.md)|Enable or disable enhanced notifications on endpoints running Windows Defender for greater details about threat detections and removal.
+[Run a Windows Defender scan from the command line](run-cmd-scan-windows-defender-for-windows-10.md)|Use the command-line utility to run a Windows Defender scan.
+[Detect and block Potentially Unwanted Applications with Windows Defender](enable-pua-windows-defender-for-windows-10.md)|Use the Potentially Unwanted Application (PUA) feature in Managed Windows Defender to identify and block unwanted software during download and install time.
+[Troubleshoot Windows Defender in Windows 10](troubleshoot-windows-defender-in-windows-10.md)|Review event IDs in Windows Defender for Windows 10 and take the appropriate actions.
diff --git a/windows/keep-secure/windows-defender-offline.md b/windows/keep-secure/windows-defender-offline.md
new file mode 100644
index 0000000000..a90a308ed7
--- /dev/null
+++ b/windows/keep-secure/windows-defender-offline.md
@@ -0,0 +1,182 @@
+---
+title: Windows Defender Offline in Windows 10
+description: You can use Windows Defender Offline straight from the Windows Defender client. You can also manage how it is deployed in your network.
+keywords: scan, defender, offline
+search.product: eADQiWindows 10XVcnh
+ms.pagetype: security
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: security
+localizationpriority: medium
+author: iaanw
+---
+
+# Windows Defender Offline in Windows 10
+
+**Applies to:**
+
+- Windows 10, version 1607
+
+Windows Defender Offline is an antimalware scanning tool that lets you boot and run a scan from a trusted environment. The scan runs from outside the normal Windows kernel so it can target malware that attempts to bypass the Windows shell, such as viruses and rootkits that infect or overwrite the master boot record (MBR).
+
+In Windows 10, Windows Defender Offline can be run with one click directly from the Windows Defender client. In previous versions of Windows, a user had to install Windows Defender Offline to bootable media, restart the endpoint, and load the bootable media.
+
+## Pre-requisites and requirements
+
+Windows Defender Offline in Windows 10 has the same hardware requirements as Windows 10. 
+
+For more information about Windows 10 requirements, see the following topics:
+
+- [Minimum hardware requirements](https://msdn.microsoft.com/library/windows/hardware/dn915086(v=vs.85).aspx)
+
+- [Hardware component guidelines](https://msdn.microsoft.com/library/windows/hardware/dn915049(v=vs.85).aspx)
+
+> [!NOTE]
+> Windows Defender Offline is not supported on machines with ARM processors, or on Windows Server Stock Keeping Units.
+
+To run Windows Defender Offline from the endpoint, the user must be logged in with administrator privileges.
+ 
+## Windows Defender Offline updates
+
+Windows Defender Offline uses the most up-to-date signature definitions available on the endpoint; it's updated whenever Windows Defender is updated with new signature definitions. Depending on your setup, this is usually though Microsoft Update or through the [Microsoft Malware Protection Center](https://www.microsoft.com/security/portal/definitions/adl.aspx).
+
+> [!NOTE]
+> Before running an offline scan, you should attempt to update the definitions on the endpoint. You can either force an update via Group Policy or however you normally deploy updates to endpoints, or you can manually download and install the latest updates from the [Microsoft Malware Protection Center](https://www.microsoft.com/security/portal/definitions/adl.aspx).
+
+For information on setting up Windows Defender updates, see the [Configure Windows Defender in Windows 10](configure-windows-defender-in-windows-10.md) topic.
+
+## Usage scenarios
+
+In Windows 10, version 1607, you can manually force an offline scan. Alternatively, if Windows Defender determines that Windows Defender Offline needs to run, it will prompt the user on the endpoint. The need to perform an offline scan will also be revealed in System Center Configuration Manager, if you're using it to manage your endpoints.
+
+The prompt can occur via a notification, similar to the following:
+
+![Windows notification showing the requirement to run Windows Defender Offline](images/defender/notification.png)
+
+The user will also be notified within the Windows Defender client:
+
+![Windows Defender showing the requirement to run Windows Defender Offline](images/defender/client.png)
+
+In Configuration Manager, you can identify the status of endpoints by navigating to **Monitoring > Overview > Security > Endpoint Protection Status > System Center Endpoint Protection Status**. Windows Defender Offline scans are indicated under **Malware remediation status** as **Offline scan required**.
+
+![System Center Configuration Manager indicating a Windows Defender Offline scan is required](images/defender/sccm-wdo.png)
+
+## Manage notifications
+<a name="manage-notifications"></a>
+
+You can suppress Windows Defender Offline notifications with Group Policy. 
+
+> [!NOTE]
+> Changing these settings will affect *all* notifications from Windows Defender. Disabling notifications will mean the endpoint user will not see any messages about any threats detected, removed, or if additional steps are required.
+
+**Use Group Policy to suppress Windows Defender notifications:**
+
+1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+
+3.  In the **Group Policy Management Editor** go to **Computer configuration**.
+
+4.  Click **Policies** then **Administrative templates**.
+
+5.  Expand the tree to **Windows components > Windows Defender > Client Interface**.
+
+1.  Double-click the **Suppress all notifications** setting and set the option to **Enabled**. Click **OK**. This will disable all notifications shown by the Windows Defender client.
+
+## Configure Windows Defender Offline settings
+
+You can use Windows Management Instrumentation to enable and disable certain features in Windows Defender Offline. For example, you can use `Set-MpPreference` to change the `UILockdown` setting to disable and enable notifications. 
+
+For more information about using Windows Management Instrumentation to configure Windows Defender Offline, including configuration parameters and options, see the following topics:
+
+-	[Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/windows/desktop/dn439477(v=vs.85).aspx)
+
+-	[Windows Defender MSFT_MpPreference class](https://msdn.microsoft.com/en-us/library/windows/desktop/dn455323(v=vs.85).aspx)
+
+For more information about notifications in Windows Defender, see the [Configure enhanced notifications in Windows Defender](windows-defender-enhanced-notifications.md)] topic.
+
+## Run a scan 
+
+Windows Defender Offline uses up-to-date threat definitions to scan the endpoint for malware that might be hidden. In Windows 10, version 1607, you can manually force an offline scan using Windows Update and Security settings.
+
+> [!NOTE]
+> Before you use Windows Defender Offline, make sure you save any files and shut down running programs. The Windows Defender Offline scan takes about 15 minutes to run. It will restart the endpoint when the scan is complete. 
+
+You can set up a Windows Defender Offline scan with the following:
+
+-	Windows Update and Security settings
+
+-	Windows Defender
+
+-	Windows Management Instrumentation
+
+-	Windows PowerShell
+
+-	Group Policy
+
+> [!NOTE]
+> The scan is performed outside of the usual Windows operating environment. The user interface will appear different to a normal scan performed by Windows Defender. After the scan is completed, the endpoint will be restarted and Windows will load normally.
+
+**Run Windows Defender Offline from Windows Settings:**
+
+1.	Open the **Start** menu and click or type **Settings**.
+
+1.	Click **Update & Security** and then **Windows Defender**. Scroll to the bottom of the settings page until you see the **Windows Defender Offline** section.
+
+1.	Click **Scan offline**. 
+
+    ![Windows Defender Offline setting](images/defender/settings-wdo.png)
+
+1.	Follow the prompts to continue with the scan. You might be warned that you'll be signed out of Windows and that the endpoint will restart.
+
+**Run Windows Defender Offline from Windows Defender:**
+
+1.	Open the **Start** menu, type **windows defender**, and press **Enter** to open the Windows Defender client. 
+
+1.	On the **Home** tab click **Download and Run**.
+
+    ![Windows Defender home tab showing the Download and run button](images/defender/download-wdo.png)
+
+1.	Follow the prompts to continue with the scan. You might be warned that you'll be signed out of Windows and that the endpoint will restart.
+
+
+**Use Windows Management Instrumentation to configure and run Windows Defender Offline:**
+
+Use the `MSFT_MpWDOScan` class (part of the Windows Defender Windows Management Instrumentation provider) to run a Windows Defender Offline scan.
+ 
+The following Windows Management Instrumentation script snippet will immediately run a Windows Defender Offline scan, which will cause the endpoint to restart, run the offline scan, and then restart and boot into Windows.
+
+```WMI
+wmic /namespace:\\root\Microsoft\Windows\Defender path MSFT_MpWDOScan call Start 
+```
+
+For more information about using Windows Management Instrumentation to run a scan in Windows Defender, including configuration parameters and options, see the following topics:
+
+-	[Windows Defender WMIv2 APIs](https://msdn.microsoft.com/en-us/library/windows/desktop/dn439477(v=vs.85).aspx) 
+
+-	[MSFT_MpWDOScan class article](https://msdn.microsoft.com/library/windows/desktop/mt622458(v=vs.85).aspx)
+
+**Run Windows Defender Offline using PowerShell:**
+
+Use the PowerShell parameter `Start-MpWDOScan` to run a Windows Defender Offline scan. 
+
+For more information on available cmdlets and optios, see the [Use PowerShell cmdlets to configure and run Windows Defender](use-powershell-cmdlets-windows-defender-for-windows-10.md) topic.
+
+## Review scan results
+
+Windows Defender Offline scan results will be listed in the main Windows Defender user interface after performing the scan. 
+
+1.	Open the **Start** menu, type **windows defender**, and press **Enter** to open the Windows Defender client. 
+
+1.	Go to the **History** tab.
+
+1.	Select **All detected items**.
+
+1.	Click **View details**.
+
+Any detected items will display. Items that are detected by Windows Defender Offline will be listed as **Offline** in the **Detection source**:
+
+![Windows Defender detection source showing as Offline](images/defender/detection-source.png)
+
+## Related topics
+
+- [Windows Defender in Windows 10](windows-defender-in-windows-10.md)
\ No newline at end of file
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
index 23f9e3d1c0..9b54a7e5a7 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
@@ -12,7 +12,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 The Windows Firewall with Advanced Security Administration with Windows PowerShell Guide provides essential scriptlets for automating Windows Firewall with Advanced Security management. It is designed for IT pros, system administrators, IT managers, and others who use and need to automate Windows Firewall with Advanced Security management in Windows.
 
@@ -624,37 +624,37 @@ New-NetFirewallRule –DisplayName “Inbound Secure Bypass Rule" –Direction I
 
 For more information about Windows PowerShell concepts, see the following topics.
 
--   [Windows PowerShell Getting Started Guide](http://go.microsoft.com/fwlink/p/?linkid=113440)
+-   [Windows PowerShell Getting Started Guide](https://go.microsoft.com/fwlink/p/?linkid=113440)
 
--   [Windows PowerShell User Guide](http://go.microsoft.com/fwlink/p/?linkid=113441)
+-   [Windows PowerShell User Guide](https://go.microsoft.com/fwlink/p/?linkid=113441)
 
--   [Windows PowerShell About Help Topics](http://go.microsoft.com/fwlink/p/?linkid=113206)
+-   [Windows PowerShell About Help Topics](https://go.microsoft.com/fwlink/p/?linkid=113206)
 
--   [about\_Functions](http://go.microsoft.com/fwlink/p/?linkid=113231)
+-   [about\_Functions](https://go.microsoft.com/fwlink/p/?linkid=113231)
 
--   [about\_Functions\_Advanced](http://go.microsoft.com/fwlink/p/?linkid=144511)
+-   [about\_Functions\_Advanced](https://go.microsoft.com/fwlink/p/?linkid=144511)
 
--   [about\_Execution\_Policies](http://go.microsoft.com/fwlink/p/?linkid=135170)
+-   [about\_Execution\_Policies](https://go.microsoft.com/fwlink/p/?linkid=135170)
 
--   [about\_Foreach](http://go.microsoft.com/fwlink/p/?linkid=113229)
+-   [about\_Foreach](https://go.microsoft.com/fwlink/p/?linkid=113229)
 
--   [about\_Objects](http://go.microsoft.com/fwlink/p/?linkid=113241)
+-   [about\_Objects](https://go.microsoft.com/fwlink/p/?linkid=113241)
 
--   [about\_Properties](http://go.microsoft.com/fwlink/p/?linkid=113249)
+-   [about\_Properties](https://go.microsoft.com/fwlink/p/?linkid=113249)
 
--   [about\_While](http://go.microsoft.com/fwlink/p/?linkid=113275)
+-   [about\_While](https://go.microsoft.com/fwlink/p/?linkid=113275)
 
--   [about\_Scripts](http://go.microsoft.com/fwlink/p/?linkid=144310)
+-   [about\_Scripts](https://go.microsoft.com/fwlink/p/?linkid=144310)
 
--   [about\_Signing](http://go.microsoft.com/fwlink/p/?linkid=113268)
+-   [about\_Signing](https://go.microsoft.com/fwlink/p/?linkid=113268)
 
--   [about\_Throw](http://go.microsoft.com/fwlink/p/?linkid=145153)
+-   [about\_Throw](https://go.microsoft.com/fwlink/p/?linkid=145153)
 
--   [about\_PSSessions](http://go.microsoft.com/fwlink/p/?linkid=135181)
+-   [about\_PSSessions](https://go.microsoft.com/fwlink/p/?linkid=135181)
 
--   [about\_Modules](http://go.microsoft.com/fwlink/p/?linkid=144311)
+-   [about\_Modules](https://go.microsoft.com/fwlink/p/?linkid=144311)
 
--   [about\_Command\_Precedence](http://go.microsoft.com/fwlink/p/?linkid=113214)
+-   [about\_Command\_Precedence](https://go.microsoft.com/fwlink/p/?linkid=113214)
 
  
 
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md b/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md
index 5dabaedf02..9cfe29f6c0 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-deployment-guide.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 You can use the Windows Firewall with Advanced Security MMC snap-in with devices running at least Windows Vista or Windows Server 2008 to help protect the devices and the data that they share across a network.
 
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md b/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md
index acc229bd6a..47830f44c9 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security-design-guide.md
@@ -13,7 +13,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 Windows Firewall with Advanced Security is a host firewall that helps secure the device in two ways. First, it can filter the network traffic permitted to enter the device from the network, and also control what network traffic the device is allowed to send to the network. Second, Windows Firewall with Advanced Security supports IPsec, which enables you to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that cannot authenticate cannot communicate with your device. By using IPsec, you can also require that specific network traffic be encrypted to prevent it from being read or intercepted while in transit between devices.
 
diff --git a/windows/keep-secure/windows-firewall-with-advanced-security.md b/windows/keep-secure/windows-firewall-with-advanced-security.md
index 51c6967315..4433aaf633 100644
--- a/windows/keep-secure/windows-firewall-with-advanced-security.md
+++ b/windows/keep-secure/windows-firewall-with-advanced-security.md
@@ -12,7 +12,7 @@ author: brianlic-msft
 
 **Applies to**
 -   Windows 10
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 This is an overview of the Windows Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
 
diff --git a/windows/keep-secure/windows-hello-in-enterprise.md b/windows/keep-secure/windows-hello-in-enterprise.md
index c6eee85e2d..ca368e846f 100644
--- a/windows/keep-secure/windows-hello-in-enterprise.md
+++ b/windows/keep-secure/windows-hello-in-enterprise.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Windows Hello biometrics in the enterprise
@@ -77,8 +78,8 @@ To allow facial recognition, you must have devices with integrated special infra
 - [Manage identity verification using Windows Hello for Business](manage-identity-verification-using-microsoft-passport.md)
 - [Implement Windows Hello for Business in your organization](implement-microsoft-passport-in-your-organization.md)
 - [Microsoft Passport guide](microsoft-passport-guide.md)
-- [Prepare people to use Microsoft Passport](prepare-people-to-use-microsoft-passport.md)
-- [PassportforWork CSP](http://go.microsoft.com/fwlink/p/?LinkId=708219)
+- [Prepare people to use Windows Hello for Work](prepare-people-to-use-microsoft-passport.md)
+- [PassportforWork CSP](https://go.microsoft.com/fwlink/p/?LinkId=708219)
 
  
 
diff --git a/windows/keep-secure/windows-security-baselines.md b/windows/keep-secure/windows-security-baselines.md
index d9f379c2a6..ee48d1325c 100644
--- a/windows/keep-secure/windows-security-baselines.md
+++ b/windows/keep-secure/windows-security-baselines.md
@@ -5,6 +5,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
+localizationpriority: high
 author: brianlic-msft
 ---
 
@@ -12,7 +13,10 @@ author: brianlic-msft
 
 Microsoft is dedicated to provide our customers with a secure operating system, such as Windows 10 and Windows Server, as well as secure apps, such as Microsoft Edge. In addition to the security assurance of its products, Microsoft also enables you to have fine control of your environments by providing various configuration capabilities. Even though Windows and Windows Server are designed to be secure out-of-the-box, a large number of organizations still want more granular control of their security configurations. To navigate these large number of controls, organizations need guidance for configuring various security features. Microsoft provides this guidance in the form of security baselines.
 
-We recommend implementing an industry-standard configuration that is broadly known and well-tested, such as a Microsoft security baseline, as opposed to creating one yourself. This helps increase flexibility and reduce costs.  
+We recommend implementing an industry-standard configuration that is broadly known and well-tested, such as a Microsoft security baseline, as opposed to creating one yourself. This helps increase flexibility and reduce costs.
+
+ > [!NOTE]  
+ > Microsoft Security Compliance Manager 4.0 is available from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=53353).  
 
 ## What are security baselines?
 
@@ -31,28 +35,29 @@ In modern organizations, the security threat landscape is constantly evolving. I
 
 To help faster deployments and increase the ease of managing Windows, Microsoft provides customers with security baselines that are available in formats that can be consumed, such as Group Policy Objects backups.
  
- ## How can you use security baselines?
+## How can you use security baselines?
  
  You can use security baselines to:
  
  - Ensure that user and device configuration settings are compliant with the baseline. 
  - Set configuration settings. For example, you can use Group Policy, System Center Configuration Manager, or Microsoft Intune to configure a device with the setting values specified in the baseline. 
  
- ## Where can I get the security baselines?
+## Where can I get the security baselines?
  
  Here's a list of security baselines that are currently available.
 
- > **Note:**  If you want to know what has changed with each security baseline, or if you want to stay up-to-date on what’s happening with them, check out the [Microsoft Security Guidance](http://blogs.technet.microsoft.com/secguide) blog.
+ > [!NOTE]  
+ > If you want to know what has changed with each security baseline, or if you want to stay up-to-date on what’s happening with them, check out the [Microsoft Security Guidance](http://blogs.technet.microsoft.com/secguide) blog.
 
 ### Windows 10 security baselines
  
- -  [Windows 10, Version 1511 security baseline](http://go.microsoft.com/fwlink/p/?LinkID=799381)
- -  [Windows 10, Version 1507 security baseline](http://go.microsoft.com/fwlink/p/?LinkID=799380)
+ -  [Windows 10, Version 1511 security baseline](https://go.microsoft.com/fwlink/p/?LinkID=799381)
+ -  [Windows 10, Version 1507 security baseline](https://go.microsoft.com/fwlink/p/?LinkID=799380)
 
 
 ### Windows Server security baselines
 
- -  [Windows Server 2012 R2 security baseline](http://go.microsoft.com/fwlink/p/?LinkID=799382)
+ -  [Windows Server 2012 R2 security baseline](https://go.microsoft.com/fwlink/p/?LinkID=799382)
 
 ## How can I monitor security baseline deployments?
 
diff --git a/windows/keep-secure/wip-enterprise-overview.md b/windows/keep-secure/wip-enterprise-overview.md
new file mode 100644
index 0000000000..2b0b45fd93
--- /dev/null
+++ b/windows/keep-secure/wip-enterprise-overview.md
@@ -0,0 +1,5 @@
+---
+title: Windows Information Protection overview (Windows 10)
+description: Conceptual info about Windows Information Protection (WIP), formerly known as Windows Information Protection (WIP).
+redirect_url:  https://technet.microsoft.com/itpro/windows/keep-secure/protect-enterprise-data-using-wip
+---
diff --git a/windows/manage/TOC.md b/windows/manage/TOC.md
index 2f6b01a357..19a65a7a57 100644
--- a/windows/manage/TOC.md
+++ b/windows/manage/TOC.md
@@ -3,6 +3,7 @@
 ## [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md)
 ## [Manage corporate devices](manage-corporate-devices.md)
 ### [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md)
+### [Manage Windows 10 and Windows Store tips, tricks, and suggestions](manage-tips-and-suggestions.md)
 ### [New policies for Windows 10](new-policies-for-windows-10.md)
 ### [Group Policies that apply only to Windows 10 Enterprise and Windows 10 Education](group-policies-for-enterprise-and-education-editions.md)
 ### [Changes to Group Policy settings for Windows 10 Start](changes-to-start-policies-in-windows-10.md)
@@ -15,6 +16,7 @@
 ### [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
 ### [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
 ### [Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
+## [Create mandatory user profiles](mandatory-user-profile.md)
 ## [Lock down Windows 10](lock-down-windows-10.md)
 ### [Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md)
 ### [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
@@ -34,9 +36,128 @@
 ## [Join Windows 10 Mobile to Azure Active Directory](join-windows-10-mobile-to-azure-active-directory.md)
 ## [Configure devices without MDM](configure-devices-without-mdm.md)
 ## [Windows 10 servicing options](introduction-to-windows-10-servicing.md)
-## [Application development for Windows as a service](application-development-for-windows-as-a-service.md)
+## [Application Virtualization (App-V) for Windows](appv-for-windows.md)
+### [Getting Started with App-V](appv-getting-started.md)
+#### [What's new in App-V](appv-about-appv.md)
+##### [Release Notes for App-V](appv-release-notes-for-appv-for-windows.md)
+#### [Evaluating App-V](appv-evaluating-appv.md)
+#### [High Level Architecture for App-V](appv-high-level-architecture.md)
+### [Planning for App-V](appv-planning-for-appv.md)
+#### [Preparing Your Environment for App-V](appv-preparing-your-environment.md)
+##### [App-V Prerequisites](appv-prerequisites.md)
+##### [App-V Security Considerations](appv-security-considerations.md)
+#### [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+##### [App-V Supported Configurations](appv-supported-configurations.md)
+##### [App-V Capacity Planning](appv-capacity-planning.md)
+##### [Planning for High Availability with App-V](appv-planning-for-high-availability-with-appv.md)
+##### [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md)
+##### [Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md)
+##### [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md)
+##### [Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md)
+##### [Planning to Use Folder Redirection with App-V](appv-planning-folder-redirection-with-appv.md)
+#### [App-V Planning Checklist](appv-planning-checklist.md)
+### [Deploying App-V](appv-deploying-appv.md)
+#### [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+##### [About Client Configuration Settings](appv-client-configuration-settings.md)
+##### [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
+##### [How to Install the Sequencer](appv-install-the-sequencer.md)
+#### [Deploying the App-V Server](appv-deploying-the-appv-server.md)
+##### [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
+##### [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
+##### [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md)
+##### [How to Install the Publishing Server on a Remote Computer](appv-install-the-publishing-server-on-a-remote-computer.md)
+##### [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
+##### [How to install the Management Server on a Standalone Computer and Connect it to the Database ](appv-install-the-management-server-on-a-standalone-computer.md)
+##### [About App-V Reporting](appv-reporting.md)
+##### [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md)
+#### [App-V Deployment Checklist](appv-deployment-checklist.md)
+#### [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
+#### [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
+### [Operations for App-V](appv-operations.md)
+#### [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md)
+##### [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md)
+##### [How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md)
+##### [How to Create and Use a Project Template](appv-create-and-use-a-project-template.md)
+##### [How to Create a Package Accelerator](appv-create-a-package-accelerator.md)
+##### [How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
+#### [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md)
+##### [About App-V Dynamic Configuration](appv-dynamic-configuration.md)
+##### [How to Connect to the Management Console ](appv-connect-to-the-management-console.md)
+##### [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md)
+##### [How to Configure Access to Packages by Using the Management Console ](appv-configure-access-to-packages-with-the-management-console.md)
+##### [How to Publish a Package by Using the Management Console ](appv-publish-a-packages-with-the-management-console.md)
+##### [How to Delete a Package in the Management Console ](appv-delete-a-package-with-the-management-console.md)
+##### [How to Add or Remove an Administrator by Using the Management Console](appv-add-or-remove-an-administrator-with-the-management-console.md)
+##### [How to Register and Unregister a Publishing Server by Using the Management Console](appv-register-and-unregister-a-publishing-server-with-the-management-console.md)
+##### [How to Create a Custom Configuration File by Using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md)
+##### [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md)
+##### [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](appv-customize-virtual-application-extensions-with-the-management-console.md)
+##### [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console ](appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md)
+#### [Managing Connection Groups](appv-managing-connection-groups.md)
+##### [About the Connection Group Virtual Environment](appv-connection-group-virtual-environment.md)
+##### [About the Connection Group File](appv-connection-group-file.md)
+##### [How to Create a Connection Group](appv-create-a-connection-group.md)
+##### [How to Create a Connection Group with User-Published and Globally Published Packages](appv-create-a-connection-group-with-user-published-and-globally-published-packages.md)
+##### [How to Delete a Connection Group](appv-delete-a-connection-group.md)
+##### [How to Publish a Connection Group](appv-publish-a-connection-group.md)
+##### [How to Make a Connection Group Ignore the Package Version](appv-configure-connection-groups-to-ignore-the-package-version.md)
+##### [How to Allow Only Administrators to Enable Connection Groups](appv-allow-administrators-to-enable-connection-groups.md)
+#### [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
+##### [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
+##### [How to Enable Only Administrators to Publish Packages by Using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
+#### [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
+#### [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
+##### [How to Convert a Package Created in a Previous Version of App-V](appv-convert-a-package-created-in-a-previous-version-of-appv.md)
+#### [Maintaining App-V](appv-maintaining-appv.md)
+##### [How to Move the App-V Server to Another Computer](appv-move-the-appv-server-to-another-computer.md)
+#### [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
+##### [How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help ](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md)
+##### [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md)
+##### [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)
+##### [How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)
+##### [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
+##### [How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)
+##### [How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)
+##### [How to Sequence a Package  by Using Windows PowerShell ](appv-sequence-a-package-with-powershell.md)
+##### [How to Create a Package Accelerator by Using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md)
+##### [How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
+##### [How to Install the App-V Databases and Convert the Associated Security Identifiers  by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md)
+### [Troubleshooting App-V](appv-troubleshooting.md)
+### [Technical Reference for App-V](appv-technical-reference.md)
+#### [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
+#### [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md)
+#### [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md)
+#### [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md)
+## [User Experience Virtualization (UE-V) for Windows](uev-for-windows.md)
+### [Get Started with UE-V](uev-getting-started.md)
+#### [What's New in UE-V for Windows 10, version 1607](uev-whats-new-in-uev-for-windows.md)
+#### [User Experience Virtualization Release Notes](uev-release-notes-1607.md)
+#### [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
+### [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+#### [Deploy Required UE-V Features](uev-deploy-required-features.md)
+#### [Deploy UE-V for use with Custom Applications](uev-deploy-uev-for-custom-applications.md)
+### [Administering UE-V](uev-administering-uev.md)
+#### [Manage Configurations for UE-V](uev-manage-configurations.md)
+##### [Configuring UE-V with Group Policy Objects](uev-configuring-uev-with-group-policy-objects.md)
+##### [Configuring UE-V with System Center Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md)
+##### [Administering UE-V with Windows PowerShell and WMI](uev-administering-uev-with-windows-powershell-and-wmi.md)
+###### [Managing the UE-V Service and Packages with Windows PowerShell and WMI](uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md)
+###### [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md)
+#### [Working with Custom UE-V Templates and the UE-V Template Generator](uev-working-with-custom-templates-and-the-uev-generator.md)
+#### [Manage Administrative Backup and Restore in UE-V](uev-manage-administrative-backup-and-restore.md)
+#### [Changing the Frequency of UE-V Scheduled Tasks](uev-changing-the-frequency-of-scheduled-tasks.md)
+#### [Migrating UE-V Settings Packages](uev-migrating-settings-packages.md)
+#### [Using UE-V with Application Virtualization Applications](uev-using-uev-with-application-virtualization-applications.md)
+### [Troubleshooting UE-V](uev-troubleshooting.md)
+### [Technical Reference for UE-V](uev-technical-reference.md)
+#### [Sync Methods for UE-V](uev-sync-methods.md)
+#### [Sync Trigger Events for UE-V](uev-sync-trigger-events.md)
+#### [Synchronizing Microsoft Office with UE-V](uev-synchronizing-microsoft-office-with-uev.md)
+#### [Application Template Schema Reference for UE-V](uev-application-template-schema-reference.md)
+#### [Security Considerations for UE-V](uev-security-considerations.md)
 ## [Windows Store for Business](windows-store-for-business.md)
 ### [Sign up and get started](sign-up-windows-store-for-business-overview.md)
+####[Windows Store for Business overview](windows-store-for-business-overview.md)
 #### [Prerequisites for Windows Store for Business](prerequisites-windows-store-for-business.md)
 #### [Sign up for Windows Store for Business](sign-up-windows-store-for-business.md)
 #### [Roles and permissions in the Windows Store for Business](roles-and-permissions-windows-store-for-business.md)
@@ -51,7 +172,7 @@
 #### [Distribute apps with a management tool](distribute-apps-with-management-tool.md)
 #### [Distribute offline apps](distribute-offline-apps.md)
 ### [Manage apps](manage-apps-windows-store-for-business-overview.md)
-#### [App inventory managemement for Windows Store for Business](app-inventory-managemement-windows-store-for-business.md)
+#### [App inventory managemement for Windows Store for Business](app-inventory-management-windows-store-for-business.md)
 #### [Manage app orders in Windows Store for Business](manage-orders-windows-store-for-business.md)
 #### [Manage access to private store](manage-access-to-private-store.md)
 #### [Manage private store settings](manage-private-store-settings.md)
diff --git a/windows/manage/acquire-apps-windows-store-for-business.md b/windows/manage/acquire-apps-windows-store-for-business.md
index 5f68e8e296..3840db35c7 100644
--- a/windows/manage/acquire-apps-windows-store-for-business.md
+++ b/windows/manage/acquire-apps-windows-store-for-business.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Acquire apps in Windows Store for Business
diff --git a/windows/manage/add-unsigned-app-to-code-integrity-policy.md b/windows/manage/add-unsigned-app-to-code-integrity-policy.md
index d453da171a..a0c9e5ac70 100644
--- a/windows/manage/add-unsigned-app-to-code-integrity-policy.md
+++ b/windows/manage/add-unsigned-app-to-code-integrity-policy.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store, security
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Add unsigned app to code integrity policy
diff --git a/windows/manage/administrative-tools-in-windows-10.md b/windows/manage/administrative-tools-in-windows-10.md
index cc42197767..0166bbda73 100644
--- a/windows/manage/administrative-tools-in-windows-10.md
+++ b/windows/manage/administrative-tools-in-windows-10.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: medium
 ---
 
 # Administrative Tools in Windows 10
@@ -30,23 +31,23 @@ If the content that is linked to a tool in the following list doesn't provide th
 
  
 
--   [Component Services]( http://go.microsoft.com/fwlink/p/?LinkId=708489)
--   [Computer Management](http://go.microsoft.com/fwlink/p/?LinkId=708490)
--   [Defragment and Optimize Drives](http://go.microsoft.com/fwlink/p/?LinkId=708488)
--   [Disk Cleanup](http://go.microsoft.com/fwlink/p/?LinkID=698648)
--   [Event Viewer](http://go.microsoft.com/fwlink/p/?LinkId=708491)
--   [iSCSI Initiator](http://go.microsoft.com/fwlink/p/?LinkId=708492)
--   [Local Security Policy](http://go.microsoft.com/fwlink/p/?LinkId=708493)
--   [ODBC Data Sources]( http://go.microsoft.com/fwlink/p/?LinkId=708494)
--   [Performance Monitor](http://go.microsoft.com/fwlink/p/?LinkId=708495)
--   [Print Management](http://go.microsoft.com/fwlink/p/?LinkId=708496)
--   [Resource Monitor](http://go.microsoft.com/fwlink/p/?LinkId=708497)
--   [Services](http://go.microsoft.com/fwlink/p/?LinkId=708498)
--   [System Configuration](http://go.microsoft.com/fwlink/p/?LinkId=708499)
--   [System Information]( http://go.microsoft.com/fwlink/p/?LinkId=708500)
--   [Task Scheduler](http://go.microsoft.com/fwlink/p/?LinkId=708501)
--   [Windows Firewall with Advanced Security](http://go.microsoft.com/fwlink/p/?LinkId=708503)
--   [Windows Memory Diagnostic]( http://go.microsoft.com/fwlink/p/?LinkId=708507)
+-   [Component Services]( https://go.microsoft.com/fwlink/p/?LinkId=708489)
+-   [Computer Management](https://go.microsoft.com/fwlink/p/?LinkId=708490)
+-   [Defragment and Optimize Drives](https://go.microsoft.com/fwlink/p/?LinkId=708488)
+-   [Disk Cleanup](https://go.microsoft.com/fwlink/p/?LinkID=698648)
+-   [Event Viewer](https://go.microsoft.com/fwlink/p/?LinkId=708491)
+-   [iSCSI Initiator](https://go.microsoft.com/fwlink/p/?LinkId=708492)
+-   [Local Security Policy](https://go.microsoft.com/fwlink/p/?LinkId=708493)
+-   [ODBC Data Sources]( https://go.microsoft.com/fwlink/p/?LinkId=708494)
+-   [Performance Monitor](https://go.microsoft.com/fwlink/p/?LinkId=708495)
+-   [Print Management](https://go.microsoft.com/fwlink/p/?LinkId=708496)
+-   [Resource Monitor](https://go.microsoft.com/fwlink/p/?LinkId=708497)
+-   [Services](https://go.microsoft.com/fwlink/p/?LinkId=708498)
+-   [System Configuration](https://go.microsoft.com/fwlink/p/?LinkId=708499)
+-   [System Information]( https://go.microsoft.com/fwlink/p/?LinkId=708500)
+-   [Task Scheduler](https://go.microsoft.com/fwlink/p/?LinkId=708501)
+-   [Windows Firewall with Advanced Security](https://go.microsoft.com/fwlink/p/?LinkId=708503)
+-   [Windows Memory Diagnostic]( https://go.microsoft.com/fwlink/p/?LinkId=708507)
 
  
 
diff --git a/windows/manage/app-inventory-managemement-windows-store-for-business.md b/windows/manage/app-inventory-managemement-windows-store-for-business.md
index ca7d24b2a2..1dedc043ff 100644
--- a/windows/manage/app-inventory-managemement-windows-store-for-business.md
+++ b/windows/manage/app-inventory-managemement-windows-store-for-business.md
@@ -2,6 +2,7 @@
 title: App inventory management for Windows Store for Business (Windows 10)
 description: You can manage all apps that you've acquired on your Inventory page.
 ms.assetid: 44211937-801B-4B85-8810-9CA055CDB1B2
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/app-inventory-management-windows-store-for-business
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -9,224 +10,3 @@ ms.pagetype: store
 author: TrudyHa
 ---
 
-# App inventory management for Windows Store for Business
-
-
-**Applies to**
-
--   Windows 10
--   Windows 10 Mobile
-
-You can manage all apps that you've acquired on your **Inventory** page.
-
-The **Inventory** page in Windows Store for Business shows all apps in your inventory. This includes all apps that you've acquired from Store for Business, and the line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Inventory** page. On the **New line-of-business apps** page, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md).
-
-All of these apps are treated the same once they are in your inventory and you can perform app lifecycle tasks for them: distribute apps, add apps to private store, review license details, and reclaim app licenses.
-
-![Image shows Inventory page in Windows Store for Business with status status options for an app.](images/wsfb-inventoryaddprivatestore.png)
-
-Store for Business shows this info for each app in your inventory:
-
--   Name
-
--   Access to actions for the app
-
--   Last modified date
-
--   Supported devices
-
--   Private store status
-
-### Find apps in your inventory
-
-There are a couple of ways to find specific apps, or groups of apps in your inventory.
-
-**Search** - Use the Search box to search for an app.
-
-**Refine** - Use **Refine** to scope your list of apps by one or more of these app attributes:
-
--   **License** - Online or offline licenses. For more info, see [Apps in Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model).
-
--   **Platforms** - Lists the devices that apps in your inventory were originally written to support. This list is cumulative for all apps in your inventory.
-
--   **Source** - **Store**, for apps acquired from Store for Business, or LOB, for line-of-business apps.
-
--   **Private store** - **In private store**, or **Not in private store**, depending on whether or not you've added the app to your private store.
-
-### Manage apps in your inventory
-
-Each app in the Store for Business has an online, or an offline license. For more information on Store for Business licensing model, see [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model). There are different actions you can take depending on the app license type. They're summarized in this table.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Action</th>
-<th align="left">Online-licensed app</th>
-<th align="left">Offline-licensed app</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Assign to employees</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Add to private store</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Remove from private store</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"></td>
-</tr>
-<tr class="even">
-<td align="left"><p>View license details</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>View product details</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"><p>X</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Download for offline use</p></td>
-<td align="left"></td>
-<td align="left"><p>X</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-The actions in the table are how you distribute apps, and manage app licenses. We'll cover those in the next sections. Working with offline-licensed apps has different steps. For more information on distributing offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).
-
-### Distribute apps
-
-For online-licensed apps, there are a couple of ways to distribute apps from your inventory:
-
--   Assign apps to people in your organization.
-
--   Add apps to your private store, and let people in your organization install the app.
-
-If you use a management tool that supports Store for Business, you can distribute apps with your management tool. Once it is configured to work with Store for Business, your managment tool will have access to all apps in your inventory. For more information, see [Distribute apps with a management tool](distribute-apps-with-management-tool.md).
-
-Once an app is in your private store, people in your org can install the app on their devices. For more information, see [Distribute apps using your private store](distribute-apps-from-your-private-store.md).
-
-**To make an app in inventory available in your private store**
-
-1.	Sign in to the [Store for Business](http://businessstore.microsoft.com).
-2.	Click **Manage**, and then choose **Inventory**.
-3.	Click **Refine**, and then choose **Online**. Store for Business will update the list of apps on the **Inventory** page.
-4.	From an app in **Inventory**, click the ellipses under **Action**, and then choose **Add to private store**.
-
-The value under Private store for the app will change to pending. It will take approximately twelve hours before the app is available in the private store. 
-
-Employees can claim apps that admins added to the private store by doing the following.
-
-**To claim an app from the private store**
-
-1.	Sign in to your computer with your Azure Active Directory (AD) credentials, and start the Windows Store app.
-2.	Click the private store tab.
-3.	Click the app you want to install, and then click **Install**.
-
-Another way to distribute apps is by assigning them to people in your organization.
-
-If you decide that you don't want an app available for employees to install on their own, you can remove it from your private store.
-
-**To remove an app from the private store**
- 
-1.  Sign in to the [Store for Business](http://businessstore.microsoft.com).
-2.	Click **Manage**, and then choose **Inventory**.
-3.	Find an app, click the ellipses under **Action**, and then choose **Remove from private store**, and then click **Remove**.
-
-The app will still be in your inventory, but your employees will not have access to the app from your private store. 
-
-**To assign an app to an employee**
-
-1.	Sign in to the [Store for Business](http://businessstore.microsoft.com).
-2.	Click **Manage**, and then choose **Inventory**.
-3.	Find an app, click the ellipses under **Action**, and then choose **Assign to people**.
-4.	Type the email address for the employee that you're assigning the app to, and click **Confirm**.
-
-Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**. Also, in the Windows Store app, they can find the app under **My Library**.
-
-### Manage app licenses
-
-For each app in your inventory, you can view and manage license details. This give you another way to assign apps to people in your organization. It also allows you to reclaim app licenses after they've been assigned to people, or claimed by people in your organization.
-
-**To view license details**
-
-1.  Sign in to [Store for Business](http://go.microsoft.com/fwlink/p/?LinkId=691845)
-
-2.  Click **Manage**, and then choose **Inventory**.
-
-3.  Click the ellipses for an app, and then choose **View license details**.
-
-    ![Image showing Inventory page in Windows Store for Business.](images/wsfb-inventory-viewlicense.png)
-
-    You'll see the names of people in your organization who have installed the app and are using one of the licenses.
-
-    ![Image showing assigned licenses for an app.](images/wsfb-licensedetails.png)
-
-    On **Assigned licenses**, you can do several things:
-
-    -   Assign the app to other people in your organization.
-
-    -   Reclaim app licenses.
-
-    -   View app details.
-
-    -   Add the app to your private store, if it is not in the private store.
-
-    You can assign the app to more people in your organization, or reclaim licenses.
-
-    **To assign an app to more people**
-
-    -   Click **Assign to people**, type the email address for the employee that you're assigning the app to, and click **Assign**.
-
-        ![Image showing Assign to people dialog for assigning app licenses to people in your organization.](images/wsfb-licenseassign.png)
-
-        Store for Business updates the list of assigned licenses.
-
-    **To reclaim licenses**
-
-    -   Choose the person you want to reclaim the license from, click **Reclaim licenses**, and then click **Reclaim licenses**.
-
-        ![Image showing Assign to people dialog for reclaiming app licenses from people in your organization.](images/wsfb-licensereclaim.png)
-
-        Store for Business updates the list of assigned licenses.
-
-### <a href="" id="download-offline-licensed-apps"></a>Download offline-licensed app
-
-Offline licensing is a new feature in Windows 10 and allows apps to be deployed to devices that are not connected to the Internet. This means organizations can deploy apps when users or devices do not have connectivity to the Store.
-
-You can download offline-licensed apps from your inventory. You'll need to download these items:
-
--   App metadata
-
--   App package
-
--   App license
-
--   App framework
-
-For more information about online and offline licenses, see [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model).
-
-For more information about downloading offline-licensed apps, see [Download offline apps](distribute-offline-apps.md).
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/manage/app-inventory-management-windows-store-for-business.md b/windows/manage/app-inventory-management-windows-store-for-business.md
new file mode 100644
index 0000000000..ec263eede3
--- /dev/null
+++ b/windows/manage/app-inventory-management-windows-store-for-business.md
@@ -0,0 +1,228 @@
+---
+title: App inventory management for Windows Store for Business (Windows 10)
+description: You can manage all apps that you've acquired on your Inventory page.
+ms.assetid: 44211937-801B-4B85-8810-9CA055CDB1B2
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: store
+author: TrudyHa
+---
+
+# App inventory management for Windows Store for Business
+
+
+**Applies to**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+You can manage all apps that you've acquired on your **Inventory** page.
+
+The **Inventory** page in Windows Store for Business shows all apps in your inventory. This includes all apps that you've acquired from Store for Business, and the line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Inventory** page. On the **New line-of-business apps** page, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md). The inventory page includes apps acquired by all people in your organization with the Store for Business Admin role.  
+
+All of these apps are treated the same once they are in your inventory and you can perform app lifecycle tasks for them: distribute apps, add apps to private store, review license details, and reclaim app licenses.
+
+![Image shows Inventory page in Windows Store for Business with status status options for an app.](images/wsfb-inventoryaddprivatestore.png)
+
+Store for Business shows this info for each app in your inventory:
+
+-   Name
+-   Access to actions for the app
+-   Last modified
+-   Available licenses
+-   Private store status
+
+The last modified date tracks changes about the app as an item in your inventory. The last modified date changes when one of the following happens:
+- First purchase (the date you acquire the app from Windows Store for Business)
+- Purchase additional licenses
+- Assign license
+- Reclaim license
+- Refund order (applies to purchased apps, not free apps)
+
+The last modified date does not correspond to when an app was last updated in the Store. It tracks activity for that app, as an item in your inventory.  
+
+### Find apps in your inventory
+
+There are a couple of ways to find specific apps, or groups of apps in your inventory.
+
+**Search** - Use the Search box to search for an app.
+
+**Refine** - Use **Refine** to scope your list of apps by one or more of these app attributes:
+
+-   **License** - Online or offline licenses. For more info, see [Apps in Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model).
+
+-   **Platforms** - Lists the devices that apps in your inventory were originally written to support. This list is cumulative for all apps in your inventory.
+
+-   **Source** - **Store**, for apps acquired from Store for Business, or LOB, for line-of-business apps.
+
+-   **Private store** - **In private store**, or **Not in private store**, depending on whether or not you've added the app to your private store.
+
+### Manage apps in your inventory
+
+Each app in the Store for Business has an online, or an offline license. For more information on Store for Business licensing model, see [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model). There are different actions you can take depending on the app license type. They're summarized in this table.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Action</th>
+<th align="left">Online-licensed app</th>
+<th align="left">Offline-licensed app</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Assign to employees</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Add to private store</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Remove from private store</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"></td>
+</tr>
+<tr class="even">
+<td align="left"><p>View license details</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>View product details</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Download for offline use</p></td>
+<td align="left"></td>
+<td align="left"><p>X</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+The actions in the table are how you distribute apps, and manage app licenses. We'll cover those in the next sections. Working with offline-licensed apps has different steps. For more information on distributing offline-licensed apps, see [Distribute offline apps](distribute-offline-apps.md).
+
+### Distribute apps
+
+For online-licensed apps, there are a couple of ways to distribute apps from your inventory:
+
+-   Assign apps to people in your organization.
+
+-   Add apps to your private store, and let people in your organization install the app.
+
+If you use a management tool that supports Store for Business, you can distribute apps with your management tool. Once it is configured to work with Store for Business, your managment tool will have access to all apps in your inventory. For more information, see [Distribute apps with a management tool](distribute-apps-with-management-tool.md).
+
+Once an app is in your private store, people in your org can install the app on their devices. For more information, see [Distribute apps using your private store](distribute-apps-from-your-private-store.md).
+
+**To make an app in inventory available in your private store**
+
+1.	Sign in to the [Store for Business](http://businessstore.microsoft.com).
+2.	Click **Manage**, and then choose **Inventory**.
+3.	Click **Refine**, and then choose **Online**. Store for Business will update the list of apps on the **Inventory** page.
+4.	From an app in **Inventory**, click the ellipses under **Action**, and then choose **Add to private store**.
+
+The value under Private store for the app will change to pending. It will take approximately twelve hours before the app is available in the private store. 
+
+Employees can claim apps that admins added to the private store by doing the following.
+
+**To claim an app from the private store**
+
+1.	Sign in to your computer with your Azure Active Directory (AD) credentials, and start the Windows Store app.
+2.	Click the private store tab.
+3.	Click the app you want to install, and then click **Install**.
+
+Another way to distribute apps is by assigning them to people in your organization.
+
+If you decide that you don't want an app available for employees to install on their own, you can remove it from your private store.
+
+**To remove an app from the private store**
+ 
+1.  Sign in to the [Store for Business](http://businessstore.microsoft.com).
+2.	Click **Manage**, and then choose **Inventory**.
+3.	Find an app, click the ellipses under **Action**, and then choose **Remove from private store**, and then click **Remove**.
+
+The app will still be in your inventory, but your employees will not have access to the app from your private store. 
+
+**To assign an app to an employee**
+
+1.	Sign in to the [Store for Business](http://businessstore.microsoft.com).
+2.	Click **Manage**, and then choose **Inventory**.
+3.	Find an app, click the ellipses under **Action**, and then choose **Assign to people**.
+4.	Type the email address for the employee that you're assigning the app to, and click **Confirm**.
+
+Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**. Also, in the Windows Store app, they can find the app under **My Library**.
+
+### Manage app licenses
+
+For each app in your inventory, you can view and manage license details. This give you another way to assign apps to people in your organization. It also allows you to reclaim app licenses after they've been assigned to people, or claimed by people in your organization.
+
+**To view license details**
+
+1.  Sign in to [Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=691845)
+
+2.  Click **Manage**, and then choose **Inventory**.
+
+3.  Click the ellipses for an app, and then choose **View license details**.
+
+    ![Image showing Inventory page in Windows Store for Business.](images/wsfb-inventory-viewlicense.png)
+
+    You'll see the names of people in your organization who have installed the app and are using one of the licenses.
+
+    ![Image showing assigned licenses for an app.](images/wsfb-licensedetails.png)
+
+    On **Assigned licenses**, you can do several things:
+
+    -   Assign the app to other people in your organization.
+
+    -   Reclaim app licenses.
+
+    -   View app details.
+
+    -   Add the app to your private store, if it is not in the private store.
+
+    You can assign the app to more people in your organization, or reclaim licenses.
+
+    **To assign an app to more people**
+
+    -   Click **Assign to people**, type the email address for the employee that you're assigning the app to, and click **Assign**.
+
+        ![Image showing Assign to people dialog for assigning app licenses to people in your organization.](images/wsfb-licenseassign.png)
+
+        Store for Business updates the list of assigned licenses.
+
+    **To reclaim licenses**
+
+    -   Choose the person you want to reclaim the license from, click **Reclaim licenses**, and then click **Reclaim licenses**.
+
+        ![Image showing Assign to people dialog for reclaiming app licenses from people in your organization.](images/wsfb-licensereclaim.png)
+
+        Store for Business updates the list of assigned licenses.
+
+### <a href="" id="download-offline-licensed-apps"></a>Download offline-licensed app
+
+Offline licensing is a new feature in Windows 10 and allows apps to be deployed to devices that are not connected to the Internet. This means organizations can deploy apps when users or devices do not have connectivity to the Store.
+
+You can download offline-licensed apps from your inventory. You'll need to download these items:
+
+-   App metadata
+
+-   App package
+
+-   App license
+
+-   App framework
+
+For more information about online and offline licenses, see [Apps in the Windows Store for Business](apps-in-windows-store-for-business.md#licensing-model).
+
+For more information about downloading offline-licensed apps, see [Download offline apps](distribute-offline-apps.md).
\ No newline at end of file
diff --git a/windows/manage/application-development-for-windows-as-a-service.md b/windows/manage/application-development-for-windows-as-a-service.md
index dedc91d3cd..080fccc711 100644
--- a/windows/manage/application-development-for-windows-as-a-service.md
+++ b/windows/manage/application-development-for-windows-as-a-service.md
@@ -1,12 +1,13 @@
 ---
 title: Application development for Windows as a service (Windows 10)
-description: In today’s environment, where user expectations frequently are set by device-centric experiences, complete product cycles need to be measured in months, not years.
+description: Microsoft recommends that our ISV partners decouple their app release and support from specific Windows builds.
 ms.assetid: 28E0D103-B0EE-4B14-8680-6F30BD373ACF
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security, servicing
-author: greg-lindsay
+author: jdeckerMS
+redirect_url: https://msdn.microsoft.com/windows/uwp/get-started/application-development-for-windows-as-a-service
 ---
 
 # Application development for Windows as a service
@@ -14,7 +15,7 @@ author: greg-lindsay
 **Applies to**
 -   Windows 10
 -   Windows 10 Mobile
--   Windows 10 IoT Core (IoT Core)
+-   Windows 10 IoT Core 
 
 In today’s environment, where user expectations frequently are set by device-centric experiences, complete product cycles need to be measured in months, not years. Additionally, new releases must be made available on a continual basis, and must be deployable with minimal impact on users. Microsoft designed Windows 10 to meet these requirements by implementing a new approach to innovation, development, and delivery called [Windows as a service (WaaS)](introduction-to-windows-10-servicing.md). The key to enabling significantly shorter product cycles while maintaining high quality levels is an innovative community-centric approach to testing that Microsoft has implemented for Windows 10. The community, known as Windows Insiders, is comprised of millions of users around the world. When Windows Insiders opt in to the community, they test many builds over the course of a product cycle and provide feedback to Microsoft through an iterative methodology called flighting.
 
@@ -25,6 +26,7 @@ Builds distributed as flights provide the Windows engineering team with signific
 Although Microsoft releases flight builds to Windows Insiders, Microsoft will publish two types of Windows 10 releases broadly to the public on an ongoing basis:
 
 **Feature updates** install the latest new features, experiences, and capabilities on devices that are already running Windows 10. Because feature updates contain an entire copy of Windows, they are also what customers use to install Windows 10 on existing devices running Windows 7 or Windows 8.1, and on new devices where no operating system is installed. Microsoft expects to publish an average of one to two new feature updates per year.
+
 **Quality updates** deliver security issue resolutions and other important bug fixes. Quality updates will be provided to improve each feature currently in support, on a cadence of one or more times per month. Microsoft will continue publishing quality updates on Update Tuesday (sometimes referred to as Patch Tuesday). Additionally, Microsoft may publish additional quality updates for Windows 10 outside the Update Tuesday process when required to address customer needs.
 
 During Windows 10 development, Microsoft streamlined the Windows product engineering and release cycle so that we can deliver the features, experiences, and functionality customers want, more quickly than ever. We also created new ways to deliver and install feature updates and quality updates that simplify deployments and on-going management, broaden the base of employees who can be kept current with the latest Windows capabilities and experiences, and lower total cost of ownership. Hence we have implemented new servicing options – referred to as Current Branch (CB), Current Branch for Business (CBB), and Long-Term Servicing Branch (LTSB) – that provide pragmatic solutions to keep more devices more current in enterprise environments than was previously possible.
@@ -45,7 +47,7 @@ The traditional approach for supporting apps has been to release a new app versi
 
 In the Windows as a service model, Microsoft is making a commitment to maintaining the compatibility of the underlying OS. This means Microsoft will make a concerted effort to ensure that there are no breaking changes that impact the app ecosystem negatively. In this scenario, when there is a release of a Windows build, most apps (those with no kernel dependencies) will continue to work.
 
-In view of this change, Microsoft recommends that our ISV partners decouple their app release and support from specific Windows builds. Our mutual customers are better served by an application lifecycle approach. This means when an application version is released it will be supported for a certain period of time irrespective of however many Windows builds are released in the interim. The ISV makes a commitment to provide support for that specific version of the app as long as it is supported in the lifecycle. Microsoft follows a similar lifecycle approach for Windows that can be referenced [here](http://go.microsoft.com/fwlink/?LinkID=780549).
+In view of this change, Microsoft recommends that our ISV partners decouple their app release and support from specific Windows builds. Our mutual customers are better served by an application lifecycle approach. This means when an application version is released it will be supported for a certain period of time irrespective of however many Windows builds are released in the interim. The ISV makes a commitment to provide support for that specific version of the app as long as it is supported in the lifecycle. Microsoft follows a similar lifecycle approach for Windows that can be referenced [here](https://go.microsoft.com/fwlink/?LinkID=780549).
 
 This approach will reduce the burden of maintaining an app schedule that aligns with Windows releases. ISV partners should be free to release features or updates at their own cadence. We feel that our partners can keep their customer base updated with the latest app updates independent of a Windows release. In addition, our customers do not have to seek an explicit support statement whenever a Windows build is released. Here is an example of a support statement that covers how an app may be supported across different versions of the OS:
 
@@ -60,7 +62,7 @@ In the following sections, you will find additional information about the steps
 We understand that compatibility matters to developers. ISVs and developers want to ensure their apps will run as expected on all supported versions of the Windows OS. Consumers and businesses have a key investment here—they want to ensure that the apps they have paid for will continue to work. We know that compatibility is the primary criteria for purchase decisions. Apps that are well written based on best practices will lead to much less code churn when 
 a new Windows version is released and will reduce fragmentation—these apps have a reduced engineering investment to maintain, and a faster time to market.
 
-In the Windows 7 timeframe, compatibility was very much a reactive approach. In Windows 8 we started looking at this differently, working within Windows to ensure that compatibility was by design rather than an afterthought. 
+In the Windows 7 timeframe, compatibility was very much a reactive approach. In Windows 8, we started looking at this differently, working within Windows to ensure that compatibility was by design rather than an afterthought. 
 Windows 10 is the most compatible-by-design version of the OS to date. Here are some key ways we accomplished this:
 -   **App telemetry**: This helps us understand app popularity in the Windows ecosystem to inform compatibility testing.
 -   **ISV partnerships**: Work directly with external partners to provide them with data and help fix issues that our users experience.
@@ -68,15 +70,15 @@ Windows 10 is the most compatible-by-design version of the OS to date. Here are
 -   **Communication**: Tighter control over API changes and improved communication.
 -   **Flighting and feedback loop**: Windows insiders receive flighted builds that help improve our ability to find compatibility issues before a final build is released to customers. This feedback process not only exposes bugs, but ensures we are shipping features our users want.
 
-## Microsoft uses data to make Windows 10 better
+## Best practices for app compatibility
 
 Microsoft uses diagnostic and usage data to identify and troubleshoot problems, improve our products and services, and provide our users with personalized experiences. The usage data we collect also extends to the apps that PCs in the Windows ecosystem are running. Based on what our customers use, we build our list to test these apps, devices, and drivers against new versions of the Windows OS. Windows 10 has been the most compatible version of Windows to-date, with over 90% compatibility against thousands of popular apps. The Windows Compatibility team commonly reaches out to our ISV partners to provide feedback if issues are discovered, so that we can partner together on solutions. Ideally, we’d like our common customers to be able to update Windows seamlessly and without losing functionality in either their OS or the apps they depend on for their productivity or entertainment.
 
 The following sections contain some best practices Microsoft recommends so you can ensure your apps are compatible with Windows 10.
 
-**Windows version check**
+### Windows version check
 
-The OS version has been incremented with Windows 10. This means that the internal version number has been changed to 10.0. As in the past, we go to great lengths to maintain application and device compatibility after an OS version change. For most app categories (without any kernel dependencies) the change will not negatively impact app functionality, and existing apps will continue to work fine on Windows 10.
+The OS version has been incremented with Windows 10. This means that the internal version number has been changed to 10.0. As in the past, we go to great lengths to maintain application and device compatibility after an OS version change. For most app categories (without any kernel dependencies), the change will not negatively impact app functionality, and existing apps will continue to work fine on Windows 10.
 
 The manifestation of this change is app-specific. This means any app that specifically checks for the OS version will get a higher version number, which can lead to one or more of the following situations:
 -   App installers might not be able to install the app, and apps might not be able to start.
@@ -87,20 +89,21 @@ Some apps perform a version check and simply pass a warning to users. However, t
 -   If the app is dependent on specific API functionality, ensure you target the correct API version.
 -   Ensure you detect the change via APISet or another public API, and do not use the version as a proxy for some feature or fix. If there are breaking changes and a proper check is not exposed, then that is a bug.
 -   Ensure the app does NOT check for version in odd ways, such as via the registry, file versions, offsets, kernel mode, drivers, or other means. If the app absolutely needs to check the version, use the GetVersion APIs, which should return the major, minor, and build number.
--   If you are using the [GetVersion](http://go.microsoft.com/fwlink/?LinkID=780555) API, remember that the behavior of this API has changed since Windows 8.1.
+-   If you are using the [GetVersion](https://go.microsoft.com/fwlink/?LinkID=780555) API, remember that the behavior of this API has changed since Windows 8.1.
 
 If you own apps such as antimalware or firewall apps, you should work through your usual feedback channels and via the Windows Insider program.
 
-**Undocumented APIs**
+### Undocumented APIs
+
 Your apps should not call undocumented Windows APIs, or take dependency on specific Windows file exports or registry keys. This can lead to broken functionality, data loss, and potential security issues. If there is functionality your app requires that is not available, this is an opportunity to provide feedback through your usual feedback channels and via the Windows Insider program.
 
-**Develop Universal Windows Platform (UWP) and Centennial apps**
+### Develop Universal Windows Platform (UWP) and Centennial apps
 
-We encourage all Win32 app ISVs to develop [Universal Windows Platform (UWP)](http://go.microsoft.com/fwlink/?LinkID=780560) and, specifically, [Centennial](http://go.microsoft.com/fwlink/?LinkID=780562) apps moving forward. There are great benefits to developing these app packages rather than using traditional Win32 installers. UWP apps are also supported in the [Windows Store](http://go.microsoft.com/fwlink/?LinkID=780563), so it’s easier for you to update your users to a consistent version automatically, lowering your support costs.
+We encourage all Win32 app ISVs to develop [Universal Windows Platform (UWP)](https://go.microsoft.com/fwlink/?LinkID=780560) and, specifically, [Centennial](https://go.microsoft.com/fwlink/?LinkID=780562) apps moving forward. There are great benefits to developing these app packages rather than using traditional Win32 installers. UWP apps are also supported in the [Windows Store](https://go.microsoft.com/fwlink/?LinkID=780563), so it’s easier for you to update your users to a consistent version automatically, lowering your support costs.
 
-If your Win32 app types do not work with the Centennial model, we highly recommend that you use the right installer and ensure this is fully tested. An installer is your user or customer’s first experience with your app, so ensure that this works well. All too often, this doesn’t work well or it hasn’t been fully tested for all scenarios. The [Windows App Certification Kit](http://go.microsoft.com/fwlink/?LinkID=780565) can help you test the install and uninstall of your Win32 app and help you identify use of undocumented APIs, as well as other basic performance-related best-practice issues, before your users do.
+If your Win32 app types do not work with the Centennial model, we highly recommend that you use the right installer and ensure this is fully tested. An installer is your user or customer’s first experience with your app, so ensure that this works well. All too often, this doesn’t work well or it hasn’t been fully tested for all scenarios. The [Windows App Certification Kit](https://go.microsoft.com/fwlink/?LinkID=780565) can help you test the install and uninstall of your Win32 app and help you identify use of undocumented APIs, as well as other basic performance-related best-practice issues, before your users do.
 
-**Best pratcices:**
+**Best practices:**
 -   Use installers that work for both 32-bit and 64-bit versions of Windows.
 -   Design your installers to run on multiple scenarios (user or machine level).
 -   Keep all Windows redistributables in the original packaging – if you repackage these, it’s possible that this will break the installer.
@@ -112,8 +115,8 @@ Windows OS flighting refers to the interim builds available to Windows Insiders
 
 If your app is in the Store, you can flight your app via the Store, which means that your app will be available for our Windows Insider population to install. Users can install your app and you can receive preliminary feedback on your app before you release it to the general population. The follow sections outline the steps for testing your apps against Windows flighted builds.
 
-**Step 1: Become a Windows Insider and participate in flighting**
-As a [Windows Insider,](http://go.microsoft.com/fwlink/p/?LinkId=521639) you can help shape the future of Windows—your feedback will help us improve features and functionality in the platform. This is a vibrant community where you can connect with other enthusiasts, join forums, trade advice, and learn about upcoming Insider-only events.
+### Step 1: Become a Windows Insider and participate in flighting
+As a [Windows Insider,](https://go.microsoft.com/fwlink/p/?LinkId=521639) you can help shape the future of Windows—your feedback will help us improve features and functionality in the platform. This is a vibrant community where you can connect with other enthusiasts, join forums, trade advice, and learn about upcoming Insider-only events.
 
 Since you’ll have access to preview builds of Windows 10, Windows 10 Mobile, and the latest Windows SDK and Emulator, you’ll have all the tools at your disposal to develop great apps and explore what's new in the Universal Windows Platform and the Windows Store.
 
@@ -127,7 +130,7 @@ Before you become a Windows Insider, please note that participation is intended
 -   Know what an ISO file is and how to use it.
 -   Aren't installing it on their everyday computer or device.
 
-**Step 2: Test your scenarios**
+### Step 2: Test your scenarios
 
 Once you have updated to a flighted build, the following are some sample test cases to help you get started on testing and gathering feedback. For most of these tests, ensure you cover both x86 and AMD64 systems.
 **Clean install test:** On a clean install of Windows 10, ensure your app is fully functional. If your app fails this test and the upgrade test, then it’s likely that the issue is caused by underlying OS changes or bugs in the app. 
@@ -149,12 +152,12 @@ If after investigation, the former is the case, be sure to use the Windows Insid
 -   Sensors (accelerometer, fusion, and so on)
 -   Camera
 
-**Step 3: Provide feedback**
+### Step 3: Provide feedback
 
 Let us know how your app is performing against flighted builds. As you discover issues with your app during testing, please log bugs via the partner portal if you have access, or through your Microsoft representative. We encourage this information so that we can build a quality experience for our users together.
 
-**Step 4: Register on Windows 10**
-The [Ready for Windows 10](http://go.microsoft.com/fwlink/?LinkID=780580) website is a directory of software that supports Windows 10. It’s intended for IT administrators at companies and organizations worldwide that are considering Windows 10 for their deployments. IT administrators can check the site to see whether software deployed in their enterprise is supported in Windows 10.
+### Step 4: Register on Windows 10
+The [Ready for Windows 10](https://go.microsoft.com/fwlink/?LinkID=780580) website is a directory of software that supports Windows 10. It’s intended for IT administrators at companies and organizations worldwide that are considering Windows 10 for their deployments. IT administrators can check the site to see whether software deployed in their enterprise is supported in Windows 10.
 
 ## Related topics
 [Windows 10 servicing options for updates and upgrades](introduction-to-windows-10-servicing.md)
diff --git a/windows/manage/apps-in-windows-store-for-business.md b/windows/manage/apps-in-windows-store-for-business.md
index dec7d4ca5f..f74b81160c 100644
--- a/windows/manage/apps-in-windows-store-for-business.md
+++ b/windows/manage/apps-in-windows-store-for-business.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Apps in Windows Store for Business
@@ -50,7 +51,7 @@ Apps that you acquire from the Store for Business only work on Windows 10-based
 
 Some apps are free, and some apps charge a price. Currently, you can pay for apps with a credit card. We'll be adding more payment options over time.
 
-Some apps which are available to consumers in the Windows Store might not be available to organizations in the Windows Store for Business. App developers can opt-out their apps, and they also need to meet eligibility requirements for Windows Store for Business. For more information, read this info on [Organizational licensing options](https://msdn.microsoft.com/en-us/windows/uwp/publish/organizational-licensing). 
+Some apps which are available to consumers in the Windows Store might not be available to organizations in the Windows Store for Business. App developers can opt-out their apps, and they also need to meet eligibility requirements for Windows Store for Business. For more information, read this info on [Organizational licensing options](https://msdn.microsoft.com/windows/uwp/publish/organizational-licensing). 
 
 **Note**<br>
 We are still setting up the catalog of apps for Windows Store for Business. If you are searching for an app and it isn’t available, please check again in a couple of days.
diff --git a/windows/manage/appv-about-appv.md b/windows/manage/appv-about-appv.md
new file mode 100644
index 0000000000..ef43aeed3d
--- /dev/null
+++ b/windows/manage/appv-about-appv.md
@@ -0,0 +1,54 @@
+---
+title: What's new in App-V for Windows 10 (Windows 10)
+description: Information about what's new in App-V for Windows 10. 
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# What's new in App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+Microsoft Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally. 
+
+Application Virtualization (App-V) for Windows 10, version 1607, includes these new features and capabilities compared to App-V 5.1. See [App-V release notes](appv-release-notes-for-appv-for-windows.md) for more information about the App-V for Windows 10, version 1607 release.
+
+
+## App-V is now a feature in Windows 10
+
+With Windows 10, version 1607 and later releases, Application Virtualization (App-V) is included with [Windows 10 for Enterprise and Windows 10 for Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home) and is no longer part of the Microsoft Desktop Optimization Pack. 
+
+For information about earlier versions of App-V, see [MDOP Information Experience](https://technet.microsoft.com/itpro/mdop/index).
+
+The changes in App-V for Windows 10, version 1607 impact already existing implementations of App-V in the following ways:
+
+-   The App-V client is installed on user devices automatically with Windows 10, version 1607, and no longer has to be deployed separately. Performing an in-place upgrade to Windows 10, version 1607, on user devices automatically installs the App-V client.
+
+-   The App-V application sequencer is available from the [Windows 10 Assessment and Deployment Kit (ADK)](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). In previous releases of App-V, the application sequencer was included in the Microsoft Desktop Optimization Pack. Although you’ll need to use the new application sequencer to create new virtualized applications, existing virtualized applications will continue to work. 
+
+>**Note**<br>If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released. 
+
+For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md) and [Migrating to App-V for Windows 10 from a previous version](appv-migrating-to-appv-from-a-previous-version.md).
+
+>**Important**
+You can upgrade your existing App-V installation to Windows 10, version 1607 from App-V versions 5.0 SP2 and higher only. If you are using a previous version of App-V, you’ll need to upgrade from that version to App-V 5.0 SP2 before you upgrade to Windows 10, version 1607.
+
+ 
+## Support for System Center 
+
+App-V supports System Center 2016 and System Center 2012 R2 Configuration Manager SP1. See [Planning for App-V Integration with Configuration Manager](https://technet.microsoft.com/library/jj822982.aspx) for information about integrating your App-V environment with Configuration Manager.
+
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[Release Notes for App-V](appv-release-notes-for-appv-for-windows.md)
diff --git a/windows/manage/appv-accessibility.md b/windows/manage/appv-accessibility.md
new file mode 100644
index 0000000000..34a3ab0a09
--- /dev/null
+++ b/windows/manage/appv-accessibility.md
@@ -0,0 +1,4 @@
+---
+title: Accessibility for App-V (Windows 10)
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/appv-getting-started
+---
diff --git a/windows/manage/appv-accessing-the-client-management-console.md b/windows/manage/appv-accessing-the-client-management-console.md
new file mode 100644
index 0000000000..d6ad0b2b1a
--- /dev/null
+++ b/windows/manage/appv-accessing-the-client-management-console.md
@@ -0,0 +1,4 @@
+---
+title: How to access the client management console (Windows 10)
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/appv-using-the-client-management-console
+---
diff --git a/windows/manage/appv-add-or-remove-an-administrator-with-the-management-console.md b/windows/manage/appv-add-or-remove-an-administrator-with-the-management-console.md
new file mode 100644
index 0000000000..af573415ac
--- /dev/null
+++ b/windows/manage/appv-add-or-remove-an-administrator-with-the-management-console.md
@@ -0,0 +1,39 @@
+---
+title: How to Add or Remove an Administrator by Using the Management Console (Windows 10)
+description: How to Add or Remove an Administrator by Using the Management Console
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Add or Remove an Administrator by Using the Management Console
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following procedures to add or remove an administrator on the Microsoft Application Virtualization (App-V) server.
+
+**To add an administrator using the Management Console**
+
+1.  Open the Microsoft Application Virtualization (App-V) Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of Access Directory (AD) users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server.
+
+2.  To add a new administrator, click **Add Administrator** Type the name of the administrator that you want to add in the **Active Directory Name** field. Ensure you provide the associated user account domain name. For example, **Domain** \\ **UserName**.
+
+3.  Select the account that you want to add and click **Add**. The new account is displayed in the list of server administrators.
+
+**To remove an administrator using the Management Console**
+
+1.  Open the Microsoft Application Virtualization (App-V) Management Console and click **Administrators** in the navigation pane. The navigation pane displays a list of AD users and groups that currently have administrative access to the Microsoft Application Virtualization (App-V) server.
+
+2.  Right-click the account to be removed from the list of administrators and select **Remove**.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-add-or-upgrade-packages-with-the-management-console.md b/windows/manage/appv-add-or-upgrade-packages-with-the-management-console.md
new file mode 100644
index 0000000000..5a7ba35ca9
--- /dev/null
+++ b/windows/manage/appv-add-or-upgrade-packages-with-the-management-console.md
@@ -0,0 +1,48 @@
+---
+title: How to Add or Upgrade Packages by Using the Management Console (Windows 10)
+description: How to Add or Upgrade Packages by Using the Management Console
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Add or Upgrade Packages by Using the Management Console
+
+**Applies to**
+-   Windows 10, version 1607
+
+You can the following procedure to add or upgrade a package to the App-V Management Console. To upgrade a package that already exists in the Management Console, use the following steps and import the upgraded package using the same package **Name**.
+
+**To add a package to the Management Console**
+
+1.  Click the **Packages** tab in the navigation pane of the Management Console display.
+
+    The console displays the list of packages that have been added to the server along with status information about each package. When a package is selected, detailed information about the package is displayed in the **PACKAGES** pane.
+
+    Click the **Ungrouped** drop-down list box and specify how the packages are to be displayed in the console. You can also click the associated column header to sort the packages.
+
+2.  To specify the package you want to add, click **Add or Upgrade Packages**.
+
+3.  Type the full path to the package that you want to add. Use the UNC or HTTP path format, for example **\\\\servername\\sharename\\foldername\\packagename.appv** or **http://server.1234/file.appv**, and then click **Add**.
+
+    **Important**  
+    You must select a package with the **.appv** file name extension.
+
+     
+
+4.  The page displays the status message **Adding &lt;Packagename&gt;**. Click **IMPORT STATUS** to check the status of a package that you have imported.
+
+    Click **OK** to add the package and close the **Add Package** page. If there was an error during the import, click **Detail** on the **Package Import** page for more information. The newly added package is now available in the **PACKAGES** pane.
+
+5.  Click **Close** to close the **Add or Upgrade Packages** page.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-administering-appv-with-powershell.md b/windows/manage/appv-administering-appv-with-powershell.md
new file mode 100644
index 0000000000..877ce78083
--- /dev/null
+++ b/windows/manage/appv-administering-appv-with-powershell.md
@@ -0,0 +1,136 @@
+---
+title: Administering App-V by Using Windows PowerShell (Windows 10)
+description: Administering App-V by Using Windows PowerShell
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Administering App-V by Using Windows PowerShell
+
+**Applies to**
+-   Windows 10, version 1607
+
+Microsoft Application Virtualization (App-V) provides Windows PowerShell cmdlets, which can help administrators perform various App-V tasks. The following sections provide more information about using Windows PowerShell with App-V.
+
+## How to administer App-V by using Windows PowerShell
+
+
+Use the following Windows PowerShell procedures to perform various App-V tasks.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Name</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>[How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md)</p></td>
+<td align="left"><p>Describes how to install the Windows PowerShell cmdlets and find cmdlet help and examples.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to manage the client package lifecycle on a stand-alone computer by using Windows PowerShell.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>[How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to manage connection groups by using Windows PowerShell.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to modify the client by using Windows PowerShell.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>[How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to apply a user configuration file by using Windows PowerShell.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to apply a deployment configuration file by using Windows PowerShell.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>[How to Sequence a Package by Using Windows PowerShell](appv-sequence-a-package-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to create a new package by using Windows PowerShell.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[How to Create a Package Accelerator by Using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to create a package accelerator by using Windows PowerShell. You can use package accelerators automatically sequence large, complex applications.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>[How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to enable the computer running the App-V to send reporting information.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md)</p></td>
+<td align="left"><p>Describes how to take an array of account names and to convert each of them to the corresponding SID in standard and hexadecimal formats.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>[How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
+</p></td>
+<td align="left"><p>Describes how to use Windows PowerShell to configure a client after you deploy the App-V management and publishing servers, and add the required packages and connection groups.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Important**  
+Make sure that any script you execute with your App-V packages matches the execution policy that you have configured for Windows PowerShell.
+
+ 
+
+## Windows PowerShell Error Handling
+
+
+Use the following table for information about Windows PowerShell error handling for App-V.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Event</th>
+<th align="left">Action</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Using the RollbackOnError attribute with embedded scripts</p></td>
+<td align="left"><p>When you use the <strong>RollbackOnError</strong> attribute with embedded scripts, the attribute is ignored for the following events:</p>
+<ul>
+<li><p>Removing a package</p></li>
+<li><p>Unpublishing a package</p></li>
+<li><p>Terminating a virtual environment</p></li>
+<li><p>Terminating a process</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Package name contains <strong>$</strong></p></td>
+<td align="left"><p>If a package name contains the character ( <strong>$</strong> ), you must use a single-quote ( <strong>'</strong> ), for example,</p>
+<p><strong>Add-AppvClientPackage 'Contoso$App.appv'</strong></p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-administering-virtual-applications-with-the-management-console.md b/windows/manage/appv-administering-virtual-applications-with-the-management-console.md
new file mode 100644
index 0000000000..a110cd87b5
--- /dev/null
+++ b/windows/manage/appv-administering-virtual-applications-with-the-management-console.md
@@ -0,0 +1,115 @@
+---
+title: Administering App-V Virtual Applications by Using the Management Console (Windows 10)
+description: Administering App-V Virtual Applications by Using the Management Console
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Administering App-V Virtual Applications by Using the Management Console
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the Microsoft Application Virtualization (App-V) management server to manage packages, connection groups, and package access in your environment. The server publishes application icons, shortcuts, and file type associations to authorized computers that run the App-V client. One or more management servers typically share a common data store for configuration and package information.
+
+The management server uses Active Directory Domain Services (AD DS) groups to manage user authorization and has SQL Server installed to manage the database and data store.
+
+Because the management servers stream applications to end users on demand, these servers are ideally suited for system configurations that have reliable, high-bandwidth LANs. The management server consists of the following components:
+
+-   Management Server – Use the management server to manage packages and connection groups.
+
+-   Publishing Server – Use the publishing server to deploy packages to computers that run the App-V client.
+
+-   Management Database - Use the management database to manage the package access and to publish the server’s synchronization with the management server.
+
+## Management Console tasks
+
+
+The most common tasks that you can perform with the App-V Management console are:
+
+-   [How to Connect to the Management Console](appv-connect-to-the-management-console.md)
+
+-   [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md)
+
+-   [How to Configure Access to Packages by Using the Management Console](appv-configure-access-to-packages-with-the-management-console.md)
+
+-   [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md)
+
+-   [How to Delete a Package in the Management Console](appv-delete-a-package-with-the-management-console.md)
+
+-   [How to Add or Remove an Administrator by Using the Management Console](appv-add-or-remove-an-administrator-with-the-management-console.md)
+
+-   [How to Register and Unregister a Publishing Server by Using the Management Console](appv-register-and-unregister-a-publishing-server-with-the-management-console.md)
+
+-   [How to Create a Custom Configuration File by Using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md)
+
+-   [How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console](appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md)
+
+-   [How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console](appv-customize-virtual-application-extensions-with-the-management-console.md)
+
+-   [How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console](appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md)
+
+The main elements of the App-V Management Console are:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Management Console tab</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Packages tab</p></td>
+<td align="left"><p>Use the <strong>PACKAGES</strong> tab to add or upgrade packages.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Connection Groups tab</p></td>
+<td align="left"><p>Use the <strong>CONNECTION GROUPS</strong> tab to manage connection groups.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Servers tab</p></td>
+<td align="left"><p>Use the <strong>SERVERS</strong> tab to register a new server.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Administrators tab</p></td>
+<td align="left"><p>Use the <strong>ADMINISTRATORS</strong> tab to register, add, or remove administrators in your App-V environment.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Important**  
+JavaScript must be enabled on the browser that opens the Web Management Console.
+
+ 
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## <a href="" id="other-resources-for-this-app-v-5-1-deployment-"></a>Other resources for this App-V deployment
+
+
+-   [Application Virtualization (App-V) overview](appv-for-windows.md)
+
+-   [Operations for App-V](appv-operations.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-allow-administrators-to-enable-connection-groups.md b/windows/manage/appv-allow-administrators-to-enable-connection-groups.md
new file mode 100644
index 0000000000..8241c5edef
--- /dev/null
+++ b/windows/manage/appv-allow-administrators-to-enable-connection-groups.md
@@ -0,0 +1,60 @@
+---
+title: How to Allow Only Administrators to Enable Connection Groups (Windows 10)
+description: How to Allow Only Administrators to Enable Connection Groups
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Allow Only Administrators to Enable Connection Groups
+
+**Applies to**
+-   Windows 10, version 1607
+
+You can configure the App-V client so that only administrators (not end users) can enable or disable connection groups. In earlier versions of App-V, you could not prevent end users from performing these tasks.
+
+**Note**<br>
+This feature is supported starting in App-V 5.0 SP3.
+
+Use one of the following methods to allow only administrators to enable or disable connection groups.
+
+<table>
+<colgroup>
+<col width="30%" />
+<col width="70%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Method</th>
+<th align="left">Steps</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Group Policy setting</p></td>
+<td align="left"><p>Enable the “Require publish as administrator” Group Policy setting, which is located in the following Group Policy Object node:</p>
+<p><strong>Computer Configuration &gt; Administrative Templates &gt; System &gt; App-V &gt; Publishing</strong></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows PowerShell cmdlet</p></td>
+<td align="left"><p>Run the <strong>Set-AppvClientConfiguration</strong> cmdlet with the <strong>-RequirePublishAsAdmin</strong> parameter.</p>
+<p>Parameter values:</p>
+<ul>
+<li><p>0 - False</p></li>
+<li><p>1 - True</p></li>
+</ul>
+<p>Example: <strong>Set-AppvClientConfiguration -RequirePublishAsAdmin 1</strong></p></td>
+</tr>
+</tbody>
+</table>
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Managing Connection Groups](appv-managing-connection-groups.md)
diff --git a/windows/manage/appv-application-publishing-and-client-interaction.md b/windows/manage/appv-application-publishing-and-client-interaction.md
new file mode 100644
index 0000000000..b99eb36f43
--- /dev/null
+++ b/windows/manage/appv-application-publishing-and-client-interaction.md
@@ -0,0 +1,1287 @@
+---
+title: Application Publishing and Client Interaction (Windows 10)
+description: Application Publishing and Client Interaction
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Application Publishing and Client Interaction
+
+**Applies to**
+-   Windows 10, version 1607
+
+This article provides technical information about common App-V client operations and their integration with the local operating system.
+
+## App-V package files created by the Sequencer
+
+
+The Sequencer creates App-V packages and produces a virtualized application. The sequencing process creates the following files:
+
+<table>
+<colgroup>
+<col width="30%" />
+<col width="70%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">File</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>.appv</p></td>
+<td align="left"><ul>
+<li><p>The primary package file, which contains the captured assets and state information from the sequencing process.</p></li>
+<li><p>Architecture of the package file, publishing information, and registry in a tokenized form that can be reapplied to a machine and to a specific user upon delivery.</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>.MSI</p></td>
+<td align="left"><p>Executable deployment wrapper that you can use to deploy .appv files manually or by using a third-party deployment platform.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>_DeploymentConfig.XML</p></td>
+<td align="left"><p>File used to customize the default publishing parameters for all applications in a package that is deployed globally to all users on a computer that is running the App-V client.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>_UserConfig.XML</p></td>
+<td align="left"><p>File used to customize the publishing parameters for all applications in a package that is a deployed to a specific user on a computer that is running the App-V client.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Report.xml</p></td>
+<td align="left"><p>Summary of messages resulting from the sequencing process, including omitted drivers, files, and registry locations.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>.CAB</p></td>
+<td align="left"><p><em>Optional:</em> Package accelerator file used to automatically rebuild a previously sequenced virtual application package.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>.appvt</p></td>
+<td align="left"><p><em>Optional:</em> Sequencer template file used to retain commonly reused Sequencer settings.</p></td>
+</tr>
+</tbody>
+</table>
+
+For information about sequencing, see [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md).
+
+## What’s in the appv file?
+
+
+The appv file is a container that stores XML and non-XML files together in a single entity. This file is built from the AppX format, which is based on the Open Packaging Conventions (OPC) standard.
+
+To view the appv file contents, make a copy of the package, and then rename the copied file to a ZIP extension.
+
+The appv file contains the following folder and files, which are used when creating and publishing a virtual application:
+
+| Name | Type | Description |
+| - | - | - |
+| Root | File folder | Directory that contains the file system for the virtualized application that is captured during sequencing. |
+| [Content_Types].xml | XML File | List of the core content types in the appv file (e.g. DLL, EXE, BIN). |
+| AppxBlockMap.xml | XML File | Layout of the appv file, which uses File, Block, and BlockMap elements that enable location and validation of files in the App-V package.|
+| AppxManifest.xml | XML File | Metadata for the package that contains the required information for adding, publishing, and launching the package. Includes extension points (file type associations and shortcuts) and the names and GUIDs associated with the package.|
+| FilesystemMetadata.xml | XML File | List of the files captured during sequencing, including attributes (e.g., directories, files, opaque directories, empty directories,and long and short names). |
+| PackageHistory.xml | XML File | Information about the sequencing computer (operating system version, Internet Explorer version, .Net Framework version) and process (upgrade, package version).|
+| Registry.dat | DAT File | Registry keys and values captured during the sequencing process for the package.|
+| StreamMap.xml | XML File | List of files for the primary and publishing feature block. The publishing feature block contains the ICO files and required portions of files (EXE and DLL) for publishing the package. When present, the primary feature block includes files that have been optimized for streaming during the sequencing process.|
+
+ 
+
+## App-V client data storage locations
+
+The App-V client performs tasks to ensure that virtual applications run properly and work like locally installed applications. The process of opening and running virtual applications requires mapping from the virtual file system and registry to ensure the application has the required components of a traditional application expected by users. This section describes the assets that are required to run virtual applications and lists the location where App-V stores the assets.
+
+| Name | Location | Description |
+| - | - | - |
+| Package Store | %ProgramData%\App-V| Default location for read only package files| 
+| Machine Catalog | %ProgramData%\Microsoft\AppV\Client\Catalog| Contains per-machine configuration documents| 
+| User Catalog | %AppData%\Microsoft\AppV\Client\Catalog| Contains per-user configuration documents| 
+| Shortcut Backups | %AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups| Stores previous integration points that enable restore on package unpublish| 
+| Copy on Write (COW) Roaming | %AppData%\Microsoft\AppV\Client\VFS| Writeable roaming location for package modification| 
+| Copy on Write (COW) Local | %LocalAppData%\Microsoft\AppV\Client\VFS| Writeable non-roaming location for package modification| 
+| Machine Registry | HKLM\Software\Microsoft\AppV| Contains package state information, including VReg for machine or globally published packages (Machine hive)| 
+| User Registry | HKCU\Software\Microsoft\AppV| Contains user package state information including VReg| 
+| User Registry Classes | HKCU\Software\Classes\AppV| Contains additional user package state information| 
+
+Additional details for the table are provided in the section below and throughout the document.
+
+### Package store
+
+The App-V Client manages the applications assets mounted in the package store. This default storage location is `%ProgramData%\App-V`, but you can configure it during or after setup by using the `Set-AppVClientConfiguration` Windows PowerShell cmdlet, which modifies the local registry (`PackageInstallationRoot` value under the `HKLM\Software\Microsoft\AppV\Client\Streaming` key). The package store must be located at a local path on the client operating system. The individual packages are stored in the package store in subdirectories named for the Package GUID and Version GUID.
+
+Example of a path to a specific application:
+
+``` syntax
+C:\ProgramData\App-V\PackGUID\VersionGUID 
+```
+
+To change the default location of the package store during setup, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
+
+### Shared Content Store
+
+If the App-V Client is configured in Shared Content Store mode, no data is written to disk when a stream fault occurs, which means that the packages require minimal local disk space (publishing data). The use of less disk space is highly desirable in VDI environments, where local storage can be limited, and streaming the applications from a high performance network location (such as a SAN) is preferable. For more information, see [Shared Content Store in Microsoft App-V 5.0 - Behind the Scenes](https://blogs.technet.microsoft.com/appv/2013/07/22/shared-content-store-in-microsoft-app-v-5-0-behind-the-scenes/).
+
+> [!NOTE]  
+> The machine and package store must be located on a local drive, even when you’re using Shared Content Store configurations for the App-V Client.
+
+ 
+
+### Package catalogs
+
+The App-V Client manages the following two file-based locations:
+
+-   **Catalogs (user and machine).**
+
+-   **Registry locations** - depends on how the package is targeted for publishing. There is a Catalog (data store) for the computer, and a catalog for each individual user. The Machine Catalog stores global information applicable to all users or any user, and the User Catalog stores information applicable to a specific user. The Catalog is a collection of Dynamic Configurations and manifest files; there is discrete data for both file and registry per package version. 
+
+### Machine catalog
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Description</p></td>
+<td align="left"><p>Stores package documents that are available to users on the machine, when packages are added and published. However, if a package is “global” at publishing time, the integrations are available to all users.</p>
+<p>If a package is non-global, the integrations are published only for specific users, but there are still global resources that are modified and visible to anyone on the client computer (e.g., the package directory is in a shared disk location).</p>
+<p>If a package is available to a user on the computer (global or non-global), the manifest is stored in the Machine Catalog. When a package is published globally, there is a Dynamic Configuration file, stored in the Machine Catalog; therefore, the determination of whether a package is global is defined according to whether there is a policy file (UserDeploymentConfiguration file) in the Machine Catalog.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Default storage location</p></td>
+<td align="left"><p><code>%programdata%\Microsoft\AppV\Client\Catalog\</code></p>
+<p>This location is not the same as the Package Store location. The Package Store is the golden or pristine copy of the package files.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Files in the machine catalog</p></td>
+<td align="left"><ul>
+<li><p>Manifest.xml</p></li>
+<li><p>DeploymentConfiguration.xml</p></li>
+<li><p>UserManifest.xml (Globally Published Package)</p></li>
+<li><p>UserDeploymentConfiguration.xml (Globally Published Package)</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Additional machine catalog location, used when the package is part of a connection group</p></td>
+<td align="left"><p>The following location is in addition to the specific package location mentioned above:</p>
+<p><code>%programdata%\Microsoft\AppV\Client\Catalog\PackageGroups\ConGroupGUID\ConGroupVerGUID</code></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Additional files in the machine catalog when the package is part of a connection group</p></td>
+<td align="left"><ul>
+<li><p>PackageGroupDescriptor.xml</p></li>
+<li><p>UserPackageGroupDescriptor.xml (globally published Connection Group)</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### User catalog
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Description</p></td>
+<td align="left"><p>Created during the publishing process. Contains information used for publishing the package, and also used at launch to ensure that a package is provisioned to a specific user. Created in a roaming location and includes user-specific publishing information.</p>
+<p>When a package is published for a user, the policy file is stored in the User Catalog. At the same time, a copy of the manifest is also stored in the User Catalog. When a package entitlement is removed for a user, the relevant package files are removed from the User Catalog. Looking at the user catalog, an administrator can view the presence of a Dynamic Configuration file, which indicates that the package is entitled for that user.</p>
+<p>For roaming users, the User Catalog needs to be in a roaming or shared location to preserve the legacy App-V behavior of targeting users by default. Entitlement and policy are tied to a user, not a computer, so they should roam with the user once they are provisioned.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Default storage location</p></td>
+<td align="left"><p><code>appdata\roaming\Microsoft\AppV\Client\Catalog\Packages\PkgGUID\VerGUID</code></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Files in the user catalog</p></td>
+<td align="left"><ul>
+<li><p>UserManifest.xml</p></li>
+<li><p>DynamicConfiguration.xml or UserDeploymentConfiguration.xml</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Additional user catalog location, used when the package is part of a connection group</p></td>
+<td align="left"><p>The following location is in addition to the specific package location mentioned above:</p>
+<p><code>appdata\roaming\Microsoft\AppV\Client\Catalog\PackageGroups\PkgGroupGUID\PkgGroupVerGUID</code></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Additional file in the machine catalog when the package is part of a connection group</p></td>
+<td align="left"><p><code>UserPackageGroupDescriptor.xml</code></p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Shortcut backups
+
+During the publishing process, the App-V Client backs up any shortcuts and integration points to `%AppData%\Microsoft\AppV\Client\Integration\ShortCutBackups.` This backup enables the restoration of these integration points to the previous versions when the package is unpublished.
+
+### Copy on Write files
+
+The Package Store contains a pristine copy of the package files that have been streamed from the publishing server. During normal operation of an App-V application, the user or service may require changes to the files. These changes are not made in the package store in order to preserve your ability to repair the application, which removes these changes. These locations, called Copy on Write (COW), support both roaming and non-roaming locations. The location where the modifications are stored depends where the application has been programmed to write changes to in a native experience.
+
+### COW roaming
+
+The COW Roaming location described above stores changes to files and directories that are targeted to the typical %AppData% location or \\Users\\*&lt;username&gt;*\\AppData\\Roaming location. These directories and files are then roamed based on the operating system settings.
+
+### COW local
+
+The COW Local location is similar to the roaming location, but the directories and files are not roamed to other computers, even if roaming support has been configured. The COW Local location described above stores changes applicable to typical windows and not the %AppData% location. The directories listed will vary but there will be two locations for any typical Windows locations (e.g. Common AppData and Common AppDataS). The **S** signifies the restricted location when the virtual service requests the change as a different elevated user from the logged on users. The non-**S** location stores user based changes.
+
+## <a href="" id="bkmk-pkg-registry"></a>Package registry
+
+
+Before an application can access the package registry data, the App-V Client must make the package registry data available to the applications. The App-V Client uses the real registry as a backing store for all registry data.
+
+When a new package is added to the App-V Client, a copy of the REGISTRY.DAT file from the package is created at `%ProgramData%\Microsoft\AppV\Client\VREG\{Version GUID}.dat`. The name of the file is the version GUID with the .DAT extension. The reason this copy is made is to ensure that the actual hive file in the package is never in use, which would prevent the removal of the package at a later time.
+
+**Registry.dat from Package Store** > **%ProgramData%\Microsoft\AppV\Client\Vreg\\{VersionGuid}.dat**
+ 
+
+When the first application from the package is launched on the client, the client stages or copies the contents out of the hive file, re-creating the package registry data in an alternate location `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\Packages\PackageGuid\Versions\VersionGuid\REGISTRY`. The staged registry data has two distinct types of machine data and user data. Machine data is shared across all users on the machine. User data is staged for each user to a userspecific location `HKCU\Software\Microsoft\AppV\Client\Packages\PackageGuid\Registry\User`. The machine data is ultimately removed at package removal time, and the user data is removed on a user unpublish operation.
+
+### Package registry staging vs. connection group registry staging
+
+When connection groups are present, the previous process of staging the registry holds true, but instead of having one hive file to process, there are more than one. The files are processed in the order in which they appear in the connection group XML, with the first writer winning any conflicts.
+
+The staged registry persists the same way as in the single package case. Staged user registry data remains for the connection group until it is disabled; staged machine registry data is removed on connection group removal.
+
+### Virtual registry
+
+The purpose of the virtual registry (VREG) is to provide a single merged view of the package registry and the native registry to applications. It also provides copy-on-write (COW) functionality – that is any changes made to the registry from the context of a virtual process are made to a separate COW location. This means that the VREG must combine up to three separate registry locations into a single view based on the populated locations in the registry COW -&gt; package -&gt; native. When a request is made for a registry data it will locate in order until it finds the data it was requesting. Meaning if there is a value stored in a COW location it will not proceed to other locations, however, if there is no data in the COW location it will proceed to the Package and then Native location until it finds the appropriate data.
+
+### Registry locations
+
+There are two package registry locations and two connection group locations where the App-V Client stores registry information, depending on whether the Package is published individually or as part of a connection group. There are three COW locations for packages and three for connection groups, which are created and managed by the VREG. Settings for packages and connection groups are not shared:
+
+**Single Package VReg:**
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Location</strong></p></td>
+<td align="left"><p><strong>Description</strong></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>COW</strong></p></td>
+<td align="left"><ul>
+<li><p>Machine Registry\Client\Packages\PkgGUID\REGISTRY (Only elevate process can write)</p></li>
+<li><p>User Registry\Client\Packages\PkgGUID\REGISTRY (User Roaming anything written under HKCU except Software\Classes</p></li>
+<li><p>User Registry Classes\Client\Packages\PkgGUID\REGISTRY (HKCU\Software\Classes writes and HKLM for non elevated process)</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Package</strong></p></td>
+<td align="left"><ul>
+<li><p>Machine Registry\Client\Packages\PkgGUID\Versions\VerGuid\Registry\Machine</p></li>
+<li><p>User Registry Classes\Client\Packages\PkgGUID\Versions\VerGUID\Registry</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Native</strong></p></td>
+<td align="left"><ul>
+<li><p>Native application registry location</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+**Connection Group VReg:**
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Location</strong></p></td>
+<td align="left"><p><strong>Description</strong></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>COW</strong></p></td>
+<td align="left"><ul>
+<li><p>Machine Registry\Client\PackageGroups\GrpGUID\REGISTRY (only elevate process can write)</p></li>
+<li><p>User Registry\Client\PackageGroups\GrpGUID\REGISTRY (Anything written to HKCU except Software\Classes</p></li>
+<li><p>User Registry Classes\Client\PackageGroups\GrpGUID\REGISTRY</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Package</strong></p></td>
+<td align="left"><ul>
+<li><p>Machine Registry\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY</p></li>
+<li><p>User Registry Classes\Client\PackageGroups\GrpGUID\Versions\VerGUID\REGISTRY</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Native</strong></p></td>
+<td align="left"><ul>
+<li><p>Native application registry location</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+There are two COW locations for HKLM; elevated and non-elevated processes. Elevated processes always write HKLM changes to the secure COW under HKLM. Non-elevated processes always write HKLM changes to the non-secure COW under HKCU\\Software\\Classes. When an application reads changes from HKLM, elevated processes will read changes from the secure COW under HKLM. Non-elevated reads from both, favoring the changes made in the unsecure COW first.
+
+### Pass-through keys
+
+Pass-through keys enable an administrator to configure certain keys so they can only be read from the native registry, bypassing the Package and COW locations. Pass-through locations are global to the machine (not package specific) and can be configured by adding the path to the key, which should be treated as pass-through to the **REG\_MULTI\_SZ** value called **PassThroughPaths** of the key `HKLM\Software\Microsoft\AppV\Subsystem\VirtualRegistry`. Any key that appears under this multi-string value (and their children) will be treated as pass-through.
+
+The following locations are configured as pass-through locations by default:
+
+-   HKEY\_CURRENT\_USER\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel
+
+-   HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Classes\\Local Settings\\Software\\Microsoft\\Windows\\CurrentVersion\\AppModel
+
+-   HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WINEVT
+
+-   HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\services\\eventlog\\Application
+
+-   HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\WMI\\Autologger
+
+-   HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Internet Settings
+
+-   HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Perflib
+
+-   HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Policies
+
+-   HKEY\_CURRENT\_USER\\SOFTWARE\\Policies
+
+The purpose of Pass-through keys is to ensure that a virtual application does not write registry data in the VReg that is required for non-virtual applications for successful operation or integration. The Policies key ensures that Group Policy based settings set by the administrator are utilized and not per package settings. The AppModel key is required for integration with Windows Modern UI based applications. It is recommend that administers do not modify any of the default pass-through keys, but in some instances, based on application behavior may require adding additional pass-through keys.
+
+## App-V package store behavior
+
+
+App-V manages the Package Store, which is the location where the expanded asset files from the appv file are stored. By default, this location is stored at %ProgramData%\\App-V, and is limited in terms of storage capabilities only by free disk space. The package store is organized by the GUIDs for the package and version as mentioned in the previous section.
+
+### Add packages
+
+App-V Packages are staged upon addition to the computer with the App-V Client. The App-V Client provides on-demand staging. During publishing or a manual Add-AppVClientPackage, the data structure is built in the package store (c:\\programdata\\App-V\\{PkgGUID}\\{VerGUID}). The package files identified in the publishing block defined in the StreamMap.xml are added to the system and the top level folders and child files staged to ensure proper application assets exist at launch.
+
+### Mounting packages
+
+Packages can be explicitly loaded using the Windows PowerShell `Mount-AppVClientPackage` or by using the **App-V Client UI** to download a package. This operation completely loads the entire package into the package store.
+
+### Streaming packages
+
+The App-V Client can be configured to change the default behavior of streaming. All streaming policies are stored under the following registry key: `HKEY_LOCAL_MACHINE\Software\Microsoft\AppV\Client\Streaming`. Policies are set using the Windows PowerShell cmdlet `Set-AppvClientConfiguration`. The following policies apply to Streaming:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Policy</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>AllowHighCostLaunch</p></td>
+<td align="left"><p>Allows streaming over 3G and cellular networks</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>AutoLoad</p></td>
+<td align="left"><p>Specifies the Background Load setting:</p>
+<p><strong>0</strong> - Disabled</p>
+<p><strong>1</strong> – Previously Used Packages only</p>
+<p><strong>2</strong> – All Packages</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>PackageInstallationRoot</p></td>
+<td align="left"><p>The root folder for the package store in the local machine</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>PackageSourceRoot</p></td>
+<td align="left"><p>The root override where packages should be streamed from</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>SharedContentStoreMode</p></td>
+<td align="left"><p>Enables the use of Shared Content Store for VDI scenarios</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ 
+
+These settings affect the behavior of streaming App-V package assets to the client. By default, App-V only downloads the assets required after downloading the initial publishing and primary feature blocks. There are three specific behaviors around streaming packages that must be explained:
+
+-   Background Streaming
+
+-   Optimized Streaming
+
+-   Stream Faults
+
+### Background streaming
+
+The Windows PowerShell cmdlet `Get-AppvClientConfiguration` can be used to determine the current mode for background streaming with the AutoLoad setting and modified with the cmdlet Set-AppvClientConfiguration or from the registry (HKLM\\SOFTWARE\\Microsoft\\AppV\\ClientStreaming key). Background streaming is a default setting where the Autoload setting is set to download previously used packages. The behavior based on default setting (value=1) downloads App-V data blocks in the background after the application has been launched. This setting can be disabled all together (value=0) or enabled for all packages (value=2), whether they have been launched.
+
+### Optimized streaming
+
+App-V packages can be configured with a primary feature block during sequencing. This setting allows the sequencing engineer to monitor launch files for a specific application, or applications, and mark the blocks of data in the App-V package for streaming at first launch of any application in the package.
+
+### Stream faults
+
+After the initial stream of any publishing data and the primary feature block, requests for additional files perform stream faults. These blocks of data are downloaded to the package store on an as-needed basis. This allows a user to download only a small part of the package, typically enough to launch the package and run normal tasks. All other blocks are downloaded when a user initiates an operation that requires data not currently in the package store.
+
+### Package upgrades
+
+App-V Packages require updating throughout the lifecycle of the application. App-V Package upgrades are similar to the package publish operation, as each version will be created in its own PackageRoot location: `%ProgramData%\App-V\{PkgGUID}\{newVerGUID}`. The upgrade operation is optimized by creating hard links to identical- and streamed-files from other versions of the same package.
+
+### Package removal
+
+The behavior of the App-V Client when packages are removed depends on the method used for removal. Using an App-V full infrastructure to unpublish the application, the user catalog files (machine catalog for globally published applications) are removed, but retains the package store location and COW locations. When the Windows PowerShell cmdlet `Remove-AppVClientPackge` is used to remove an App-V Package, the package store location is cleaned. Remember that unpublishing an App-V Package from the Management Server does not perform a Remove operation. Neither operation will remove the Package Store package files.
+
+## <a href="" id="bkmk-roaming-reg-data"></a>Roaming registry and data
+
+
+App-V is able to provide a near-native experience when roaming, depending on how the application being used is written. By default, App-V roams AppData that is stored in the roaming location, based on the roaming configuration of the operating system. Other locations for storage of file-based data do not roam from computer to computer, since they are in locations that are not roamed.
+
+### <a href="" id="bkmk-clt-inter-roam-reqs"></a>Roaming requirements and user catalog data storage
+
+App-V stores data, which represents the state of the user’s catalog, in the form of:
+
+-   Files under %appdata%\\Microsoft\\AppV\\Client\\Catalog
+
+-   Registry settings under `HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages`
+
+Together, these files and registry settings represent the user’s catalog, so either both must be roamed, or neither must be roamed for a given user. App-V does not support roaming %AppData%, but not roaming the user’s profile (registry), or vice versa.
+
+> [!NOTE]  
+> The **Repair-AppvClientPackage** cmdlet does not repair the publishing state of packages, where the user’s App-V state under `HKEY_CURRENT_USER` is missing or mismatched with the data in %appdata%.
+
+ 
+
+### Registry-based data
+
+App-V registry roaming falls into two scenarios, as shown in the following table.
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="75%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Scenario</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Applications that are run as standard users</p></td>
+<td align="left"><p>When a standard user launches an App-V application, both HKLM and HKCU for App-V applications are stored in the HKCU hive on the machine. This presents as two distinct paths:</p>
+<ul>
+<li><p>HKLM: HKCU\SOFTWARE\Classes\AppV\Client\Packages\\{PkgGUID}\REGISTRY\MACHINE\SOFTWARE</p></li>
+<li><p>HKCU: HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\REGISTRY\USER\\{UserSID}\SOFTWARE</p></li>
+</ul>
+<p>The locations are enabled for roaming based on the operating system settings.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Applications that are run with elevation</p></td>
+<td align="left"><p>When an application is launched with elevation:</p>
+<ul>
+<li><p>HKLM data is stored in the HKLM hive on the local computer</p></li>
+<li><p>HKCU data is stored in the User Registry location</p></li>
+</ul>
+<p>In this scenario, these settings are not roamed with normal operating system roaming configurations, and the resulting registry keys and values are stored in the following location:</p>
+<ul>
+<li><p>HKLM\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\{UserSID}\REGISTRY\MACHINE\SOFTWARE</p></li>
+<li><p>HKCU\SOFTWARE\Microsoft\AppV\Client\Packages\\{PkgGUID}\\Registry\User\\{UserSID}\SOFTWARE</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### App-V and folder redirection
+
+App-V supports folder redirection of the roaming AppData folder (%AppData%). When the virtual environment is started, the roaming AppData state from the user’s roaming AppData directory is copied to the local cache. Conversely, when the virtual environment is shut down, the local cache that is associated with a specific user’s roaming AppData is transferred to the actual location of that user’s roaming AppData directory.
+
+A typical package has several locations mapped in the user’s backing store for settings in both AppData\\Local and AppData\\Roaming. These locations are the Copy on Write locations that are stored per user in the user’s profile, and that are used to store changes made to the package VFS directories and to protect the default package VFS.
+
+The following table shows local and roaming locations, when folder redirection has not been implemented.
+
+| VFS directory in package | Mapped location of backing store |
+| - | - |
+| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\ProgramFilesX86 |
+| SystemX86 | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\SystemX86 |
+| Windows | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\Windows |
+| appv\_ROOT | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\appv_ROOT|
+| AppData | C:\Users\username\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\AppData |
+
+The following table shows local and roaming locations, when folder redirection has been implemented for %AppData%, and the location has been redirected (typically to a network location).
+
+| VFS directory in package | Mapped location of backing store |
+| - | - |
+| ProgramFilesX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\ProgramFilesX86 |
+| SystemX86 | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\SystemX86 |
+| Windows | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\Windows |
+| appv_ROOT | C:\Users\Local\AppData\Local\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\appv\_ROOT |
+| AppData | \\Fileserver\users\Local\roaming\Microsoft\AppV\Client\VFS\\&lt;GUID&gt;\AppData |
+ 
+
+The current App-V Client VFS driver cannot write to network locations, so the App-V Client detects the presence of folder redirection and copies the data on the local drive during publishing and when the virtual environment starts. After the user closes the App-V application and the App-V Client closes the virtual environment, the local storage of the VFS AppData is copied back to the network, enabling roaming to additional machines, where the process will be repeated. The detailed steps of the processes are:
+
+1.  During publishing or virtual environment startup, the App-V Client detects the location of the AppData directory.
+
+2.  If the roaming AppData path is local or ino AppData\\Roaming location is mapped, nothing happens.
+
+3.  If the roaming AppData path is not local, the VFS AppData directory is mapped to the local AppData directory.
+
+This process solves the problem of a non-local %AppData% that is not supported by the App-V Client VFS driver. However, the data stored in this new location is not roamed with folder redirection. All changes during the running of the application happen to the local AppData location and must be copied to the redirected location. The detailed steps of this process are:
+
+1.  App-V application is shut down, which shuts down the virtual environment.
+
+2.  The local cache of the roaming AppData location is compressed and stored in a ZIP file.
+
+3.  A timestamp at the end of the ZIP packaging process is used to name the file.
+
+4.  The timestamp is recorded in the registry: HKEY\_CURRENT\_USER\\Software\\Microsoft\\AppV\\Client\\Packages\\&lt;GUID&gt;\\AppDataTime as the last known AppData timestamp.
+
+5.  The folder redirection process is called to evaluate and initiate the ZIP file uploaded to the roaming AppData directory.
+
+The timestamp is used to determine a “last writer wins” scenario if there is a conflict and is used to optimize the download of the data when the App-V application is published or the virtual environment is started. Folder redirection will make the data available from any other clients covered by the supporting policy and will initiate the process of storing the AppData\\Roaming data to the local AppData location on the client. The detailed processes are:
+
+1.  The user starts the virtual environment by starting an application.
+
+2.  The application’s virtual environment checks for the most recent time stamped ZIP file, if present.
+
+3.  The registry is checked for the last known uploaded timestamp, if present.
+
+4.  The most recent ZIP file is downloaded unless the local last known upload timestamp is greater than or equal to the timestamp from the ZIP file.
+
+5.  If the local last known upload timestamp is earlier than that of the most recent ZIP file in the roaming AppData location, the ZIP file is extracted to the local temp directory in the user’s profile.
+
+6.  After the ZIP file is successfully extracted, the local cache of the roaming AppData directory is renamed and the new data is moved into place.
+
+7.  The renamed directory is deleted and the application opens with the most recently saved roaming AppData data.
+
+This completes the successful roaming of application settings that are present in AppData\\Roaming locations. The only other condition that must be addressed is a package repair operation. The details of the process are:
+
+1.  During repair, detect if the path to the user’s roaming AppData directory is not local.
+
+2.  Map the non-local roaming AppData path targets are recreated the expected roaming and local AppData locations.
+
+3.  Delete the timestamp stored in the registry, if present.
+
+This process will re-create both the local and network locations for AppData and remove the registry record of the timestamp.
+
+## App-V client application lifecycle management
+
+
+In an App-V Full Infrastructure, after applications are sequenced they are managed and published to users or computers via the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are performed as a series of Windows PowerShell commands initiated on the computer running the App-V Client.
+
+This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Configuration Manager 2012, see [Integrating Virtual Application Management with App-V 5 and Configuration Manager 2012 SP1](https://www.microsoft.com/en-us/download/details.aspx?id=38177).
+
+The App-V application lifecycle tasks are triggered at user login (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured (after the client is enabled) with Windows PowerShell commands. See [App-V Client Configuration Settings: Windows PowerShell](appv-client-configuration-settings.md#app-v-client-configuration-settings-windows-powershell).
+
+### Publishing refresh
+
+The publishing refresh process is comprised of several smaller operations that are performed on the App-V Client. Since App-V is an application virtualization technology and not a task scheduling technology, the Windows Task Scheduler is utilized to enable the process at user logon, machine startup, and at scheduled intervals. The configuration of the client during setup listed above is the preferred method when distributing the client to a large group of computers with the correct settings. These client settings can be configured with the following Windows PowerShell cmdlets:
+
+-   **Add-AppVPublishingServer:** Configures the client with an App-V Publishing Server that provides App-V packages.
+
+-   **Set-AppVPublishingServer:** Modifies the current settings for the App-V Publishing Server.
+
+-   **Set-AppVClientConfiguration:** Modifies the currents settings for the App-V Client.
+
+-   **Sync-AppVPublishingServer:** Initiates an App-V Publishing Refresh process manually. This is also utilized in the scheduled tasks created during configuration of the publishing server.
+
+The focus of the following sections is to detail the operations that occur during different phases of an App-V Publishing Refresh. The topics include:
+
+-   Adding an App-V Package
+
+-   Publishing an App-V Package
+
+### Adding an App-V package
+
+Adding an App-V package to the client is the first step of the publishing refresh process. The end result is the same as the `Add-AppVClientPackage` cmdlet in Windows PowerShell, except during the publishing refresh add process, the configured publishing server is contacted and passes a high-level list of applications back to the client to pull more detailed information and not a single package add operation. The process continues by configuring the client for package or connection group additions or updates, then accesses the appv file. Next, the contents of the appv file are expanded and placed on the local operating system in the appropriate locations. The following is a detailed workflow of the process, assuming the package is configured for Fault Streaming.
+
+**How to add an App-V package**
+
+1.  Manual initiation via Windows PowerShell or Task Sequence initiation of the Publishing Refresh process.
+
+    1.  The App-V Client makes an HTTP connection and requests a list of applications based on the target. The Publishing refresh process supports targeting machines or users.
+
+    2.  The App-V Publishing Server uses the identity of the initiating target, user or machine, and queries the database for a list of entitled applications. The list of applications is provided as an XML response, which the client uses to send additional requests to the server for more information on a per package basis.
+
+2.  The Publishing Agent on the App-V Client performs all actions below serialized.
+
+    Evaluate any connection groups that are unpublished or disabled, since package version updates that are part of the connection group cannot be processed.
+
+3.  Configure the packages by identifying an Add or Update operations.
+
+    1.  The App-V Client utilizes the AppX API from Windows and accesses the appv file from the publishing server.
+
+    2.  The package file is opened and the AppXManifest.xml and StreamMap.xml are downloaded to the Package Store.
+
+    3.  Completely stream publishing block data defined in the StreamMap.xml. Stores the publishing block data in the Package Store\\PkgGUID\\VerGUID\\Root.
+
+        -   Icons: Targets of extension points.
+
+        -   Portable Executable Headers (PE Headers): Targets of extension points that contain the base information about the image need on disk, directly accessed or via file types.
+
+        -   Scripts: Download scripts directory for use throughout the publishing process.
+
+    4.  Populate the Package store:
+
+        1.  Create sparse files on disk that represent the extracted package for any directories listed.
+
+        2.  Stage top level files and directories under root.
+
+        3.  All other files are created when the directory is listed as sparse on disk and streamed on demand.
+
+    5.  Create the machine catalog entries. Create the Manifest.xml and DeploymentConfiguration.xml from the package files (if no DeploymentConfiguration.xml file in the package a placeholder is created).
+
+    6.  Create location of the package store in the registry HKLM\\Software\\Microsoft\\AppV\\Client\\Packages\\PkgGUID\\Versions\\VerGUID\\Catalog
+
+    7.  Create the Registry.dat file from the package store to %ProgramData%\\Microsoft\\AppV\\Client\\VReg\\{VersionGUID}.dat
+
+    8.  Register the package with the App-V Kernal Mode Driver HKLM\\Microsoft\\Software\\AppV\\MAV
+
+    9.  Invoke scripting from the AppxManifest.xml or DeploymentConfig.xml file for Package Add timing.
+
+4.  Configure Connection Groups by adding and enabling or disabling.
+
+5.  Remove objects that are not published to the target (user or machine).
+
+    > [!NOTE]  
+    > This will not perform a package deletion but rather remove integration points for the specific target (user or machine) and remove user catalog files (machine catalog files for globally published).
+
+     
+
+6.  Invoke background load mounting based on client configuration.
+
+7.  Packages that already have publishing information for the machine or user are immediately restored.
+
+    > [!NOTE]    
+    > This condition occurs as a product of removal without unpublishing with background addition of the package.
+
+     
+
+This completes an App-V package add of the publishing refresh process. The next step is publishing the package to the specific target (machine or user).
+
+![package add file and registry data](images/packageaddfileandregistrydata.png)
+
+### Publishing an App-V package
+
+During the Publishing Refresh operation, the specific publishing operation (Publish-AppVClientPackage) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps. The following are the detailed steps.
+
+**How to publish and App-V package**
+
+1.  Package entries are added to the user catalog
+
+    1.  User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the User Catalog
+
+    2.  Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the Machine Catalog
+
+2.  Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV
+
+3.  Perform integration tasks.
+
+    1.  Create extension points.
+
+    2.  Store backup information in the user’s registry and roaming profile (Shortcut Backups).
+
+        **Note**  
+        This enables restore extension points if the package is unpublished.
+
+         
+
+    3.  Run scripts targeted for publishing timing.
+
+Publishing an App-V Package that is part of a Connection Group is very similar to the above process. For connection groups, the path that stores the specific catalog information includes PackageGroups as a child of the Catalog Directory. Review the machine and users catalog information above for details.
+
+![package add file and registry data - global](images/packageaddfileandregistrydata-global.png)
+
+### Application launch
+
+After the Publishing Refresh process, the user launches and subsequently re-launches an App-V application. The process is very simple and optimized to launch quickly with a minimum of network traffic. The App-V Client checks the path to the user catalog for files created during publishing. After rights to launch the package are established, the App-V Client creates a virtual environment, begins streaming any necessary data, and applies the appropriate manifest and deployment configuration files during virtual environment creation. With the virtual environment created and configured for the specific package and application, the application starts.
+
+**How to launch App-V applications**
+
+1.  User launches the application by clicking on a shortcut or file type invocation.
+
+2.  The App-V Client verifies existence in the User Catalog for the following files
+
+    -   UserDeploymentConfiguration.xml
+
+    -   UserManifest.xml
+
+3.  If the files are present, the application is entitled for that specific user and the application will start the process for launch. There is no network traffic at this point.
+
+4.  Next, the App-V Client checks that the path for the package registered for the App-V Client service is found in the registry.
+
+5.  Upon finding the path to the package store, the virtual environment is created. If this is the first launch, the Primary Feature Block downloads if present.
+
+6.  After downloading, the App-V Client service consumes the manifest and deployment configuration files to configure the virtual environment and all App-V subsystems are loaded.
+
+7.  The Application launches. For any missing files in the package store (sparse files), App-V will stream fault the files on an as needed basis.
+
+    ![package add file and registry data - stream](images/packageaddfileandregistrydata-stream.png)
+
+### Upgrading an App-V package
+
+The App-V package upgrade process differs from the older versions of App-V. App-V supports multiple versions of the same package on a machine entitled to different users. Package versions can be added at any time as the package store and catalogs are updated with the new resources. The only process specific to the addition of new version resources is storage optimization. During an upgrade, only the new files are added to the new version store location and hard links are created for unchanged files. This reduces the overall storage by only presenting the file on one disk location and then projecting it into all folders with a file location entry on the disk. The specific details of upgrading an App-V Package are as follows:
+
+**How to upgrade an App-V package**
+
+1.  The App-V Client performs a Publishing Refresh and discovers a newer version of an App-V Package.
+
+2.  Package entries are added to the appropriate catalog for the new version
+
+    1.  User targeted packages: the UserDeploymentConfiguration.xml and UserManifest.xml are placed on the machine in the user catalog at appdata\\roaming\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID
+
+    2.  Machine targeted (global) packages: the UserDeploymentConfiguration.xml is placed in the machine catalog at %programdata%\\Microsoft\\AppV\\Client\\Catalog\\Packages\\PkgGUID\\VerGUID
+
+3.  Register the package with the kernel mode driver for the user at HKLM\\Software\\Microsoft\\AppV\\MAV
+
+4.  Perform integration tasks.
+
+    1. Integrate extensions points (EP) from the Manifest and Dynamic Configuration files.
+
+    2.  File based EP data is stored in the AppData folder utilizing Junction Points from the package store.
+
+    3.  Version 1 EPs already exist when a new version becomes available.
+
+    4.  The extension points are switched to the Version 2 location in machine or user catalogs for any newer or updated extension points.
+
+5.  Run scripts targeted for publishing timing.
+
+6.  Install Side by Side assemblies as required.
+
+### Upgrading an in-use App-V package
+
+If you try to upgrade a package that is in use by an end user, the upgrade task is placed in a pending state. The upgrade will run later, according to the following rules:
+
+| Task type | Applicable rule |
+| - | - |
+| User-based task, e.g., publishing a package to a user | The pending task will be performed after the user logs off and then logs back on. |
+| Globally based task, e.g., enabling a connection group globally | The pending task will be performed when the computer is shut down and then restarted. |
+
+When a task is placed in a pending state, the App-V client also generates a registry key for the pending task, as follows:
+
+| User-based or globally based task | Where the registry key is generated |
+| - | - |
+| User-based tasks | HKEY\_CURRENT\_USER\Software\Microsoft\AppV\Client\PendingTasks |
+| Globally based tasks | HKEY\_LOCAL\_MACHINE\Software\Microsoft\AppV\Client\PendingTasks |
+
+The following operations must be completed before users can use the newer version of the package:
+
+| Task | Details |
+| - | - |
+| Add the package to the computer | This task is computer specific and you can perform it at any time by completing the steps in the Package Add section above. |
+| Publish the package |  See the Package Publishing section above for steps. This process requires that you update extension points on the system. End users cannot be using the application when you complete this task. |
+
+Use the following example scenarios as a guide for updating packages.
+
+| Scenario | Requirements |
+| - | - |
+| App-V package is not in use when you try to upgrade | None of the following components of the package can be in use: virtual application, COM server, or shell extensions.<br/><br/>The administrator publishes a newer version of the package and the upgrade works the next time a component or application inside the package is launched. The new version of the package is streamed and ran. |
+| App-V package is in use when the administrator publishes a newer version of the package | The upgrade operation is set to pending by the App-V Client, which means that it is queued and carried out later when the package is not in use.<br/><br/>If the package application is in use, the user shuts down the virtual application, after which the upgrade can occur.<br/><br/>If the package has shell extensions, which are permanently loaded by Windows Explorer, the user cannot be logged in. Users must log off and the log back in to initiate the App-V package upgrade.|
+
+ 
+### Global vs user publishing
+
+App-V Packages can be published in one of two ways; User which entitles an App-V package to a specific user or group of users and Global which entitles the App-V package to the entire machine for all users of the machine. Once a package upgrade has been pended and the App-V package is not in use, consider the two types of publishing:
+
+-   **Globally published**: the application is published to a machine; all users on that machine can use it. The upgrade will happen when the App-V Client Service starts, which effectively means a machine restart.
+
+-   **User published**: the application is published to a user. If there are multiple users on the machine, the application can be published to a subset of the users. The upgrade will happen when the user logs in or when it is published again (periodically, ConfigMgr Policy refresh and evaluation, or an App-V periodic publishing/refresh, or explicitly via Windows PowerShell commands).
+
+### Removing an App-V package
+
+Removing App-V applications in a Full Infrastructure is an unpublish operation, and does not perform a package removal. The process is the same as the publish process above, but instead of adding the removal process reverses the changes that have been made for App-V Packages.
+
+### Repairing an App-V package
+
+The repair operation is very simple but may affect many locations on the machine. The previously mentioned Copy on Write (COW) locations are removed, and extension points are de-integrated and then re-integrated. Please review the COW data placement locations by reviewing where they are registered in the registry. This operation is done automatically and there is no administrative control other than initiating a Repair operation from the App-V Client Console or via Windows PowerShell (Repair-AppVClientPackage).
+
+## Integration of App-V packages
+
+
+The App-V Client and package architecture provides specific integration with the local operating system during the addition and publishing of packages. Three files define the integration or extension points for an App-V Package:
+
+-   AppXManifest.xml: Stored inside of the package with fallback copies stored in the package store and the user profile. Contains the options created during the sequencing process.
+
+-   DeploymentConfig.xml: Provides configuration information of computer and user based integration extension points.
+
+-   UserConfig.xml: A subset of the Deploymentconfig.xml that only provides user- based configurations and only targets user-based extension points.
+
+### Rules of integration
+
+When App-V applications are published to a computer with the App-V Client, some specific actions take place as described in the list below:
+
+-   Global Publishing: Shortcuts are stored in the All Users profile location and other extension points are stored in the registry in the HKLM hive.
+
+-   User Publishing: Shortcuts are stored in the current user account profile and other extension points are stored in the registry in the HKCU hive.
+
+-   Backup and Restore: Existing native application data and registry (such as FTA registrations) are backed up during publishing.
+
+    1.  App-V packages are given ownership based on the last integrated package where the ownership is passed to the newest published App-V application.
+
+    2.  Ownership transfers from one App-V package to another when the owning App-V package is unpublished. This will not initiate a restore of the data or registry.
+
+    3.  Restore the backed up data when the last package is unpublished or removed on a per extension point basis.
+
+### Extension points
+
+The App-V publishing files (manifest and dynamic configuration) provide several extension points that enable the application to integrate with the local operating system. These extension points perform typical application installation tasks, such as placing shortcuts, creating file type associations, and registering components. As these are virtualized applications that are not installed in the same manner a traditional application, there are some differences. The following is a list of extension points covered in this section:
+
+-   Shortcuts
+
+-   File Type Associations
+
+-   Shell Extensions
+
+-   COM
+
+-   Software Clients
+
+-   Application capabilities
+
+-   URL Protocol Handler
+
+-   AppPath
+
+-   Virtual Application
+
+### Shortcuts
+
+The short cut is one of the basic elements of integration with the OS and is the interface for direct user launch of an App-V application. During the publishing and unpublishing of App-V applications.
+
+From the package manifest and dynamic configuration XML files, the path to a specific application executable can be found in a section similar to the following:
+
+``` syntax
+<Extension Category="AppV.Shortcut">
+          <Shortcut>
+            <File>[{Common Desktop}]\Adobe Reader.lnk</File>
+            <Target>[{AppVPackageRoot}]\Reader\AcroRd32.exe</Target>
+            <Icon>[{Windows}]\Installer\{AC76BA86-7AD7-1033-7B44-A94000000001}\SC_Reader.ico</Icon>
+            <Arguments />
+            <WorkingDirectory />
+            <ShowCommand>1</ShowCommand>
+            <ApplicationId>[{AppVPackageRoot}]\Reader\AcroRd32.exe</ApplicationId>
+          </Shortcut>
+        </Extension>
+```
+
+As mentioned previously, the App-V shortcuts are placed by default in the user’s profile based on the refresh operation. Global refresh places shortcuts in the All Users profile and user refresh stores them in the specific user’s profile. The actual executable is stored in the Package Store. The location of the ICO file is a tokenized location in the App-V package.
+
+### File type associations
+
+The App-V Client manages the local operating system File Type Associations during publishing, which enables users to use file type invocations or to open a file with a specifically registered extension (.docx) to start an App-V application. File type associations are present in the manifest and dynamic configuration files as represented in the example below:
+
+``` syntax
+<Extension Category="AppV.FileTypeAssociation">
+          <FileTypeAssociation>
+            <FileExtension MimeAssociation="true">
+              <Name>.xdp</Name>
+              <ProgId>AcroExch.XDPDoc</ProgId>
+              <ContentType>application/vnd.adobe.xdp+xml</ContentType>
+            </FileExtension>
+            <ProgId>
+              <Name>AcroExch.XDPDoc</Name>
+              <Description>Adobe Acrobat XML Data Package File</Description>
+              <EditFlags>65536</EditFlags>
+              <DefaultIcon>[{Windows}]\Installer\{AC76BA86-7AD7-1033-7B44-A94000000001}\XDPFile_8.ico</DefaultIcon>
+              <ShellCommands>
+                <DefaultCommand>Read</DefaultCommand>
+                <ShellCommand>
+                  <ApplicationId>[{AppVPackageRoot}]\Reader\AcroRd32.exe</ApplicationId>
+                  <Name>Open</Name>
+                  <CommandLine>"[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1"</CommandLine>
+                </ShellCommand>
+                <ShellCommand>
+                  <ApplicationId>[{AppVPackageRoot}]\Reader\AcroRd32.exe</ApplicationId>
+                  <Name>Printto</Name>
+                  <CommandLine>"[{AppVPackageRoot}]\Reader\AcroRd32.exe"  /t "%1" "%2" "%3" "%4"</CommandLine>
+                </ShellCommand>
+                <ShellCommand>
+                  <ApplicationId>[{AppVPackageRoot}]\Reader\AcroRd32.exe</ApplicationId>
+                  <Name>Read</Name>
+                  <FriendlyName>Open with Adobe Reader</FriendlyName>
+                  <CommandLine>"[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1"</CommandLine>
+                </ShellCommand>
+              </ShellCommands>
+            </ProgId>
+          </FileTypeAssociation>
+        </Extension>
+```
+
+**Note**  
+In this example:
+
+-   `<Name>.xdp</Name>` is the extension
+
+-   `<Name>AcroExch.XDPDoc</Name>` is the ProgId value (which points to the adjoining ProgId)
+
+-   `<CommandLine>"[{AppVPackageRoot}]\Reader\AcroRd32.exe" "%1"</CommandLine>` is the command line, which points to the application executable
+
+ 
+
+### Shell extensions
+
+Shell extensions are embedded in the package automatically during the sequencing process. When the package is published globally, the shell extension gives users the same functionality as if the application were locally installed. The application requires no additional setup or configuration on the client to enable the shell extension functionality.
+
+**Requirements for using shell extensions:**
+
+-   Packages that contain embedded shell extensions must be published globally.
+
+-   The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example:
+
+    -   The version of the application is 64-bit.
+
+    -   The Sequencer is running on a 64-bit computer.
+
+    -   The package is being delivered to a 64-bit App-V client computer.
+
+The following table displays the supported shell extensions.
+
+| Handler | Description |
+| - | - |
+| Context menu handler | Adds menu items to the context menu. It is called before the context menu is displayed. |
+| Drag-and-drop handler | Controls the action upon right-click drag-and-drop and modifies the context menu that appears. |
+| Drop target handler | Controls the action after a data object is dragged-and-dropped over a drop target such as a file.|
+| Data object handler| Controls the action after a file is copied to the clipboard or dragged-and-dropped over a drop target. It can provide additional clipboard formats to the drop target.|
+| Property sheet handler| Replaces or adds pages to the property sheet dialog box of an object.|
+| Infotip handler| Allows retrieving flags and infotip information for an item and displaying it inside a popup tooltip upon mouse- hover.|
+| Column handler| Allows creating and displaying custom columns in Windows Explorer *Details view*. It can be used to extend sorting and grouping.|
+| Preview handler| Enables a preview of a file to be displayed in the Windows Explorer Preview Pane.|
+
+ 
+
+### COM
+
+The App-V Client supports publishing applications with support for COM integration and virtualization. COM integration allows the App-V Client to register COM objects on the local operating system and virtualization of the objects. For the purposes of this document, the integration of COM objects requires additional detail.
+
+App-V supports registering COM objects from the package to the local operating system with two process types: Out-of-process and in-process. Registering COM objects is accomplished with one or a combination of multiple modes of operation for a specific App-V package that includes off, Isolated, and Integrated. The integrated mode is configured for either the out-of-process or in-process type. Configuration of COM modes and types is accomplished with dynamic configuration files (deploymentconfig.xml or userconfig.xml).
+
+For details on App-V integration, see [Microsoft Application Virtualization 5.0 Integration](https://blogs.technet.microsoft.com/appv/2013/01/03/microsoft-application-virtualization-5-0-integration).
+
+### Software clients and application capabilities
+
+App-V supports specific software clients and application capabilities extension points that enable virtualized applications to be registered with the software client of the operating system. This enables users to select default programs for operations like email, instant messaging, and media player. This operation is performed in the control panel with the Set Program Access and Computer Defaults, and configured during sequencing in the manifest or dynamic configuration files. Application capabilities are only supported when the App-V applications are published globally.
+
+Example of software client registration of an App-V based mail client.
+
+``` syntax
+    <SoftwareClients Enabled="true">
+      <ClientConfiguration EmailEnabled="true" />
+      <Extensions>
+        <Extension Category="AppV.SoftwareClient">
+          <SoftwareClients>
+            <EMail MakeDefault="true">
+              <Name>Mozilla Thunderbird</Name>
+              <Description>Mozilla Thunderbird</Description>
+              <DefaultIcon>[{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe,0</DefaultIcon>
+              <InstallationInformation>
+                <RegistrationCommands>
+                  <Reinstall>"[{ProgramFilesX86}]\Mozilla Thunderbird\uninstall\helper.exe" /SetAsDefaultAppGlobal</Reinstall>
+                  <HideIcons>"[{ProgramFilesX86}]\Mozilla Thunderbird\uninstall\helper.exe" /HideShortcuts</HideIcons>
+                  <ShowIcons>"[{ProgramFilesX86}]\Mozilla Thunderbird\uninstall\helper.exe" /ShowShortcuts</ShowIcons>
+                </RegistrationCommands>
+                <IconsVisible>1</IconsVisible>
+                <OEMSettings />
+              </InstallationInformation>
+              <ShellCommands>
+                <ApplicationId>[{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe</ApplicationId>
+                <Open>"[{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe" -mail</Open>
+              </ShellCommands>
+              <MAPILibrary>[{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll</MAPILibrary>
+              <MailToProtocol>
+                <Description>Thunderbird URL</Description>
+                <EditFlags>2</EditFlags>
+                <DefaultIcon>[{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe,0</DefaultIcon>
+                <ShellCommands>
+                  <ApplicationId>[{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe</ApplicationId>
+                  <Open>"[{ProgramFilesX86}]\Mozilla Thunderbird\thunderbird.exe" -osint -compose "%1"</Open>
+                </ShellCommands>
+              </MailToProtocol>
+            </EMail>
+          </SoftwareClients>
+        </Extension>
+      </Extensions>
+    </SoftwareClients>
+```
+
+**Note**  
+In this example:
+
+-   `<ClientConfiguration EmailEnabled="true" />` is the overall Software Clients setting to integrate Email clients
+
+-   `<EMail MakeDefault="true">` is the flag to set a particular Email client as the default Email client
+
+-   `<MAPILibrary>[{ProgramFilesX86}]\Mozilla Thunderbird\mozMapi32_InUse.dll</MAPILibrary>` is the MAPI dll registration
+
+ 
+
+### URL Protocol handler
+
+Applications do not always specifically called virtualized applications utilizing file type invocation. For, example, in an application that supports embedding a mailto: link inside a document or web page, the user clicks on a mailto: link and expects to get their registered mail client. App-V supports URL Protocol handlers that can be registered on a per-package basis with the local operating system. During sequencing, the URL protocol handlers are automatically added to the package.
+
+For situations where there is more than one application that could register the specific URL Protocol handler, the dynamic configuration files can be utilized to modify the behavior and suppress or disable this feature for an application that should not be the primary application launched.
+
+### AppPath
+
+The AppPath extension point supports calling App-V applications directly from the operating system. This is typically accomplished from the Run or Start Screen, depending on the operating system, which enables administrators to provide access to App-V applications from operating system commands or scripts without calling the specific path to the executable. It therefore avoids modifying the system path environment variable on all systems, as it is accomplished during publishing.
+
+The AppPath extension point is configured either in the manifest or in the dynamic configuration files and is stored in the registry on the local machine during publishing for the user. For additional information on AppPath review: [App Paths - A Virtual Application Extension in App-V 5.0](https://blogs.technet.microsoft.com/virtualworld/2012/12/12/app-paths-a-virtual-application-extension-in-app-v-5-0/).
+
+### Virtual application
+
+This subsystem provides a list of applications captured during sequencing which is usually consumed by other App-V components. Integration of extension points belonging to a particular application can be disabled using dynamic configuration files. For example, if a package contains two applications, it is possible to disable all extension points belonging to one application, in order to allow only integration of extension points of other application.
+
+### Extension point rules
+
+The extension points described above are integrated into the operating system based on how the packages has been published. Global publishing places extension points in public machine locations, where user publishing places extension points in user locations. For example a shortcut that is created on the desktop and published globally will result in the file data for the shortcut (%Public%\\Desktop) and the registry data (HKLM\\Software\\Classes). The same shortcut would have file data (%UserProfile%\\Desktop) and registry data (HKCU\\Software\\Classes).
+
+Extension points are not all published the same way, where some extension points will require global publishing and others require sequencing on the specific operating system and architecture where they are delivered. Below is a table that describes these two key rules.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Virtual Extension</th>
+<th align="left">Requires target OS Sequencing</th>
+<th align="left">Requires Global Publishing</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Shortcut</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>File Type Association</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>URL Protocols</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>AppPaths</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>COM Mode</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Software Client</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Application Capabilities</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Context Menu Handler</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Drag-and-drop Handler</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Data Object Handler</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Property Sheet Handler</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Infotip Handler</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Column Handler</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Shell Extensions</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Browser Helper Object</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Active X Object</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## <a href="" id="bkmk-dynamic-config"></a>Dynamic configuration processing
+
+
+Deploying App-V packages to one machine or user is very simple. However, as organizations deploy AppV applications across business lines and geographic and political boundaries, the ability to sequence an application one time with one set of settings becomes impossible. App-V was designed for this scenario, as it captures specific settings and configurations during sequencing in the Manifest file, but also supports modification with Dynamic Configuration files.
+
+App-V dynamic configuration allows for specifying a policy for a package either at the machine level or at the user level. The Dynamic Configuration files enable sequencing engineers to modify the configuration of a package, post-sequencing, to address the needs of individual groups of users or machines. In some instances it may be necessary to make modifications to the application to provide proper functionality within the App-V environment. For example, it may be necessary to make modifications to the \_\*config.xml files to allow certain actions to be performed at a specified time during the execution of the application, like disabling a mailto extension to prevent a virtualized application from overwriting that extension from another application.
+
+App-V Packages contain the Manifest file inside of the appv package file, which is representative of sequencing operations and is the policy of choice unless Dynamic Configuration files are assigned to a specific package. Post-sequencing, the Dynamic Configuration files can be modified to allow the publishing of an application to different desktops or users with different extension points. The two Dynamic Configuration Files are the Dynamic Deployment Configuration (DDC) and Dynamic User Configuration (DUC) files. This section focuses on the combination of the manifest and dynamic configuration files.
+
+### Example for dynamic configuration files
+
+The example below shows the combination of the Manifest, Deployment Configuration and User Configuration files after publishing and during normal operation. These examples are abbreviated examples of each of the files. The purpose is show the combination of the files only and not to be a complete description of the specific categories available in each of the files. For more information, download the [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760).
+
+**Manifest**
+
+``` syntax
+<appv:Extension Category="AppV.Shortcut">
+     <appv:Shortcut>
+          <appv:File>[{Common Programs}]\7-Zip\7-Zip File Manager.lnk</appv:File>
+          <appv:Target>[{AppVPackageRoot}]\7zFM.exe</appv:Target>
+          <appv:Icon>[{AppVPackageRoot}]\7zFM exe.O.ico</appv:Icon>
+     </appv:Shortcut>
+</appv:Extension>
+```
+
+**Deployment Configuration**
+
+``` syntax
+<MachineConfiguration>
+     <Subsystems>
+          <Registry>
+               <Include>
+                    <Key Path= "\REGISTRY\Machine\Software\7zip">
+                    <Value Type="REG_SZ" Name="Config" Data="1234"/>
+                    </Key>
+               </Include>
+          </Registry>
+     </Subsystems>
+```
+
+**User Configuration**
+
+``` syntax
+<UserConfiguration>
+     <Subsystems>
+<appv:ExtensionCategory="AppV.Shortcut">
+     <appv:Shortcut>
+          <appv:File>[{Desktop}]\7-Zip\7-Zip File Manager.lnk</appv:File>
+          <appv:Target>[{AppVPackageRoot}]\7zFM.exe</appv:Target>
+          <appv:Icon>[{AppVPackageRoot}]\7zFM exe.O.ico</appv:Icon>
+     </appv:Shortcut>
+</appv:Extension>
+     </Subsystems>
+<UserConfiguration>
+     <Subsystems>
+<appv:Extension Category="AppV.Shortcut">
+     <appv:Shortcut>
+          <appv:Fìle>[{Desktop}]\7-Zip\7-Zip File Manager.lnk</appv:File>
+          <appv:Target>[{AppVPackageRoot}]\7zFM.exe</appv:Target>
+          <appv:lcon>[{AppVPackageRoot}]\7zFM.exe.O.ico</appv:Icon>
+     </appv:Shortcut>
+     <appv:Shortcut>
+          <appv:File>[{Common Programs}]\7-Zip\7-Zip File Manager.Ink</appv:File>
+          <appv:Target>[{AppVPackageRoot}]\7zFM.exe</appv:Target>
+          <appv:lcon>[{AppVPackageRoot)]\7zFM.exe.O.ico</appv: Icon>
+     </appv:Shortcut>
+</appv:Extension>
+     </Subsystems>
+<MachineConfiguration>
+     <Subsystems>
+          <Registry>
+               <Include>
+                    <Key Path="\REGISTRY\Machine\Software\7zip">
+                    <Value Type=”REG_SZ" Name="Config" Data="1234"/>
+               </Include>
+          </Registry>
+     </Subsystems>
+```
+
+## Side-by-side assemblies
+
+
+App-V supports the automatic packaging of side-by-side (SxS) assemblies during sequencing and deployment on the client during virtual application publishing. App-V supports capturing SxS assemblies during sequencing for assemblies not present on the sequencing machine. And for assemblies consisting of Visual C++ (Version 8 and newer) and/or MSXML run-time, the Sequencer will automatically detect and capture these dependencies even if they were not installed during monitoring. The Side by Side assemblies feature removes the limitations of previous versions of App-V, where the App-V Sequencer did not capture assemblies already present on the sequencing workstation, and privatizing the assemblies which limited to one bit version per package. This behavior resulted in deployed App-V applications to clients missing the required SxS assemblies, causing application launch failures. This forced the packaging process to document and then ensure that all assemblies required for packages were locally installed on the user’s client operating system to ensure support for the virtual applications. Based on the number of assemblies and the lack of application documentation for the required dependencies, this task was both a management and implementation challenge.
+
+Side by Side Assembly support in App-V has the following features.
+
+-   Automatic captures of SxS assembly during Sequencing, regardless of whether the assembly was already installed on the sequencing workstation.
+
+-   The App-V Client automatically installs required SxS assemblies to the client computer at publishing time when they are not present.
+
+-   The Sequencer reports the VC run-time dependency in Sequencer reporting mechanism.
+
+-   The Sequencer allows opting to not package the assemblies that are already installed on the Sequencer, supporting scenarios where the assemblies have previously been installed on the target computers.
+
+### Automatic publishing of SxS assemblies
+
+During publishing of an App-V package with SxS assemblies the App-V Client will check for the presence of the assembly on the machine. If the assembly does not exist, the client will deploy the assembly to the machine. Packages that are part of connection groups will rely on the Side by Side assembly installations that are part of the base packages, as the connection group does not contain any information about assembly installation.
+
+> [!NOTE]  
+> Unpublishing or removing a package with an assembly does not remove the assemblies for that package.
+
+ 
+
+## Client logging
+
+
+The App-V client logs information to the Windows Event log in standard ETW format. The specific App-V events can be found in the event viewer, under Applications and Services Logs\\Microsoft\\AppV\\Client.
+
+There are three specific categories of events recorded described below.
+
+**Admin**: Logs events for configurations being applied to the App-V Client, and contains the primary warnings and errors.
+
+**Operational**: Logs the general App-V execution and usage of individual components creating an audit log of the App-V operations that have been completed on the App-V Client.
+
+**Virtual Application**: Logs virtual application launches and use of virtualization subsystems.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-apply-the-deployment-configuration-file-with-powershell.md b/windows/manage/appv-apply-the-deployment-configuration-file-with-powershell.md
new file mode 100644
index 0000000000..c12c85996f
--- /dev/null
+++ b/windows/manage/appv-apply-the-deployment-configuration-file-with-powershell.md
@@ -0,0 +1,41 @@
+---
+title: How to Apply the Deployment Configuration File by Using Windows PowerShell (Windows 10)
+description: How to Apply the Deployment Configuration File by Using Windows PowerShell
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Apply the Deployment Configuration File by Using Windows PowerShell
+
+**Applies to**
+-   Windows 10, version 1607
+
+The dynamic deployment configuration file is applied when a package is added or set to a computer running the App-V client before the package has been published. The file configures the default settings for package for all users on the computer running the App-V client. This section describes the steps used to use a deployment configuration file. The procedure is based on the following example and assumes the following package and configuration files exist on a computer:
+
+**c:\\Packages\\Contoso\\MyApp.appv**
+
+**c:\\Packages\\Contoso\\DynamicConfigurations\\deploymentconfig.xml**
+
+**To Apply the Deployment Configuration File Using Windows PowerShell**
+
+-   To specify a new default set of configurations for all users who will run the package on a specific computer, in a Windows PowerShell console, type the following:
+
+    `Add-AppVClientPackage -Path c:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration c:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml`
+
+    **Note**<br>
+    This command captures the resulting object into $pkg. If the package is already present on the computer, the **Set-AppVclientPackage** cmdlet can be used to apply the deployment configuration document:
+
+    `Set-AppVClientPackage -Name Myapp -Path c:\Packages\Contoso\MyApp.appv -DynamicDeploymentConfiguration c:\Packages\Contoso\DynamicConfigurations\deploymentconfig.xml`
+
+     
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-apply-the-user-configuration-file-with-powershell.md b/windows/manage/appv-apply-the-user-configuration-file-with-powershell.md
new file mode 100644
index 0000000000..7874045e20
--- /dev/null
+++ b/windows/manage/appv-apply-the-user-configuration-file-with-powershell.md
@@ -0,0 +1,40 @@
+---
+title: How to Apply the User Configuration File by Using Windows PowerShell (Windows 10)
+description: How to Apply the User Configuration File by Using Windows PowerShell
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Apply the User Configuration File by Using Windows PowerShell
+
+**Applies to**
+-   Windows 10, version 1607
+
+The dynamic user configuration file is applied when a package is published to a specific user and determines how the package will run.
+
+Use the following procedure to specify a user-specific configuration file. The following procedure is based on the example:
+
+**c:\\Packages\\Contoso\\MyApp.appv**
+
+**To apply a user Configuration file**
+
+1.  To add the package to the computer using the Windows PowerShell console, type the following command:
+
+    `Add-AppVClientPackage c:\Packages\Contoso\MyApp.appv`
+
+2.  Use the following command to publish the package to the user and specify the updated the dynamic user configuration file:
+
+    `Publish-AppVClientPackage $pkg -DynamicUserConfigurationPath c:\Packages\Contoso\config.xml`
+
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-capacity-planning.md b/windows/manage/appv-capacity-planning.md
new file mode 100644
index 0000000000..bf7e512509
--- /dev/null
+++ b/windows/manage/appv-capacity-planning.md
@@ -0,0 +1,952 @@
+---
+title: App-V Capacity Planning (Windows 10)
+description: App-V Capacity Planning
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# App-V Capacity Planning
+
+**Applies to**
+-   Windows Server 2016
+
+The following recommendations can be used as a baseline to help determine capacity planning information that is appropriate to your organization’s App-V infrastructure.
+
+>**Important**  
+Use the information in this section only as a general guide for planning your App-V deployment. Your system capacity requirements will depend on the specific details of your hardware and application environment. Additionally, the performance numbers displayed in this document are examples and your results may vary.
+
+ 
+
+## Determine the Project Scope
+
+
+Before you design the App-V infrastructure, determine the project’s scope. The scope consists of determining which applications will be available virtually and to also identify the target users, and their locations. This information will help determine what type of App-V infrastructure should be implemented. Decisions about the scope of the project must be based on the specific needs of your organization.
+
+<table>
+<colgroup>
+<col width="30%" />
+<col width="70%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task</th>
+<th align="left">More Information</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Determine Application Scope</p></td>
+<td align="left"><p>Depending on the applications to be virtualized, the App-V infrastructure can be set up in different ways. The first task is to define what applications you want to virtualize.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Determine Location Scope</p></td>
+<td align="left"><p>Location scope refers to the physical locations (for example, enterprise-wide or a specific geographic location) where you plan to run the virtualized applications. It can also refer to the user population (for example, a single department) who will run the virtual applications. You should obtain a network map that includes the connection paths as well as available bandwidth to each location and the number of users using virtualized applications and the WAN link speed.</p></td>
+</tr>
+</tbody>
+</table>
+
+## Determine Which App-V Infrastructure is Required
+
+You can also manage your App-V environment using an Electronic Software Distribution (ESD) solution such as Microsoft Systems Center Configuration Manager. For more information see [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
+
+-   **Standalone Model** - The standalone model allows virtual applications to be Windows Installer-enabled for distribution without streaming. App-V in Standalone Mode consists of the sequencer and the client; no additional components are required. Applications are prepared for virtualization using a process called sequencing. For more information see, [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md). The stand-alone model is recommended for the following scenarios:
+
+    -   With disconnected remote users who cannot connect to the App-V infrastructure.
+
+    -   When you are running a software management system, such as System Center 2012 Configuration Manager.
+
+    -   When network bandwidth limitations inhibit electronic software distribution.
+
+-   **Full Infrastructure Model** - The full infrastructure model provides for software distribution, management, and reporting capabilities; it also includes the streaming of applications across the network. The App-V Full Infrastructure Model consists of one or more App-V management servers. The Management Server can be used to publish applications to all clients. The publishing process places the virtual application icons and shortcuts on the target computer. It can also stream applications to local users. For more information about installing the management server see, [Planning for App-V Server Deployment](appv-planning-for-appv-server-deployment.md). The full infrastructure model is recommended for the following scenarios:
+
+    >**Important**  
+    The App-V full infrastructure model requires Microsoft SQL Server to store configuration data. For more information see [App-V Supported Configurations](appv-supported-configurations.md).
+
+     
+
+    -   When you want to use the Management Server to publish the application to target computers.
+
+    -   For rapid provisioning of applications to target computers.
+
+    -   When you want to use App-V reporting.
+
+## End-to-end Server Sizing Guidance
+
+
+The following section provides information about end-to-end App-V sizing and planning. For more specific information, refer to the subsequent sections.
+
+**Note**  
+Round trip response time on the client is the time taken by the computer running the App-V client to receive a successful notification from the publishing server. Round trip response time on the publishing server is the time taken by the computer running the publishing server to receive a successful package metadata update from the management server.
+
+ 
+
+-   20,000 clients can target a single publishing server to obtain the package refreshes in an acceptable round trip time. (&lt;3 seconds)
+
+-   A single management server can support up to 50 publishing servers for package metadata refreshes in an acceptable round trip time. (&lt;5 seconds)
+
+## <a href="" id="---------app-v-5-1-management-server-capacity-planning-recommendations"></a> App-V Management Server Capacity Planning Recommendations
+
+
+The App-V publishing servers require the management server for package refresh requests and package refresh responses. The management server then sends the information to the management database to retrieve information. For more information about App-V management server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md).
+
+**Note**  
+The default refresh time on the App-V publishing server is ten minutes.
+
+ 
+
+When multiple simultaneous publishing servers contact a single management server for package metadata refreshes, the following three factors influence the round trip response time on the publishing server:
+
+1.  Number of publishing servers making simultaneous requests.
+
+2.  Number of connection groups configured on the management server.
+
+3.  Number of access groups configured on the management server.
+
+The following table displays more information about each factor that impacts round trip time.
+
+**Note**  
+Round trip response time is the time taken by the computer running the App-V publishing server to receive a successful package metadata update from the management server.
+
+ 
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Factors impacting round trip response time</th>
+<th align="left">More Information</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>The number of publishing servers simultaneously requesting package metadata refreshes.</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>A single management server can respond to up to 320 publishing servers requesting publishing metadata simultaneously.</p></li>
+<li><p>Round trip response time for 320 pub servers is ~40 seconds.</p></li>
+<li><p>For &lt;50 publishing servers requesting metadata simultaneously, the round trip response time is &lt;5 seconds.</p></li>
+<li><p>From 50 to 320 publishing servers, the response time increases linearly (approximately 2x).</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>The number of connection groups configured on the management server.</p>
+<p></p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>For up to 100 connection groups, there is no significant change in the round trip response time on the publishing server.</p></li>
+<li><p>For 100 - 400 connection groups, there is a minor linear increase in the round trip response time.</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>The number of access groups configured on the management server.</p>
+<p></p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>For up to 40 access groups, there is a linear (approximately 3x) increase in the round trip response time on the publishing server.</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+The following table displays sample values for each of the previous factors. In each variation, 120 packages are refreshed from the App-Vmanagement server.
+
+<table>
+<colgroup>
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Scenario</th>
+<th align="left">Variation</th>
+<th align="left">Number of connection groups</th>
+<th align="left">Number of access groups</th>
+<th align="left">Number of publishing servers</th>
+<th align="left">Network connection type publishing server / management server</th>
+<th align="left">Round trip response time on the publishing server (in seconds)</th>
+<th align="left">CPU utilization on management server</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Publishing servers simultaneously contacting management server for publishing metadata.</p></td>
+<td align="left"><p>Number of publishing servers</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>0</p></li>
+<li><p>0</p></li>
+<li><p>0</p></li>
+<li><p>0</p></li>
+<li><p>0</p></li>
+<li><p>0</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>1</p></li>
+<li><p>1</p></li>
+<li><p>1</p></li>
+<li><p>1</p></li>
+<li><p>1</p></li>
+<li><p>1</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>50</p></li>
+<li><p>100</p></li>
+<li><p>200</p></li>
+<li><p>300</p></li>
+<li><p>315</p></li>
+<li><p>320</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>5</p></li>
+<li><p>10</p></li>
+<li><p>19</p></li>
+<li><p>32</p></li>
+<li><p>30</p></li>
+<li><p>37</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>17</p></li>
+<li><p>17</p></li>
+<li><p>17</p></li>
+<li><p>15</p></li>
+<li><p>17</p></li>
+<li><p>15</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Publishing metadata contains connection groups</p></td>
+<td align="left"><p>Number of connection groups</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>10</p></li>
+<li><p>50</p></li>
+<li><p>100</p></li>
+<li><p>150</p></li>
+<li><p>300</p></li>
+<li><p>400</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>1</p></li>
+<li><p>1</p></li>
+<li><p>1</p></li>
+<li><p>1</p></li>
+<li><p>1</p></li>
+<li><p>1</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>100</p></li>
+<li><p>100</p></li>
+<li><p>100</p></li>
+<li><p>100</p></li>
+<li><p>100</p></li>
+<li><p>100</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>10</p></li>
+<li><p>11</p></li>
+<li><p>11</p></li>
+<li><p>16</p></li>
+<li><p>22</p></li>
+<li><p>25</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>17</p></li>
+<li><p>19</p></li>
+<li><p>22</p></li>
+<li><p>19</p></li>
+<li><p>20</p></li>
+<li><p>20</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Publishing metadata contains access groups</p></td>
+<td align="left"><p>Number of access groups</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>0</p></li>
+<li><p>0</p></li>
+<li><p>0</p></li>
+<li><p>0</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>1</p></li>
+<li><p>10</p></li>
+<li><p>20</p></li>
+<li><p>40</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>100</p></li>
+<li><p>100</p></li>
+<li><p>100</p></li>
+<li><p>100</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>10</p></li>
+<li><p>43</p></li>
+<li><p>153</p></li>
+<li><p>535</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>17</p></li>
+<li><p>26</p></li>
+<li><p>24</p></li>
+<li><p>24</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+The CPU utilization of the computer running the management server is around 25% irrespective of the number of publishing servers targeting it. The Microsoft SQL Server database transactions/sec, batch requests/sec and user connections are identical irrespective of the number of publishing servers. For example: Transactions/sec is ~30, batch requests ~200, and user connects ~6.
+
+Using a geographically distributed deployment, where the management server & publishing servers utilize a slow link network between them, the round trip response time on the publishing servers is within acceptable time limits (&lt;5 seconds), even for 100 simultaneous requests on a single management server.
+
+<table>
+<colgroup>
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Scenario</th>
+<th align="left">Variation</th>
+<th align="left">Number of connection groups</th>
+<th align="left">Number of access groups</th>
+<th align="left">Number of publishing servers</th>
+<th align="left">Network connection type publishing server / management server</th>
+<th align="left">Round trip response time on the publishing server (in seconds)</th>
+<th align="left">CPU utilization on management server</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Network connection between the publishing server and management server</p></td>
+<td align="left"><p>1.5 Mbps Slow link Network</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>0</p></li>
+<li><p>0</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>1</p></li>
+<li><p>1</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>50</p></li>
+<li><p>100</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>1.5Mbps Cable DSL</p></li>
+<li><p>1.5Mbps Cable DSL</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>4</p></li>
+<li><p>5</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>1</p></li>
+<li><p>2</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Network connection between the publishing server and management server</p></td>
+<td align="left"><p>LAN / WIFI Network</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>0</p></li>
+<li><p>0</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>1</p></li>
+<li><p>1</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>100</p></li>
+<li><p>200</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>Wifi</p></li>
+<li><p>Wifi</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>11</p></li>
+<li><p>20</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>15</p></li>
+<li><p>17</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+Whether the management server and publishing servers are connected over a slow link network, or a high speed network, the management server can handle approximately 15,000 package refresh requests in 30 minutes.
+
+## <a href="" id="---------app-v-5-1-reporting-server-capacity-planning-recommendations"></a> App-V Reporting Server Capacity Planning Recommendations
+
+
+App-V clients send reporting data to the reporting server. The reporting server then records the information in the Microsoft SQL Server database and returns a successful notification back to the computer running App-V client. For more information about App-V Reporting Server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md).
+
+**Note**  
+Round trip response time is the time taken by the computer running the App-V client to send the reporting information to the reporting server and receive a successful notification from the reporting server.
+
+ 
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Scenario</th>
+<th align="left">Summary</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Multiple App-V clients send reporting information to the reporting server simultaneously.</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>Round trip response time from the reporting server is 2.6 seconds for 500 clients.</p></li>
+<li><p>Round trip response time from the reporting server is 5.65 seconds for 1000 clients.</p></li>
+<li><p>Round trip response time increases linearly depending on number of clients.</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Requests per second processed by the reporting server.</p>
+<p></p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>A single reporting server and a single database, can process a maximum of 139 requests per second. The average is 121 requests/second.</p></li>
+<li><p>Using two reporting servers reporting to the same Microsoft SQL Server database, the average requests/second is similar to a single reporting server = ~127, with a max of 278 requests/second.</p></li>
+<li><p>A single reporting server can process 500 concurrent/active connections.</p></li>
+<li><p>A single reporting server can process a maximum 1500 concurrent connections.</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Reporting Database.</p>
+<p></p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>Lock contention on the computer running Microsoft SQL Server is the limiting factor for requests/second.</p></li>
+<li><p>Throughput and response time are independent of database size.</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Calculating random delay**:
+
+The random delay specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between **0** and **ReportingRandomDelay** and will wait the specified duration before sending data.
+
+Random delay = 4 \* number of clients / average requests per second.
+
+Example: For 500 clients, with 120 requests per second, the Random delay is, 4 \* 500 / 120 = ~17 minutes.
+
+## <a href="" id="---------app-v-5-1-publishing-server-capacity-planning-recommendations"></a> App-V Publishing Server Capacity Planning Recommendations
+
+
+Computers running the App-V client connect to the App-V publishing server to send a publishing refresh request and to receive a response. Round trip response time is measured on the computer running the App-V client. Processor time is measured on the publishing server. For more information about App-V Publishing Server supported configurations see [App-V Supported Configurations](appv-supported-configurations.md).
+
+**Important**  
+The following list displays the main factors to consider when setting up the App-V publishing server:
+
+-   The number of clients connecting simultaneously to a single publishing server.
+
+-   The number of packages in each refresh.
+
+-   The available network bandwidth in your environment between the client and the App-V publishing server.
+
+ 
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Scenario</th>
+<th align="left">Summary</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Multiple App-V clients connect to a single publishing server simultaneously.</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>A publishing server running dual core processors can respond to at most 5000 clients requesting a refresh simultaneously.</p></li>
+<li><p>For 5000-10000 clients, the publishing server requires a minimum quad core.</p></li>
+<li><p>For 10000-20000 clients, the publishing server should have dual quad cores for more efficient response times.</p></li>
+<li><p>A publishing server with a quad core can refresh up to 10000 packages within 3 seconds. (Supporting 10000 simultaneous clients)</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Number of packages in each refresh.</p>
+<p></p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>Increasing number of packages will increase response time by ~40% (up to 1000 packages).</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Network between the App-V client and the publishing server.</p>
+<p></p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>Across a slow network (1.5 Mbps bandwidth), there is a 97% increase in response time compared to LAN (up to 1000 users).</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Note**  
+The publishing server CPU usage is always high during the time interval when it has to process simultaneous requests (&gt;90% in most cases). The publishing server can handle ~1500 client requests in 1 second.
+
+ 
+
+<table>
+<colgroup>
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+<col width="12%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Scenario</th>
+<th align="left">Variation</th>
+<th align="left">Number of App-V clients</th>
+<th align="left">Number of packages</th>
+<th align="left">Processor configuration on the publishing server</th>
+<th align="left">Network connection type publishing server / App-V client</th>
+<th align="left">Round trip time on the App-V client (in seconds)</th>
+<th align="left">CPU utilization on publishing server (in %)</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>App-V client sends publishing refresh request &amp; receives response, each request containing 120 packages</p></td>
+<td align="left"><p>Number of clients</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>100</p></li>
+<li><p>1000</p></li>
+<li><p>5000</p></li>
+<li><p>10000</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>120</p></li>
+<li><p>120</p></li>
+<li><p>120</p></li>
+<li><p>120</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>Dual Core</p></li>
+<li><p>Dual Core</p></li>
+<li><p>Quad Core</p></li>
+<li><p>Quad Core</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>1</p></li>
+<li><p>2</p></li>
+<li><p>2</p></li>
+<li><p>3</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>100</p></li>
+<li><p>99</p></li>
+<li><p>89</p></li>
+<li><p>77</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Multiple packages in each refresh</p></td>
+<td align="left"><p>Number of packages</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>1000</p></li>
+<li><p>1000</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>500</p></li>
+<li><p>1000</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>Quad Core</p></li>
+<li><p>Quad Core</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>2</p></li>
+<li><p>3</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>92</p></li>
+<li><p>91</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Network between client and publishing server</p></td>
+<td align="left"><p>1.5 Mbps Slow link network</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>100</p></li>
+<li><p>500</p></li>
+<li><p>1000</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>120</p></li>
+<li><p>120</p></li>
+<li><p>120</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>Quad Core</p></li>
+<li><p>Quad Core</p></li>
+<li><p>Quad Core</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>1.5 Mbps Intra-Continental Network</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>3</p></li>
+<li><p>10 (with 0.2% failure rate)</p></li>
+<li><p>17 (with 1% failure rate)</p></li>
+</ul></td>
+<td align="left"><p></p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## <a href="" id="---------app-v-5-1-streaming-capacity-planning-recommendations"></a> App-V Streaming Capacity Planning Recommendations
+
+
+Computers running the App-V client stream the virtual application package from the streaming server. Round trip response time is measured on the computer running the App-V client, and is the time taken to stream the entire package.
+
+**Important**  
+The following list identifies the main factors to consider when setting up the App-V streaming server:
+
+-   The number of clients streaming application packages simultaneously from a single streaming server.
+
+-   The size of the package being streamed.
+
+-   The available network bandwidth in your environment between the client and the streaming server.
+
+ 
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Scenario</th>
+<th align="left">Summary</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Multiple App-V clients stream applications from a single streaming server simultaneously.</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>If the number of clients simultaneously streaming from the same server increases, there is a linear relationship with the package download/streaming time.</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Size of the package being streamed.</p>
+<p></p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>The package size has a significant impact on the streaming/download time only for larger packages with a size ~ 1GB. For package sizes ranging from 3 MB to 100 MB, the streaming time ranges from 20 seconds to 100 seconds, with 100 simultaneous clients.</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Network between the App-V client and the streaming server.</p>
+<p></p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>Across a slow network (1.5 Mbps bandwidth), there is a 70-80% increase in response time compared to LAN (up to 100 users).</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+The following table displays sample values for each of the factors in the previous list:
+
+<table style="width:100%;">
+<colgroup>
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Scenario</th>
+<th align="left">Variation</th>
+<th align="left">Number of App-V clients</th>
+<th align="left">Size of each package</th>
+<th align="left">Network connection type streaming server / App-V client</th>
+<th align="left">Round trip time on the App-V client (in seconds)</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Multiple App-V clients streaming virtual application packages from a streaming server.</p></td>
+<td align="left"><p>Number of clients.</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>100</p></li>
+<li><p>200</p></li>
+<li><p>1000</p></li>
+<li><p></p></li>
+<li><p>100</p></li>
+<li><p>200</p></li>
+<li><p>1000</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>3.5 MB</p></li>
+<li><p>3.5 MB</p></li>
+<li><p>3.5 MB</p></li>
+<li><p></p></li>
+<li><p>5 MB</p></li>
+<li><p>5 MB</p></li>
+<li><p>5 MB</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p></p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>29</p></li>
+<li><p>39</p></li>
+<li><p>391</p></li>
+<li><p></p></li>
+<li><p>35</p></li>
+<li><p>68</p></li>
+<li><p>461</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Size of each package being streamed.</p></td>
+<td align="left"><p>Size of each package.</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>100</p></li>
+<li><p>200</p></li>
+<li><p></p></li>
+<li><p>100</p></li>
+<li><p>200</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>21 MB</p></li>
+<li><p>21 MB</p></li>
+<li><p></p></li>
+<li><p>109</p></li>
+<li><p>109</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+<li><p></p></li>
+<li><p>LAN</p></li>
+<li><p>LAN</p></li>
+</ul></td>
+<td align="left"><p></p>
+<p>33</p>
+<p>83</p>
+<p></p>
+<p>100</p>
+<p>160</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Network connection between client and App-V streaming server.</p></td>
+<td align="left"><p>1.5 Mbps Slow link network.</p></td>
+<td align="left"><p></p>
+<ul>
+<li><p>100</p></li>
+<li><p></p></li>
+<li><p>100</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>3.5 MB</p></li>
+<li><p></p></li>
+<li><p>5 MB</p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>1.5 Mbps Intra-Continental Network</p></li>
+</ul></td>
+<td align="left"><p></p>
+<p>102</p>
+<p></p>
+<p>121</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+Each App-V streaming server should be able to handle a minimum of 200 clients concurrently streaming virtualized applications.
+
+**Note**  
+The actual time to it will take to stream is determined primarily by the number of clients streaming simultaneously, number of packages, package size, the server’s network activity, and network conditions.
+
+ 
+
+For example, an average user can stream a 100 MB package in less than 2 minutes, when 100 simultaneous clients are streaming from the server. However, a package of size 1 GB could take up to 30 minutes. In most real world environments streaming demand is not uniformly distributed, you will need to understand the approximate peak streaming requirements present in your environment in order to properly size the number of required streaming servers.
+
+The number of clients a streaming server can support can be significantly increased and the peak streaming requirements reduced if you pre-cache your applications. You can also increase the number of clients a streaming server can support by using on-demand streaming delivery and stream optimized packages.
+
+## Combining App-V Server Roles
+
+
+Discounting scaling and fault-tolerance requirements, the minimum number of servers needed for a location with connectivity to Active Directory is one. This server will host the management server, management server service, and Microsoft SQL Server roles. Server roles, therefore, can be arranged in any desired combination since they do not conflict with one another.
+
+Ignoring scaling requirements, the minimum number of servers necessary to provide a fault-tolerant implementation is four. The management server, and Microsoft SQL Server roles support being placed in fault-tolerant configurations. The management server service can be combined with any of the roles, but remains a single point of failure.
+
+Although there are a number of fault-tolerance strategies and technologies available, not all are applicable to a given service. Additionally, if App-V roles are combined, certain fault-tolerance options may no longer apply due to incompatibilities.
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[App-V Supported Configurations](appv-supported-configurations.md)
+
+[Planning for High Availability with App-V](appv-planning-for-high-availability-with-appv.md)
+
+[Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-client-configuration-settings.md b/windows/manage/appv-client-configuration-settings.md
new file mode 100644
index 0000000000..59e07c520f
--- /dev/null
+++ b/windows/manage/appv-client-configuration-settings.md
@@ -0,0 +1,115 @@
+---
+title: About Client Configuration Settings (Windows 10)
+description: About Client Configuration Settings
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# About Client Configuration Settings
+
+**Applies to**
+-   Windows 10, version 1607
+
+The Microsoft Application Virtualization (App-V) client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. You can also configure many client actions by changing registry entries. This topic lists the App-V Client configuration settings and explains their uses. You can use Windows PowerShell to modify the client configuration settings. For more information about using Windows PowerShell and App-V see [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md).
+
+You can use Group Policy to configure App-V client settings by using the Group Policy Management Console under **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
+
+## App-V Client Configuration Settings: Windows PowerShell
+
+The following table provides information about App-V client configuration settings that can be configured through Windows PowerShell cmdlets:
+
+| Windows PowerShell cmdlet or cmdlets,<br>**Option**<br>Type  | Description  | Disabled Policy State Keys and Values |
+|------------|------------|------------|------------|
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-PackageInstallationRoot**<br>String  | Specifies directory where all new applications and updates will be installed.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-PackageSourceRoot**<br>String  | Overrides source location for downloading package content.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-AllowHighCostLaunch**<br>True (enabled); False (Disabled state)  | This setting controls whether virtualized applications are launched on Windows 10 machines connected via a metered network connection (For example, 4G).  | 0 |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReestablishmentRetries**<br>Integer (0-99)  | Specifies the number of times to retry a dropped session.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReestablishmentInterval**<br>Integer (0-3600)  | Specifies the number of seconds between attempts to reestablish a dropped session.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-LocationProvider**<br>String  | Specifies the CLSID for a compatible implementation of the IAppvPackageLocationProvider interface.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-CertFilterForClientSsl**<br>String  | Specifies the path to a valid certificate in the certificate store.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-VerifyCertificateRevocationList**<br>True(enabled); False(Disabled state)  | Verifies Server certificate revocation status before steaming using HTTPS.  | 0 |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-SharedContentStoreMode**<br>True(enabled); False(Disabled state)  | Specifies that streamed package contents will be not be saved to the local hard disk.  | 0 |
+| Set-AppvPublishingServer<br><br>**-Name**<br>String  | Displays the name of publishing server.  | Policy value not written (same as Not Configured) |
+| Set-AppvPublishingServer<br><br>**-URL**<br>String  | Displays the URL of publishing server.  | Policy value not written (same as Not Configured) |
+| Set-AppvPublishingServer<br><br>**-GlobalRefreshEnabled**<br>True(enabled); False(Disabled state)  | Enables global publishing refresh (Boolean)  | False |
+| Set-AppvPublishingServer<br><br>**-GlobalRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Triggers a global publishing refresh on logon. ( Boolean)  | False |
+| Set-AppvPublishingServer<br><br>**-GlobalRefreshInterval**<br>Integer (0-744)  | Specifies the publishing refresh interval using the GlobalRefreshIntervalUnit. To disable package refresh, select 0.  | 0 |
+| Set-AppvPublishingServer<br><br>**-GlobalRefreshIntervalUnit** <br>0 for hour, 1 for day  | Specifies the interval unit (Hour 0-23, Day 0-31).  | 1 |
+| Set-AppvPublishingServer<br><br>**-UserRefreshEnabled**<br>True(enabled); False(Disabled state)  | Enables user publishing refresh (Boolean)  | False |
+| Set-AppvPublishingServer<br><br>**-UserRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Triggers a user publishing refresh onlogon. ( Boolean)Word count (with spaces): 60  | False |
+| Set-AppvPublishingServer<br><br>**-UserRefreshInterval**<br>Word count (with spaces): 85Integer (0-744 Hours)  | Specifies the publishing refresh interval using the UserRefreshIntervalUnit. To disable package refresh, select 0.  | 0 |
+| Set-AppvPublishingServer<br><br>**-UserRefreshIntervalUnit**<br>0 for hour, 1 for day  | Specifies the interval unit (Hour 0-23, Day 0-31).  | 1 |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-MigrationMode**<br>True(enabled state); False (disabled state)  | Migration mode allows the App-V client to modify shortcuts and FTA’s for packages created using a previous version of App-V.  | |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-EnablePackageScripts**<br>True(enabled); False(Disabled state)  | Enables scripts defined in the package manifest of configuration files that should run.  | |
+| Set-AppvClientConfiguration<br><br>**-RoamingFileExclusions**<br>String  | Specifies the file paths relative to %userprofile% that do not roam with a user's profile. Example usage: /ROAMINGFILEEXCLUSIONS='desktop;my pictures'  | |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-RoamingRegistryExclusions**<br>String  | Specifies the registry paths that do not roam with a user profile. Example usage: /ROAMINGREGISTRYEXCLUSIONS=software\\classes;software\\clients  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-IntegrationRootUser**<br>String  | Specifies the location to create symbolic links associated with the current version of a per-user published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %localappdata%\\Microsoft\\AppV\\Client\\Integration.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-IntegrationRootGlobal**<br>String  | Specifies the location to create symbolic links associated with the current version of a globally published package. all virtual application extensions, for example shortcuts and file type associations, will point to this path. If you do not specify a path, symbolic links will not be used when you publish the package. For example: %allusersprofile%\\Microsoft\\AppV\\Client\\Integration  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-VirtualizableExtensions**<br>String  | A comma -delineated list of file name extensions that can be used to determine if a locally installed application can be run in the virtual environment. When shortcuts, FTAs, and other extension points are created during publishing, App-V will compare the file name extension to the list if the application that is associated with the extension point is locally installed. If the extension is located, the **RunVirtual** command line parameter will be added, and the application will run virtually. For more information about the **RunVirtual** parameter, see [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md).  | Policy value not written |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingEnabled**<br>True (enabled); False (Disabled state)  | Enables the client to return information to a reporting server.  | False |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingServerURL**<br>String  | Specifies the location on the reporting server where client information is saved.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingDataCacheLimit**<br>Integer \[0-1024\]  | Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over. Set between 0 and 1024.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingDataBlockSize**<br>Integer \[1024 - Unlimited\]  | Specifies the maximum size in bytes to transmit to the server for reporting upload requests. This can help avoid permanent transmission failures when the log has reached a significant size. Set between 1024 and unlimited.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingStartTime**<br>Integer (0 – 23)  | Specifies the time to initiate the client to send data to the reporting server. You must specify a valid integer between 0-23 corresponding to the hour of the day. By default the **ReportingStartTime** will start on the current day at 10 P.M.or 22.<br>**Note** You should configure this setting to a time when computers running the App-V client are least likely to be offline.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingInterval**<br>Integer  | Specifies the retry interval that the client will use to resend data to the reporting server.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ReportingRandomDelay**<br>Integer \[0 - ReportingRandomDelay\]  | Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and **ReportingRandomDelay** and will wait the specified duration before sending data. This can help to prevent collisions on the server.  | Policy value not written (same as Not Configured) |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-EnableDynamicVirtualization<br>**1 (Enabled), 0 (Disabled)  | Enables supported Shell Extensions, Browser Helper Objects, and Active X controls to be virtualized and run with virtual applications.  | |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-EnablePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | Enables the publishing refresh progress bar for the computer running the App-V Client.  | |
+| Sync-AppvPublishingServer<br><br>**-HidePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | Hides the publishing refresh progress bar.  | |
+| Set-AppvClientConfiguration,<br>Set-AppvPublishingServer<br><br>**-ProcessesUsingVirtualComponents**<br>String  | Specifies a list of process paths (that may contain wildcards), which are candidates for using dynamic virtualization (supported shell extensions, browser helper objects, and ActiveX controls). Only processes whose full path matches one of these items can use dynamic virtualization.  | Empty string. |
+
+## App-V Client Configuration Settings: Registry Keys
+
+The following table provides information about App-V client configuration settings that can be configured through the registry:
+
+| **Setting name**<br>Type  | Registry Key Value  | Disabled Policy State Keys and Values |
+|---------------------------|---------------------|---------------------------------------|
+| **PackageInstallationRoot**<br>String  | Streaming\\PackageInstallationRoot  | Policy value not written (same as Not Configured) |
+| **PackageSourceRoot**<br>String  | Streaming\\PackageSourceRoot  | Policy value not written (same as Not Configured) |
+| **AllowHighCostLaunch**<br>True (enabled); False (Disabled state)  | Streaming\\AllowHighCostLaunch  | 0 |
+| **ReestablishmentRetries**<br>Integer (0-99)  | Streaming\\ReestablishmentRetries  | Policy value not written (same as Not Configured) |
+| **ReestablishmentInterval**<br>Integer (0-3600)  | Streaming\\ReestablishmentInterval  | Policy value not written (same as Not Configured) |
+| **LocationProvider**<br>String  | Streaming\\LocationProvider  | Policy value not written (same as Not Configured) |
+| **CertFilterForClientSsl**<br>String  | Streaming\\CertFilterForClientSsl  | Policy value not written (same as Not Configured) |
+| **VerifyCertificateRevocationList**<br>True(enabled); False(Disabled state)  | Streaming\\VerifyCertificateRevocationList  | 0 |
+| **SharedContentStoreMode**<br>True(enabled); False(Disabled state)  | Streaming\\SharedContentStoreMode  | 0 |
+| **Name**<br>String  | Publishing\\Servers{serverId}\\FriendlyName  | Policy value not written (same as Not Configured) |
+| **URL**<br>String  | Publishing\\Servers{serverId}\\URL  | Policy value not written (same as Not Configured) |
+| **GlobalRefreshEnabled**<br>True(enabled); False(Disabled state)  | Publishing\\Servers{serverId}\\GlobalEnabled  | False |
+| **GlobalRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Publishing\\Servers{serverId}\\GlobalLogonRefresh  | False |
+| **GlobalRefreshInterval**<br>Integer (0-744)  | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshInterval  | 0 |
+| **GlobalRefreshIntervalUnit** <br>0 for hour, 1 for day  | Publishing\\Servers{serverId}\\GlobalPeriodicRefreshIntervalUnit  | 1 |
+| **UserRefreshEnabled**<br>True(enabled); False(Disabled state)  | Publishing\\Servers{serverId}\\UserEnabled  | False |
+| **UserRefreshOnLogon**<br>True(enabled); False(Disabled state)  | Publishing\\Servers{serverId}\\UserLogonRefresh  | False |
+| **UserRefreshInterval**<br>Word count (with spaces): 85Integer (0-744 Hours)  | Publishing\\Servers{serverId}\\UserPeriodicRefreshInterval  | 0 |
+| **UserRefreshIntervalUnit**<br>0 for hour, 1 for day  | Publishing\\Servers{serverId}\\UserPeriodicRefreshIntervalUnit  | 1 |
+| **MigrationMode**<br>True(enabled state); False (disabled state)  | Coexistence\\MigrationMode  | |
+| **EnablePackageScripts**<br>True(enabled); False(Disabled state)  | \\Scripting\\EnablePackageScripts  | |
+| **RoamingFileExclusions**<br>String  | | |
+| **RoamingRegistryExclusions**<br>String  | Integration\\RoamingReglstryExclusions  | Policy value not written (same as Not Configured) |
+| **IntegrationRootUser**<br>String  | Integration\\IntegrationRootUser  | Policy value not written (same as Not Configured) |
+| **IntegrationRootGlobal**<br>String  | Integration\\IntegrationRootGlobal  | Policy value not written (same as Not Configured) |
+| **VirtualizableExtensions**<br>String  | Integration\\VirtualizableExtensions  | Policy value not written |
+| **ReportingEnabled**<br>True (enabled); False (Disabled state)  | Reporting\\EnableReporting  | False |
+| **ReportingServerURL**<br>String  | Reporting\\ReportingServer  | Policy value not written (same as Not Configured) |
+| **ReportingDataCacheLimit**<br>Integer \[0-1024\]  | Reporting\\DataCacheLimit  | Policy value not written (same as Not Configured) |
+| **ReportingDataBlockSize**<br>Integer \[1024 - Unlimited\]  | Reporting\\DataBlockSize  | Policy value not written (same as Not Configured) |
+| **ReportingStartTime**<br>Integer (0 – 23)  | Reporting\\ StartTime  | Policy value not written (same as Not Configured) |
+| **ReportingInterval**<br>Integer  | Reporting\\RetryInterval  | Policy value not written (same as Not Configured) |
+| **ReportingRandomDelay**<br>Integer \[0 - ReportingRandomDelay\]  | Reporting\\RandomDelay  | Policy value not written (same as Not Configured) |
+| **EnableDynamicVirtualization<br>**1 (Enabled), 0 (Disabled)  | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Virtualization  | |
+| **EnablePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\AppV\\Client\\Publishing  | |
+| **HidePublishingRefreshUI**<br>1 (Enabled), 0 (Disabled)  | | |
+| **ProcessesUsingVirtualComponents**<br>String  | Virtualization\\ProcessesUsingVirtualComponents  | Empty string. |
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+
diff --git a/windows/manage/appv-configure-access-to-packages-with-the-management-console.md b/windows/manage/appv-configure-access-to-packages-with-the-management-console.md
new file mode 100644
index 0000000000..c01d1ba74b
--- /dev/null
+++ b/windows/manage/appv-configure-access-to-packages-with-the-management-console.md
@@ -0,0 +1,66 @@
+---
+title: How to Configure Access to Packages by Using the Management Console (Windows 10)
+description: How to Configure Access to Packages by Using the Management Console
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Configure Access to Packages by Using the Management Console
+
+**Applies to**
+-   Windows 10, version 1607
+
+Before you deploy an App-V virtualized package, you must configure the Active Directory Domain Services (AD DS) security groups that will be allowed to access and run the applications. The security groups may contain computers or users. Entitling a package to a computer group publishes the package globally to all computers in the group.
+
+Use the following procedure to configure access to virtualized packages.
+
+**To grant access to an App-V package**
+
+1.  Find the package you want to configure:
+
+    1.  Open the App-V Management console.
+
+    2.  To display the **AD ACCESS** page, right-click the package to be configured, and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane.
+
+2.  Provision a security group for the package:
+
+    1.  Go to the **FIND VALID ACTIVE DIRECTORY NAMES AND GRANT ACCESS** page.
+
+    2.  Using the format **mydomain** \\ **groupname**, type the name or part of the name of an Active Directory group object, and click **Check**.
+
+        **Note**  
+        Ensure that you provide an associated domain name for the group that you are searching for.
+
+         
+
+3.  To grant access to the package, select the desired group and click **Grant Access**. The newly added group is displayed in the **AD ENTITIES WITH ACCESS** pane.
+
+4.  
+
+    To accept the default configuration settings and close the **AD ACCESS** page, click **Close**.
+
+    To customize configurations for a specific group, click the **ASSIGNED CONFIGURATIONS** drop-down and select **Custom**. To configure the custom configurations, click **EDIT**. After you grant access, click **Close**.
+
+**To remove access to an App-V package**
+
+1.  Find the package you want to configure:
+
+    1.  Open the App-V Management console.
+
+    2.  To display the **AD ACCESS** page, right-click the package to be configured, and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane.
+
+2.  Select the group you want to remove, and click **DELETE**.
+
+3.  To close the **AD ACCESS** page, click **Close**.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md b/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md
new file mode 100644
index 0000000000..d0dd6dc5b9
--- /dev/null
+++ b/windows/manage/appv-configure-connection-groups-to-ignore-the-package-version.md
@@ -0,0 +1,63 @@
+---
+title: How to Make a Connection Group Ignore the Package Version (Windows 10)
+description: How to Make a Connection Group Ignore the Package Version
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Make a Connection Group Ignore the Package Version
+
+**Applies to**
+-   Windows 10, version 1607
+
+Application Virtualization (App-V) lets you configure a connection group to use any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create.
+
+You can configure a connection group to accept any version of a package, which enables you to upgrade the package without having to disable the connection group:
+
+- If the connection group has access to multiple versions of a package, the latest version is used.
+
+- If the connection group contains an optional package that has an incorrect version, the package is ignored and won’t block the connection group’s virtual environment from being created.
+
+- If the connection group contains a non-optional package that has an incorrect version, the connection group’s virtual environment cannot be created.
+
+## To make a connection group ignore the package version by using the App-V Server Management Console
+
+1. In the Management Console, select **CONNECTION GROUPS**.
+
+2. Select the correct connection group from the Connection Groups library.
+
+3. Click **EDIT** in the CONNECTED PACKAGES pane.
+
+4. Select **Use Any Version** check box next to the package name, and click **Apply**.
+
+For more about adding or upgrading packages, see [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md).
+
+##  To make a connection group ignore the package version from the App-V client on a stand-alone computer
+
+1. Create the connection group XML document.
+
+2. For the package to be upgraded, set the **Package** tag attribute **VersionID** to an asterisk (<strong>*</strong>).
+
+3. Use the following cmdlet to add the connection group, and include the path to the connection group XML document:
+
+    `Add-AppvClientConnectionGroup`
+    
+4. When you upgrade a package, use the following cmdlets to remove the old package, add the upgraded package, and publish the upgraded package:
+
+    - RemoveAppvClientPackage
+    - Add-AppvClientPackage
+    - Publish-AppvClientPackage
+
+For more information, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md).
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Managing Connection Groups](appv-managing-connection-groups.md)
diff --git a/windows/manage/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md b/windows/manage/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
new file mode 100644
index 0000000000..14b25e2912
--- /dev/null
+++ b/windows/manage/appv-configure-the-client-to-receive-updates-from-the-publishing-server.md
@@ -0,0 +1,65 @@
+---
+title: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server (Windows 10)
+description: How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server
+
+**Applies to**
+-   Windows 10, version 1607
+
+Deploying packages and connection groups using the App-V publishing server is helpful because it offers single-point management and high scalability.
+
+Use the following steps to configure the App-V client to receive updates from the publishing server.
+
+**Note**<br>
+For the following procedures the management server was installed on a computer named **MyMgmtSrv**, and the publishing server was installed on a computer named **MyPubSrv**.
+
+ 
+
+**To configure the App-V client to receive updates from the publishing server**
+
+1.  Deploy the App-V management and publishing servers, and add the required packages and connection groups. For more information about adding packages and connection groups, see [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md) and [How to Create a Connection Group](appv-create-a-connection-group.md).
+
+2.  To open the management console click the following link, open a browser and type the following: http://MyMgmtSrv/AppvManagement/Console.html in a web browser, and import, publish, and entitle all the packages and connection groups which will be necessary for a particular set of users.
+
+3.  On the computer running the App-V client, open an elevated Windows PowerShell command prompt, and run the following command:
+
+    `Add-AppvPublishingServer -Name ABC -URL http://MyPubSrv/AppvPublishing`
+
+    This command will configure the specified publishing server. You should see output similar to the following:
+    
+    ```
+    Id                        : 1
+    SetByGroupPolicy          : False
+    Name                      : ABC
+    URL                       : http:// MyPubSrv/AppvPublishing
+    GlobalRefreshEnabled      : False
+    GlobalRefreshOnLogon      : False
+    GlobalRefreshInterval     : 0
+    GlobalRefreshIntervalUnit : Day
+    UserRefreshEnabled        : True
+    UserRefreshOnLogon        : True
+    UserRefreshInterval       : 0
+    UserRefreshIntervalUnit   : Day
+    ```
+
+4.  On the computer running the App-V client, open a Windows PowerShell command prompt, and type the following command:
+
+    `Sync-AppvPublishingServer -ServerId 1`
+
+    The command will query the publishing server for the packages and connection groups that need to be added or removed for this particular client based on the entitlements for the packages and connection groups as configured on the management server.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-connect-to-the-management-console.md b/windows/manage/appv-connect-to-the-management-console.md
new file mode 100644
index 0000000000..47da73bf11
--- /dev/null
+++ b/windows/manage/appv-connect-to-the-management-console.md
@@ -0,0 +1,30 @@
+---
+title: How to Connect to the Management Console (Windows 10)
+description: How to Connect to the Management Console
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# How to Connect to the Management Console
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following procedure to connect to the App-V Management Console.
+
+**To connect to the App-V Management Console**
+
+1.  Open Internet Explorer browser and type the address for the App-V Management server. For example, **http://\<_management server name_\>:\<_management service port number_\>/console.html**.
+
+2.  To view different sections of the console, click the desired section in the navigation pane.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-connection-group-file.md b/windows/manage/appv-connection-group-file.md
new file mode 100644
index 0000000000..a523cd8c6d
--- /dev/null
+++ b/windows/manage/appv-connection-group-file.md
@@ -0,0 +1,267 @@
+---
+title: About the Connection Group File (Windows 10)
+description: About the Connection Group File
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# About the Connection Group File
+
+**Applies to**
+-   Windows 10, version 1607
+
+**In this topic:**
+
+-   [Connection group file purpose and location](#bkmk-cg-purpose-loc)
+
+-   [Structure of the connection group XML file](#bkmk-define-cg-5-0sp3)
+
+-   [Configuring the priority of packages in a connection group](#bkmk-config-pkg-priority-incg)
+
+-   [Supported virtual application connection configurations](#bkmk-va-conn-configs)
+
+## <a href="" id="bkmk-cg-purpose-loc"></a>Connection group file purpose and location
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Connection group purpose</p></td>
+<td align="left"><p>A connection group is an App-V feature that enables you to group packages together to create a virtual environment in which the applications in those packages can interact with each other.</p>
+<p>Example: You want to use plug-ins with Microsoft Office. You can create a package that contains the plug-ins, and create another package that contains Office, and then add both packages to a connection group to enable Office to use those plug-ins.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>How the connection group file works</p></td>
+<td align="left"><p>When you apply an App-V connection group file, the packages that are enumerated in the file will be combined at runtime into a single virtual environment. Use the Microsoft Application Virtualization (App-V) connection group file to configure existing App-V connection groups.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Example file path</p></td>
+<td align="left"><p>%APPDATA%\Microsoft\AppV\Client\Catalog\PackageGroups\{6CCC7575-162E-4152-9407-ED411DA138F4}\{4D1E16E1-8EF8-41ED-92D5-8910A8527F96}.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## <a href="" id="bkmk-define-cg-5-0sp3"></a>Structure of the connection group XML file
+
+
+**In this section:**
+
+-   [Parameters that define the connection group](#bkmk-params-define-cg)
+
+-   [Parameters that define the packages in the connection group](#bkmk-params-define-pkgs-incg)
+
+-   [App-V example connection group XML file](#bkmk-50sp3-exp-cg-xml)
+
+### <a href="" id="bkmk-params-define-cg"></a>Parameters that define the connection group
+
+The following table describes the parameters in the XML file that define the connection group itself, not the packages.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Field</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Schema name</p></td>
+<td align="left"><p>Name of the schema.</p>
+<p>If you want to use the “optional packages” and “use any version” features that are described in this table, you must specify the following schema in the XML file:</p>
+<p><code>xmlns=&quot;http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup&quot;</code></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>AppConnectionGroupId</p></td>
+<td align="left"><p>Unique GUID identifier for this connection group. The connection group state is associated with this identifier. Specify this identifier only when you create the connection group.</p>
+<p>You can create a new GUID by typing: <strong>[Guid]::NewGuid()</strong>.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>VersionId</p></td>
+<td align="left"><p>Version GUID identifier for this version of the connection group.</p>
+<p>When you update a connection group (for example, by adding or updating a new package), you must update the version GUID to reflect the new version.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>DisplayName</p></td>
+<td align="left"><p>Display name of the connection group.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Priority</p></td>
+<td align="left"><p>Optional priority field for the connection group.</p>
+<p><strong>“0”</strong> - indicates the highest priority.</p>
+<p>If a priority is required, but has not been configured, the package will fail because the correct connection group to use cannot be determined.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### <a href="" id="bkmk-params-define-pkgs-incg"></a>Parameters that define the packages in the connection group
+
+In the &lt;Packages&gt; section of the connection group XML file, you list the member packages in the connection group by specifying each package’s unique package identifier and version identifier, as described in the following table. The first package in the list has the highest precedence.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Field</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>PackageId</p></td>
+<td align="left"><p>Unique GUID identifier for this package. This GUID doesn’t change when newer versions of the package are published.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>VersionId</p></td>
+<td align="left"><p>Unique GUID identifier for the version of the package.</p>
+<p>If you specify <strong>“*”</strong> for the package version, the GUID of the latest available package version is dynamically inserted.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>IsOptional</p></td>
+<td align="left"><p>Parameter that enables you to make a package optional within the connection group. Valid entries are:</p>
+<ul>
+<li><p><strong>“true”</strong> – package is optional in the connection group</p></li>
+<li><p><strong>“false”</strong> – package is required in the connection group</p></li>
+</ul>
+</td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### <a href="" id="bkmk-50sp3-exp-cg-xml"></a>App-V example connection group XML file
+
+The following example connection group XML file shows examples of the fields in the previous tables.
+
+```
+<?xml version="1.0" encoding="UTF-16"?>
+<appv:AppConnectionGroup
+xmlns="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"
+xmlns:appv="http://schemas.microsoft.com/appv/2014/virtualapplicationconnectiongroup"
+  AppConnectionGroupId="61BE9B14-D2B4-41CE-A6E3-A1B658DE7000"
+  VersionId="E6B6AA57-F2A7-49C9-ADF8-F2B5B3C8A42F"
+  Priority="0"
+  DisplayName="Sample Connection Group">
+  <appv:Packages>
+    <appv:Package
+      PackageId="1DC709C8-309F-4AB4-BD47-F75926D04276"
+      VersionId="*"
+      IsOptional=”true”
+    />    
+    <appv:Package
+      PackageId="04220DCA-EE77-42BE-A9F5-96FD8E8593F2"
+      VersionId="E15EFFE9-043D-4C01-BC52-AD2BD1E8BAFA"
+      IsOptional=”false”
+    />
+  </appv:Packages>
+```
+
+## <a href="" id="bkmk-config-pkg-priority-incg"></a>Configuring the priority of packages in a connection group
+
+
+Package precedence is configured using the package list order. The first package in the document has the highest precedence. Subsequent packages in the list have descending priority.
+
+Package precedence is the resolution for otherwise inevitable resource collisions during virtual environment initialization. For example, if two packages that are opening in the same virtual environment define the same registry DWORD value, the package with the highest precedence determines the value that is set.
+
+You can use the connection group file to configure each connection group by using the following methods:
+
+-   Specify runtime priorities for connection groups. To edit priority by using the App-V Management Console, click the connection group and then click **Edit**.
+
+    **Note**  
+    Priority is required only if the package is associated with more than one connection group.
+
+     
+
+-   Specify package precedence within the connection group.
+
+The priority field is required when a running virtual application initiates from a native application request, for example, Microsoft Windows Explorer. The App-V client uses the priority to determine which connection group virtual environment the application should run in. This situation occurs if a virtual application is part of multiple connection groups.
+
+If a virtual application is opened using another virtual application the virtual environment of the original virtual application will be used. The priority field is not used in this case.
+
+**Example:**
+
+The virtual application Microsoft Outlook is running in virtual environment **XYZ**. When you open an attached Microsoft Word document, a virtualized version Microsoft Word opens in the virtual environment **XYZ**, regardless of the virtualized Microsoft Word’s associated connection groups or runtime priorities.
+
+## <a href="" id="bkmk-va-conn-configs"></a>Supported virtual application connection configurations
+
+The following application connection configurations are supported.
+
+- **An. exe file and plug-in (.dll)**. For example, you might want to distribute Microsoft Office to all users, but distribute a Microsoft Excel plug-in to only a subset of users.
+
+    Enable the connection group for the appropriate users. Update each package individually as required.
+
+- **An. exe file and a middleware application**. You might have an application that requires a middleware application, or several applications that all depend on the same middleware runtime version.
+
+    All computers that require one or more of the applications receive the connection groups with the application and middleware application runtime. You can optionally combine multiple middleware applications into a single connection group.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">Example</th>
+    <th align="left">Example description</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>Virtual application connection group for the financial division</p></td>
+    <td align="left"><ul>
+    <li><p>Middleware application 1</p></li>
+    <li><p>Middleware application 2</p></li>
+    <li><p>Middleware application 3</p></li>
+    <li><p>Middleware application runtime</p></li>
+    </ul></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Virtual application connection group for HR division</p></td>
+    <td align="left"><ul>
+    <li><p>Middleware application 5</p></li>
+    <li><p>Middleware application 6</p></li>
+    <li><p>Middleware application runtime</p></li>
+    </ul></td>
+    </tr>
+    </tbody>
+    </table>
+
+- **An. exe file and an .exe file**. You might have an application that relies on another application, and you want to keep the packages separate for operational efficiencies, licensing restrictions, or rollout timelines.
+
+    For example, if you are deploying Microsoft Lync 2010, you can use three packages:
+    - Microsoft Office 2010    
+    - Microsoft Communicator 2007
+    - Microsoft Lync 2010<br><br>
+    
+  You can manage the deployment using the following connection groups:
+    - Microsoft Office 2010 and Microsoft Communicator 2007
+    - Microsoft Office 2010 and Microsoft Lync 2010<br><br>
+    
+  When the deployment has completed, you can either create a single new Microsoft Office 2010 + Microsoft Lync 2010 package, or keep and maintain them as separate packages and deploy them by using a connection group.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Managing Connection Groups](appv-managing-connection-groups.md)
diff --git a/windows/manage/appv-connection-group-virtual-environment.md b/windows/manage/appv-connection-group-virtual-environment.md
new file mode 100644
index 0000000000..78339b6533
--- /dev/null
+++ b/windows/manage/appv-connection-group-virtual-environment.md
@@ -0,0 +1,111 @@
+---
+title: About the Connection Group Virtual Environment (Windows 10)
+description: About the Connection Group Virtual Environment
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# About the Connection Group Virtual Environment
+
+**Applies to**
+-   Windows 10, version 1607
+
+**In this topic:**
+
+-   [How package priority is determined](#bkmk-pkg-priority-deter)
+
+-   [Merging identical package paths into one virtual directory in connection groups](#bkmk-merged-root-ve-exp)
+
+## <a href="" id="bkmk-pkg-priority-deter"></a>How package priority is determined
+
+
+The virtual environment and its current state are associated with the connection group, not with the individual packages. If an App-V package is removed from the connection group, the state that existed as part of the connection group will not migrate with the package.
+
+If the same package is a part of two different connection groups, you have to indicate which connection group App-V should use. For example, you might have two packages in a connection group that each define the same registry DWORD value.
+
+The connection group that is used is based on the order in which a package appears inside the **AppConnectionGroup** XML document:
+
+-   The first package has the highest precedence.
+
+-   The second package has the second highest precedence.
+
+Consider the following example section:
+
+``` syntax
+<appv:Packages><appv:PackagePackageId="A8731008-4523-4713-83A4-CD1363907160"VersionId="E889951B-7F30-418B-A69C-B37283BC0DB9"/><appv:PackagePackageId="1DC709C8-309F-4AB4-BD47-F75926D04276"VersionId="01F1943B-C778-40AD-BFAD-AC34A695DF3C"/><appv:PackagePackageId="04220DCA-EE77-42BE-A9F5-96FD8E8593F2"VersionId="E15EFFE9-043D-4C01-BC52-AD2BD1E8BAFA"/></appv:Packages>
+```
+
+Assume that same DWORD value ABC (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region) is defined in the first and third package, such as:
+
+-   Package 1 (A8731008-4523-4713-83A4-CD1363907160): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5
+
+-   Package 3 (04220DCA-EE77-42BE-A9F5-96FD8E8593F2): HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=10
+
+Since Package 1 appears first, the AppConnectionGroup's virtual environment will have the single DWORD value of 5 (HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region=5). This means that the virtual applications in Package 1, Package 2, and Package 3 will all see the value 5 when they query for HKEY\_LOCAL\_MACHINE\\software\\contoso\\finapp\\region.
+
+Other virtual environment resources are resolved similarly, but the usual case is that the collisions occur in the registry.
+
+## <a href="" id="bkmk-merged-root-ve-exp"></a>Merging identical package paths into one virtual directory in connection groups
+
+
+If two or more packages in a connection group contain identical directory paths, the paths are merged into a single virtual directory inside the connection group virtual environment. This merging of paths allows an application in one package to access files that are in a different package.
+
+When you remove a package from a connection group, the applications in that removed package are no longer able to access files in the remaining packages in the connection group.
+
+The order in which App-V looks up a file’s name in the connection group is specified by the order in which the App-V packages are listed in the connection group manifest file.
+
+The following example shows the order and relationship of a file name lookup in a connection group for **Package A** and **Package B**.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Package A</th>
+<th align="left">Package B</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>C:\Windows\System32</p></td>
+<td align="left"><p>C:\Windows\System32</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>C:\AppTest</p></td>
+<td align="left"><p>C:\AppTest</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+In the example above, when a virtualized application tries to find a specific file, Package A is searched first for a matching file path. If a matching path is not found, Package B is searched, using the following mapping rules:
+
+-   If a file named **test.txt** exists in the same virtual folder hierarchy in both application packages, the first matching file is used.
+
+-   If a file named **bar.txt** exists in the virtual folder hierarchy of one application package, but not in the other, the first matching file is used.
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[Managing Connection Groups](appv-managing-connection-groups.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-convert-a-package-created-in-a-previous-version-of-appv.md b/windows/manage/appv-convert-a-package-created-in-a-previous-version-of-appv.md
new file mode 100644
index 0000000000..bb5c9776c7
--- /dev/null
+++ b/windows/manage/appv-convert-a-package-created-in-a-previous-version-of-appv.md
@@ -0,0 +1,64 @@
+---
+title: How to Convert a Package Created in a Previous Version of App-V (Windows 10)
+description: How to Convert a Package Created in a Previous Version of App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Convert a Package Created in a Previous Version of App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+You can use the package converter utility to upgrade virtual application packages that have been created with previous versions of App-V.
+
+> [!NOTE]  
+> If you are running a computer with a 64-bit architecture, you must use the x86 version of Windows PowerShell.
+
+The package converter can only directly convert packages that were created by using the App-V 4.5 sequencer or later. Packages that were created using a version prior to App-V 4.5 must be upgraded to at least App-V 4.5 before conversion.
+
+The following information provides direction for converting existing virtual application packages.
+
+> [!IMPORTANT]  
+> You must configure the package converter to always save the package ingredients file to a secure location and directory. A secure location is accessible only by an administrator. Additionally, when you deploy the package, you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion process.
+
+## App-V 4.6 installation folder is redirected to virtual file system root
+
+When you convert packages from App-V 4.6 to App-V for Windows 10, the App-V for Windows 10 package can access the hardcoded drive that you were required to use when you created 4.6 packages. The drive letter will be the drive you selected as the installation drive on the 4.6 sequencing machine. (The default drive letter is Q:\\.)
+
+**Technical Details:** The App-V package converter will save the App-V 4.6 installation root folder and short folder names in the FilesystemMetadata.xml file in the Filesystem element. When the App-V for Windows 10 client creates the virtual process, it will map requests from the App-V 4.6 installation root to the virtual file system root.
+
+## Getting started
+
+1.  Install the App-V Sequencer on a computer in your environment. For information about how to install the Sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md).
+
+2.  The following cmdlets are available:
+
+    -   **Test-AppvLegacyPackage** – This cmdlet is designed to check packages. It will return information about any failures with the package such as missing **.sft** files, an invalid source, **.osd** file errors, or invalid package version. This cmdlet will not parse the **.sft** file or do any in depth validation. For information about options and basic functionality for this cmdlet, using Windows PowerShell, type `Test-AppvLegacyPackage -?`.
+
+    -   **ConvertFrom-AppvLegacyPackage** – To convert an existing package, type `ConvertFrom-AppvLegacyPackage c:\contentStore c:\convertedPackages`. In this command, `c:\contentStore` represents the location of the existing package and `c:\convertedPackages` is the output directory to which the resulting App-V for Windows 10 virtual application package file will be saved. By default, if you do not specify a new name, the old package name will be used.
+
+        Additionally, the package converter optimizes performance of packages in App-V for Windows 10 by setting the package to stream fault the App-V package.  This is more performant than the primary feature block and fully downloading the package. The flag **DownloadFullPackageOnFirstLaunch** allows you to convert the package and set the package to be fully downloaded by default.
+
+        > [!NOTE]  
+        > Before you specify the output directory, you must create the output directory.
+
+### Advanced Conversion Tips
+
+-   Piping - Windows PowerShell supports piping. Piping allows you to call `dir c:\contentStore\myPackage | Test-AppvLegacyPackage`. In this example, the directory object that represents `myPackage` will be given as input to the `Test-AppvLegacyPackage` command and bound to the `-Source` parameter. Piping like this is especially useful when you want to batch commands together; for example, `dir .\ | Test-AppvLegacyPackage | ConvertFrom-AppvLegacyAppvPackage -Target .\ConvertedPackages`. This piped command would test the packages and then pass those objects on to actually be converted. You can also apply a filter on packages without errors or only specify a directory which contains an **.sprj** file or pipe them to another cmdlet that adds the filtered package to the server or publishes them to the App-V client.
+
+-   Batching - The Windows PowerShell command enables batching. More specifically, the cmdlets support taking a string\[\] object for the `-Source` parameter which represents a list of directory paths. This allows you to enter `$packages = dir c:\contentStore` and then call `ConvertFrom-AppvLegacyAppvPackage-Source $packages -Target c:\ConvertedPackages` or to use piping and call `dir c:\ContentStore | ConvertFrom-AppvLegacyAppvPackage -Target C:\ConvertedPackages`.
+
+-   Other functionality - Windows PowerShell has other built-in functionality for features such as aliases, piping, lazy-binding, .NET object, and many others. All of these are usable in Windows PowerShell and can help you create advanced scenarios for the Package Converter.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md b/windows/manage/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
new file mode 100644
index 0000000000..467da82dda
--- /dev/null
+++ b/windows/manage/appv-create-a-connection-group-with-user-published-and-globally-published-packages.md
@@ -0,0 +1,86 @@
+---
+title: How to Create a Connection Group with User-Published and Globally Published Packages (Windows 10)
+description: How to Create a Connection Group with User-Published and Globally Published Packages
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Create a Connection Group with User-Published and Globally Published Packages
+
+**Applies to**
+-   Windows 10, version 1607
+
+You can create user-entitled connection groups that contain both user-published and globally published packages, using either of the following methods:
+
+-   [How to use Windows PowerShell cmdlets to create user-entitled connection groups](#how-to-use-powershell-cmdlets-to-create-user-entitled-connection-groups)
+
+-   [How to use the App-V Server to create user-entitled connection groups](#how-to-use-the-app-v-server-to-create-user-entitled-connection-groups)
+
+## What to know before you start:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Unsupported scenarios and potential issues</th>
+<th align="left">Result</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>You cannot include user-published packages in globally entitled connection groups.</p></td>
+<td align="left"><p>The connection group will fail.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>If you publish a package globally and then create a user-published connection group in which you’ve made that package non-optional, you can still run <strong>Unpublish-AppvClientPackage &lt;package&gt; -global</strong> to unpublish the package, even when that package is being used in another connection group.</p></td>
+<td align="left"><p>If any other connection groups are using that package, the package will fail in those connection groups.</p>
+<p>To avoid inadvertently unpublishing a non-optional package that is being used in another connection group, we recommend that you track the connection groups in which you’ve used a non-optional package.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## How to use Windows PowerShell cmdlets to create user-entitled connection groups
+
+1.  Add and publish packages by using the following commands:
+    
+    ```
+    Add-AppvClientPackage <Package1_AppV_file_Path>
+    Add-AppvClientPackage <Package2_AppV_file_Path>
+    Publish-AppvClientPackage -PackageId <Package1_ID> -VersionId <Package1_Version_ID> -Global
+    Publish-AppvClientPackage -PackageId <Package2_ID> -VersionId <Package2_Version_ID>
+    ```
+
+2.  Create the connection group XML file. For more information, see [About the Connection Group File](appv-connection-group-file.md).
+
+3.  Add and publish the connection group by using the following commands:
+    
+    ```
+    Add-AppvClientConnectionGroup <Connection_Group_XML_file_Path>
+    Enable-AppvClientConnectionGroup -GroupId <CG_Group_ID> -VersionId <CG_Version_ID>
+    ```
+
+## How to use the App-V Server to create user-entitled connection groups
+
+1.  Open the App-V Management Console.
+
+2.  Follow the instructions in [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md) to publish packages globally and to the user.
+
+3.  Follow the instructions in [How to Create a Connection Group](appv-create-a-connection-group.md) to create the connection group, and add the user-published and globally published packages.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[Managing Connection Groups](appv-managing-connection-groups.md)
diff --git a/windows/manage/appv-create-a-connection-group.md b/windows/manage/appv-create-a-connection-group.md
new file mode 100644
index 0000000000..3bbc7aa888
--- /dev/null
+++ b/windows/manage/appv-create-a-connection-group.md
@@ -0,0 +1,50 @@
+---
+title: How to Create a Connection Group (Windows 10)
+description: How to Create a Connection Group
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Create a Connection Group
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use these steps to create a connection group by using the App-V Management Console. To use Windows PowerShell to create connection groups, see [How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md).
+
+When you place packages in a connection group, their package root paths are merged. If you remove packages, only the remaining packages maintain the merged root.
+
+**To create a connection group**
+
+1.  In the App-V Management Console, select **CONNECTION GROUPS** to display the Connection Groups library.
+
+2.  Select **ADD CONNECTION GROUP** to create a new connection group.
+
+3.  In the **New Connection Group** pane, type a description for the group.
+
+4.  Click **EDIT** in the **CONNECTED PACKAGES** pane to add a new application to the connection group.
+
+5.  In the **PACKAGES Entire Library** pane, select the application to be added, and click the arrow to add the application.
+
+    To remove an application, select the application to be removed in the **PACKAGES IN** pane and click the arrow.
+
+    To reprioritize the applications in your connection group, use the arrows in the **PACKAGES IN** pane.
+
+    **Important**<br>
+    By default, the Active Directory Domain Services access configurations that are associated with a specific application are not added to the connection group. To transfer the Active Directory access configuration, select **ADD PACKAGE ACCESS TO GROUP ACCESS**, which is located in the **PACKAGES IN** pane.
+
+6.  After adding all the applications and configuring Active Directory access, click **Apply**.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
+
+[Managing Connection Groups](appv-managing-connection-groups.md)
diff --git a/windows/manage/appv-create-a-custom-configuration-file-with-the-management-console.md b/windows/manage/appv-create-a-custom-configuration-file-with-the-management-console.md
new file mode 100644
index 0000000000..82eb3a5165
--- /dev/null
+++ b/windows/manage/appv-create-a-custom-configuration-file-with-the-management-console.md
@@ -0,0 +1,40 @@
+---
+title: How to Create a Custom Configuration File by Using the App-V Management Console (Windows 10)
+description: How to Create a Custom Configuration File by Using the App-V Management Console
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Create a Custom Configuration File by Using the App-V Management Console
+
+**Applies to**
+-   Windows 10, version 1607
+
+You can use a dynamic configuration to customize an App-V package for a specific user. However, you must first create the dynamic user configuration (.xml) file or the dynamic deployment configuration file before you can use the files. Creation of the file is an advanced manual operation. For general information about dynamic user configuration files, see, [About App-V Dynamic Configuration](appv-dynamic-configuration.md).
+
+Use the following procedure to create a Dynamic User Configuration file by using the App-V Management console.
+
+**To create a Dynamic User Configuration file**
+
+1.  Right-click the name of the package that you want to view and select **Edit active directory access** to view the configuration that is assigned to a given user group. Alternatively, select the package, and click **Edit**.
+
+2.  Using the list of **AD Entities with Access**, select the AD group that you want to customize. Select **Custom** from the drop-down list, if it is not already selected. A link named **Edit** will be displayed.
+
+3.  Click **Edit**. The Dynamic User Configuration that is assigned to the AD Group will be displayed.
+
+4.  Click **Advanced**, and then click **Export Configuration**. Type in a filename and click **Save**. Now you can edit the file to configure a package for a user.
+
+    **Note**  
+    To export a configuration while running on Windows Server, you must disable "IE Enhanced Security Configuration". If this is enabled and set to block downloads, you cannot download anything from the App-V Server.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-create-a-package-accelerator-with-powershell.md b/windows/manage/appv-create-a-package-accelerator-with-powershell.md
new file mode 100644
index 0000000000..fb7b1a1129
--- /dev/null
+++ b/windows/manage/appv-create-a-package-accelerator-with-powershell.md
@@ -0,0 +1,49 @@
+---
+title: How to Create a Package Accelerator by Using Windows PowerShell (Windows 10)
+description: How to Create a Package Accelerator by Using Windows PowerShell
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Create a Package Accelerator by Using Windows PowerShell
+
+**Applies to**
+-   Windows 10, version 1607
+
+App-V package accelerators automatically sequence large, complex applications. Additionally, when you apply an App-V package accelerator, you are not always required to manually install an application to create the virtualized package.
+
+**To create a package accelerator**
+
+1.  Install the App-V sequencer. For more information about installing the sequencer see [How to Install the Sequencer](appv-install-the-sequencer.md).
+
+2.  To open a Windows PowerShell console, click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**. Use the **New-AppvPackageAccelerator** cmdlet.
+
+3.  To create a package accelerator, make sure that you have the .appv package to create an accelerator from, the installation media or installation files, and optionally a read me file for consumers of the accelerator to use. The following parameters are required to use the package accelerator cmdlet:
+
+    -   **InstalledFilesPath** - specifies the application installation path.
+
+    -   **Installer** – specifies the path to the application installer media
+
+    -   **InputPackagePath** – specifies the path to the .appv package
+
+    -   **Path** – specifies the output directory for the package.
+
+    The following example displays how you can create a package accelerator with an .appv package and the installation media:
+
+    **New-AppvPackageAccelerator -InputPackagePath &lt;path to the .appv file&gt; -Installer &lt;path to the installer executable&gt; -Path &lt;directory of the output path&gt;**
+
+    An additional optional parameter that can be used with the **New-AppvPackageAccelerator** cmdlet is as follows:
+
+    -   **AcceleratorDescriptionFile** - specifies the path to user created package accelerator instructions. The package accelerator instructions are **.txt** or **.rtf** description files that will be packaged with the package created using the package accelerator.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
diff --git a/windows/manage/appv-create-a-package-accelerator.md b/windows/manage/appv-create-a-package-accelerator.md
new file mode 100644
index 0000000000..690438f968
--- /dev/null
+++ b/windows/manage/appv-create-a-package-accelerator.md
@@ -0,0 +1,78 @@
+---
+title: How to Create a Package Accelerator (Windows 10)
+description: How to Create a Package Accelerator
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Create a Package Accelerator
+
+**Applies to**
+-   Windows 10, version 1607
+
+App-V package accelerators automatically generate new virtual application packages.
+
+>**Note**&nbsp;&nbsp;You can use Windows PowerShell to create a package accelerator. For more information see [How to Create a Package Accelerator by Using Windows PowerShell](appv-create-a-package-accelerator-with-powershell.md).
+
+Use the following procedure to create a package accelerator.
+
+>**Important**
+> - Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V Package Accelerator is applied.
+> - Before you begin the following procedure, perform the following:
+    -   Copy the virtual application package that you will use to create the package accelerator locally to the computer running the sequencer.
+    -   Copy all required installation files associated with the virtual application package to the computer running the sequencer.
+> - The App-V Sequencer does not grant any license rights to the software application you are using to create the Package Accelerator. You must abide by all end user license terms for the application you are using. It is your responsibility to make sure the software application’s license terms allow you to create a Package Accelerator using App-V Sequencer.
+
+## To create a package accelerator
+
+1.  To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+
+2.  To start the App-V **Create Package Accelerator** wizard, in the App-V sequencer console, click **Tools** / **Create Accelerator**.
+
+3.  On the **Select Package** page, to specify an existing virtual application package to use to create the Package Accelerator, click **Browse**, and locate the existing virtual application package (.appv file).
+
+    **Tip**<br>
+    Copy the files associated with the virtual application package you plan to use locally to the computer running the Sequencer.
+    
+    Click **Next**.
+
+4.  On the **Installation Files** page, to specify the folder that contains the installation files that you used to create the original virtual application package, click **Browse**, and then select the directory that contains the installation files.
+
+    **Tip**<br>
+    Copy the folder that contains the required installation files to the computer running the Sequencer.
+
+5.  If the application is already installed on the computer running the sequencer, to specify the installation file, select **Files installed on local system**. To use this option, the application must already be installed in the default installation location.
+
+6.  On the **Gathering Information** page, review the files that were not found in the location specified on the **Installation Files** page of this wizard. If the files displayed are not required, select **Remove these files**, and then click **Next**. If the files are required, click **Previous** and copy the required files to the directory specified on the **Installation Files** page.
+
+    **Note**<br>
+    You must either remove the unrequired files, or click **Previous** and locate the required files to advance to the next page of this wizard.
+
+7.  On the **Select Files** page, carefully review the files that were detected, and clear any file that should be removed from the package accelerator. Select only files that are required for the application to run successfully, and then click **Next**.
+
+8.  On the **Verify Applications** page, confirm that all installation files that are required to build the package are displayed. When the Package Accelerator is used to create a new package, all installation files displayed in the **Applications** pane are required to create the package.
+
+    If necessary, to add additional Installer files, click **Add**. To remove unnecessary installation files, select the Installer file, and then click **Delete**. To edit the properties associated with an installer, click **Edit**. The installation files specified in this step will be required when the Package Accelerator is used to create a new virtual application package. After you have confirmed the information displayed, click **Next**.
+
+9.  On the **Select Guidance** page, to specify a file that contains information about how the Package Accelerator, click **Browse**. For example, this file can contain information about how the computer running the Sequencer should be configured, application prerequisite information for target computers, and general notes. You should provide all required information for the Package Accelerator to be successfully applied. The file you select must be in rich text (.rtf) or text file (.txt) format. Click **Next**.
+
+10. On the **Create Package Accelerator** page, to specify where to save the Package Accelerator, click **Browse** and select the directory.
+
+11. On the **Completion** page, to close the **Create Package Accelerator** wizard, click **Close**.
+
+    **Important**<br>
+    To help ensure that the package accelerator is as secure as possible, and so that the publisher can be verified when the package accelerator is applied, you should always digitally sign the package accelerator.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
+
+[How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
diff --git a/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md b/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md
new file mode 100644
index 0000000000..4cae334e5e
--- /dev/null
+++ b/windows/manage/appv-create-a-virtual-application-package-package-accelerator.md
@@ -0,0 +1,78 @@
+---
+title: How to Create a Virtual Application Package Using an App-V Package Accelerator (Windows 10)
+description: How to Create a Virtual Application Package Using an App-V Package Accelerator
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Create a Virtual Application Package Using an App-V Package Accelerator
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following procedure to create a virtual application package with the App-V Package Accelerator.
+
+> **Important**&nbsp;&nbsp;The App-V Sequencer does not grant any license rights to the software application that you use to create the Package Accelerator. You must abide by all end user license terms for the application that you use. It is your responsibility to make sure that the software application’s license terms allow you to create a Package Accelerator with the App-V Sequencer.
+
+**To create a virtual application package with an App-V Package Accelerator**
+
+1. Be sure that the required Package Accelerator has been copied locally to the computer that runs the App-V Sequencer. Also copy all required installation files for the package to a local folder on the computer that runs the Sequencer. This is the folder that you have to specify in step 6 of this procedure.
+
+2.  To start the App-V Sequencer, on the computer that runs the App-V Sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+
+3.  To start the **Create New Package Wizard**, click **Create a New Virtual Application Package**. To create the package, select the **Create Package using a Package Accelerator** check box, and then click **Next**.
+
+4.  To specify the package accelerator that will be used to create the new virtual application package, click **Browse** on the **Select Package Accelerator** page. Click **Next**.
+
+    > **Important**&nbsp;&nbsp;If the publisher of the package accelerator cannot be verified and does not contain a valid digital signature, then before you click **Run**, you must confirm that you trust the source of the package accelerator. Confirm your choice in the **Security Warning** dialog box.
+
+5.  On the **Guidance** page, review the publishing guidance information that is displayed in the information pane. This information was added when the Package Accelerator was created and it contains guidance about how to create and publish the package. To export the guidance information to a text (.txt) file, click **Export** and specify the location where the file should be saved, and then click **Next**.
+
+6.  On the **Select Installation Files** page, click **Make New Folder** to create a local folder that contains all required installation files for the package, and specify where the folder should be saved. You must also specify a name to be assigned to the folder. You must then copy all required installation files to the location that you specified. If the folder that contains the installation files already exists on the computer that runs the Sequencer, click **Browse** to select the folder.
+
+    Alternatively, if you have already copied the installation files to a directory on this computer, click **Make New Folder**, browse to the folder that contains the installation files, and then click **Next**.
+
+    > **Note**&nbsp;&nbsp;You can specify the following types of supported installation files:
+    > -   Windows Installer files (**.msi**)
+    > -   Cabinet files (.cab)
+    > -   Compressed files with a .zip file name extension
+    > -   The actual application files
+    > The following file types are not supported: **.msp** and **.exe** files. If you specify an **.exe** file, you must extract the installation files manually.
+
+7.  If the package accelerator requires an application to be installed before you apply the Package Accelerator, and if you have already installed the required application, select **I have installed all applications**, and then click **Next** on the **Local Installation** page.
+
+8.  On the **Package Name** page, specify a name that will be associated with the package. The name that you specify identifies the package in the App-V Management Console. Click **Next**.
+
+9.  On the **Create Package** page, provide comments that will be associated with the package. The comments should contain identifying information about the package that you are creating. To confirm the location where the package is created, review the information that is displayed in **Save Location**. To compress the package, select **Compress Package**. Select the **Compress Package** check box if the package will be streamed across the network, or when the package size exceeds 4 GB.
+
+10.  To create the package, click **Create**. After the package is created, click **Next**.
+
+11.  On the **Configure Software** page, to enable the Sequencer to configure the applications that are contained in the package, select **Configure Software**. In this step you can configure any associated tasks that must be completed in order to run the application on the target computers. For example, you can configure any associated license agreements.
+
+    If you select **Configure Software**, the following items can be configured using the Sequencer as part of this step:
+
+    -   **Load Package**. The Sequencer loads the files that are associated with the package. It can take several seconds to an hour to decode the package.
+
+    -   **Run Each Program**. Optionally run the programs that are contained in the package. This step is helpful to complete any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at once, select at least one program, and then click **Run All**. To run specific programs, select the program or programs that you want to run, and then click **Run Selected**. Complete the required configuration tasks, and then close the applications. It can take several minutes for all programs to run. Click **Next**.
+
+    -   **Save Package**. The Sequencer saves the package.
+
+    -   **Primary Feature Block**. The Sequencer optimizes the package for streaming by rebuilding the primary feature block.
+
+    If you do not want to configure the applications, click **Skip this step**, and then click **Next**.
+
+12.  On the **Completion** page, after you review the information that is displayed in the **Virtual Application Package Report** pane, click **Close**.
+
+    The package is now available in the Sequencer. To edit the package properties, click **Edit \[Package Name\]**. For more information about how to modify a package, see [How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md).
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-create-and-use-a-project-template.md b/windows/manage/appv-create-and-use-a-project-template.md
new file mode 100644
index 0000000000..c6a0be63bb
--- /dev/null
+++ b/windows/manage/appv-create-and-use-a-project-template.md
@@ -0,0 +1,55 @@
+---
+title: How to Create and Use a Project Template (Windows 10)
+description: How to Create and Use a Project Template
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Create and Use a Project Template
+
+**Applies to**
+-   Windows 10, version 1607
+
+You can use an App-V project template to save commonly applied settings associated with an existing virtual application package. These settings can then be applied when you create new virtual application packages in your environment. Using a project template can streamline the process of creating virtual application packages.
+
+> **Note**&nbsp;&nbsp;You can, and often should apply an App-V project template during a package upgrade. For example, if you sequenced an application with a custom exclusion list, it is recommended that an associated template is created and saved for later use while upgrading the sequenced application.
+
+App-V project templates differ from App-V Application Accelerators because App-V Application Accelerators are application-specific, and App-V project templates can be applied to multiple applications.
+
+Use the following procedures to create and apply a new template.
+
+**To create a project template**
+
+1.  To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+
+    > **Note**&nbsp;&nbsp;If the virtual application package is currently open in the App-V Sequencer console, skip to step 3 of this procedure.
+
+2.  To open the existing virtual application package that contains the settings you want to save with the App-V project template, click **File** / **Open**, and then click **Edit Package**. On the **Select Package** page, click **Browse** and locate the virtual application package that you want to open. Click **Edit**.
+
+3.  In the App-V Sequencer console, to save the template file, click **File** / **Save As Template**. After you have reviewed the settings that will be saved with the new template, click **OK**. Specify a name that will be associated with the new App-V project template. Click Save.
+
+    The new App-V project template is saved in the folder you specified.
+
+**To apply a project template**
+
+> **Important**&nbsp;&nbsp;Creating a virtual application package using a project template in conjunction with a Package Accelerator is not supported.
+
+1.  To start the App-V sequencer, on the computer that is running the sequencer, click **Start** / **All Programs** / **Microsoft Application Virtualization** / **Microsoft Application Virtualization Sequencer**.
+
+2.  To create or upgrade a new virtual application package by using an App-V project template, click **File** / **New From Template**.
+
+3.  To select the project template that you want to use, browse to the directory where the project template is saved, select the project template, and then click **Open**.
+
+    Create the new virtual application package. The settings saved with the specified template will be applied to the new virtual application package that you are creating.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-creating-and-managing-virtualized-applications.md b/windows/manage/appv-creating-and-managing-virtualized-applications.md
new file mode 100644
index 0000000000..861034a883
--- /dev/null
+++ b/windows/manage/appv-creating-and-managing-virtualized-applications.md
@@ -0,0 +1,214 @@
+---
+title: Creating and Managing App-V Virtualized Applications (Windows 10)
+description: Creating and Managing App-V Virtualized Applications
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Creating and Managing App-V Virtualized Applications
+
+**Applies to**
+-   Windows 10, version 1607
+
+After you have properly deployed the Microsoft Application Virtualization (App-V) sequencer, you can use it to monitor and record the installation and setup process for an application to be run as a virtualized application.
+
+**Note**  
+For more information about configuring the App-V sequencer, sequencing best practices, and an example of creating and updating a virtual application, see the [Microsoft Application Virtualization 5.0 Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V 5.0 Sequencing Guide.docx).
+
+**Note**  
+The App-V Sequencer cannot sequence applications with filenames matching "CO_&lt;x&gt;" where x is any numeral. Error 0x8007139F will be generated.
+
+## Sequencing an application
+
+
+You can use the App-V Sequencer to perform the following tasks:
+
+-   Create virtual packages that can be deployed to computers running the App-V client.
+
+-   Upgrade existing packages. You can expand an existing package onto the computer running the sequencer and then upgrade the application to create a newer version.
+
+-   Edit configuration information associated with an existing package. For example, you can add a shortcut or modify a file type association.
+
+    **Note**  
+    You must create shortcuts and save them to an available network location to allow roaming. If a shortcut is created and saved in a private location, the package must be published locally to the computer running the App-V client.
+ 
+-   Convert existing virtual packages.
+
+The sequencer uses the **%TMP% \\ Scratch** or **%TEMP% \\ Scratch** directory and the **Temp** directory to store temporary files during sequencing. On the computer that runs the sequencer, you should configure these directories with free disk space equivalent to the estimated application installation requirements. Configuring the temp directories and the Temp directory on different hard drive partitions can help improve performance during sequencing.
+
+When you use the sequencer to create a new virtual application, the following listed files are created. These files comprise the App-V package.
+
+-   .msi file. This Windows Installer (.msi) file is created by the sequencer and is used to install the virtual package on target computers.
+
+-   Report.xml file. In this file, the sequencer saves all issues, warnings, and errors that were discovered during sequencing. It displays the information after the package has been created. You can us this report for diagnosing and troubleshooting.
+
+-   .appv file. This is the virtual application file.
+
+-   Deployment configuration file. The deployment configuration file determines how the virtual application will be deployed to target computers.
+
+-   User configuration file. The user configuration file determines how the virtual application will run on target computers.
+
+**Important**  
+You must configure the %TMP% and %TEMP% folders that the package converter uses to be a secure location and directory. A secure location is only accessible by an administrator. Additionally, when you sequence the package you should save the package to a location that is secure, or make sure that no other user is allowed to be logged in during the conversion and monitoring process. 
+
+The **Options** dialog box in the sequencer console contains the following tabs:
+
+-   **General**. Use this tab to enable Microsoft Updates to run during sequencing. Select **Append Package Version to Filename** to configure the sequence to add a version number to the virtualized package that is being sequenced. Select **Always trust the source of Package Accelerators** to create virtualized packages using a package accelerator without being prompted for authorization.
+
+    **Important**  
+    Package Accelerators created using App-V 4.6 are not supported by App-V.     
+
+-   **Parse Items**. This tab displays the associated file path locations that will be parsed or tokenized into in the virtual environment. Tokens are useful for adding files using the **Package Files** tab in **Advanced Editing**.
+
+-   **Exclusion Items**. Use this tab to specify which folders and directories should not be monitored during sequencing. To add local application data that is saved in the Local App Data folder in the package, click **New** and specify the location and the associated **Mapping Type**. This option is required for some packages.
+
+App-V supports applications that include Microsoft Windows Services. If an application includes a Windows service, the Service will be included in the sequenced virtual package as long as it is installed while being monitored by the sequencer. If a virtual application creates a Windows service when it initially runs, then later, after installation, the application must be run while the sequencer is monitoring so that the Windows Service will be added to the package. Only Services that run under the Local System account are supported. Services that are configured for AutoStart or Delayed AutoStart are started before the first virtual application in a package runs inside the package’s Virtual Environment. Windows Services that are configured to be started on demand by an application are started when the virtual application inside the package starts the Service via API call.
+
+[How to Sequence a New Application with App-V](appv-sequence-a-new-application.md)
+
+## <a href="" id="---------app-v-5-1-shell-extension-support"></a> App-V shell extension support
+
+
+App-V supports shell extensions. Shell extensions will be detected and embedded in the package during sequencing.
+
+Shell extensions are embedded in the package automatically during the sequencing process. When the package is published, the shell extension gives users the same functionality as if the application were locally installed.
+
+**Requirements for using shell extensions:**
+
+-   Packages that contain embedded shell extensions must be published globally. The application requires no additional setup or configuration on the client to enable the shell extension functionality.
+
+-   The “bitness” of the application, Sequencer, and App-V client must match, or the shell extensions won’t work. For example:
+
+    -   The version of the application is 64-bit.
+
+    -   The Sequencer is running on a 64-bit computer.
+
+    -   The package is being delivered to a 64-bit App-V client computer.
+
+The following table lists the supported shell extensions:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Handler</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Context menu handler</p></td>
+<td align="left"><p>Adds menu items to the context menu. It is called before the context menu is displayed.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Drag-and-drop handler</p></td>
+<td align="left"><p>Controls the action where right-click, drag and drop and modifies the context menu that appears.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Drop target handler</p></td>
+<td align="left"><p>Controls the action after a data object is dragged and dropped over a drop target such as a file.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Data object handler</p></td>
+<td align="left"><p>Controls the action after a file is copied to the clipboard or dragged and dropped over a drop target. It can provide additional clipboard formats to the drop target.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Property sheet handler</p></td>
+<td align="left"><p>Replaces or adds pages to the property sheet dialog box of an object.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Infotip handler</p></td>
+<td align="left"><p>Allows retrieving flags and infotip information for an item and displaying it inside a pop-up tooltip upon mouse hover.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Column handler</p></td>
+<td align="left"><p>Allows creating and displaying custom columns in <strong>Windows Explorer Details view</strong>. It can be used to extend sorting and grouping.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Preview handler</p></td>
+<td align="left"><p>Enables a preview of a file to be displayed in the Windows Explorer Preview pane.</p></td>
+</tr>
+</tbody>
+</table>
+
+## Copy on Write (CoW) file extension support
+
+Copy on write (CoW) file extensions allow App-V to dynamically write to specific locations contained in the virtual package while it is being used.
+
+The following table displays the file types that can exist in a virtual package under the VFS directory, but cannot be updated on the computer running the App-V client. All other files and directories can be modified.
+
+| File Type  	|             	|             	|            	|            	|            	|
+|------------	|-------------	|-------------	|------------	|------------	|------------	|
+| .acm       	| .asa        	| .asp        	| .aspx      	| .ax        	| .bat       	|
+| .cer       	| .chm        	| .clb        	| .cmd       	| .cnt       	| .cnv       	|
+| .com       	| .cpl        	| .cpx        	| .crt       	| .dll       	| .drv       	|
+| .esc       	| .exe        	| .fon        	| .grp       	| .hlp       	| .hta       	|
+| .ime       	| .inf        	| .ins        	| .isp       	| .its       	| .js        	|
+| .jse       	| .lnk        	| .msc        	| .msi       	| .msp       	| .mst       	|
+| .mui       	| .nls        	| .ocx        	| .pal       	| .pcd       	| .pif       	|
+| .reg       	| .scf        	| .scr        	| .sct       	| .shb       	| .shs       	|
+| .sys       	| .tlb        	| .tsp        	| .url       	| .vb        	| .vbe       	|
+| .vbs       	| .vsmacros   	| .ws         	| .wsf       	| .wsh       	|            	|
+
+
+## Modifying an existing virtual application package
+
+
+You can use the sequencer to modify an existing package. The computer on which you do this should match the chip architecture of the computer you used to create the application. For example, if you initially sequenced a package using a computer running a 64-bit operating system, you should modify the package using a computer running a 64-bit operating system.
+
+[How to Modify an Existing Virtual Application Package](appv-modify-an-existing-virtual-application-package.md)
+
+## Creating a project template
+
+
+A .appvt file is a project template that can be used to save commonly applied, customized settings. You can then more easily use these settings for future sequencings.
+
+App-V project templates differ from App-V Application Accelerators because App-V Application Accelerators are application-specific, and App-V project templates can be applied to multiple applications. Additionally, you cannot use a project template when you use a Package Accelerator to create a virtual application package. The following general settings are saved with an App-V project template:
+
+A template can specify and store multiple settings as follows:
+
+-   **Advanced Monitoring Options**. Enables Microsoft Update to run during monitoring. Saves allow local interaction option settings
+
+-   **General Options**. Enables the use of **Windows Installer**, **Append Package Version to Filename**.
+
+-   **Exclusion Items.** Contains the Exclusion pattern list.
+
+[How to Create and Use a Project Template](appv-create-and-use-a-project-template.md)
+
+## Creating a package accelerator
+
+
+**Note**  
+Package accelerators created using a previous version of App-V must be recreated using App-V.
+
+You can use App-V package accelerators to automatically generate a new virtual application packages. After you have successfully created a package accelerator, you can reuse and share the package accelerator.
+
+In some situations, to create the package accelerator, you might have to install the application locally on the computer that runs the sequencer. In such cases, you should first try to create the package accelerator with the installation media. If multiple missing files are required, you should install the application locally to the computer that runs the sequencer, and then create the package accelerator.
+
+After you have successfully created a Package Accelerator, you can reuse and share the Package Accelerator. Creating App-V Package Accelerators is an advanced task. Package Accelerators can contain password and user-specific information. Therefore you must save Package Accelerators and the associated installation media in a secure location, and you should digitally sign the Package Accelerator after you create it so that the publisher can be verified when the App-V Package Accelerator is applied.
+
+[How to Create a Package Accelerator](appv-create-a-package-accelerator.md)
+
+[How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md)
+
+## Sequencer error reporting
+
+
+The App-V Sequencer can detect common sequencing issues during sequencing. The **Installation Report** page at the end of the sequencing wizard displays diagnostic messages categorized into **Errors**, **Warnings**, and **Info** depending on the severity of the issue.
+
+You can also find additional information about sequencing errors using the Windows Event Viewer.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+-   [Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-customize-virtual-application-extensions-with-the-management-console.md b/windows/manage/appv-customize-virtual-application-extensions-with-the-management-console.md
new file mode 100644
index 0000000000..09c76c884b
--- /dev/null
+++ b/windows/manage/appv-customize-virtual-application-extensions-with-the-management-console.md
@@ -0,0 +1,39 @@
+---
+title: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console (Windows 10)
+description: How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Customize Virtual Applications Extensions for a Specific AD Group by Using the Management Console
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following procedure to customize the virtual application extensions for an Active Directory (AD) group.
+
+**To customize virtual applications extensions for an AD group**
+
+1.  To view the package that you want to configure, open the App-V Management Console. To view the configuration that is assigned to a given user group, select the package, and right-click the package name and select **Edit active directory access**. Alternatively, select the package and click **EDIT** in the **AD ACCESS** pane.
+
+2.  To customize an AD group, you can find the group from the list of **AD Entities with Access**. Then, using the drop-down box in the **Assigned Configuration** pane, select **Custom**, and then click **EDIT**.
+
+3.  To disable all extensions for a given application, clear **ENABLE**.
+
+    To add a new shortcut for the selected application, right-click the application in the **SHORTCUTS** pane, and select **Add new shortcut**. To remove a shortcut, right-click the application in the **SHORTCUTS** pane, and select **Remove Shortcut**. To edit an existing shortcut, right-click the application, and select **Edit Shortcut**.
+
+4.  To view any other application extensions, click **Advanced**, and click **Export Configuration**. Type in a filename and click **Save**. You can view all application extensions that are associated with the package using the configuration file.
+
+5.  To edit additional application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog, click **Overwrite** to complete the process.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-delete-a-connection-group.md b/windows/manage/appv-delete-a-connection-group.md
new file mode 100644
index 0000000000..a81a30d908
--- /dev/null
+++ b/windows/manage/appv-delete-a-connection-group.md
@@ -0,0 +1,33 @@
+---
+title: How to Delete a Connection Group (Windows 10)
+description: How to Delete a Connection Group
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Delete a Connection Group
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following procedure to delete an existing App-V connection group.
+
+**To delete a connection group**
+
+1.  Open the App-V Management Console and select **CONNECTION GROUPS**.
+
+2.  Right-click the connection group to be removed, and select **delete**.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
+
+[Managing Connection Groups](appv-managing-connection-groups.md)
diff --git a/windows/manage/appv-delete-a-package-with-the-management-console.md b/windows/manage/appv-delete-a-package-with-the-management-console.md
new file mode 100644
index 0000000000..93cd94b4f0
--- /dev/null
+++ b/windows/manage/appv-delete-a-package-with-the-management-console.md
@@ -0,0 +1,31 @@
+---
+title: How to Delete a Package in the Management Console (Windows 10)
+description: How to Delete a Package in the Management Console
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Delete a Package in the Management Console
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following procedure to delete an App-V package.
+
+**To delete a package in the Management Console**
+
+1.  To view the package you want to delete, open the App-V Management Console and select **Packages**. Select the package to be removed.
+
+2.  Click or right-click the package. Select **Delete** to remove the package.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-deploy-appv-databases-with-sql-scripts.md b/windows/manage/appv-deploy-appv-databases-with-sql-scripts.md
new file mode 100644
index 0000000000..6a2ab10a6a
--- /dev/null
+++ b/windows/manage/appv-deploy-appv-databases-with-sql-scripts.md
@@ -0,0 +1,186 @@
+---
+title: How to Deploy the App-V Databases by Using SQL Scripts (Windows 10)
+description: How to Deploy the App-V Databases by Using SQL Scripts
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Deploy the App-V Databases by Using SQL Scripts
+
+**Applies to**
+-   Windows Server 2016
+
+Use the following instructions to use SQL scripts, rather than the Windows Installer, to:
+
+-   Install the App-V databases
+
+-   Upgrade the App-V databases to a later version
+
+>**Note**  
+> If you have already deployed an App-V 5.0 SP3 database or later, the SQL scripts are not required to upgrade to App-V for Windows.
+
+## How to install the App-V databases by using SQL scripts
+
+1.  Before you install the database scripts, review and keep a copy of the App-V license terms. By running the database scripts, you are agreeing to the license terms. If you do not accept them, you should not use this software.
+
+2.  Copy the **appv\_server\_setup.exe** from the App-V release media to a temporary location.
+
+3.  From a command prompt, run **appv\_server\_setup.exe** and specify a temporary location for extracting the database scripts.
+
+    Example: appv\_server\_setup.exe /layout c:\\_<temporary location path>_
+
+4.  Browse to the temporary location that you created, open the extracted **DatabaseScripts** folder, and review the appropriate readme.txt file for instructions:
+
+    | Database | Location of readme.txt file to use 
+    | - | - |
+    | Management database | ManagementDatabase subfolder |
+    | Reporting database | ReportingDatabase subfolder |
+
+> [!CAUTION]  
+> The readme.txt file in the ManagementDatabase subfolder is out of date. The information in the updated readme files below is the most current and should supersede the readme information provided in the **DatabaseScripts** folders.
+
+> [!IMPORTANT]  
+> The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3.
+> The Permissions.sql script should be updated according to **Step 2** in [KB article 3031340](https://support.microsoft.com/kb/3031340). **Step 1** is not required for versions of App-V later than App-V 5.0 SP3.
+
+### Updated management database README file content
+
+``` syntax
+***********************************************************************************************************
+Before you install and use the Application Virtualization Database Scripts, you must:
+
+- Review the license terms.
+- Print and retain a copy of the license terms for your records.
+
+By running the App-V you agree to such license terms. If you do not accept them, do not use the software.
+***********************************************************************************************************
+
+Steps to install "AppVManagement" schema in SQL SERVER.
+
+## PREREQUISITES:
+
+ 1. Review the installation package.  The following files MUST exist:
+
+    SQL files
+    ---------
+    Database.sql
+    CreateTables.sql
+    CreateStoredProcs.sql
+    UpdateTables.sql
+    Permissions.sql
+
+ 2. Ensure the target SQL Server instance and SQL Server Agent service are running.
+
+ 3. If you are not running the scripts directly on the server, ensure the 
+    necessary SQL Server client software is installed and available from
+    the specified location.  Specifically, the "osql" command must be supported for these scripts to run.
+
+## PREPARATION:
+
+ 1. Review the database.sql file and modify as necessary.  Although the
+    defaults are likely sufficient, it is suggested that the following
+    settings be reviewed:
+
+    DATABASE - ensure name is satisfactory - default is "AppVManagement".   
+
+ 2. Review the Permissions.sql file and provide all the necessary account information
+    for setting up read and write access on the database. Note: Default settings in the file will not work.
+
+## INSTALLATION:
+
+ 1. Run the database.sql against the "master" database.  Your user 
+    credential must have the ability to create databases.
+    This script will create the database.
+
+ 2. Run the following scripts against the "AppVManagement" database using the 
+    same account as above in order.
+
+    CreateTables.sql
+    CreateStoredProcs.sql
+    UpdateTables.sql
+    Permissions.sql 
+
+```
+
+### Updated reporting database README file content
+
+``` syntax
+***********************************************************************************************************
+Before you install and use the Application Virtualization Database Scripts, you must:
+
+- Review the license terms.
+- Print and retain a copy of the license terms for your records.
+
+By running the App-V you agree to such license terms. If you do not accept them, do not use the software.
+***********************************************************************************************************
+
+Steps to install "AppVReporting" schema in SQL SERVER.
+
+## PREREQUISITES:
+
+ 1. Review the installation package.  The following files MUST exist:
+
+    SQL files
+    ---------
+    Database.sql
+    UpgradeDatabase.sql
+    CreateTables.sql
+    CreateReportingStoredProcs.sql
+    CreateStoredProcs.sql
+    CreateViews.sql
+    Permissions.sql
+    ScheduleReportingJob.sql
+
+ 2. Ensure the target SQL Server instance and SQL Server Agent service are running.
+
+ 3. If you are not running the scripts directly on the server, ensure the 
+    necessary SQL Server client software is installed and executable from
+    the location you have chosen.  Specifically, the "osql" command must be supported for these scripts to run.
+
+## PREPARATION:
+
+ 1. Review the database.sql file and modify as necessary.  Although the
+    defaults are likely sufficient, it is suggested that the following
+    settings be reviewed:
+
+    DATABASE - ensure name is satisfactory - default is "AppVReporting".   
+
+ 2. Review the Permissions.sql file and provide all the necessary account information
+    for setting up read and write access on the database. Note: Default settings
+    in the file will not work.
+
+ 3. Review the ScheduleReportingJob.sql file and make sure that the stored proc schedule
+    time is acceptable. The default stored proc schedule time is at 12.01 AM (line 84). 
+    If this time is not suitable, you can change this to a more suitable time. The time is in the format HHMMSS.
+
+## INSTALLATION:
+
+ 1. Run the database.sql against the "master" database.  Your user 
+    credential must have the ability to create databases.
+    This script will create the database.
+
+ 2. If upgrading the database, run UpgradeDatabase.sql This will upgrade database schema.
+
+ 2. Run the following scripts against the "AppVReporting" database using the 
+    same account as above in order.
+    
+    CreateTables.sql
+    CreateReportingStoredProcs.sql
+    CreateStoredProcs.sql
+    CreateViews.sql
+    Permissions.sql
+    ScheduleReportingJob.sql
+```
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Deploying the App-V Server](appv-deploying-the-appv-server.md)
+- [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
diff --git a/windows/manage/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md b/windows/manage/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
new file mode 100644
index 0000000000..d74a347576
--- /dev/null
+++ b/windows/manage/appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md
@@ -0,0 +1,44 @@
+---
+title: How to deploy App-V Packages Using Electronic Software Distribution (Windows 10)
+description: How to deploy App-V Packages Using Electronic Software Distribution
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# How to deploy App-V packages using electronic software distribution
+
+**Applies to**
+-   Windows 10, version 1607
+
+You can use an electronic software distribution (ESD) system to deploy App-V virtual applications to App-V clients.
+
+For component requirements and options for using an ESD to deploy App-V packages, see [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md).
+
+Use one of the following methods to publish packages to App-V client computers with an ESD:
+
+| Method | Description |
+| - | - |
+| Functionality provided by a third-party ESD | Use the functionality in a third-party ESD.| 
+| Stand-alone Windows Installer | Install the application on the target client computer by using the associated Windows Installer (.msi) file that is created when you initially sequence an application. The Windows Installer file contains the associated App-V package file information used to configure a package and copies the required package files to the client. |
+| Windows PowerShell | Use Windows PowerShell cmdlets to deploy virtualized applications. For more information about using Windows PowerShell and App-V, see [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md).| 
+
+ 
+
+**To deploy App-V packages by using an ESD**
+
+1.  Install the App-V Sequencer on a computer in your environment. For more information about installing the sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md).
+
+2.  Use the App-V Sequencer to create virtual application. For information about creating a virtual application, see [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md).
+
+3.  After you create the virtual application, deploy the package by using your ESD solution.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-deploy-the-appv-server-with-a-script.md b/windows/manage/appv-deploy-the-appv-server-with-a-script.md
new file mode 100644
index 0000000000..ddc30926a2
--- /dev/null
+++ b/windows/manage/appv-deploy-the-appv-server-with-a-script.md
@@ -0,0 +1,445 @@
+---
+title: How to Deploy the App-V Server Using a Script (Windows 10)
+description: How to Deploy the App-V  Server Using a Script
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Deploy the App-V Server Using a Script
+
+**Applies to**
+-   Windows Server 2016
+
+In order to complete the **appv\_server\_setup.exe** Server setup successfully using the command line, you must specify and combine multiple parameters.
+
+**To install the App-V server using a script**
+
+Use the following lists and tables for more information about installing the App-V server using the command line.
+
+> **Note**&nbsp;&nbsp;The information in the following lists and tables can also be accessed using the command line by typing the following command: **appv\_server\_setup.exe /?**.
+
+## How to use common parameters
+
+## To install the Management server and Management database on a local machine
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /MANAGEMENT_SERVER
+- /MANAGEMENT_ADMINACCOUNT
+- /MANAGEMENT_WEBSITE_NAME
+- /MANAGEMENT_WEBSITE_PORT
+- /DB_PREDEPLOY_MANAGEMENT
+- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
+- /MANAGEMENT_DB_NAME
+
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use the following parameters:
+
+- /MANAGEMENT_SERVER
+- /MANAGEMENT_ADMINACCOUNT
+- /MANAGEMENT_WEBSITE_NAME
+- /MANAGEMENT_WEBSITE_PORT
+- /DB_PREDEPLOY_MANAGEMENT
+- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
+- /MANAGEMENT_DB_NAME
+
+### Example for using a custom instance of Microsoft SQL Server: 
+
+/appv_server_setup.exe /QUIET<br>
+/MANAGEMENT_SERVER<br>
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"<br>
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"<br>
+/MANAGEMENT_WEBSITE_PORT="8080"<br>
+/DB_PREDEPLOY_MANAGEMENT<br>
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/MANAGEMENT_DB_NAME="AppVManagement"
+
+## To install the Management server using an existing Management database on a local machine
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /MANAGEMENT_SERVER
+- /MANAGEMENT_ADMINACCOUNT
+- /MANAGEMENT_WEBSITE_NAME
+- /MANAGEMENT_WEBSITE_PORT
+- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
+- /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
+- /EXISTING_MANAGEMENT_DB_NAME
+
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+
+- /MANAGEMENT_SERVER
+- /MANAGEMENT_ADMINACCOUNT
+- /MANAGEMENT_WEBSITE_NAME
+- /MANAGEMENT_WEBSITE_PORT
+- /EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL
+- /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
+- /EXISTING_MANAGEMENT_DB_NAME
+
+### Example for using a custom instance of Microsoft SQL Server: 
+
+/appv_server_setup.exe /QUIET<br>
+/MANAGEMENT_SERVER<br>
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"<br>
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"<br>
+/MANAGEMENT_WEBSITE_PORT="8080"<br>
+/EXISTING_MANAGEMENT_DB_SQL_SERVER_USE_LOCAL<br>
+/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"<br>
+/EXISTING_MANAGEMENT_DB_NAME ="AppVManagement"
+
+## To install the Management server using an existing Management database on a remote machine
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /MANAGEMENT_SERVER
+- /MANAGEMENT_ADMINACCOUNT
+- /MANAGEMENT_WEBSITE_NAME
+- /MANAGEMENT_WEBSITE_PORT
+- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
+- /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
+- /EXISTING_MANAGEMENT_DB_NAME
+
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters: 
+
+- /MANAGEMENT_SERVER
+- /MANAGEMENT_ADMINACCOUNT
+- /MANAGEMENT_WEBSITE_NAME
+- /MANAGEMENT_WEBSITE_PORT
+- /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME
+- /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE
+- /EXISTING_MANAGEMENT_DB_NAME
+
+### Example for using a custom instance of Microsoft SQL Server:
+
+/appv_server_setup.exe /QUIET<br>
+/MANAGEMENT_SERVER<br>
+/MANAGEMENT_ADMINACCOUNT="Domain\AdminGroup"<br>
+/MANAGEMENT_WEBSITE_NAME="Microsoft AppV Management Service"<br>
+/MANAGEMENT_WEBSITE_PORT="8080"<br>
+/EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="SqlServermachine.domainName"<br>
+/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE ="SqlInstanceName"<br>
+/EXISTING_MANAGEMENT_DB_NAME ="AppVManagement"
+
+## To install the Management database and the Management Server on the same computer
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /DB_PREDEPLOY_MANAGEMENT
+- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
+- /MANAGEMENT_DB_NAME
+- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
+- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+
+- /DB_PREDEPLOY_MANAGEMENT
+- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
+- /MANAGEMENT_DB_NAME
+- /MANAGEMENT_SERVER_MACHINE_USE_LOCAL
+- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+
+### Example for using a custom instance of Microsoft SQL Server:
+
+/appv_server_setup.exe /QUIET<br>
+/DB_PREDEPLOY_MANAGEMENT<br>
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/MANAGEMENT_DB_NAME="AppVManagement"<br>
+/MANAGEMENT_SERVER_MACHINE_USE_LOCAL<br>
+/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+
+## To install the Management database on a different computer than the Management server
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /DB_PREDEPLOY_MANAGEMENT
+- /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT
+- /MANAGEMENT_DB_NAME
+- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
+- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+
+- /DB_PREDEPLOY_MANAGEMENT
+- /MANAGEMENT_DB_CUSTOM_SQLINSTANCE
+- /MANAGEMENT_DB_NAME
+- /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT
+- /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT
+
+### Example for using a custom instance of Microsoft SQL Server:
+
+/appv_server_setup.exe /QUIET<br>
+/DB_PREDEPLOY_MANAGEMENT<br>
+/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/MANAGEMENT_DB_NAME="AppVManagement"<br>
+/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"<br>
+/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+
+## To install the Publishing server
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /PUBLISHING_SERVER
+- /PUBLISHING_MGT_SERVER
+- /PUBLISHING_WEBSITE_NAME
+- /PUBLISHING_WEBSITE_PORT
+
+### Example
+
+/appv_server_setup.exe /QUIET<br>
+/PUBLISHING_SERVER<br>
+/PUBLISHING_MGT_SERVER="http://ManagementServerName:ManagementPort"<br>
+/PUBLISHING_WEBSITE_NAME="Microsoft AppV Publishing Service"<br>
+/PUBLISHING_WEBSITE_PORT="8081"
+
+## To install the Reporting server and Reporting database on a local machine
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /REPORTING _SERVER
+- /REPORTING _WEBSITE_NAME
+- /REPORTING _WEBSITE_PORT
+- /DB_PREDEPLOY_REPORTING
+- /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
+- /REPORTING _DB_NAME
+
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+
+- /REPORTING _SERVER
+- /REPORTING _ADMINACCOUNT
+- /REPORTING _WEBSITE_NAME
+- /REPORTING _WEBSITE_PORT
+- /DB_PREDEPLOY_REPORTING
+- /REPORTING _DB_CUSTOM_SQLINSTANCE
+- /REPORTING _DB_NAME
+
+### Example for using a custom instance of Microsoft SQL Server:
+
+/appv_server_setup.exe /QUIET<br>
+/REPORTING_SERVER<br>
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"<br>
+/REPORTING_WEBSITE_PORT="8082"<br>
+/DB_PREDEPLOY_REPORTING<br>
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/REPORTING_DB_NAME="AppVReporting"
+
+## To install the Reporting server using an existing Reporting database on a local machine
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /REPORTING _SERVER
+- /REPORTING _WEBSITE_NAME
+- /REPORTING _WEBSITE_PORT
+- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
+- /EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT
+- /EXISTING_REPORTING_DB_NAME
+
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+
+- /REPORTING _SERVER
+- /REPORTING _ADMINACCOUNT
+- /REPORTING _WEBSITE_NAME
+- /REPORTING _WEBSITE_PORT
+- /EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL
+- /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
+- /EXISTING_REPORTING _DB_NAME
+
+### Example for using a custom instance of Microsoft SQL Server:
+
+/appv_server_setup.exe /QUIET<br>
+/REPORTING_SERVER<br>
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"<br>
+/REPORTING_WEBSITE_PORT="8082"<br>
+/EXISTING_REPORTING_DB_SQL_SERVER_USE_LOCAL<br>
+/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/EXITING_REPORTING_DB_NAME="AppVReporting"
+
+## To install the Reporting server using an existing Reporting database on a remote machine
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /REPORTING _SERVER
+- /REPORTING _WEBSITE_NAME
+- /REPORTING _WEBSITE_PORT
+- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
+- /EXISTING_REPORTING _DB_SQLINSTANCE_USE_DEFAULT
+- /EXISTING_REPORTING _DB_NAME
+ 
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+
+- /REPORTING _SERVER
+- /REPORTING _ADMINACCOUNT
+- /REPORTING _WEBSITE_NAME
+- /REPORTING _WEBSITE_PORT
+- /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME
+- /EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE
+- /EXISTING_REPORTING _DB_NAME
+
+### Example for using a custom instance of Microsoft SQL Server:
+
+/appv_server_setup.exe /QUIET<br>
+/REPORTING_SERVER<br>
+/REPORTING_WEBSITE_NAME="Microsoft AppV Reporting Service"<br>
+/REPORTING_WEBSITE_PORT="8082"<br>
+/EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="SqlServerMachine.DomainName"<br>
+/EXISTING_REPORTING _DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/EXITING_REPORTING_DB_NAME="AppVReporting"
+
+## To install the Reporting database on the same computer as the Reporting server
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /DB_PREDEPLOY_REPORTING
+- /REPORTING_DB_SQLINSTANCE_USE_DEFAULT
+- /REPORTING_DB_NAME
+- /REPORTING_SERVER_MACHINE_USE_LOCAL
+- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+
+- /DB_PREDEPLOY_REPORTING
+- /REPORTING _DB_CUSTOM_SQLINSTANCE
+- /REPORTING _DB_NAME
+- /REPORTING_SERVER_MACHINE_USE_LOCAL
+- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+
+### Example for using a custom instance of Microsoft SQL Server:
+
+/appv_server_setup.exe /QUIET<br>
+/DB_PREDEPLOY_REPORTING<br>
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/REPORTING_DB_NAME="AppVReporting"<br>
+/REPORTING_SERVER_MACHINE_USE_LOCAL<br>
+/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+
+## To install the Reporting database on a different computer than the Reporting server
+
+**Default instance of Microsoft SQL Server**: To use the default instance of Microsoft SQL Server, use the following parameters:
+
+- /DB_PREDEPLOY_REPORTING
+- /REPORTING _DB_SQLINSTANCE_USE_DEFAULT
+- /REPORTING _DB_NAME
+- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
+- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+
+**Custom instance of Microsoft SQL Server**: To use a custom instance of Microsoft SQL Server, use these parameters:
+
+- /DB_PREDEPLOY_REPORTING
+- /REPORTING _DB_CUSTOM_SQLINSTANCE
+- /REPORTING _DB_NAME
+- /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT
+- /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT
+
+### Example for using a custom instance of Microsoft SQL Server:
+
+Using a custom instance of Microsoft SQL Server example:<br>
+/appv_server_setup.exe /QUIET<br>
+/DB_PREDEPLOY_REPORTING<br>
+/REPORTING_DB_CUSTOM_SQLINSTANCE="SqlInstanceName"<br>
+/REPORTING_DB_NAME="AppVReporting"<br>
+/REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT="Domain\MachineAccount"<br>
+/REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT="Domain\InstallAdminAccount"
+
+## Parameter definitions
+
+- [General parameters](#parameter-definitions-for-general-parameters)
+- [Management Server installation parameters](#parameter-definitions-for-management-server-installation-parameters)
+- [Management Server Database parameters](#parameter-definitions-for-the-management-server-database)
+- [Publishing Server installation parameters](#parameter-definitions-for-publishing-server-installation-parameters)
+- [Reporting Server parameters](#parameter-definitions-for-reporting-server)
+- [Parameters for using an existing Reporting Server database](#parameters-for-using-an-existing-reporting-server-database)
+- [Reporting Server database installation parameters](#parameter-definitions-for-reporting-server-database-installation)
+- [Parameters for using an existing Management Server database](#parameters-for-using-an-existing-management-server-database)
+
+### Parameter definitions for general parameters
+
+| Parameter | Description |
+|-----------|-------------|
+| /QUIET | Specifies silent install. |
+| /UNINSTALL | Specifies an uninstall. |
+| /LAYOUT | Specifies layout action. This extracts the MSIs and script files to a folder without actually installing the product. No value is expected. |
+| /LAYOUTDIR | Specifies the layout directory. Takes a string. For example, /LAYOUTDIR="C:\Application Virtualization Server" |
+| /INSTALLDIR | Specifies the installation directory. Takes a string. E.g. /INSTALLDIR="C:\Program Files\Application Virtualization\Server" |
+| /MUOPTIN | Enables Microsoft Update. No value is expected |
+| /ACCEPTEULA | Accepts the license agreement. This is required for an unattended installation. Example usage: **/ACCEPTEULA** or **/ACCEPTEULA=1**. |
+
+### Parameter definitions for Management Server installation parameters
+
+| Parameter | Description |
+|-----------|-------------|
+| /MANAGEMENT_SERVER | Specifies that the management server will be installed. No value is expected |
+| /MANAGEMENT_ADMINACCOUNT | Specifies the account that will be allowed to Administrator access to the management server This account can be an individual user account or a group. Example usage: **/MANAGEMENT_ADMINACCOUNT="mydomain\admin"**. If **/MANAGEMENT_SERVER** is not specified, this will be ignored. Specifies the account that will be allowed to Administrator access to the management server. This can be a user account or a group. For example, **/MANAGEMENT_ADMINACCOUNT="mydomain\admin"**. |
+| /MANAGEMENT_WEBSITE_NAME | Specifies name of the website that will be created for the management service. For example, /MANAGEMENT_WEBSITE_NAME="Microsoft App-V Management Service" |
+| /MANAGEMENT_WEBSITE_PORT | Specifies the port number that will be used by the management service will use. For example, /MANAGEMENT_WEBSITE_PORT=82. |
+
+### Parameter definitions for the Management Server Database
+
+| Parameter | Description |
+|-----------|-------------|
+| /DB\_PREDEPLOY\_MANAGEMENT | Specifies that the management database will be installed. You must have sufficient database permissions to complete this installation. No value is expected |
+| /MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance should be used. No value is expected. |
+| /MANAGEMENT_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that should be used to create a new database. Example usage: **/MANAGEMENT_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER"**. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored. |
+| /MANAGEMENT_DB_NAME | Specifies the name of the new management database that should be created. Example usage: **/MANAGEMENT_DB_NAME="AppVMgmtDB"**. If /DB_PREDEPLOY_MANAGEMENT is not specified, this will be ignored. |
+| /MANAGEMENT_SERVER_MACHINE_USE_LOCAL | Indicates if the management server that will be accessing the database is installed on the local server. Switch parameter so no value is expected. |
+| /MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT | Specifies the machine account of the remote machine that the management server will be installed on. Example usage: **/MANAGEMENT_REMOTE_SERVER_MACHINE_ACCOUNT="domain\computername"** |
+| /MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT | Indicates the Administrator account that will be used to install the management server. Example usage: **/MANAGEMENT_SERVER_INSTALL_ADMIN_ACCOUNT ="domain\alias"** |
+
+### Parameter definitions for Publishing Server installation parameters
+
+| Parameter | Description |
+|-----------|-------------|
+| /PUBLISHING_SERVER | Specifies that the Publishing Server will be installed. No value is expected |
+| /PUBLISHING_MGT_SERVER | Specifies the URL to Management Service the Publishing server will connect to. Example usage: **http://&lt;management server name&gt;:&lt;Management server port number&gt;**. If /PUBLISHING_SERVER is not used, this parameter will be ignored |
+| /PUBLISHING_WEBSITE_NAME | Specifies name of the website that will be created for the publishing service. For example, /PUBLISHING_WEBSITE_NAME="Microsoft App-V Publishing Service" |
+| /PUBLISHING_WEBSITE_PORT | Specifies the port number used by the publishing service. For example, /PUBLISHING_WEBSITE_PORT=83 |
+
+### Parameter definitions for Reporting Server
+
+| Parameter | Description |
+|-----------|-------------|
+| /REPORTING_SERVER | Specifies that the Reporting Server will be installed. No value is expected |
+| /REPORTING_WEBSITE_NAME | Specifies name of the website that will be created for the Reporting Service. E.g. /REPORTING_WEBSITE_NAME="Microsoft App-V ReportingService" |
+| /REPORTING_WEBSITE_PORT | Specifies the port number that the Reporting Service will use. E.g. /REPORTING_WEBSITE_PORT=82 |
+</tbody>
+</table>  
+
+### Parameters for using an existing Reporting Server database
+
+| Parameter | Description |
+|-----------|-------------|
+| /EXISTING\_REPORTING\_DB_SQL_SERVER_USE_LOCAL | Indicates that the Microsoft SQL Server is installed on the local server. Switch parameter so no value is expected. |
+| /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_REPORTING_DB_REMOTE_SQL_SERVER_NAME="mycomputer1" |
+| /EXISTING_REPORTING_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. |
+| /EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER" |
+| /EXISTING_REPORTING_DB_NAME | Specifies the name of the existing Reporting database that should be used. Takes a string. E.g. /EXISTING_REPORTING_DB_NAME="AppVReporting" |
+
+### Parameter definitions for Reporting Server database installation
+
+| Parameter | Description |
+|-----------|-------------|
+| /DB\_PREDEPLOY\_REPORTING | Specifies that the Reporting Database will be installed. DBA permissions are required for this installation. No value is expected |
+| /REPORTING_DB_SQLINSTANCE_USE_DEFAULT | Specifies the name of the custom SQL instance that should be used. Takes a string. E.g. /REPORTING_DB_CUSTOM_SQLINSTANCE="MYSQLSERVER" |
+| /REPORTING_DB_NAME | Specifies the name of the new Reporting database that should be created. Takes a string. E.g. /REPORTING_DB_NAME="AppVMgmtDB" |
+| /REPORTING_SERVER_MACHINE_USE_LOCAL | Indicates that the Reporting server that will be accessing the database is installed on the local server. Switch parameter so no value is expected. |
+| /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT | Specifies the machine account of the remote machine that the Reporting server will be installed on. Takes a string. E.g. /REPORTING_REMOTE_SERVER_MACHINE_ACCOUNT = "domain\computername" |
+| /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT | Indicates the Administrator account that will be used to install the App-V Reporting Server. Takes a string. E.g. /REPORTING_SERVER_INSTALL_ADMIN_ACCOUNT = "domain\alias" |
+
+### Parameters for using an existing Management Server database
+
+| Parameter | Description |
+|-----------|-------------|
+| /EXISTING\_MANAGEMENT\_DB_SQL_SERVER_USE_LOCAL | Indicates that the SQL Server is installed on the local server. Switch parameter so no value is expected.If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
+| /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME | Specifies the name of the remote computer that SQL Server is installed on. Takes a string. E.g. /EXISTING_MANAGEMENT_DB_REMOTE_SQL_SERVER_NAME="mycomputer1" |
+| /EXISTING_MANAGEMENT_DB_SQLINSTANCE_USE_DEFAULT | Indicates that the default SQL instance is to be used. Switch parameter so no value is expected. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
+| /EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE | Specifies the name of the custom SQL instance that will be used. Example usage **/EXISTING_MANAGEMENT_DB_CUSTOM_SQLINSTANCE="AppVManagement"**. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
+| /EXISTING_MANAGEMENT_DB_NAME | Specifies the name of the existing management database that should be used. Example usage: **/EXISTING_MANAGEMENT_DB_NAME="AppVMgmtDB"**. If /DB_PREDEPLOY_MANAGEMENT is specified, this will be ignored. |
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Deploying the App-V Server](appv-deploying-the-appv-server.md)
diff --git a/windows/manage/appv-deploy-the-appv-server.md b/windows/manage/appv-deploy-the-appv-server.md
new file mode 100644
index 0000000000..2f9977d7b8
--- /dev/null
+++ b/windows/manage/appv-deploy-the-appv-server.md
@@ -0,0 +1,124 @@
+---
+title: How to Deploy the App-V Server (Windows 10)
+description: How to Deploy the App-V Server in App-V for Windows 10
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# How to Deploy the App-V Server (new installation)
+
+**Applies to**
+-   Windows Server 2016
+
+>**Important**<br>If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
+
+**Before you start:**
+
+-   Ensure that you’ve installed required software. See [App-V Prerequisites](appv-prerequisites.md).
+
+-   Review the server section of [App-V security considerations](appv-security-considerations.md).
+
+-   Specify a port where each component will be hosted.
+
+-   Add firewall rules to allow incoming requests to access the specified ports.
+
+-   If you use SQL scripts, instead of the Windows Installer, to set up the Management database or Reporting database, you must run the SQL scripts before installing the Management Server or Reporting Server. See [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md).
+
+**To install the App-V server**
+
+1.  Download the App-V server components. All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:
+
+    -   The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215) You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.
+
+    -   The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).  
+
+2.  Copy the App-V server installation files to the computer on which you want to install it.
+
+3.  Start the App-V server installation by right-clicking and running **appv\_server\_setup.exe** as an administrator, and then click **Install**.
+
+4.  Review and accept the license terms, and choose whether to enable Microsoft updates.
+
+5.  On the **Feature Selection** page, select all of the following components.
+
+    | Component | Description |
+    | - | - |
+    | Management server | Provides overall management functionality for the App-V infrastructure. |
+    | Management database | Facilitates database predeployments for App-V management. |
+    | Publishing server | Provides hosting and streaming functionality for virtual applications. |
+    | Reporting server | Provides App-V reporting services. |
+    | Reporting database | Facilitates database predeployments for App-V reporting. |
+
+6.  On the **Installation Location** page, accept the default location where the selected components will be installed, or change the location by typing a new path on the **Installation Location** line.
+
+7.  On the initial **Create New Management Database** page, configure the **Microsoft SQL Server instance** and **Management Server database** by selecting the appropriate option below.
+
+    | Method | What you need to do |
+    | - | - |
+    | You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, and type the name of the instance.<br/>Use the format **INSTANCENAME**. The assumed installation location is the local computer.<br/>Not supported: A server name using the format **ServerName**\\**INSTANCE**.|
+    | You are using a custom database name. | Select **Custom configuration** and type the database name.<br/>The database name must be unique, or the installation will fail.|
+
+8.  On the **Configure** page, accept the default value **Use this local computer**.
+
+    >**Note**  If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
+
+9.  On the initial **Create New Reporting Database** page, configure the **Microsoft SQL Server instance** and **Reporting Server database** by selecting the appropriate option below.
+
+    | Method | What you need to do |
+    | - | - |
+    | You are using a custom Microsoft SQL Server instance. | Select **Use the custom instance**, and type the name of the instance.<br/>Use the format **INSTANCENAME**. The assumed installation location is the local computer.<br/>Not supported: A server name using the format **ServerName**\\**INSTANCE**.|
+    | You are using a custom database name. | Select **Custom configuration** and type the database name.<br/>The database name must be unique, or the installation will fail.|
+
+
+10. On the **Configure** page, accept the default value: **Use this local computer**.
+
+    >**Note** 
+    > If you are installing the Management server and Management database side by side, some options on this page are not available. In this case, the appropriate options are selected by default and cannot be changed.
+
+
+11. On the **Configure** (Management Server Configuration) page, specify the following:
+
+    |  Item to configure | Description and examples |
+    | - | - |
+    | Type the AD group with sufficient permissions to manage the App-V environment. | Example: MyDomain\MyUser<br><br/>After installation, you can add users or groups on the management console. However, global security groups and Active Directory Domain Services (AD DS) distribution groups are not supported. You must use <strong>Domain local</strong> or <strong>Universal</strong> groups to perform this action.|    
+    | **Website name**: Specify the custom name that will be used to run the publishing service.<br/> | If you do not have a custom name, do not make any changes.|    
+    |**Port binding**: Specify a unique port number that will be used by App-V. | Example: **12345**<br/>Ensure that the port specified is not being used by another website. |
+
+12. On the **Configure Publishing Server Configuration** page, specify the following:
+
+    | Item to configure | Description and examples |
+    | - | - |
+    | Specify the URL for the management service. | Example: http://localhost:12345 |
+    | **Website name**: Specify the custom name that will be used to run the publishing service.| If you do not have a custom name, do not make any changes. |
+    | **Port binding**: Specify a unique port number that will be used by App-V. | Example: 54321<br/>Ensure that the port specified is not being used by another website. |
+
+13. On the **Reporting Server** page, specify the following:
+
+    | Item to configure | Description and examples |
+    | - | - |
+    | **Website name**: Specify the custom name that will be used to run the Reporting Service. | If you do not have a custom name, do not make any changes. |
+    | **Port binding**: Specify a unique port number that will be used by App-V. | Example: 55555<br/>Ensure that the port specified is not being used by another website. |
+
+14. To start the installation, click **Install** on the **Ready** page, and then click **Close** on the **Finished** page.
+
+15. To verify that the setup completed successfully, open a web browser, and type the following URL:
+
+    **http://\<_Management server machine name_\>:\<_Management service port number_\>/console.html**.
+
+    Example: **http://localhost:12345/console.html**. If the installation succeeded, the App-V Management console is displayed with no errors.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Deploying App-V](appv-deploying-appv.md)
+
+- [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
+
+- [How to Install the Publishing Server on a Remote Computer](appv-install-the-publishing-server-on-a-remote-computer.md)
+
+- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
diff --git a/windows/manage/appv-deploying-appv.md b/windows/manage/appv-deploying-appv.md
new file mode 100644
index 0000000000..53ad22d7a7
--- /dev/null
+++ b/windows/manage/appv-deploying-appv.md
@@ -0,0 +1,50 @@
+---
+title: Deploying App-V (Windows 10)
+description: Deploying App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Deploying App-V for Windows 10
+
+**Applies to**
+-   Windows 10, version 1607
+
+App-V supports a number of different deployment options. Review this topic for information about the tasks that you must complete at different stages in your deployment.
+
+## App-V Deployment Information
+
+
+-   [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+
+    This section describes how to install the App-V sequencer, which is used to virtualize applications, and how to enable the App-V client, which runs on target computers to facilitate virtualized packages.
+
+-   [Deploying the App-V Server](appv-deploying-the-appv-server.md)
+
+    This section provides information about installing the App-V management, publishing, database and reporting severs.
+
+-   [App-V Deployment Checklist](appv-deployment-checklist.md)
+
+    This section provides a deployment checklist that can be used to assist with installing App-V.
+
+## Other Resources for Deploying App-V
+
+
+-   [Application Virtualization (App-V) overview](appv-for-windows.md)
+
+-   [Getting Started with App-V](appv-getting-started.md)
+
+-   [Planning for App-V](appv-planning-for-appv.md)
+
+-   [Operations for App-V](appv-operations.md)
+
+-   [Troubleshooting App-V](appv-troubleshooting.md)
+
+-   [Technical Reference for App-V](appv-technical-reference.md)
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md
new file mode 100644
index 0000000000..dcf42974b4
--- /dev/null
+++ b/windows/manage/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -0,0 +1,295 @@
+---
+title: Deploying Microsoft Office 2010 by Using App-V (Windows 10)
+description: Deploying Microsoft Office 2010 by Using App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Deploying Microsoft Office 2010 by Using App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+You can create Office 2010 packages for Microsoft Application Virtualization (App-V) using one of the following methods:
+
+-   Application Virtualization (App-V) Sequencer
+
+-   Application Virtualization (App-V) Package Accelerator
+
+## App-V support for Office 2010
+
+
+The following table shows the App-V versions, methods of Office package creation, supported licensing, and supported deployments for Office 2010.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Supported item</th>
+<th align="left">Level of support</th>
+</tr>
+</thead>
+<tbody>
+<tr class="even">
+<td align="left"><p>Package creation</p></td>
+<td align="left"><ul>
+<li><p>Sequencing</p></li>
+<li><p>Package Accelerator</p></li>
+<li><p>Office Deployment Kit</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Supported licensing</p></td>
+<td align="left"><p>Volume Licensing</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Supported deployments</p></td>
+<td align="left"><ul>
+<li><p>Desktop</p></li>
+<li><p>Personal VDI</p></li>
+<li><p>RDS</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Creating Office 2010 App-V using the sequencer
+
+
+Sequencing Office 2010 is one of the main methods for creating an Office 2010 package on App-V. Microsoft has provided a detailed recipe through a Knowledge Base article. To create an Office 2010 package on App-V, refer to the following link for detailed instructions:
+
+[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
+
+## Creating Office 2010 App-V packages using package accelerators
+
+
+Office 2010 App-V packages can be created through package accelerators. Microsoft has provided package accelerators for creating Office 2010 on Windows 10, Windows 8 and Windows 7. To create Office 2010 packages on App-V using Package accelerators, refer to the following pages to access the appropriate package accelerator:
+
+-   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 8](https://gallery.technet.microsoft.com/App-V-50-Package-a29410db)
+
+-   [App-V 5.0 Package Accelerator for Office Professional Plus 2010 – Windows 7](https://gallery.technet.microsoft.com/App-V-50-Package-e7ef536b)
+
+For detailed instructions on how to create virtual application packages using App-V package accelerators, see [How to Create a Virtual Application Package Using an App-V Package Accelerator](appv-create-a-virtual-application-package-package-accelerator.md).
+
+## Deploying the Microsoft Office package for App-V
+
+
+You can deploy Office 2010 packages by using any of the following App-V deployment methods:
+
+-   System Center Configuration Manager
+
+-   App-V server
+
+-   Stand-alone through Windows PowerShell commands
+
+## Office App-V package management and customization
+
+
+Office 2010 packages can be managed like any other App-V packages through known package management mechanisms. No special instructions are needed, for example, to add, publish, unpublish, or remove Office packages.
+
+## Microsoft Office integration with Windows
+
+
+The following table provides a full list of supported integration points for Office 2010.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Extension Point</th>
+<th align="left">Description</th>
+<th align="left">Office 2010</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Lync meeting Join Plug-in for Firefox and Chrome</p></td>
+<td align="left"><p>User can join Lync meetings from Firefox and Chrome</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Sent to OneNote Print Driver</p></td>
+<td align="left"><p>User can print to OneNote</p></td>
+<td align="left"><p>Yes</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>OneNote Linked Notes</p></td>
+<td align="left"><p>OneNote Linked Notes</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Send to OneNote Internet Explorer Add-In</p></td>
+<td align="left"><p>User can send to OneNote from IE</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Firewall Exception for Lync and Outlook</p></td>
+<td align="left"><p>Firewall Exception for Lync and Outlook</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>MAPI Client</p></td>
+<td align="left"><p>Native apps and add-ins can interact with virtual Outlook through MAPI</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>SharePoint Plugin for Firefox</p></td>
+<td align="left"><p>User can use SharePoint features in Firefox</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Mail Control Panel Applet</p></td>
+<td align="left"><p>User gets the mail control panel applet in Outlook</p></td>
+<td align="left"><p>Yes</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Primary Interop Assemblies</p></td>
+<td align="left"><p>Support managed add-ins</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Office Document Cache Handler</p></td>
+<td align="left"><p>Allows Document Cache for Office applications</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Outlook Protocol Search handler</p></td>
+<td align="left"><p>User can search in outlook</p></td>
+<td align="left"><p>Yes</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Active X Controls:</p></td>
+<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://msdn.microsoft.com/library/office/ms440037(v=office.14).aspx).</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>   Groove.SiteClient</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>   PortalConnect.PersonalSite</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>   SharePoint.openDocuments</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>   SharePoint.ExportDatabase</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>   SharePoint.SpreadSheetLauncher</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>   SharePoint.StssyncHander</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>   SharePoint.DragUploadCtl</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>   SharePoint.DragDownloadCtl</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>   Sharpoint.OpenXMLDocuments</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>   Sharepoint.ClipboardCtl</p></td>
+<td align="left"><p>Active X control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>   WinProj.Activator</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>   Name.NameCtrl</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>   STSUPld.CopyCtl</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>   CommunicatorMeetingJoinAx.JoinManager</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>   LISTNET.Listnet</p></td>
+<td align="left"><p>Active X Control</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>   OneDrive Pro Browser Helper</p></td>
+<td align="left"><p>Active X Control]</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>OneDrive Pro Icon Overlays</p></td>
+<td align="left"><p>Windows explorer shell icon overlays when users look at folders OneDrive Pro folders</p></td>
+<td align="left"><p></p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Additional resources
+
+
+**Office 2013 App-V Packages Additional Resources**
+
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
+
+**Office 2010 App-V Packages**
+
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/en-us/download/details.aspx?id=38399)
+
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
+
+[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
+
+**Connection Groups**
+
+[Managing Connection Groups](appv-managing-connection-groups.md)
+
+[Connection groups on the App-V team blog](https://blogs.technet.microsoft.com/gladiatormsft/tag/connection-groups/)
+
+**Dynamic Configuration**
+
+[About App-V Dynamic Configuration](appv-dynamic-configuration.md)
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md b/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md
new file mode 100644
index 0000000000..90cdcd48d7
--- /dev/null
+++ b/windows/manage/appv-deploying-microsoft-office-2013-with-appv.md
@@ -0,0 +1,780 @@
+---
+title: Deploying Microsoft Office 2013 by Using App-V (Windows 10)
+description: Deploying Microsoft Office 2013 by Using App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Deploying Microsoft Office 2013 by Using App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the information in this article to use Microsoft Application Virtualization (App-V), or later versions, to deliver Microsoft Office 2013 as a virtualized application to computers in your organization. For information about using App-V to deliver Office 2010, see [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md). To successfully deploy Office 2013 with App-V, you need to be familiar with Office 2013 and App-V.
+
+This topic contains the following sections:
+
+-   [What to know before you start](#bkmk-before-you-start)
+
+-   [Creating an Office 2013 package for App-V with the Office Deployment Tool](#bkmk-create-office-pkg)
+
+-   [Publishing the Office package for App-V](#bkmk-pub-pkg-office)
+
+-   [Customizing and managing Office App-V packages](#bkmk-custmz-manage-office-pkgs)
+
+## <a href="" id="bkmk-before-you-start"></a>What to know before you start
+
+
+Before you deploy Office 2013 by using App-V, review the following planning information.
+
+### <a href="" id="bkmk-supp-vers-coexist"></a>Supported Office versions and Office coexistence
+
+Use the following table to get information about supported versions of Office and about running coexisting versions of Office.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Information to review</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>[Supported versions of Microsoft Office](appv-planning-for-using-appv-with-office.md#bkmk-office-vers-supp-appv)</p></td>
+<td align="left"><ul>
+<li><p>Supported versions of Office</p></li>
+<li><p>Supported deployment types (for example, desktop, personal Virtual Desktop Infrastructure (VDI), pooled VDI)</p></li>
+<li><p>Office licensing options</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[Planning for using App-V with coexisting versions of Office](appv-planning-for-using-appv-with-office.md#bkmk-plan-coexisting)</p></td>
+<td align="left"><p>Considerations for installing different versions of Office on the same computer</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### <a href="" id="bkmk-pkg-pub-reqs"></a>Packaging, publishing, and deployment requirements
+
+Before you deploy Office by using App-V, review the following requirements.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task</th>
+<th align="left">Requirement</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Packaging</p></td>
+<td align="left"><ul>
+<li><p>All of the Office applications that you want to deploy to users must be in a single package.</p></li>
+<li><p>In App-V and later, you must use the Office Deployment Tool to create packages. You cannot use the Sequencer.</p></li>
+<li><p>If you are deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project).</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Publishing</p></td>
+<td align="left"><ul>
+<li><p>You can publish only one Office package to each client computer.</p></li>
+<li><p>You must publish the Office package globally. You cannot publish to the user.</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:</p>
+<ul>
+<li><p>Office 365 ProPlus</p></li>
+<li><p>Visio Pro for Office 365</p></li>
+<li><p>Project Pro for Office 365</p></li>
+</ul></td>
+<td align="left"><p>You must enable [shared computer activation](http://technet.microsoft.com/library/dn782860.aspx).</p>
+<p>You don’t use shared computer activation if you’re deploying a volume licensed product, such as:</p>
+<ul>
+<li><p>Office Professional Plus 2013</p></li>
+<li><p>Visio Professional 2013</p></li>
+<li><p>Project Professional 2013</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Excluding Office applications from a package
+
+The following table describes the recommended methods for excluding specific Office applications from a package.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task</th>
+<th align="left">Details</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Use the <strong>ExcludeApp</strong> setting when you create the package by using the Office Deployment Tool.</p></td>
+<td align="left"><ul>
+<li><p>Enables you to exclude specific Office applications from the package when the Office Deployment Tool creates the package. For example, you can use this setting to create a package that contains only Microsoft Word.</p></li>
+<li><p>For more information, see [ExcludeApp element](https://technet.microsoft.com/library/jj219426.aspx#BKMK_ExcludeAppElement).</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Modify the DeploymentConfig.xml file</p></td>
+<td align="left"><ul>
+<li><p>Modify the DeploymentConfig.xml file after the package has been created. This file contains the default package settings for all users on a computer that is running the App-V Client.</p></li>
+<li><p>For more information, see [Disabling Office 2013 applications](#bkmk-disable-office-apps).</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## <a href="" id="bkmk-create-office-pkg"></a>Creating an Office 2013 package for App-V with the Office Deployment Tool
+
+
+Complete the following steps to create an Office 2013 package for App-V or later.
+
+**Important**  
+In App-V and later, you must the Office Deployment Tool to create a package. You cannot use the Sequencer to create packages.
+
+ 
+
+### Review prerequisites for using the Office Deployment Tool
+
+The computer on which you are installing the Office Deployment Tool must have:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Prerequisite</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Prerequisite software</p></td>
+<td align="left"><p>.Net Framework 4</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Supported operating systems</p></td>
+<td align="left"><ul>
+<li><p>64-bit version of Windows 8 or later</p></li>
+<li><p>64-bit version of Windows 7</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Note**  
+In this topic, the term “Office 2013 App-V package” refers to subscription licensing and volume licensing.
+
+ 
+
+### Create Office 2013 App-V Packages Using Office Deployment Tool
+
+You create Office 2013 App-V packages by using the Office Deployment Tool. The following instructions explain how to create an Office 2013 App-V package with Volume Licensing or Subscription Licensing.
+
+Create Office 2013 App-V packages on 64-bit Windows computers. Once created, the Office 2013 App-V package will run on 32-bit and 64-bit Windows 7, Windows 8.1, and Windows 10 computers.
+
+### Download the Office Deployment Tool
+
+Office 2013 App-V Packages are created using the Office Deployment Tool, which generates an Office 2013 App-V Package. The package cannot be created or modified through the App-V sequencer. To begin package creation:
+
+1.  Download the [Office 2013 Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778).
+
+2.  Run the .exe file and extract its features into the desired location. To make this process easier, you can create a shared network folder where the features will be saved.
+
+    Example: \\\\Server\\Office2013
+
+3.  Check that a setup.exe and a configuration.xml file exist and are in the location you specified.
+
+### Download Office 2013 applications
+
+After you download the Office Deployment Tool, you can use it to get the latest Office 2013 applications. After getting the Office applications, you create the Office 2013 App-V package.
+
+The XML file that is included in the Office Deployment Tool specifies the product details, such as the languages and Office applications included.
+
+1.  **Customize the sample XML configuration file:** Use the sample XML configuration file that you downloaded with the Office Deployment Tool to customize the Office applications:
+
+    1.  Open the sample XML file in Notepad or your favorite text editor.
+
+    2.  With the sample configuration.xml file open and ready for editing, you can specify products, languages, and the path to which you save the Office 2013 applications. The following is a basic example of the configuration.xml file:
+
+        ``` syntax
+        <Configuration>
+           <Add SourcePath= ”\\Server\Office2013” OfficeClientEdition="32" >
+            <Product ID="O365ProPlusRetail ">
+              <Language ID="en-us" />
+            </Product>
+            <Product ID="VisioProRetail">
+              <Language ID="en-us" />
+            </Product>
+          </Add>  
+        </Configuration>
+        ```
+
+        **Note**<br>
+        The configuration XML is a sample XML file. The file includes lines that are commented out. You can “uncomment” these lines to customize additional settings with the file.
+
+        The above XML configuration file specifies that Office 2013 ProPlus 32-bit edition, including Visio ProPlus, will be downloaded in English to the \\\\server\\Office 2013, which is the location where Office applications will be saved to. Note that the Product ID of the applications will not affect the final licensing of Office. Office 2013 App-V packages with various licensing can be created from the same applications through specifying licensing in a later stage. For more information, see [Customizable attributes and elements of the XML file](#customizable-attributes-and-elements-of-the-XML-file), later in this topic.
+
+        After editing the configuration.xml file to specify the desired product, languages, and also the location which the Office 2013 applications will be saved onto, you can save the configuration file, for example, as Customconfig.xml.
+
+2.  **Download the applications into the specified location:** Use an elevated command prompt and a 64 bit operating system to download the Office 2013 applications that will later be converted into an App-V package. Below is an example command with description of details:
+
+    ``` syntax
+    \\server\Office2013\setup.exe /download \\server\Office2013\Customconfig.xml
+    ```
+
+    In the example:
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p><code>\\server\Office2013</code></p></td>
+    <td align="left"><p>is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>setup.exe</code></p></td>
+    <td align="left"><p>is the Office Deployment Tool.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>/download</code></p></td>
+    <td align="left"><p>downloads the Office 2013 applications that you specify in the customConfig.xml file. These bits can be later converted in an Office 2013 App-V package with Volume Licensing.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>\\server\Office2013\Customconfig.xml</code></p></td>
+    <td align="left"><p>passes the XML configuration file required to complete the download process, in this example, customconfig.xml. After using the download command, Office applications should be found in the location specified in the configuration xml file, in this example \\Server\Office2013.</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+#### Customizable attributes and elements of the XML file
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Input and description</th>
+<th align="left">Example</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Add element:<br>Specifies the products and languages to include in the package.</p></td>
+<td align="left"><p>N/A</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>OfficeClientEdition (attribute of Add element):<br>Specifies the edition of Office 2013 product to use: 32-bit or 64-bit. The operation fails if <strong>OfficeClientEdition</strong> is not set to a valid value.</p></td>
+<td align="left"><p><code>OfficeClientEdition=&quot;32&quot;</code></p>
+<p><code>OfficeClientEdition=&quot;64&quot;</code></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Product element:<br>Specifies the application. Project 2013 and Visio 2013 must be specified here as an added product to be included in the applications.</p></td>
+<td align="left"><p><code>Product ID =&quot;O365ProPlusRetail &quot;</code></p>
+<p><code>Product ID =&quot;VisioProRetail&quot;</code></p>
+<p><code>Product ID =&quot;ProjectProRetail&quot;</code></p>
+<p><code>Product ID =&quot;ProPlusVolume&quot;</code></p>
+<p><code>Product ID =&quot;VisioProVolume&quot;</code></p>
+<p><code>Product ID = &quot;ProjectProVolume&quot;</code></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Language element:<br>Specifies the language supported in the applications.</p></td>
+<td align="left"><p><code>Language ID=&quot;en-us&quot;</code></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Version (attribute of Add element):<br>Optional. Specifies a build to use for the package. Defaults to latest advertised build (as defined in v32.CAB at the Office source).</p></td>
+<td align="left"><p><code>15.1.2.3</code></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>SourcePath (attribute of Add element):<br>Specifies the location in which the applications will be saved to.</p></td>
+<td align="left"><p><code>Sourcepath = &quot;\\Server\Office2013”</code></p></td>
+</tr>
+</tbody>
+</table>
+
+   
+
+### Convert the Office applications into an App-V package
+
+After you download the Office 2013 applications through the Office Deployment Tool, use the Office Deployment Tool to convert them into an Office 2013 App-V package. Complete the steps that correspond to your licensing model.
+
+**Summary of what you’ll need to do:**
+
+-   Create the Office 2013 App-V packages on 64-bit Windows computers. However, the package will run on 32-bit and 64-bit Windows 7, Windows 8, and Windows 10 computers.
+
+-   Create an Office App-V package for either Subscription Licensing package or Volume Licensing by using the Office Deployment Tool, and then modify the CustomConfig.xml configuration file.
+
+    The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Product ID</th>
+<th align="left">Volume Licensing</th>
+<th align="left">Subscription Licensing</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Office 2013</strong></p></td>
+<td align="left"><p>ProPlusVolume</p></td>
+<td align="left"><p>O365ProPlusRetail</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Office 2013 with Visio 2013</strong></p></td>
+<td align="left"><p>ProPlusVolume</p>
+<p>VisioProVolume</p></td>
+<td align="left"><p>O365ProPlusRetail</p>
+<p>VisioProRetail</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Office 2013 with Visio 2013 and Project 2013</strong></p></td>
+<td align="left"><p>ProPlusVolume</p>
+<p>VisioProVolume</p>
+<p>ProjectProVolume</p></td>
+<td align="left"><p>O365ProPlusRetail</p>
+<p>VisioProRetail</p>
+<p>ProjectProRetail</p></td>
+</tr>
+</tbody>
+</table>
+
+#### How to convert the Office applications into an App-V package
+
+1.  In Notepad, reopen the CustomConfig.xml file, and make the following changes to the file:
+
+    - **SourcePath**: Point to the Office applications downloaded earlier.
+    
+    - **ProductID**: Specify the type of licensing, as shown in the following examples:
+        - Subscription Licensing:
+        ```
+<Configuration>
+   <Add SourcePath= "\\server\Office 2013" OfficeClientEdition="32" >
+    <Product ID="O365ProPlusRetail">
+      <Language ID="en-us" />
+    </Product>
+    <Product ID="VisioProRetail">
+      <Language ID="en-us" />
+    </Product>
+  </Add>  
+</Configuration> 
+        ```
+        In this example, the following changes were made to create a package with Subscription licensing:
+        
+        **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.<br>
+        **Product ID** for Office was changed to `O365ProPlusRetail`.<br>
+        **Product ID** for Visio was changed to `VisioProRetail`.
+        
+        - Volume Licensing
+        ```
+<Configuration>
+   <Add SourcePath= "\\Server\Office2013" OfficeClientEdition="32" >
+    <Product ID="ProPlusVolume">
+      <Language ID="en-us" />
+    </Product>
+    <Product ID="VisioProVolume">
+      <Language ID="en-us" />
+    </Product>
+  </Add>  
+</Configuration>
+        ```
+        In this example, the following changes were made to create a package with Volume licensing:
+        
+        **SourcePath** is the path, which was changed to point to the Office applications that were downloaded earlier.<br>
+        **Product ID** for Office was changed to `ProPlusVolume`.<br>
+        **Product ID** for Visio was changed to `VisioProVolume`.
+    
+    - **ExcludeApp** (optional): Lets you specify Office programs that you don’t want included in the App-V package that the Office Deployment Tool creates. For example, you can exclude Access and InfoPath.
+    
+    - **PACKAGEGUID** (optional): By default, all App-V packages created by the Office Deployment Tool share the same App-V Package ID. You can use PACKAGEGUID to specify a different package ID for each package, which allows you to publish multiple App-V packages, created by the Office Deployment Tool, and manage them by using the App-V Server.
+        
+        An example of when to use this parameter is if you create different packages for different users. For example, you can create a package with just Office 2013 for some users, and create another package with Office 2013 and Visio 2013 for another set of users.
+        
+        **Note**&nbsp;&nbsp;Even if you use unique package IDs, you can still deploy only one App-V package to a single device.
+
+2.  Use the /packager command to convert the Office applications to an Office 2013 App-V package.
+
+    For example:
+
+    ``` syntax
+    \\server\Office2013\setup.exe /packager \\server\Office2013\Customconfig.xml  \\server\share\Office2013AppV
+    ```
+
+    In the example:
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p><code>\\server\Office2013</code></p></td>
+    <td align="left"><p>is the network share location that contains the Office Deployment Tool and the custom Configuration.xml file, Customconfig.xml.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>setup.exe</code></p></td>
+    <td align="left"><p>is the Office Deployment Tool.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>/packager</code></p></td>
+    <td align="left"><p>creates the Office 2013 App-V package with Volume Licensing as specified in the customConfig.xml file.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>\\server\Office2013\Customconfig.xml</code></p></td>
+    <td align="left"><p>passes the configuration XML file (in this case customConfig) that has been prepared for the packaging stage.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>\\server\share\Office2013AppV</code></p></td>
+    <td align="left"><p>specifies the location of the newly created Office App-V package.</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+    After you run the **/packager** command, the following folders appear up in the directory where you specified the package should be saved:
+    **App-V Packages** – contains an Office 2013 App-V package and two deployment configuration files.<br>
+    **WorkingDir**
+    
+    **Note**&nbsp;&nbsp;To troubleshoot any issues, see the log files in the %temp% directory (default).
+
+3.  Verify that the Office 2013 App-V package works correctly:
+
+    1.  Publish the Office 2013 App-V package, which you created globally, to a test computer, and verify that the Office 2013 shortcuts appear.
+
+    2.  Start a few Office 2013 applications, such as Excel or Word, to ensure that your package is working as expected.
+
+## <a href="" id="bkmk-pub-pkg-office"></a>Publishing the Office package for App-V
+
+
+Use the following information to publish an Office package.
+
+### Methods for publishing Office App-V packages
+
+Deploy the App-V package for Office 2013 by using the same methods you use for any other package:
+
+-   System Center Configuration Manager
+
+-   App-V Server
+
+-   Stand-alone through Windows PowerShell commands
+
+### Publishing prerequisites and requirements
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Prerequisite or requirement</th>
+<th align="left">Details</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Enable Windows PowerShell scripting on the App-V clients</p></td>
+<td align="left"><p>To publish Office 2013 packages, you must run a script.</p>
+<p>Package scripts are disabled by default on App-V clients. To enable scripting, run the following Windows PowerShell command:</p>
+<pre class="syntax" space="preserve"><code>Set-AppvClientConfiguration –EnablePackageScripts 1</code></pre></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Publish the Office 2013 package globally</p></td>
+<td align="left"><p>Extension points in the Office App-V package require installation at the computer level.</p>
+<p>When you publish at the computer level, no prerequisite actions or redistributables are needed, and the Office 2013 package globally enables its applications to work like natively installed Office, eliminating the need for administrators to customize packages.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### How to publish an Office package
+
+Run the following command to publish an Office package globally:
+
+-   `Add-AppvClientPackage <Path_to_AppV_Package> | Publish-AppvClientPackage –global`
+
+-   From the Web Management Console on the App-V Server, you can add permissions to a group of computers instead of to a user group to enable packages to be published globally to the computers in the corresponding group.
+
+## <a href="" id="bkmk-custmz-manage-office-pkgs"></a>Customizing and managing Office App-V packages
+
+
+To manage your Office App-V packages, use the same operations as you would for any other package, but there are a few exceptions, as outlined in the following sections.
+
+-   [Enabling Office plug-ins by using connection groups](#bkmk-enable-office-plugins)
+
+-   [Disabling Office 2013 applications](#bkmk-disable-office-apps)
+
+-   [Disabling Office 2013 shortcuts](#bkmk-disable-shortcuts)
+
+-   [Managing Office 2013 package upgrades](#bkmk-manage-office-pkg-upgrd)
+
+-   [Managing Office 2013 licensing upgrades](#bkmk-manage-office-lic-upgrd)
+
+-   [Deploying Visio 2013 and Project 2013 with Office](#bkmk-deploy-visio-project)
+
+### <a href="" id="bkmk-enable-office-plugins"></a>Enabling Office plug-ins by using connection groups
+
+Use the steps in this section to enable Office plug-ins with your Office package. To use Office plug-ins, you must use the App-V Sequencer to create a separate package that contains just the plug-ins. You cannot use the Office Deployment Tool to create the plug-ins package. You then create a connection group that contains the Office package and the plug-ins package, as described in the following steps.
+
+**To enable plug-ins for Office App-V packages**
+
+1.  Add a Connection Group through App-V Server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+
+2.  Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
+
+3.  Create an App-V package that includes the desired plug-ins.
+
+4.  Add a Connection Group through App-V server, System Center Configuration Manager, or a Windows PowerShell cmdlet.
+
+5.  Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created.
+
+    **Important**&nbsp;&nbsp;The order of the packages in the Connection Group determines the order in which the package contents are merged. In your Connection group descriptor file, add the Office 2013 App-V package first, and then add the plug-in App-V package.
+
+6.  Ensure that both packages are published to the target computer and that the plug-in package is published globally to match the global settings of the published Office 2013 App-V package.
+
+7.  Verify that the Deployment Configuration File of the plug-in package has the same settings that the Office 2013 App-V package has.
+
+    Since the Office 2013 App-V package is integrated with the operating system, the plug-in package settings should match. You can search the Deployment Configuration File for “COM Mode” and ensure that your plug-ins package has that value set as “Integrated” and that both "InProcessEnabled" and "OutOfProcessEnabled" match the settings of the Office 2013 App-V package you published.
+
+8.  Open the Deployment Configuration File and set the value for **Objects Enabled** to **false**.
+
+9.  If you made any changes to the Deployment Configuration file after sequencing, ensure that the plug-in package is published with the file.
+
+10. Ensure that the Connection Group you created is enabled onto your desired computer. The Connection Group created will likely “pend” if the Office 2013 App-V package is in use when the Connection Group is enabled. If that happens, you have to reboot to successfully enable the Connection Group.
+
+11. After you successfully publish both packages and enable the Connection Group, start the target Office 2013 application and verify that the plug-in you published and added to the connection group works as expected.
+
+### <a href="" id="bkmk-disable-office-apps"></a>Disabling Office 2013 applications
+
+You may want to disable specific applications in your Office App-V package. For instance, you can disable Access, but leave all other Office application main available. When you disable an application, the end user will no longer see the shortcut for that application. You do not have to re-sequence the application. When you change the Deployment Configuration File after the Office 2013 App-V package has been published, you will save the changes, add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
+
+**Note**  
+To exclude specific Office applications (for example, Access and InfoPath) when you create the App-V package with the Office Deployment Tool, use the **ExcludeApp** setting. For more information, see [Reference for Click-to-Run configuration.xml file](http://technet.microsoft.com/library/jj219426.aspx).
+
+ 
+
+**To disable an Office 2013 application**
+
+1.  Open a Deployment Configuration File with a text editor such as **Notepad** and search for “Applications."
+
+2.  Search for the Office application you want to disable, for example, Access 2013.
+
+3.  Change the value of "Enabled" from "true" to "false."
+
+4.  Save the Deployment Configuration File.
+
+5.  Add the Office 2013 App-V Package with the new Deployment Configuration File.
+
+    ``` syntax
+    <Application Id="[{AppVPackageRoot)]\officefl5\INFOPATH.EXE" Enabled="true">
+      <VisualElements>
+        <Name>InfoPath Filler 2013</Name>
+        <Icon />
+        <Description />
+      </VisualElements>
+    </Application>
+    <Application Id="[{AppVPackageRoot}]\officel5\lync.exe" Enabled="true">
+      <VisualElements>
+        <Name>Lync 2013</Name>
+        <Icon />
+        <Description />
+      </VisualElements>
+    </Application>
+    <Application Id="[(AppVPackageRoot}]\office15\MSACCESS.EXE" Enabled="true">
+      <VisualElements>
+        <Name>Access 2013</Name>
+        <Icon />
+        <Description />
+      </VisualElements>
+    </Application>
+    ```
+
+6.  Re-add the Office 2013 App-V package, and then republish it with the new Deployment Configuration File to apply the new settings to Office 2013 App-V Package applications.
+
+### <a href="" id="bkmk-disable-shortcuts"></a>Disabling Office 2013 shortcuts
+
+You may want to disable shortcuts for certain Office applications instead of unpublishing or removing the package. The following example shows how to disable shortcuts for Microsoft Access.
+
+**To disable shortcuts for Office 2013 applications**
+
+1.  Open a Deployment Configuration File in Notepad and search for “Shortcuts”.
+
+2.  To disable certain shortcuts, delete or comment out the specific shortcuts you don’t want. You must keep the subsystem present and enabled. For example, in the example below, delete the Microsoft Access shortcuts, while keeping the subsystems &lt;shortcut&gt; &lt;/shortcut&gt; intact to disable the Microsoft Access shortcut.
+
+    ``` syntax
+    Shortcuts 
+
+    -->
+     <Shortcuts Enabled="true">
+      <Extensions>
+        <Extension Category="AppV.Shortcut">
+          <Shortcut>
+           <File>[{Common Programs}]\Microsoft Office 2013\Access 2013.lnk</File>
+           <Target>[{AppvPackageRoot}])office15\MSACCESS.EXE</Target>
+           <Icon>[{Windows}]\Installer\{90150000-000F-0000-0000-000000FF1CE)\accicons.exe.Ø.ico</Icon>
+           <Arguments />
+           <WorkingDirectory />
+           <AppuserModelId>Microsoft.Office.MSACCESS.EXE.15</AppUserModelId>
+           <AppUsermodelExcludeFroeShowInNewInstall>true</AppUsermodelExcludeFroeShowInNewInstall>
+           <Description>Build a professional app quickly to manage data.</Description>
+           <ShowCommand>l</ShowCommand>
+           <ApplicationId>[{AppVPackageRoot}]\officel5\MSACCESS.EXE</ApplicationId>
+        </Shortcut>
+    ```
+
+3.  Save the Deployment Configuration File.
+
+4.  Republish Office 2013 App-V Package with new Deployment Configuration File.
+
+Many additional settings can be changed through modifying the Deployment Configuration for App-V packages, for example, file type associations, Virtual File System, and more. For additional information on how to use Deployment Configuration Files to change App-V package settings, refer to the additional resources section at the end of this document.
+
+### <a href="" id="bkmk-manage-office-pkg-upgrd"></a>Managing Office 2013 package upgrades
+
+To upgrade an Office 2013 package, use the Office Deployment Tool. To upgrade a previously deployed Office 2013 package, perform the following steps.
+
+**How to upgrade a previously deployed Office 2013 package**
+
+1.  Create a new Office 2013 package through the Office Deployment Tool that uses the most recent Office 2013 application software. The most recent Office 2013 bits can always be obtained through the download stage of creating an Office 2013 App-V Package. The newly created Office 2013 package will have the most recent updates and a new Version ID. All packages created using the Office Deployment Tool have the same lineage.
+
+    **Note**  
+    Office App-V packages have two Version IDs:
+
+    -   An Office 2013 App-V Package Version ID that is unique across all packages created using the Office Deployment Tool.
+
+    -   A second App-V Package Version ID, x.x.x.x for example, in the AppX manifest that will only change if there is a new version of Office itself. For example, if a new Office 2013 release with upgrades is available, and a package is created through the Office Deployment Tool to incorporate these upgrades, the X.X.X.X version ID will change to reflect that the Office version itself has changed. The App-V server will use the X.X.X.X version ID to differentiate this package and recognize that it contains new upgrades to the previously published package, and as a result, publish it as an upgrade to the existing Office 2013 package.
+
+     
+
+2.  Globally publish the newly created Office 2013 App-V Packages onto computers where you would like to apply the new updates. Since the new package has the same lineage of the older Office 2013 App-V Package, publishing the new package with the updates will only apply the new changes to the old package, and thus will be fast.
+
+3.  Upgrades will be applied in the same manner of any globally published App-V Packages. Because applications will probably be in use, upgrades might be delayed until the computer is rebooted.
+
+### <a href="" id="bkmk-manage-office-lic-upgrd"></a>Managing Office 2013 licensing upgrades
+
+If a new Office 2013 App-V Package has a different license than the Office 2013 App-V Package currently deployed. For instance, the Office 2013 package deployed is a subscription based Office 2013 and the new Office 2013 package is Volume Licensing based, the following instructions must be followed to ensure smooth licensing upgrade:
+
+**How to upgrade an Office 2013 License**
+
+1.  Unpublish the already deployed Office 2013 Subscription Licensing App-V package.
+
+2.  Remove the unpublished Office 2013 Subscription Licensing App-V package.
+
+3.  Restart the computer.
+
+4.  Add the new Office 2013 App-V Package Volume Licensing.
+
+5.  Publish the added Office 2013 App-V Package with Volume Licensing.
+
+An Office 2013 App-V Package with your chosen licensing will be successfully deployed.
+
+### <a href="" id="bkmk-deploy-visio-project"></a>Deploying Visio 2013 and Project 2013 with Office
+
+This section describes the requirements and options for deploying Visio 2013 and Project 2013 with Office.
+
+- **To package and publish Visio 2013 and Project 2013 with Office**: Include Visio 2013 and Project 2013 in the same package with Office. If you aren’t deploying Office, you can create a package that contains Visio and/or Project.
+
+- **To deploy Visio 2013 and Project 2013 to specific users**: Use one of the following methods:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Goal</th>
+<th align="left">Method</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Create two different packages and deploy each one to a different group of users</p></td>
+<td align="left"><p>Create and deploy the following packages:</p>
+<ul>
+<li><p>A package that contains only Office - deploy to computers whose users need only Office.</p></li>
+<li><p>A package that contains Office, Visio, and Project - deploy to computers whose users need all three applications.</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>If you want only one package for the whole organization, or if you have users who share computers:</p></td>
+<td align="left"><p>Follows these steps:</p>
+<ol>
+<li><p>Create a package that contains Office, Visio, and Project.</p></li>
+<li><p>Deploy the package to all users.</p></li>
+<li><p>Use [AppLocker](https://technet.microsoft.com/itpro/windows/keep-secure/applocker-overview) to prevent specific users from using Visio and Project.</p></li>
+</ol></td>
+</tr>
+</tbody>
+</table>
+
+## Additional resources
+
+
+**Office 2013 App-V Packages Additional Resources**
+
+[Office 2013 Deployment Tool for Click-to-Run](http://www.microsoft.com/download/details.aspx?id=36778)
+
+[Supported scenarios for deploying Microsoft Office as a sequenced App-V Package](https://support.microsoft.com/en-us/kb/2772509)
+
+**Office 2010 App-V Packages**
+
+[Microsoft Office 2010 Sequencing Kit for Microsoft Application Virtualization 5.0](https://www.microsoft.com/download/details.aspx?id=38399)
+
+[Known issues when you create or use an App-V 5.0 Office 2010 package](https://support.microsoft.com/en-us/kb/2828619)
+
+[How To Sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](https://support.microsoft.com/en-us/kb/2830069)
+
+**Connection Groups**
+
+[Managing Connection Groups](appv-managing-connection-groups.md)
+
+[Connection groups on the App-V team blog](https://blogs.technet.microsoft.com/gladiatormsft/tag/connection-groups/)
+
+**Dynamic Configuration**
+
+[About App-V Dynamic Configuration](appv-dynamic-configuration.md)
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md b/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md
new file mode 100644
index 0000000000..77314ded8e
--- /dev/null
+++ b/windows/manage/appv-deploying-packages-with-electronic-software-distribution-solutions.md
@@ -0,0 +1,54 @@
+---
+title: Deploying App-V Packages by Using Electronic Software Distribution (ESD)
+description: Deploying App-V Packages by Using Electronic Software Distribution (ESD)
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Deploying App-V Packages by Using Electronic Software Distribution (ESD)
+
+**Applies to**
+-   Windows 10, version 1607
+
+You can deploy App-V packages using an Electronic Software Distribution (ESD) solution. For information about planning to deploy App-V packages with an ESD, see [Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md).
+
+To deploy App-V packages with Microsoft System Center 2012 Configuration Manager, see [Introduction to Application Management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv)
+
+## How to deploy virtualized packages using an ESD
+
+
+Describes the methods you can use to deploy App-V packages by using an ESD.
+
+[How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
+
+## How to Enable Only Administrators to Publish Packages by Using an ESD
+
+
+Explains how to configure the App-V client to enable only administrators to publish and unpublish packages when you’re using an ESD.
+
+[How to Enable Only Administrators to Publish Packages by Using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Other resources for using an ESD and App-V
+
+
+Use the following link for more information about [App-V and Citrix Integration](https://www.microsoft.com/en-us/download/details.aspx?id=40885).
+
+[Operations for App-V](appv-operations.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-deploying-the-appv-sequencer-and-client.md b/windows/manage/appv-deploying-the-appv-sequencer-and-client.md
new file mode 100644
index 0000000000..ca8397a1fe
--- /dev/null
+++ b/windows/manage/appv-deploying-the-appv-sequencer-and-client.md
@@ -0,0 +1,96 @@
+---
+title: Deploying the App-V Sequencer and Configuring the Client (Windows 10)
+description: Deploying the App-V Sequencer and Configuring the Client
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Deploying the App-V Sequencer and Configuring the Client
+
+**Applies to**
+-   Windows 10, version 1607
+
+The App-V Sequencer and client enable administrators to virtualize and run virtualized applications.
+
+## Enable the client
+
+The App-V client is the component that runs a virtualized application on a target computer. The client enables users to interact with icons and to double-click file types, so that they can start a virtualized application. The client can also obtain the virtual application content from the management server.
+
+> [!NOTE]  
+> In Windows 10, version 1607, App-V is included with the operating system. You only need to enable it.
+
+[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
+
+## Client Configuration Settings
+
+The App-V client stores its configuration in the registry. You can gather some useful information about the client if you understand the format of data in the registry. For information about client settings that you can configure through Windows PowerShell or through the registry, see [About Client Configuration Settings](appv-client-configuration-settings.md).
+
+## Configure the client by using the ADMX template and Group Policy
+
+You can use Group Policy to configure the client settings for the App-V client and the Remote Desktop Services client.
+
+To manage the ADMX template, perform the following steps on the computer that you will use to manage Group Policy. This is typically the Domain Controller.
+
+1.  Save the **.admx** file to the following directory: **Windows \\ PolicyDefinitions**
+
+2.  Save the **.adml** file to the following directory: **Windows \\ PolicyDefinitions \\ <Language Directory>**
+
+After you have completed the preceding steps, you can use Group Policy to configure the client settings by using the Group Policy Management Console under **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
+
+## Understanding Shared Content Store mode for App-V clients
+
+The App-V Shared Content Store (SCS) mode enables the SCS App-V clients to run virtualized applications without saving any of the associated package data locally. All required virtualized package data is transmitted across the network; therefore, you should only use the SCS mode in environments with a fast connection. Both the Remote Desktop Services (RDS) and the standard version of the App-V client are supported with SCS mode.
+
+> [!IMPORTANT]  
+> If the App-V client is configured to run in the SCS mode, the location where the App-V packages are streamed from must be available, otherwise, the virtualized package will fail. Additionally, we do not recommend deployment of virtualized applications to computers that run the App-V client in the SCS mode across the internet.
+
+Additionally, the SCS is not a physical location that contains virtualized packages. It is a mode that allows the App-V client to stream the required virtualized package data across the network.
+
+The SCS mode is helpful in the following scenarios:
+
+-   Virtual desktop infrastructure (VDI) deployments
+
+-   Remote Desktop Services deployments
+
+To use SCS in your environment, you must configure the App-V client to run in SCS mode (it will not use SCS mode by default). 
+
+There might be cases when the administrator pre-loads some virtual applications on the computer that runs the App-V client in SCS mode. This can be accomplished with Windows PowerShell commands to add, publish, and mount the package. For example, if a package is pre-loaded on all computers, the administrator could add, publish, and mount the package by using Windows PowerShell commands. The package would not stream across the network because it would be locally stored.
+
+### Configure the Group Policy setting for the SCS Mode for App-V clients
+
+Use the following steps to locate and configure the Group Policy setting for the SCS Mode for App-V clients.
+
+1.  In the Group Policy Management Console, navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V** > **Streaming**.
+
+2.  Enable the **Set the Shared Content Mode (SCS) mode** setting.
+
+### Configure an individual client to use the SCS mode
+
+To configure the App-V client to run in SCS mode, on the client, enter the following Windows PowerShell command:
+
+```
+Set-AppvClientConfiguration -SharedContentStoreMode 1
+```
+
+## Deploy the Sequencer
+
+The Sequencer is a tool that is used to convert standard applications into virtual packages for deployment to computers that run the App-V client. The Sequencer helps provide a simple and predictable conversion process with minimal changes to prior sequencing workflows. In addition, the Sequencer allows users to more easily configure applications to enable connections of virtualized applications.
+
+For a list of changes in the App-V Sequencer, see [What's new in App-V](appv-about-appv.md#bkmk-seqimprove).
+
+To deploy the sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md).
+
+## App-V Client and Sequencer logs
+
+
+You can use the App-V Sequencer log information to help troubleshoot the Sequencer installation and operational events while using App-V. The Sequencer-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Sequencer-related events:
+
+**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V**. Sequencer-related events are prepended with **AppV\_Sequencer**. Client-related events are prepended with **AppV\_Client**.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-deploying-the-appv-server.md b/windows/manage/appv-deploying-the-appv-server.md
new file mode 100644
index 0000000000..7cfca2fe26
--- /dev/null
+++ b/windows/manage/appv-deploying-the-appv-server.md
@@ -0,0 +1,112 @@
+---
+title: Deploying the App-V Server (Windows 10)
+description: Deploying the App-V Server in App-V for Windows 10
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Deploying the App-V server
+
+**Applies to**
+-   Windows Server 2016
+
+>**Note**<br>If you plan to use the App-V server components in your deployment, note that they reference App-V 5.x. This is because the App-V server components have not changed in App-V for Windows 10. 
+
+You can install the Application Virtualization (App-V) server components using different deployment configurations, which are described in this topic. Before you install the server features, review the server section of [App-V Security Considerations](appv-security-considerations.md). 
+
+For information about deploying App-V for Windows 10, see [What's new in App-V](appv-about-appv.md).
+
+>**Important**<br>Before you install and configure the App-V servers, you must specify a port where each component will be hosted. You must also add the associated firewall rules to allow incoming requests to access the specified ports. The installer does not modify firewall settings.
+
+## Download and install App-V server components
+
+>**Note**<br>
+If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released.
+
+App-V offers the following five server components, each of which serves a specific purpose in an App-V environment. 
+
+- **Management server.** Use the App-V management server and console to manage your App-V infrastructure. See [Administering App-V with the management console](appv-administering-virtual-applications-with-the-management-console.md) for more information about the management server.
+
+    >**Note**<br>If you are using App-V with your electronic software distribution solution, you don’t need to use the management server and console. However, you may want to take advantage of the reporting and streaming capabilities in App-V.
+    
+- **Management database.** Use the App-V management database to facilitate database pre-deployments for App-V management. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) for more information about the management database.
+ 
+- **Publishing server.** Use the App-V publishing server to host and stream virtual applications. The publishing server supports the HTTP and HTTPS protocols and does not require a database connection. See [How to install the App-V publishing server](appv-install-the-publishing-server-on-a-remote-computer.md) for more information about configuring the publishing server.
+
+- **Reporting server.** Use the App-V reporting server to generate reports that help you manage your App-V infrastructure. The reporting server requires a connection to the reporting database. See [About App-V reporting](appv-reporting.md) for more information about the reporting capabilities in App-V.
+
+- **Reporting database.** Use the App-V reporting database to facilitate database pre-deployments for App-V reporting. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md) for more information about the reporting database.
+
+All five App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:
+
+-   The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215) You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.
+
+-   The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).
+
+In large organizations, you might want to install more than one instance of the server components to get:
+
+- Fault tolerance for situations when one of the servers is unavailable.
+
+- High availability to balance server requests. We recommend using a network load balancer to achieve this.
+
+- Scalability to support a high load. For example, you can install additional servers behind a network load balancer.
+
+## App-V standalone deployment
+The App-V standalone deployment provides a good topology for a small deployment or a test environment. When you use this type of implementation, all server components are installed on a single computer. The services and associated databases will compete for the resources on the computer that runs the App-V components. Therefore, you should not use this strategy for larger deployments.
+
+- [How to Deploy the App-V Server](appv-deploy-the-appv-server.md)
+
+- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
+
+##  App-V Server distributed deployment
+The distributed deployment topology can support a large App-V client base and it allows you to more easily manage and scale your environment. When you use this type of deployment, the App-V server components are deployed across multiple computers, based on the structure and requirements of the organization.
+
+- [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md)
+
+- [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md)
+
+- [How to Deploy the App-V Server Using a Script](appv-deploy-the-appv-server-with-a-script.md)
+
+- [How to Install the Publishing Server on a Remote Computer](appv-install-the-publishing-server-on-a-remote-computer.md)
+
+- [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md)
+
+## Using an Enterprise Software Distribution (ESD) solution and App-V
+You can also deploy packages by using an ESD. The full capabilities for integration will vary depending on the ESD that you use.
+
+>**Note**<br>The App-V reporting server and reporting database can still be deployed alongside the ESD to collect the reporting data from the App-V clients. However, the other three server components should not be deployed, because they will conflict with the ESD functionality.
+
+[Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
+
+## App-V Server logs
+You can use App-V server log information to help troubleshoot the server installation and operational events while using App-V. The server-related log information can be reviewed with the **Event Viewer**. The following line displays the specific path for Server-related events:
+
+**Event Viewer \\ Applications and Services Logs \\ Microsoft \\ App V**
+
+Associated setup logs are saved in the following directory:
+
+**%temp%**
+
+## App-V reporting
+App-V reporting allows App-V clients to collect data and then send it back to be stored in a central repository. You can use this information to get a better view of the virtual application usage within your organization. The following list displays some of the types of information the App-V client collects:
+
+-   Information about the computer that runs the App-V client.
+
+-   Information about virtualized packages on a specific computer that runs the App-V client.
+
+-   Information about package open and shutdown for a specific user.
+
+The reporting information will be maintained until it is successfully sent to the reporting server database. After the data is in the database, you can use Microsoft SQL Server Reporting Services to generate any necessary reports.
+
+If you want to retrieve report information, you must use Microsoft SQL Server Reporting Services (SSRS) which is available with Microsoft SQL. SSRS is not installed when you install the App-V reporting server and it must be deployed separately to generate the associated reports.
+
+For more information, see [About App-V Reporting](appv-reporting.md) and [How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
+
+## Other resources for the App-V server
+- [Deploying App-V](appv-deploying-appv.md)
+
+## Have a suggestion for App-V?
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
diff --git a/windows/manage/appv-deployment-checklist.md b/windows/manage/appv-deployment-checklist.md
new file mode 100644
index 0000000000..cf1f4cf23e
--- /dev/null
+++ b/windows/manage/appv-deployment-checklist.md
@@ -0,0 +1,78 @@
+---
+title: App-V Deployment Checklist (Windows 10)
+description: App-V Deployment Checklist
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# App-V Deployment Checklist
+
+**Applies to**
+-   Windows 10, version 1607
+
+This checklist can be used to help you during an App-V deployment.
+
+>**Note**<br>
+This checklist outlines the recommended steps and items to consider when deploying App-V features. We recommend that you copy this checklist into a spreadsheet program and customize it for your use.
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left"></th>
+<th align="left">Task</th>
+<th align="left">References</th>
+<th align="left">Notes</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>Complete the planning phase to prepare the computing environment for App-V deployment.</p></td>
+<td align="left"><p>[App-V Planning Checklist](appv-planning-checklist.md)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>Review the App-V supported configurations information.</p></td>
+<td align="left"><p>[App-V Supported Configurations](appv-supported-configurations.md)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>Run App-V Setup to deploy the required App-V features for your environment.</p>
+<div class="alert">
+<strong>Note</strong>  
+<p>Keep track of the names of the servers and associated URLs created during installation. This information will be used throughout the installation process.</p>
+</div>
+<div>
+ 
+</div></td>
+<td align="left"><p></p>
+<ul>
+<li><p>[How to Install the Sequencer](appv-install-the-sequencer.md)</p></li>
+<li><p>[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)</p></li>
+<li><p>[How to Deploy the App-V Server](appv-deploy-the-appv-server.md)</p></li>
+</ul></td>
+<td align="left"><p></p></td>
+</tr>
+</tbody>
+</table>
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Deploying App-V](appv-deploying-appv.md)
diff --git a/windows/manage/appv-dynamic-configuration.md b/windows/manage/appv-dynamic-configuration.md
new file mode 100644
index 0000000000..410da69b63
--- /dev/null
+++ b/windows/manage/appv-dynamic-configuration.md
@@ -0,0 +1,745 @@
+---
+title: About App-V Dynamic Configuration (Windows 10)
+description: About App-V Dynamic Configuration
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# About App-V Dynamic Configuration
+
+**Applies to**
+-   Windows 10, version 1607
+
+You can use the dynamic configuration to customize an App-V package for a user. Use the following information to create or edit an existing dynamic configuration file.
+
+When you edit the dynamic configuration file it customizes how an App-V package will run for a user or group. This helps to provide a more convenient method for package customization by removing the need to re-sequence packages using the desired settings, and provides a way to keep package content and custom settings independent.
+
+## Advanced: Dynamic Configuration
+
+
+Virtual application packages contain a manifest that provides all the core information for the package. This information includes the defaults for the package settings and determines settings in the most basic form (with no additional customization). If you want to adjust these defaults for a particular user or group, you can create and edit the following files:
+
+-   User Configuration file
+
+-   Deployment configuration file
+
+The previous .xml files specify package settings and allow for packages to be customized without directly affecting the packages. When a package is created, the sequencer automatically generates default deployment and user configuration .xml files using the package manifest data. Therefore, these automatically generated configuration files simply reflect the default settings that the package innately as from how things were configured during sequencing. If you apply these configuration files to a package in the form generated by the sequencer, the packages will have the same default settings that came from their manifest. This provides you with a package-specific template to get started if any of the defaults must be changed.
+
+**Note**  
+The following information can only be used to modify sequencer generated configuration files to customize packages to meet specific user or group requirements.
+
+ 
+
+### Dynamic Configuration file contents
+
+All of the additions, deletions, and updates in the configuration files need to be made in relation to the default values specified by the package's manifest information. Review the following table:
+
+<table>
+<colgroup>
+<col width="100%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p>User Configuration .xml file</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Deployment Configuration .xml file</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Package Manifest</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+The previous table represents how the files will be read. The first entry represents what will be read last, therefore, its content takes precedence. Therefore, all packages inherently contain and provide default settings from the package manifest. If a deployment configuration .xml file with customized settings is applied, it will override the package manifest defaults. If a user configuration .xml file with customized settings is applied prior to that, it will override both the deployment configuration and the package manifest defaults.
+
+The following list displays more information about the two file types:
+
+-   **User Configuration File (UserConfig)** – Allows you to specify or modify custom settings for a package. These settings will be applied for a specific user when the package is deployed to a computer running the App-V client.
+
+-   **Deployment Configuration File (DeploymentConfig)** – Allows you to specify or modify the default settings for a package. These settings will be applied for all users when a package is deployed to a computer running the App-V client.
+
+To customize the settings for a package for a specific set of users on a computer or to make changes that will be applied to local user locations such as HKCU, the UserConfig file should be used. To modify the default settings of a package for all users on a machine or to make changes that will be applied to global locations such as HKEY\_LOCAL\_MACHINE and the all users folder, the DeploymentConfig file should be used.
+
+The UserConfig file provides configuration settings that can be applied to a single user without affecting any other users on a client:
+
+-   Extensions that will be integrated into the native system per user:- shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients and COM
+
+-   Virtual Subsystems:- Application Objects, Environment variables, Registry modifications, Services and Fonts
+
+-   Scripts (User context only)
+
+The DeploymentConfig file provides configuration settings in two sections, one relative to the machine context and one relative to the user context providing the same capabilities listed in the UserConfig list above:
+
+-   All UserConfig settings above
+
+-   Extensions that can only be applied globally for all users
+
+-   Virtual Subsystems that can be configured for global machine locations e.g. registry
+
+-   Product Source URL
+
+-   Scripts (Machine context only)
+
+-   Controls to Terminate Child Processes
+
+### File structure
+
+The structure of the App-V Dynamic Configuration file is explained in the following section.
+
+### Dynamic User Configuration file
+
+**Header** - the header of a dynamic user configuration file is as follows:
+
+```
+<?xml version="1.0" encoding="utf-8"?>
+<UserConfiguration PackageId="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/userconfiguration">
+```
+
+The **PackageId** is the same value as exists in the Manifest file.
+
+**Body** - the body of the Dynamic User Configuration file can include all the app extension points that are defined in the Manifest file, as well as information to configure virtual applications. There are four subsections allowed in the body:
+
+**Applications** - All app-extensions that are contained in the Manifest file within a package are assigned with an Application ID, which is also defined in the manifest file. This allows you to enable or disable all the extensions for a given application within a package. The **Application ID** must exist in the Manifest file or it will be ignored.
+
+```
+    <UserConfiguration PackageId="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/userconfiguration">
+    <Applications>
+    <!-- No new application can be defined in policy. AppV Client will ignore any application ID that is not also in the Manifest file -->
+    <Application Id="{a56fa627-c35f-4a01-9e79-7d36aed8225a}" Enabled="false">
+    </Application>
+    </Applications>
+    …
+    </UserConfiguration>
+```
+
+**Subsystems** - AppExtensions and other subsystems are arranged as subnodes under the <Subsystems>:
+
+```
+    <UserConfiguration **PackageId**="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/userconfiguration">
+    <Subsystems>
+    ..
+    </Subsystems>
+    ..
+    </UserConfiguration>
+```
+
+Each subsystem can be enabled/disabled using the “**Enabled**” attribute. Below are the various subsystems and usage samples.
+
+**Extensions:**
+
+Some subsystems (Extension Subsystems) control Extensions. Those subsystems are:- shortcuts, File-Type associations, URL Protocols, AppPaths, Software Clients and COM
+
+Extension Subsystems can be enabled and disabled independently of the content.  Thus if Shortcuts are enabled, The client will use the shortcuts contained within the manifest by default. Each Extension Subsystem can contain an <Extensions> node. If this child element is present, the client will ignore the content in the Manifest file for that subsystem and only use the content in the configuration file.
+
+Example using the shortcuts subsystem:
+
+**Example 1**<br>If the user defined this in either the dynamic or deployment config file:
+
+```
+                                     <Shortcuts  Enabled="true">
+                                                 <Extensions
+                                                  ...
+                                                 </Extensions>
+                                     </Shortcuts>
+```
+
+Content in the manifest will be ignored.   
+
+**Example 2**<br>If the user defined only the following:
+
+                                    `<Shortcuts  Enabled="true"/>`
+    
+Then the content in the Manifest will be integrated during publishing.
+
+**Example 3**<br>If the user defines the following
+
+```
+                           <Shortcuts  Enabled="true">
+                                                 <Extensions/>
+                                     </Shortcuts>
+```
+
+Then all the shortcuts within the manifest will still be ignored. There will be no shortcuts integrated.
+
+The supported Extension Subsystems are:
+
+**Shortcuts:** This controls shortcuts that will be integrated into the local system. Below is a sample with 2 shortcuts:
+
+```
+    <Subsystems>
+    <Shortcuts Enabled="true">
+      <Extensions>
+        <Extension Category="AppV.Shortcut">
+          <Shortcut>
+            <File>\[{Common Programs}\]\\Microsoft Contoso\\Microsoft ContosoApp Filler 2010.lnk</File>
+            <Target>\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE</Target>
+            <Icon>\[{Windows}\]\\Installer\\{90140000-0011-0000-0000-0000000FF1CE}\\inficon.exe</Icon>
+            <Arguments />
+            <WorkingDirectory />
+            <AppUserModelId>ContosoApp.Filler.3</AppUserModelId>
+            <Description>Fill out dynamic forms to gather and reuse information throughout the organization using Microsoft ContosoApp.</Description>
+            <Hotkey>0</Hotkey>
+            <ShowCommand>1</ShowCommand>
+            <ApplicationId>\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE</ApplicationId>
+          </Shortcut>
+      </Extension>
+      <Extension Category="AppV.Shortcut">
+        <Shortcut>
+          <File>\[{AppData}\]\\Microsoft\\Contoso\\Recent\\Templates.LNK</File>
+          <Target>\[{AppData}\]\\Microsoft\\Templates</Target>
+          <Icon />
+          <Arguments />
+          <WorkingDirectory />
+          <AppUserModelId />
+          <Description />
+          <Hotkey>0</Hotkey>
+          <ShowCommand>1</ShowCommand>
+          <!-- Note the ApplicationId is optional -->
+        </Shortcut>
+      </Extension>
+     </Extensions>
+    </Shortcuts>
+```
+
+**File-Type Associations:** Associates File-types with programs to open by default as well as setup the context menu. (MIME types can also be setup using this susbsystem). Sample File-type Association is below:
+
+```
+    <FileTypeAssociations Enabled="true">
+    <Extensions>
+      <Extension Category="AppV.FileTypeAssociation">
+        <FileTypeAssociation>
+          <FileExtension MimeAssociation="true">
+          <Name>.docm</Name>
+          <ProgId>contosowordpad.DocumentMacroEnabled.12</ProgId>
+          <PerceivedType>document</PerceivedType>
+          <ContentType>application/vnd.ms-contosowordpad.document.macroEnabled.12</ContentType>
+          <OpenWithList>
+            <ApplicationName>wincontosowordpad.exe</ApplicationName>
+          </OpenWithList>
+         <OpenWithProgIds>
+            <ProgId>contosowordpad.8</ProgId>
+          </OpenWithProgIds>
+          <ShellNew>
+            <Command />
+            <DataBinary />
+            <DataText />
+            <FileName />
+            <NullFile>true</NullFile>
+            <ItemName />
+            <IconPath />
+            <MenuText />
+            <Handler />
+          </ShellNew>
+        </FileExtension>
+        <ProgId>
+           <Name>contosowordpad.DocumentMacroEnabled.12</Name>
+            <DefaultIcon>\[{Windows}\]\\Installer\\{90140000-0011-0000-0000-0000000FF1CE}\\contosowordpadicon.exe,15</DefaultIcon>
+            <Description>Blah Blah Blah</Description>
+            <FriendlyTypeName>\[{FOLDERID\_ProgramFilesX86}\]\\Microsoft Contoso 14\\res.dll,9182</FriendlyTypeName>
+            <InfoTip>\[{FOLDERID\_ProgramFilesX86}\]\\Microsoft Contoso 14\\res.dll,1424</InfoTip>
+            <EditFlags>0</EditFlags>
+            <ShellCommands>
+              <DefaultCommand>Open</DefaultCommand>
+              <ShellCommand>
+                 <ApplicationId>{e56fa627-c35f-4a01-9e79-7d36aed8225a}</ApplicationId>
+                 <Name>Edit</Name>
+                 <FriendlyName>&Edit</FriendlyName>
+                 <CommandLine>"\[{PackageRoot}\]\\Contoso\\WINcontosowordpad.EXE" /vu "%1"</CommandLine>
+              </ShellCommand>
+              </ShellCommand>
+                <ApplicationId>{e56fa627-c35f-4a01-9e79-7d36aed8225a}</ApplicationId>
+                <Name>Open</Name>
+                <FriendlyName>&Open</FriendlyName>
+                <CommandLine>"\[{PackageRoot}\]\\Contoso\\WINcontosowordpad.EXE" /n "%1"</CommandLine>
+                <DropTargetClassId />
+                <DdeExec>
+                  <Application>mscontosowordpad</Application>
+                  <Topic>ShellSystem</Topic>
+                  <IfExec>\[SHELLNOOP\]</IfExec>
+                  <DdeCommand>\[SetForeground\]\[ShellNewDatabase "%1"\]</DdeCommand>
+                </DdeExec>
+              </ShellCommand>
+            </ShellCommands>
+          </ProgId>
+         </FileTypeAssociation>
+       </Extension>
+      </Extensions>
+      </FileTypeAssociations>
+```
+
+**URL Protocols**: This controls the URL Protocols that are integrated into the local registry of the client machine e.g. “mailto:”.
+
+```
+    <URLProtocols Enabled="true">
+    <Extensions>
+    <Extension Category="AppV.URLProtocol">
+    <URLProtocol>
+      <Name>mailto</Name>
+      <ApplicationURLProtocol>
+      <DefaultIcon>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE,-9403</DefaultIcon>
+      <EditFlags>2</EditFlags>
+      <Description />
+      <AppUserModelId />
+      <FriendlyTypeName />
+      <InfoTip />
+    <SourceFilter />
+      <ShellFolder />
+      <WebNavigableCLSID />
+      <ExplorerFlags>2</ExplorerFlags>
+      <CLSID />
+      <ShellCommands>
+      <DefaultCommand>open</DefaultCommand>
+      <ShellCommand>
+      <ApplicationId>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE</ApplicationId>
+      <Name>open</Name>
+      <CommandLine>\[{ProgramFilesX86}\\Microsoft Contoso\\Contoso\\contosomail.EXE" -c OEP.Note /m "%1"</CommandLine>
+      <DropTargetClassId />
+      <FriendlyName />
+      <Extended>0</Extended>
+      <LegacyDisable>0</LegacyDisable>
+      <SuppressionPolicy>2</SuppressionPolicy>
+       <DdeExec>
+      <NoActivateHandler />
+      <Application>contosomail</Application>
+      <Topic>ShellSystem</Topic>
+      <IfExec>\[SHELLNOOP\]</IfExec>
+      <DdeCommand>\[SetForeground\]\[ShellNewDatabase "%1"\]</DdeCommand>
+      </DdeExec>
+      </ShellCommand>
+      </ShellCommands>
+      </ApplicationURLProtocol>
+      </URLProtocol>
+      </Extension>
+      </Extension>
+      </URLProtocols>
+```
+
+**Software Clients**: Allows the app to register as an Email client, news reader, media player and makes the app visible in the Set Program Access and Computer Defaults UI. In most cases you should only need to enable and disable it. There is also a control to enable and disable the email client specifically if you want the other clients still enabled except for that client.
+
+```
+    <SoftwareClients Enabled="true">
+      <ClientConfiguration EmailEnabled="false" />
+    </SoftwareClients>
+```
+
+**AppPaths**: If an application for example contoso.exe is registered with an apppath name of “myapp”, it allows you type “myapp” under the run menu and it will open contoso.exe.
+
+```
+    <AppPaths Enabled="true">
+    <Extensions>
+    <Extension Category="AppV.AppPath">
+    <AppPath>
+      <ApplicationId>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE</ApplicationId>
+      <Name>contosomail.exe</Name>
+      <ApplicationPath>\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE</ApplicationPath>
+      <PATHEnvironmentVariablePrefix />
+      <CanAcceptUrl>false</CanAcceptUrl>
+      <SaveUrl />
+    </AppPath>
+    </Extension>
+    </Extensions>
+    </AppPaths>
+```
+
+**COM**: Allows an Application register Local COM servers. Mode can be Integration, Isolated or Off. When Isol.
+
+`    <COM Mode="Isolated"/>`
+
+**Other Settings**:
+
+In addition to Extensions, other subsystems can be enabled/disabled and edited:
+
+**Virtual Kernel Objects**:
+
+`    <Objects Enabled="false" />`
+
+**Virtual Registry**: Used if you want to set a registry in the Virtual Registry within HKCU
+
+```
+    <Registry Enabled="true">
+    <Include>
+    <Key Path="\\REGISTRY\\USER\\\[{AppVCurrentUserSID}\]\\Software\\ABC">
+    <Value Type="REG\_SZ" Name="Bar" Data="NewValue" />
+     </Key>
+      <Key Path="\\REGISTRY\\USER\\\[{AppVCurrentUserSID}\]\\Software\\EmptyKey" />
+     </Include>
+    <Delete>
+      </Registry>
+```
+
+**Virtual File System**
+
+`          <FileSystem Enabled="true" />`
+
+**Virtual Fonts**
+
+`          <Fonts Enabled="false" />`
+
+**Virtual Environment Variables**
+
+```
+    <EnvironmentVariables Enabled="true">
+    <Include>
+           <Variable Name="UserPath" Value="%path%;%UserProfile%" />
+           <Variable Name="UserLib" Value="%UserProfile%\\ABC" />
+           </Include>
+          <Delete>
+           <Variable Name="lib" />
+            </Delete>
+            </EnvironmentVariables>
+```
+
+**Virtual services**
+
+`          <Services Enabled="false" />`
+
+**UserScripts** – Scripts can be used to setup or alter the virtual environment as well as execute scripts at time of deployment or removal, before an application executes, or they can be used to “clean up” the environment after the application terminates. Please reference a sample User configuration file that is output by the sequencer to see a sample script. The Scripts section below provides more information on the various triggers that can be used.
+
+### Dynamic Deployment Configuration file
+
+**Header** - The header of a Deployment Configuration file is as follows:
+
+```
+<?xml version="1.0" encoding="utf-8"?><DeploymentConfiguration PackageId="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/deploymentconfiguration">
+```
+
+The **PackageId** is the same value as exists in the manifest file.
+
+**Body** - The body of the deployment configuration file includes two sections:
+
+-   User Configuration section –allows the same content as the User Configuration file described in the previous section. When the package is published to a user, any appextensions configuration settings in this section will override corresponding settings in the Manifest within the package unless a user configuration file is also provided. If a UserConfig file is also provided, it will be used instead of the User settings in the deployment configuration file. If the package is published globally, then only the contents of the deployment configuration file will be used in combination with the manifest.
+
+-   Machine Configuration section–contains information that can be configured only for an entire machine, not for a specific user on the machine. For example, HKEY\_LOCAL\_MACHINE registry keys in the VFS.
+
+```
+<DeploymentConfiguration PackageId="1f8488bf-2257-46b4-b27f-09c9dbaae707" DisplayName="Reserved" xmlns="http://schemas.microsoft.com/appv/2010/deploymentconfiguration">
+<UserConfiguration>
+  ..
+</UserConfiguration>
+<MachineConfiguration>
+..
+</MachineConfiguration>
+..
+</MachineConfiguration>
+</DeploymentConfiguration>
+```
+
+**User Configuration** - use the previous **Dynamic User Configuration file** section for information on settings that are provided in the user configuration section of the Deployment Configuration file.
+
+Machine Configuration - the Machine configuration section of the Deployment Configuration File is used to configure information that can be set only for an entire machine, not for a specific user on the computer. For example, HKEY\_LOCAL\_MACHINE registry keys in the Virtual Registry. There are four subsections allowed in under this element
+
+1.  **Subsystems** - AppExtensions and other subsystems are arranged as subnodes under <Subsystems>:
+
+```
+    <MachineConfiguration>
+      <Subsystems>
+      ..
+      </Subsystems>
+    ..
+    </MachineConfiguration>
+```
+
+The following section displays the various subsystems and usage samples.
+
+**Extensions**:
+
+Some subsystems (Extension Subsystems) control Extensions which can only apply to all users. The subsystem is application capabilities. Because this can only apply to all users, the package must be published globally in order for this type of extension to be integrated into the local system. The same rules for controls and settings that apply to the Extensions in the User Configuration also apply to those in the MachineConfiguration section.
+
+**Application Capabilities**: Used by default programs in windows operating system Interface. Allows an application to register itself as capable of opening certain file extensions, as a contender for the start menu internet browser slot, as capable of opening certain windows MIME types.  This extension also makes the virtual application visible in the Set Default Programs UI.:
+
+```
+    <ApplicationCapabilities Enabled="true">
+      <Extensions>
+       <Extension Category="AppV.ApplicationCapabilities">
+        <ApplicationCapabilities>
+         <ApplicationId>\[{PackageRoot}\]\\LitView\\LitViewBrowser.exe</ApplicationId>
+         <Reference>
+          <Name>LitView Browser</Name>
+          <Path>SOFTWARE\\LitView\\Browser\\Capabilities</Path>
+         </Reference>
+       <CapabilityGroup>
+        <Capabilities>
+         <Name>@\[{ProgramFilesX86}\]\\LitView\\LitViewBrowser.exe,-12345</Name>
+         <Description>@\[{ProgramFilesX86}\]\\LitView\\LitViewBrowser.exe,-12346</Description>
+         <Hidden>0</Hidden>
+         <EMailSoftwareClient>Lit View E-Mail Client</EMailSoftwareClient>
+         <FileAssociationList>
+          <FileAssociation Extension=".htm" ProgID="LitViewHTML" />
+          <FileAssociation Extension=".html" ProgID="LitViewHTML" />
+          <FileAssociation Extension=".shtml" ProgID="LitViewHTML" />
+         </FileAssociationList>
+         <MIMEAssociationList>
+          <MIMEAssociation Type="audio/mp3" ProgID="LitViewHTML" />
+          <MIMEAssociation Type="audio/mpeg" ProgID="LitViewHTML" />
+         </MIMEAssociationList>
+        <URLAssociationList>
+          <URLAssociation Scheme="http" ProgID="LitViewHTML.URL.http" />
+         </URLAssociationList>
+         </Capabilities>
+      </CapabilityGroup>
+       </ApplicationCapabilities>
+      </Extension>
+    </Extensions>
+    </ApplicationCapabilities>
+```
+
+**Other Settings**:
+
+In addition to Extensions, other subsystems can be edited:
+
+**Machine Wide Virtual Registry**: Used when you want to set a registry key in the virtual registry within HKEY\_Local\_Machine
+
+```
+    <Registry>
+    <Include>
+      <Key Path="\\REGISTRY\\Machine\\Software\\ABC">
+        <Value Type="REG\_SZ" Name="Bar" Data="Baz" />
+       </Key>
+      <Key Path="\\REGISTRY\\Machine\\Software\\EmptyKey" />
+     </Include>
+    <Delete>
+    </Registry>
+```
+
+**Machine Wide Virtual Kernel Objects**
+
+```
+    <Objects>
+    <NotIsolate>
+       <Object Name="testObject" />
+     </NotIsolate>
+    </Objects>
+```
+
+**ProductSourceURLOptOut**: Indicates whether the URL for the package can be modified globally through PackageSourceRoot (to support branch office scenarios). Default is false and the setting change takes effect on the next launch.
+
+```
+    <MachineConfiguration>
+      .. 
+      <ProductSourceURLOptOut Enabled="true" />
+      ..
+    </MachineConfiguration>
+```
+
+**MachineScripts** – Package can be configured to execute scripts at time of deployment, publishing or removal. Please reference a sample deployment configuration file that is generated by the sequencer to see a sample script. The Scripts section below provides more information on the various triggers that can be used
+
+**TerminateChildProcess**:- An application executable can be specified, whose child processes will be terminated when the application exe process is terminated.
+
+```
+    <MachineConfiguration>
+      ..   
+      <TerminateChildProcesses>
+        <Application Path="\[{PackageRoot}\]\\Contoso\\ContosoApp.EXE" />
+        <Application Path="\[{PackageRoot}\]\\LitView\\LitViewBrowser.exe" />
+        <Application Path="\[{ProgramFilesX86}\]\\Microsoft Contoso\\Contoso\\contosomail.EXE" />
+      </TerminateChildProcesses>
+      ..
+    </MachineConfiguration>
+```
+
+### Scripts
+
+The following table describes the various script events and the context under which they can be run.
+
+<table style="width:100%;">
+<colgroup>
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Script Execution Time</th>
+<th align="left">Can be specified in Deployment Configuration</th>
+<th align="left">Can be specified in User Configuration</th>
+<th align="left">Can run in the Virtual Environment of the package</th>
+<th align="left">Can be run in the context of a specific application</th>
+<th align="left">Runs in system/user context: (Deployment Configuration, User Configuration)</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>AddPackage</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p></p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>(SYSTEM, N/A)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>PublishPackage</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>(SYSTEM, User)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>UnpublishPackage</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>(SYSTEM, User)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>RemovePackage</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p></p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>(SYSTEM, N/A)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>StartProcess</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>(User, User)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>ExitProcess</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>(User, User)</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>StartVirtualEnvironment</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>(User, User)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>TerminateVirtualEnvironment</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>(User, User)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Using multiple scripts on a single event trigger
+
+App-V supports the use of multiple scripts on a single event trigger for App-V packages, including packages that you convert from App-V 4.6 to App-V for Windows 10. To enable the use of multiple scripts, App-V uses a script launcher application, named ScriptRunner.exe, which is included in the App-V client.
+
+**How to use multiple scripts on a single event trigger:**
+
+For each script that you want to run, pass that script as an argument to the ScriptRunner.exe application. The application then runs each script separately, along with the arguments that you specify for each script. Use only one script (ScriptRunner.exe) per trigger.
+
+**Note**  
+We recommended that you run the multi-script line from a command prompt first to make sure that all arguments are built correctly before adding them to the deployment configuration file.
+
+ 
+
+**Example script and parameter descriptions**
+
+Using the following example file and table, modify the deployment or user configuration file to add the scripts that you want to run.
+
+``` syntax
+<MachineScripts>
+ <AddPackage>
+   <Path>ScriptRunner.exe</Path>
+   <Arguments>
+   -appvscript script1.exe arg1 arg2 –appvscriptrunnerparameters –wait –timeout=10
+   -appvscript script2.vbs arg1 arg2
+   -appvscript script3.bat arg1 arg2 –appvscriptrunnerparameters –wait –timeout=30 –rollbackonerror
+   </Arguments>
+   <Wait timeout=”40” RollbackOnError=”true”/>
+ </AddPackage>
+</MachineScripts>
+```
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Parameter in the example file</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p><code><AddPackage></code></p></td>
+<td align="left"><p>Name of the event trigger for which you are running a script, such as adding a package or publishing a package.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><code><Path>ScriptRunner.exe</Path></code></p></td>
+<td align="left"><p>The script launcher application that is included in the App-V client.</p>
+<div class="alert">
+<strong>Note</strong>  
+<p>Although ScriptRunner.exe is included in the App-V client, the location of the App-V client must be in %path% or ScriptRunner will not run. ScriptRunner.exe is typically located in the C:\Program Files\Microsoft Application Virtualization\Client folder.</p>
+</div>
+<div>
+ 
+</div></td>
+</tr>
+<tr class="odd">
+<td align="left"><pre class="syntax" space="preserve"><code><Arguments>
+-appvscript script1.exe arg1 arg2 –appvscriptrunnerparameters –wait –timeout=10
+
+-appvscript script2.vbs arg1 arg2
+
+-appvscript script3.bat arg1 arg2 –appvscriptrunnerparameters –wait –timeout=30 -rollbackonerror
+</Arguments></code></pre></td>
+<td align="left"><p><code>-appvscript</code> - Token that represents the actual script that you want to run.</p>
+<p><code>script1.exe</code> – Name of the script that you want to run.</p>
+<p><code>arg1 arg2</code> – Arguments for the script that you want to run.</p>
+<p><code>-appvscriptrunnerparameters</code> – Token that represents the execution options for <code>script1.exe</code></p>
+<p><code>-wait</code> – Token that informs ScriptRunner to wait for execution of <code>script1.exe</code> to complete before proceeding to the next script.</p>
+<p><code>-timeout=x</code> – Token that informs ScriptRunner to stop running the current script after <code>x</code> number of seconds. All other specified scripts will still run.</p>
+<p><code>-rollbackonerror</code> – Token that informs ScriptRunner to stop running all scripts that haven't yet run and to roll back an error to the App-V client.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><code><Wait timeout=”40” RollbackOnError=”true”/></code></p></td>
+<td align="left"><p>Waits for overall completion of ScriptRunner.exe.</p>
+<p>Set the timeout value for the overall runner to be greater than or equal to the sum of the timeout values on the individual scripts.</p>
+<p>If any individual script reported an error and rollbackonerror was set to <code>true</code>, then ScriptRunner would report the error to App-V client.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+ScriptRunner will run any script whose file type is associated with an application installed on the computer. If the associated application is missing, or the script’s file type is not associated with any application on the computer, the script will not run.
+
+### Create a Dynamic Configuration file using an App-V Manifest file
+
+You can create the Dynamic Configuration file using one of three methods: either manually, using the App-V Management Console or sequencing a package, which will be generated with 2 sample files.
+
+For more information about how to create the file using the App-V Management Console see, [How to Create a Custom Configuration File by Using the App-V Management Console](appv-create-a-custom-configuration-file-with-the-management-console.md).
+
+To create the file manually, the information above in previous sections can be combined into a single file. We recommend you use files generated by the sequencer.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)
+
+[How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/manage/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
new file mode 100644
index 0000000000..bdf05bd7cd
--- /dev/null
+++ b/windows/manage/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
@@ -0,0 +1,31 @@
+---
+title: How to Enable Only Administrators to Publish Packages by Using an ESD (Windows 10)
+description: How to Enable Only Administrators to Publish Packages by Using an ESD
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Enable Only Administrators to Publish Packages by Using an ESD
+
+**Applies to**
+-   Windows 10, version 1607
+
+Starting in App-V 5.0 SP3, you can configure the App-V client so that only administrators (not end users) can publish or unpublish packages. In earlier versions of App-V, you could not prevent end users from performing these tasks.
+
+**To enable only administrators to publish or unpublish packages**
+
+1.  Navigate to the following Group Policy Object node:
+
+    **Computer Configuration &gt; Administrative Templates &gt; System &gt; App-V &gt; Publishing**.
+
+2.  Enable the **Require publish as administrator** Group Policy setting.
+
+    To instead use Windows PowerShell to set this item, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs).
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/manage/appv-enable-reporting-on-the-appv-client-with-powershell.md
new file mode 100644
index 0000000000..084189822a
--- /dev/null
+++ b/windows/manage/appv-enable-reporting-on-the-appv-client-with-powershell.md
@@ -0,0 +1,89 @@
+---
+title: How to Enable Reporting on the App-V Client by Using Windows PowerShell (Windows 10)
+description: How to Enable Reporting on the App-V Client by Using Windows PowerShell
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Enable Reporting on the App-V Client by Using Windows PowerShell
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following procedure to configure the App-V for reporting.
+
+**To configure the computer running the App-V client for reporting**
+
+1.  Enable the App-V client. For more information, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
+
+2.  After you have enabled the App-V client, use the **Set-AppvClientConfiguration** cmdlet to configure appropriate Reporting Configuration settings:
+
+    <table>
+    <colgroup>
+    <col width="30%" />
+    <col width="70%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">Setting</th>
+    <th align="left">Description</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>ReportingEnabled</p></td>
+    <td align="left"><p>Enables the client to return information to a reporting server. This setting is required for the client to collect the reporting data on the client.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>ReportingServerURL</p></td>
+    <td align="left"><p>Specifies the location on the reporting server where client information is saved. For example, http://&lt;reportingservername&gt;:&lt;reportingportnumber&gt;.</p>
+    <div class="alert">
+    <strong>Note</strong>  
+    <p>This is the port number that was assigned during the Reporting Server setup</p>
+    </div>
+    <div>
+     
+    </div></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>Reporting Start Time</p></td>
+    <td align="left"><p>This is set to schedule the client to automatically send the data to the server. This setting will indicate the hour at which the reporting data will start to send. It is in the 24 hour format and will take a number between 0-23.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>ReportingRandomDelay</p></td>
+    <td align="left"><p>Specifies the maximum delay (in minutes) for data to be sent to the reporting server. When the scheduled task is started, the client generates a random delay between 0 and ReportingRandomDelay and will wait the specified duration before sending data.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>ReportingInterval</p></td>
+    <td align="left"><p>Specifies the retry interval that the client will use to resend data to the reporting server.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>ReportingDataCacheLimit</p></td>
+    <td align="left"><p>Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>ReportingDataBlockSize</p></td>
+    <td align="left"><p>Specifies the maximum size in megabytes (MB) of the XML cache for storing reporting information. The size applies to the cache in memory. When the limit is reached, the log file will roll over.</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+3.  After the appropriate settings have been configured, the computer running the App-V client will automatically collect data and will send the data back to the reporting server.
+
+    Additionally, administrators can manually send the data back in an on-demand manner using the **Send-AppvClientReport** cmdlet.
+
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
diff --git a/windows/manage/appv-enable-the-app-v-desktop-client.md b/windows/manage/appv-enable-the-app-v-desktop-client.md
new file mode 100644
index 0000000000..7231debe95
--- /dev/null
+++ b/windows/manage/appv-enable-the-app-v-desktop-client.md
@@ -0,0 +1,53 @@
+---
+title: Enable the App-V in-box client (Windows 10)
+description: How to enable the App-V in-box client installed with Windows 10.
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Enable the App-V in-box client
+
+**Applies to**
+-   Windows 10, version 1607
+
+The App-V client is the component that runs virtualized applications on user devices. The client enables users to interact with icons and file names to start virtualized applications. The client can also get virtual application content from the management server.
+
+With Windows 10, version 1607, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell.
+
+**To enable the App-V client with Group Policy:**
+
+1.  Open the device’s **Group Policy Editor**.
+
+2.  Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **App-V**.
+
+3.  Run **Enables App-V Client** and then select **Enabled** on the screen that appears.
+
+4.  Restart the device.
+
+**To enable the App-V client with Windows PowerShell:**
+
+1.  Open Windows PowerShell.
+
+2.  Type `Enable-Appv` and press ENTER.
+
+3.  Restart the device.
+
+4.  To verify that the App-V client is enabled on the device, type `Get-AppvStatus` and press ENTER.
+
+
+For information about configuring the App-V client, see:
+
+- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+
+- [How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)
+
+- [Using the client management console](appv-using-the-client-management-console.md)
+
+- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) 
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-evaluating-appv.md b/windows/manage/appv-evaluating-appv.md
new file mode 100644
index 0000000000..c125dd8975
--- /dev/null
+++ b/windows/manage/appv-evaluating-appv.md
@@ -0,0 +1,53 @@
+---
+title: Evaluating App-V (Windows 10)
+description: Evaluating App-V for Windows 10
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Evaluating App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+Before you deploy App-V into a production environment, you should evaluate it in a lab environment. You can use the information in this topic to set up App-V in a lab environment for evaluation purposes only.
+
+## Configure lab computers for App-V Evaluation
+
+Use the following links for information about setting up the App-V sequencer on a computer in your lab environment.
+
+### Installing the App-V Sequencer and Creating Packages
+
+Use the following links for information about setting up the App-V sequencer and creating packages in your lab environment.
+
+-   [How to Install the Sequencer](appv-install-the-sequencer.md)
+
+-   [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md)
+
+### Configuring the App-V Server
+
+Use the following links for information about setting up the App-V server in your lab environment.
+
+-   [How to Deploy the App-V server](appv-deploy-the-appv-server.md)
+
+-   [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md)
+
+### Enabling the App-V Client
+
+Use the following links for more information about creating and managing virtualized packages in your lab environment.
+
+-   [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
+
+-   [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md)
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Getting Started with App-V](appv-getting-started.md)
diff --git a/windows/manage/appv-for-windows.md b/windows/manage/appv-for-windows.md
new file mode 100644
index 0000000000..aa08aead59
--- /dev/null
+++ b/windows/manage/appv-for-windows.md
@@ -0,0 +1,63 @@
+---
+title: Application Virtualization (App-V) (Windows 10)
+description: Application Virtualization (App-V)
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Application Virtualization (App-V) for Windows 10 overview
+
+**Applies to**
+-   Windows 10, version 1607
+
+The topics in this section provide information and step-by-step procedures to help you administer App-V and its components. This information will be valuable for system administrators who manage large installations with many servers and clients and for support personnel who interact directly with the computers or the end users.
+
+[Getting Started with App-V](appv-getting-started.md)  
+
+- [What's new in App-V](appv-about-appv.md)
+- [Evaluating App-V](appv-evaluating-appv.md)
+- [High Level Architecture for App-V](appv-high-level-architecture.md)
+
+[Planning for App-V](appv-planning-for-appv.md)  
+
+- [Preparing Your Environment for App-V](appv-preparing-your-environment.md)
+- [App-V Prerequisites](appv-prerequisites.md)
+- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+- [App-V Supported Configurations](appv-supported-configurations.md)
+- [App-V Planning Checklist](appv-planning-checklist.md)
+
+[Deploying App-V](appv-deploying-appv.md)  
+
+- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+- [Deploying the App-V Server](appv-deploying-the-appv-server.md)
+- [App-V Deployment Checklist](appv-deployment-checklist.md)
+- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
+- [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
+
+[Operations for App-V](appv-operations.md)  
+
+- [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md)
+- [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md)
+- [Managing Connection Groups](appv-managing-connection-groups.md)
+- [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
+- [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
+- [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
+- [Maintaining App-V](appv-maintaining-appv.md)
+- [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
+
+[Troubleshooting App-V](appv-troubleshooting.md)  
+
+[Technical Reference for App-V](appv-technical-reference.md)  
+
+- [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
+- [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md)
+- [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md)
+- [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md)
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-getting-started.md b/windows/manage/appv-getting-started.md
new file mode 100644
index 0000000000..9a7b624486
--- /dev/null
+++ b/windows/manage/appv-getting-started.md
@@ -0,0 +1,77 @@
+---
+title: Getting Started with App-V (Windows 10)
+description: Getting Started with App-V for Windows 10
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Getting Started with App-V for Windows 10
+
+**Applies to**
+-   Windows 10, version 1607
+
+Microsoft Application Virtualization (App-V) for Windows 10 enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points and interact with them as if they were installed locally.
+
+With the release of Windows 10, version 1607, App-V is included with the [Windows 10 for Enterprise edition](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise). If you are new to Windows 10 and App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. For information about what you need to know before getting started with App-V, see the [Application Virtualization (App-V) overview](appv-for-windows.md).
+
+If you’re already using App-V, performing an in-place upgrade to Windows 10 on user devices automatically installs the App-V client and migrates users’ App-V applications and settings. For more information about how to configure an existing App-V installation after upgrading user devices to Windows 10, see [Upgrading to App-V for Windows 10 from an existing installation](appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md).
+
+>**Important**
+You can upgrade your existing App-V installation to App-V for Windows from App-V versions 5.0 SP2 and higher only. If you are using an earlier version of App-V, you’ll need to upgrade from that version to App-V 5.0 SP2 before you upgrade.
+
+For information about previous versions of App-V, see [MDOP Information Experience](https://technet.microsoft.com/itpro/mdop/index).
+
+## Getting started with App-V for Windows 10 (new installations)
+
+To start using App-V to deliver virtual applications to users, you’ll need to download, enable, and install server- and client-side components. The following table provides information about the App-V for Windows 10 components and where to find them.
+
+<!--App-V Remote Desktop Services (RDS) client once had its own row in the table below, and could have its own row again. As of 7/29/2016, it's in the same row as App-V client --> 
+
+| Component  | What it does     | Where to find it     |
+|------------|--|------|
+| App-V server components         | App-V offers five server components that work together to allow you to host and publish virtual applications, generate usage reports, and manage your App-V environment. For information about the server components, see [Deploying the App-V Server](appv-deploying-the-appv-server.md).<br><br>**Note** If you're already using App-V 5.x, you don't need to re-deploy the App-V server components as they haven't changed since App-V 5.0 was released. | The App-V server components are included in the Microsoft Desktop Optimization Pack (MDOP) 2015 ISO package, which can be downloaded from:<br><br> - The [MSDN (Microsoft Developer Network) subscriptions site](https://msdn.microsoft.com/en-us/subscriptions/downloads/default.aspx#FileId=65215). You must have a MSDN subscription to download the MDOP ISO package from the MSDN subscriptions site.<br><br> -  The [Volume Licensing Service Center](https://www.microsoft.com/en-us/licensing/default.aspx) if you're using [Windows 10 for Enterprise or Education](https://www.microsoft.com/en-us/WindowsForBusiness/windows-product-home).<br><br>See [Deploying the App-V Server](appv-deploying-the-appv-server.md) for more information about installing and using the server components. 
+| App-V client and App-V Remote Desktop Services (RDS) client       | The App-V client is the component that runs virtualized applications on user devices. The client enables users to interact with icons and file names to start virtualized applications. | The App-V client is automatically installed with Windows 10, version 1607. <br><br>For information about enabling the client, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).           |
+| App-V sequencer      | Use the App-V sequencer to convert Win32 applications into virtual packages for deployment to user devices. Devices must be running the App-V client to allow users to interact with virtual applications.    | Installed with the [Windows Assessment and Deployment kit (ADK) for Windows 10, version 1607](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).  |
+
+For more information about these components, see [High Level Architecture for App-V](appv-high-level-architecture.md).
+
+If you are new to this product, we recommend that you read the documentation thoroughly. Before you deploy it to a production environment, we also recommend that you validate your deployment plan in a test network environment. You might also consider taking a class about relevant technologies. For information about Microsoft training opportunities, see the [Microsoft Training Overview](https://www.microsoft.com/en-us/learning/default.aspx).
+
+## Getting started with App-V
+
+
+-   [What's new in App-V](appv-about-appv.md)
+
+    Provides a high-level overview of App-V and how it can be used in your organization.
+
+-   [Evaluating App-V](appv-evaluating-appv.md)
+
+    Provides information about how you can best evaluate App-V for use in your organization.
+
+-   [High Level Architecture for App-V](appv-high-level-architecture.md)
+
+    Provides a description of the App-V features and how they work together.
+
+## <a href="" id="other-resources-for-this-product-"></a>Other resources for this product
+
+
+-   [Application Virtualization (App-V) overview](appv-for-windows.md)
+
+-   [Planning for App-V](appv-planning-for-appv.md)
+
+-   [Deploying App-V](appv-deploying-appv.md)
+
+-   [Operations for App-V](appv-operations.md)
+
+-   [Troubleshooting App-V](appv-troubleshooting.md)
+
+-   [Technical Reference for App-V](appv-technical-reference.md)
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
diff --git a/windows/manage/appv-high-level-architecture.md b/windows/manage/appv-high-level-architecture.md
new file mode 100644
index 0000000000..b44b2ca181
--- /dev/null
+++ b/windows/manage/appv-high-level-architecture.md
@@ -0,0 +1,84 @@
+---
+title: High Level Architecture for App-V (Windows 10)
+description: High Level Architecture for App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# High Level Architecture for App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following information to help you simplify you Microsoft Application Virtualization (App-V) deployment.
+
+## Architecture Overview
+
+
+A typical App-V implementation consists of the following elements.
+
+<table>
+<colgroup>
+<col width="30%" />
+<col width="70%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Element</th>
+<th align="left">More information</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>App-V Management Server</p></td>
+<td align="left"><p>The App-V Management server provides overall management functionality for the App-V infrastructure. Additionally, you can install more than one instance of the management server in your environment which provides the following benefits:</p>
+<ul>
+<li><p>Fault Tolerance and High Availability – Installing and configuring the App-V Management server on two separate computers can help in situations when one of the servers is unavailable or offline.</p>
+<p>You can also help increase App-V availability by installing the Management server on multiple computers. In this scenario, a network load balancer should also be considered so that server requests are balanced.</p></li>
+<li><p>Scalability – You can add additional management servers as necessary to support a high load, for example you can install multiple servers behind a load balancer.</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>App-V Publishing Server</p></td>
+<td align="left"><p>The App-V publishing server provides functionality for virtual application hosting and streaming. The publishing server does not require a database connection and supports the following protocols:</p>
+<ul>
+<li><p>HTTP, and HTTPS</p></li>
+</ul>
+<p>You can also help increase App-V availability by installing the Publishing server on multiple computers. A network load balancer should also be considered so that server requests are balanced.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>App-V Reporting Server</p></td>
+<td align="left"><p>The App-V Reporting server enables authorized users to run and view existing App-V reports and ad hoc reports that can help them manage the App-V infrastructure. The Reporting server requires a connection to the App-V reporting database. You can also help increase App-V availability by installing the Reporting server on multiple computers. A network load balancer should also be considered so that server requests are balanced.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>App-V Client</p></td>
+<td align="left"><p>The App-V client enables packages created using App-V to run on target computers.</p></td>
+</tr>
+</tbody>
+</table>
+
+
+**Note**  
+If you are using App-V with Electronic Software Distribution (ESD) you are not required to use the App-V Management server. However, you can still utilize the reporting and streaming functionality of App-V.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[Getting Started with App-V](appv-getting-started.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-install-the-appv-client-for-shared-content-store-mode.md b/windows/manage/appv-install-the-appv-client-for-shared-content-store-mode.md
new file mode 100644
index 0000000000..77ee61220b
--- /dev/null
+++ b/windows/manage/appv-install-the-appv-client-for-shared-content-store-mode.md
@@ -0,0 +1,4 @@
+---
+title: How to Install the App-V Client for Shared Content Store Mode (Windows 10)
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-sequencer-and-client
+---
diff --git a/windows/manage/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/manage/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
new file mode 100644
index 0000000000..60cde870db
--- /dev/null
+++ b/windows/manage/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
@@ -0,0 +1,145 @@
+---
+title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell (Windows 10)
+description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell
+
+**Applies to**
+-   Windows Server 2016
+
+Use the following Windows PowerShell procedure to convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by Microsoft SQL Server when running SQL scripts.
+
+Before attempting this procedure, you should read and understand the information and examples displayed in the following list:
+
+-   **.INPUTS** – The account or accounts used to convert to SID format. This can be a single account name or an array of account names.
+
+-   **.OUTPUTS** - A list of account names with the corresponding SID in standard and hexadecimal formats.
+
+-   **Examples** -
+
+    **.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List**.
+
+    **$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")**
+
+    **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200**
+
+    \#&gt;
+
+**To convert any number of Active Directory Domain Services (AD DS) user or machine accounts into formatted Security Identifiers (SIDs)**
+
+1.  Copy the following script into a text editor and save it as a Windows PowerShell script file, for example **ConvertToSIDs.ps1**.
+
+2.  To open a Windows PowerShell console, click **Start** and type **PowerShell**. Right-click **Windows PowerShell** and select **Run as Administrator**.
+
+    ``` syntax
+    <#
+    .SYNOPSIS
+    This Windows PowerShell script will take an array of account names and try to convert each of them to the corresponding SID in standard and hexadecimal formats.
+    .DESCRIPTION
+    This is a Windows PowerShell script that converts any number of Active Directory (AD) user or machine accounts into formatted Security Identifiers (SIDs) both in the standard format and in the hexadecimal format used by SQL server when running SQL scripts.
+    .INPUTS
+    The account(s) to convert to SID format. This can be a single account name or an array of account names. Please see examples below.
+    .OUTPUTS
+    A list of account names with the corresponding SID in standard and hexadecimal formats
+    .EXAMPLE
+    .\ConvertToSID.ps1 DOMAIN\user_account1 DOMAIN\machine_account1$ DOMAIN\user_account2 | Format-List
+    .EXAMPLE
+    $accountsArray = @("DOMAIN\user_account1", "DOMAIN\machine_account1$", "DOMAIN_user_account2")
+    .\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\SIDs.txt -Width 200
+    #>
+
+    []()  
+
+    []()  
+    function ConvertSIDToHexFormat
+    {
+       param([System.Security.Principal.SecurityIdentifier]$sidToConvert)
+       $sb = New-Object System.Text.StringBuilder
+        [int] $binLength = $sidToConvert.BinaryLength
+        [Byte[]] $byteArray = New-Object Byte[] $binLength
+       $sidToConvert.GetBinaryForm($byteArray, 0)
+       foreach($byte in $byteArray)
+       {
+       $sb.Append($byte.ToString("X2")) |Out-Null
+       }
+       return $sb.ToString()
+    }
+     [string[]]$myArgs = $args
+    if(($myArgs.Length -lt 1) -or ($myArgs[0].CompareTo("/?") -eq 0))
+    {
+     [string]::Format("{0}====== Description ======{0}{0}" +
+    "  Converts any number of user or machine account names to string and hexadecimal SIDs.{0}" +
+                   "  Pass the account(s) as space separated command line parameters. (For example 'ConvertToSID.exe DOMAIN\\Account1 DOMAIN\\Account2 ...'){0}" +
+                   "  The output is written to the console in the format 'Account name    SID as string   SID as hexadecimal'{0}" +
+                   "  And can be written out to a file using standard Windows PowerShell redirection{0}" +
+                   "  Please specify user accounts in the format 'DOMAIN\username'{0}" + 
+                   "  Please specify machine accounts in the format 'DOMAIN\machinename$'{0}" +
+                   "  For more help content, please run 'Get-Help ConvertToSID.ps1'{0}" + 
+                   "{0}====== Arguments ======{0}" +
+                   "{0}  /?    Show this help message", [Environment]::NewLine) 
+    {
+    else
+    {  
+        #If an array was passed in, try to split it
+        if($myArgs.Length -eq 1)
+        {
+            $myArgs = $myArgs.Split(' ')
+        }
+
+        #Parse the arguments for account names
+        foreach($accountName in $myArgs)
+        {    
+            [string[]] $splitString = $accountName.Split('\')  # We're looking for the format "DOMAIN\Account" so anything that does not match, we reject
+            if($splitString.Length -ne 2)
+            {
+                $message = [string]::Format("{0} is not a valid account name. Expected format 'Domain\username' for user accounts or 'DOMAIN\machinename$' for machine accounts.", $accountName)
+                Write-Error -Message $message
+                continue
+            }
+            #Convert any account names to SIDs
+            try
+            {
+                [System.Security.Principal.NTAccount] $account = New-Object System.Security.Principal.NTAccount($splitString[0], $splitString[1])
+                [System.Security.Principal.SecurityIdentifier] $SID = [System.Security.Principal.SecurityIdentifier]($account.Translate([System.Security.Principal.SecurityIdentifier]))
+            }
+            catch [System.Security.Principal.IdentityNotMappedException]
+            {
+                $message = [string]::Format("Failed to translate account object '{0}' to a SID. Please verify that this is a valid user or machine account.", $account.ToString())
+                Write-Error -Message $message
+                continue
+            }
+
+            #Convert regular SID to binary format used by SQL
+            $hexSIDString = ConvertSIDToHexFormat $SID
+            $SIDs = New-Object PSObject
+            $SIDs | Add-Member NoteProperty Account $accountName
+            $SIDs | Add-Member NoteProperty SID $SID.ToString()
+            $SIDs | Add-Member NoteProperty Hexadecimal $hexSIDString
+
+            Write-Output $SIDs
+        }
+    }
+    ```
+
+3.  Run the script you saved in step one of this procedure passing the accounts to convert as arguments.
+
+    For example,
+
+    **.\\ConvertToSID.ps1 DOMAIN\\user\_account1 DOMAIN\\machine\_account1$ DOMAIN\\user\_account2 | Format-List” or “$accountsArray = @("DOMAIN\\user\_account1", "DOMAIN\\machine\_account1$", "DOMAIN\_user\_account2")**
+
+    **.\\ConvertToSID.ps1 $accountsArray | Write-Output -FilePath .\\SIDs.txt -Width 200”**
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
diff --git a/windows/manage/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/manage/appv-install-the-management-and-reporting-databases-on-separate-computers.md
new file mode 100644
index 0000000000..d4cf994c82
--- /dev/null
+++ b/windows/manage/appv-install-the-management-and-reporting-databases-on-separate-computers.md
@@ -0,0 +1,99 @@
+---
+title: How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services (Windows 10)
+description: How to install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services
+
+**Applies to**
+-   Windows Server 2016
+
+Use the following procedure to install the database server and management server on different computers. The computer you plan to install the database server on must be running a supported version of Microsoft SQL or the installation will fail.
+
+>**Note**  
+After you complete the deployment, the **Microsoft SQL Server name**, **instance name** and **database name** will be required by the administrator installing the service to be able to connect to these databases.
+
+**To install the management database and the management server on separate computers**
+
+1.  Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+
+2.  On the **Getting Started** page, review and accept the license terms, and click **Next**.
+
+3.  On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
+
+4.  On the **Feature Selection** page, select the components you want to install by selecting the **Management Server Database** checkbox and click **Next**.
+
+5.  On the **Installation Location** page, accept the default location and click **Next**.
+
+6.  On the initial **Create New Management Server Database page**, accept the default selections if appropriate, and click **Next**.
+
+    If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance.
+
+    If you are using a custom database name, then select **Custom configuration** and type the database name.
+
+7.  On the next **Create New Management Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: **Domain\\MachineAccount**.
+
+    >**Note**  
+    If you plan to deploy the management server on the same computer you must select **Use this local computer**. Specify the user name for the management server **Install Administrator** using the following format: Domain\\AdministratorLoginName. Click **Next**.
+
+8.  To start the installation, click **Install**.
+
+**To install the reporting database and the reporting server on separate computers**
+
+1.  Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+
+2.  On the **Getting Started** page, review and accept the license terms, and click **Next**.
+
+3.  On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
+
+4.  On the **Feature Selection** page, select the components you want to install by selecting the **Reporting Server Database** checkbox and click **Next**.
+
+5.  On the **Installation Location** page, accept the default location and click **Next**.
+
+6.  On the initial **Create New Reporting Server Database** page, accept the default selections if appropriate, and click **Next**.
+
+    If you are using a custom SQL Server instance, then select **Use a custom instance** and type the name of the instance.
+
+    If you are using a custom database name, then select **Custom configuration** and type the database name.
+
+7.  On the next **Create New Reporting Server Database** page, select **Use a remote computer**, and type the remote machine account using the following format: Domain\\MachineAccount.
+
+    **Note**  
+    If you plan to deploy the reporting server on the same computer you must select **Use this local computer**. Specify the user name for the reporting server **Install Administrator** using the following format: Domain\\AdministratorLoginName. Click **Next**.
+
+8.  To start the installation, click **Install**.
+
+**To install the management and reporting databases using App-V database scripts**
+
+1.  Copy the App-V server installation files to the computer on which you want to install it on.
+
+2.  To extract the App-V database scripts, open a command prompt and specify the location where the installation files are saved and run the following command:
+
+    **appv\_server\_setup.exe** **/LAYOUT** **/LAYOUTDIR=”InstallationExtractionLocation”**
+
+3.  After the extraction has been completed, to access the App-V database scripts and instructions readme file:
+
+    -   The App-V Management Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Management Database**.
+
+    -   The App-V Reporting Database scripts and instructions readme are located in the following folder: **InstallationExtractionLocation** \\ **Database Scripts** \\ **Reporting Database**.
+
+4.  For each database, copy the scripts to a share and modify them following the instructions in the readme file.
+
+    **Note**  
+    For more information about modifying the required SIDs contained in the scripts see, [How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell](appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md).     
+
+5.  Run the scripts on the computer running Microsoft SQL Server.
+
+## Have a suggestion for App-V? 
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Deploying App-V](appv-deploying-appv.md)
diff --git a/windows/manage/appv-install-the-management-server-on-a-standalone-computer.md b/windows/manage/appv-install-the-management-server-on-a-standalone-computer.md
new file mode 100644
index 0000000000..1c9adffb02
--- /dev/null
+++ b/windows/manage/appv-install-the-management-server-on-a-standalone-computer.md
@@ -0,0 +1,60 @@
+---
+title: How to install the Management Server on a Standalone Computer and Connect it to the Database (Windows 10)
+description: How to install the Management Server on a Standalone Computer and Connect it to the Database
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to install the Management Server on a Standalone Computer and Connect it to the Database
+
+**Applies to**
+-   Windows Server 2016
+
+Use the following procedure to install the management server on a standalone computer and connect it to the database.
+
+**To install the management server on a standalone computer and connect it to the database**
+
+1.  Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+
+2.  On the **Getting Started** page, review and accept the license terms, and click **Next**.
+
+3.  On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
+
+4.  On the **Feature Selection** page, select the **Management Server** checkbox and click **Next**.
+
+5.  On the **Installation Location** page, accept the default location and click **Next**.
+
+6.  On the **Configure Existing Management Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL SQL, for example **SqlServerMachine**.
+
+    >**Note**  
+    If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. Specify the **SQL Server Database name** that this management server will use, for example **AppvManagement**.
+
+7.  On the **Configure Management Server Configuration** page, specify the AD group or account that will connect to the management console for administrative purposes for example **MyDomain\\MyUser** or **MyDomain\\AdminGroup**. The account or AD group you specify will be enabled to manage the server through the management console. You can add additional users or groups using the management console after installation
+
+    Specify the **Website Name** that you want to use for the management service. Accept the default if you do not have a custom name. For the **Port Binding**, specify a unique port number to be used, for example **12345**.
+
+8.  Click **Install**.
+
+9.  To confirm that the setup has completed successfully, open a web browser, and type the following URL: http://managementserver:portnumber/Console. If the installation was successful, you should see the **Management Console** appear without any error messages or warnings being displayed.
+
+## Have a suggestion for App-V?  
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[Deploying App-V](appv-deploying-appv.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/manage/appv-install-the-publishing-server-on-a-remote-computer.md
new file mode 100644
index 0000000000..d28bc0298f
--- /dev/null
+++ b/windows/manage/appv-install-the-publishing-server-on-a-remote-computer.md
@@ -0,0 +1,85 @@
+---
+title: How to Install the Publishing Server on a Remote Computer (Windows 10)
+description: How to Install the App-V Publishing Server on a Remote Computer
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Install the Publishing Server on a Remote Computer
+
+**Applies to**
+-   Windows Server 2016
+
+Use the following procedure to install the publishing server on a separate computer. Before you perform the following procedure, ensure the database and management server are available.
+
+**To install the publishing server on a separate computer**
+
+1.  Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+
+2.  On the **Getting Started** page, review and accept the license terms, and click **Next**.
+
+3.  On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
+
+4.  On the **Feature Selection** page, select the **Publishing Server** checkbox and click **Next**.
+
+5.  On the **Installation Location** page, accept the default location and click **Next**.
+
+6.  On the **Configure Publishing Server Configuration** page, specify the following items:
+
+    -   The URL for the management service that the publishing server will connect to. For example, **http://ManagementServerName:12345**.
+
+    -   Specify the website name that you want to use for the publishing service. Accept the default if you do not have a custom name.
+
+    -   For the **Port Binding**, specify a unique port number that will be used by App-V, for example **54321**.
+
+7.  On the **Ready to Install** page, click **Install**.
+
+8.  After the installation is complete, the publishing server must be registered with the management server. In the App-V management console, use the following steps to register the server:
+
+    1.  Open the App-V management server console.
+
+    2.  In the left pane, select **Servers**, and then select **Register New Server**.
+
+    3.  Type the name of this server and a description (if required) and click **Add**.
+
+9.  To verify that the publishing server is running correctly, you should import a package to the management server, entitle the package to an AD group, and publish the package. Using an internet browser, open the following URL: **http://publishingserver:pubport**. If the server is running correctly information similar to the following will be displayed:
+
+    ```syntax
+    <Publishing Protocol="1.0">
+    
+        <Packages>
+
+        <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" VersionId="5d03c08f-51dc-4026-8cf9-15ebe3d65a72" PackageUrl="\\server\share\file.appv" />
+        
+        </Packages>
+
+        <NoGroup>
+
+        <Package PackageId="28115343-06e2-44dc-a327-3a0b9b868bda" />
+
+        </NoGroup>
+
+    </Publishing>
+    ```
+
+## Have a suggestion for App-V? 
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[Deploying App-V](appv-deploying-appv.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md
new file mode 100644
index 0000000000..10915488b0
--- /dev/null
+++ b/windows/manage/appv-install-the-reporting-server-on-a-standalone-computer.md
@@ -0,0 +1,57 @@
+---
+title: How to install the Reporting Server on a Standalone Computer and Connect it to the Database (Windows 10)
+description: How to install the App-V Reporting Server on a Standalone Computer and Connect it to the Database
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to install the Reporting Server on a Standalone Computer and Connect it to the Database
+
+**Applies to**
+-   Windows Server 2016
+
+Use the following procedure to install the reporting server on a standalone computer and connect it to the database.
+
+> **Important**&nbsp;&nbsp;Before performing the following procedure you should read and understand [About App-V Reporting](appv-reporting.md).
+
+**To install the reporting server on a standalone computer and connect it to the database**
+
+1.  Copy the App-V server installation files to the computer on which you want to install it on. To start the App-V server installation right-click and run **appv\_server\_setup.exe** as an administrator. Click **Install**.
+
+2.  On the **Getting Started** page, review and accept the license terms, and click **Next**.
+
+3.  On the **Use Microsoft Update to help keep your computer secure and up-to-date** page, to enable Microsoft updates, select **Use Microsoft Update when I check for updates (recommended).** To disable Microsoft updates, select **I don’t want to use Microsoft Update**. Click **Next**.
+
+4.  On the **Feature Selection** page, select the **Reporting Server** checkbox and click **Next**.
+
+5.  On the **Installation Location** page, accept the default location and click **Next**.
+
+6.  On the **Configure Existing Reporting Database** page, select **Use a remote SQL Server**, and type the machine name of the computer running Microsoft SQL Server, for example **SqlServerMachine**.
+
+    **Note**  
+    If the Microsoft SQL Server is deployed on the same server, select **Use local SQL Server**. For the SQL Server Instance, select **Use the default instance**. If you are using a custom Microsoft SQL Server instance, you must select **Use a custom instance** and then type the name of the instance. Specify the **SQL Server Database name** that this reporting server will use, for example **AppvReporting**.
+
+7.  On the **Configure Reporting Server Configuration** page.
+
+    -   Specify the Website Name that you want to use for the Reporting Service. Leave the default unchanged if you do not have a custom name.
+
+    -   For the **Port binding**, specify a unique port number that will be used by App-V, for example **55555**. You should also ensure that the port specified is not being used by another website.
+
+8.  Click **Install**.
+
+## Have a suggestion for App-V? 
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[About App-V Reporting](appv-reporting.md)
+
+[Deploying App-V](appv-deploying-appv.md)
+
+[How to Enable Reporting on the App-V Client by Using Windows PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md)
diff --git a/windows/manage/appv-install-the-sequencer.md b/windows/manage/appv-install-the-sequencer.md
new file mode 100644
index 0000000000..a84655d47d
--- /dev/null
+++ b/windows/manage/appv-install-the-sequencer.md
@@ -0,0 +1,61 @@
+---
+title: Install the App-V Sequencer (Windows 10)
+description: Install the App-V Sequencer
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Install the App-V Sequencer
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices. Those devices must be running the App-V client to allow users to interact with virtual applications.
+
+The App-V Sequencer is included in the Windows 10 Assessment and Deployment Kit (Windows ADK).
+
+> [!NOTE]  
+> The computer that will run the sequencer must not have the App-V client enabled on it. As a best practice, choose a computer with the same hardware and software configurations as the computers that will run the virtual applications. The sequencing process is resource intensive, so make sure that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive.
+
+To install the App-V Sequencer:
+
+1.  Go to [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit).
+
+2.  Click or press the **Get Windows ADK for Windows 10** button on the page to start the ADK installer. Make sure that **Microsoft Application Virtualization (App-V) Sequencer** is selected during the installation.
+
+    ![Selecting APP-V features in ADK](images/app-v-in-adk.png)
+
+3.  To open the Sequencer, from the **Start** menu, select **Microsoft Application Virtualization (App-V) Sequencer** .
+
+See [Creating and managing virtual applications](appv-creating-and-managing-virtualized-applications.md) and the [Application Virtualization Sequencing Guide](http://download.microsoft.com/download/F/7/8/F784A197-73BE-48FF-83DA-4102C05A6D44/App-V%205.0%20Sequencing%20Guide.docx) for information about creating virtual applications with the Sequencer.
+
+## Command-line options for installing the sequencer
+
+You can also use the command line to install the App-V sequencer. The following list displays information about options for installing the sequencer using the command line and **appv\_sequencer\_setup.exe**:
+
+| **Command**       | **Description**  |
+|-------------------|------------------|
+| /INSTALLDIR       | Specifies the installation directory.  |
+| /Log   | Specifies where the installation log will be saved, the default location is **%Temp%**. For example, **C:\\Logs\\ log.log**.    |
+| /q     | Specifies a quiet or silent installation.      |
+| /Uninstall        | Specifies the removal of the sequencer.  |
+| /ACCEPTEULA       | Accepts the license agreement. This is required for an unattended installation. Example usage: **/ACCEPTEULA** or **/ACCEPTEULA=1**.         |
+| /LAYOUT           | Specifies the associated layout action. It also extracts the Windows Installer (.msi) and script files to a folder without installing App-V. No value is expected. |
+| /LAYOUTDIR        | Specifies the layout directory. Requires a string value. Example usage:**/LAYOUTDIR=”C:\\Application Virtualization Client”**.    |
+| /? Or /h or /help | Displays associated help.   |
+
+## To troubleshoot the App-V sequencer installation
+
+For more information regarding the sequencer installation, you can view the error log in the **%temp%** folder. To review the log files, click **Start**, type **%temp%**, and then look for the **appv\_ log**.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
diff --git a/windows/manage/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/manage/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
new file mode 100644
index 0000000000..2c29e70fd9
--- /dev/null
+++ b/windows/manage/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
@@ -0,0 +1,176 @@
+---
+title: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help (Windows 10)
+description: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
+
+**Applies to**
+-   Windows 10, version 1607
+
+What this topic covers:
+
+-   [Requirements for using Windows PowerShell cmdlets](#bkmk-reqs-using-posh)
+
+-   [Loading the Windows PowerShell cmdlets](#bkmk-load-cmdlets)
+
+-   [Getting help for the Windows PowerShell cmdlets](#bkmk-get-cmdlet-help)
+
+-   [Displaying the help for a Windows PowerShell cmdlet](#bkmk-display-help-cmdlet)
+
+## <a href="" id="bkmk-reqs-using-posh"></a>Requirements for using Windows PowerShell cmdlets
+
+
+Review the following requirements for using the Windows PowerShell cmdlets:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Requirement</th>
+<th align="left">Details</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Users can run App-V Server cmdlets only if you grant them access by using one of the following methods:</p></td>
+<td align="left"><ul>
+<li><p><strong>When you are deploying and configuring the App-V Server</strong>:</p>
+<p>Specify an Active Directory group or individual user that has permissions to manage the App-V environment. See [How to Deploy the App-V Server](appv-deploy-the-appv-server.md).</p></li>
+<li><p><strong>After you’ve deployed the App-V Server</strong>:</p>
+<p>Use the App-V Management console to add an additional Active Directory group or user. See [How to Add or Remove an Administrator by Using the Management Console](appv-add-or-remove-an-administrator-with-the-management-console.md).</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Cmdlets that require an elevated command prompt</p></td>
+<td align="left"><ul>
+<li><p>Add-AppvClientPackage</p></li>
+<li><p>Remove-AppvClientPackage</p></li>
+<li><p>Set-AppvClientConfiguration</p></li>
+<li><p>Add-AppvClientConnectionGroup</p></li>
+<li><p>Remove-AppvClientConnectionGroup</p></li>
+<li><p>Add-AppvPublishingServer</p></li>
+<li><p>Remove-AppvPublishingServer</p></li>
+<li><p>Send-AppvClientReport</p></li>
+<li><p>Set-AppvClientMode</p></li>
+<li><p>Set-AppvClientPackage</p></li>
+<li><p>Set-AppvPublishingServer</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Cmdlets that end users can run, unless you configure them to require an elevated command prompt</p></td>
+<td align="left"><ul>
+<li><p>Publish-AppvClientPackage</p></li>
+<li><p>Unpublish-AppvClientPackage</p></li>
+</ul>
+<p>To configure these cmdlets to require an elevated command prompt, use one of the following methods:</p>
+<ul>
+<li><p>Run the <strong>Set-AppvClientConfiguration</strong> cmdlet with the <strong>-RequirePublishAsAdmin</strong> parameter.</p>
+<p>For more information, see:<br>[How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell](appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md#bkmk-admin-only-posh-topic-cg)<br>[How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs).</p></li>
+<li><p>Enable the “Require publish as administrator” Group Policy setting for App-V Clients.</p>
+<p>For more information, see [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md#bkmk-admin-pub-pkg-only-posh)</p></li>
+</ul>
+</td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## <a href="" id="bkmk-load-cmdlets"></a>Loading the Windows PowerShell cmdlets
+
+
+To load the Windows PowerShell cmdlet modules:
+
+1.  Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE).
+
+2.  Type one of the following commands to load the cmdlets for the module you want:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">App-V component</th>
+<th align="left">Command to type</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>App-V Server</p></td>
+<td align="left"><p>Import-Module AppvServer</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>App-V Sequencer</p></td>
+<td align="left"><p>Import-Module AppvSequencer</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>App-V Client</p></td>
+<td align="left"><p>Import-Module AppvClient</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## <a href="" id="bkmk-get-cmdlet-help"></a>Getting help for the Windows PowerShell cmdlets
+
+Starting in App-V 5.0 SP3, cmdlet help is available in two formats:
+
+- **As a downloadable module**: To download the latest help after downloading the cmdlet module, open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE), and type one of the following commands: 
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">App-V component</th>
+<th align="left">Command to type</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>App-V Server</p></td>
+<td align="left"><p>Update-Help -Module AppvServer</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>App-V Sequencer</p></td>
+<td align="left"><p>Update-Help -Module AppvSequencer</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>App-V Client</p></td>
+<td align="left"><p>Update-Help -Module AppvClient</p></td>
+</tr>
+</tbody>
+</table>
+
+<br>
+
+- **On TechNet as web pages**: See the App-V node under [Microsoft Desktop Optimization Pack Automation with Windows PowerShell](http://technet.microsoft.com/library/dn520245.aspx).
+
+## <a href="" id="bkmk-display-help-cmdlet"></a>Displaying the help for a Windows PowerShell cmdlet
+
+
+To display help for a specific Windows PowerShell cmdlet:
+
+1.  Open Windows PowerShell or Windows PowerShell Integrated Scripting Environment (ISE).
+
+2.  Type **Get-Help** &lt;*cmdlet*&gt;, for example, **Get-Help Publish-AppvClientPackage**.
+
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-maintaining-appv.md b/windows/manage/appv-maintaining-appv.md
new file mode 100644
index 0000000000..32dae30bb0
--- /dev/null
+++ b/windows/manage/appv-maintaining-appv.md
@@ -0,0 +1,49 @@
+---
+title: Maintaining App-V (Windows 10)
+description: Maintaining App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Maintaining App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+After you have deployed App-V for Windows 10, you can use the following information to maintain the App-V infrastructure.
+
+## Moving the App-V server
+
+The App-V server connects to the App-V database. Therefore you can install the management component on any computer on the network and then connect it to the App-V database.
+
+[How to Move the App-V Server to Another Computer](appv-move-the-appv-server-to-another-computer.md)
+
+## <a href="" id="determine-if-an-app-v-application-is-running-virtualized-"></a>Determine if an App-V Application is Running Virtualized
+
+
+Independent software vendors (ISV) who want to determine if an application is running virtualized with App-V should open a named object called **AppVVirtual-&lt;PID&gt;** in the default namespace. For example, Windows API **GetCurrentProcessId()** can be used to obtain the current process's ID, for example 4052, and then if a named Event object called **AppVVirtual-4052** can be successfully opened using **OpenEvent()** in the default namespace for read access, then the application is virtual. If the **OpenEvent()** call fails, the application is not virtual.
+
+Additionally, ISV’s who want to explicitly virtualize or not virtualize calls on specific API’s with App-V 5.1 and later, can use the **VirtualizeCurrentThread()** and **CurrentThreadIsVirtualized()** functions implemented in the AppEntSubsystems32.dll module. These provide a way of hinting at a downstream component that the call should or should not be virtualized.
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Other resources for maintaining App-V
+
+
+[Operations for App-V](appv-operations.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
new file mode 100644
index 0000000000..694708f484
--- /dev/null
+++ b/windows/manage/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -0,0 +1,282 @@
+---
+title: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell (Windows 10)
+description: How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell
+
+**Applies to**
+-   Windows 10, version 1607
+
+
+The following sections explain how to perform various management tasks on a stand-alone client computer by using Windows PowerShell:
+
+-   [To return a list of packages](#bkmk-return-pkgs-standalone-posh)
+
+-   [To add a package](#bkmk-add-pkgs-standalone-posh)
+
+-   [To publish a package](#bkmk-pub-pkg-standalone-posh)
+
+-   [To publish a package to a specific user](#bkmk-pub-pkg-a-user-standalone-posh)
+
+-   [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh)
+
+-   [To unpublish an existing package](#bkmk-unpub-pkg-standalone-posh)
+
+-   [To unpublish a package for a specific user](#bkmk-unpub-pkg-specfc-use)
+
+-   [To remove an existing package](#bkmk-remove-pkg-standalone-posh)
+
+-   [To enable only administrators to publish or unpublish packages](#bkmk-admins-pub-pkgs)
+
+-   [Understanding pending packages (UserPending and GlobalPending)](#bkmk-understd-pend-pkgs)
+
+## <a href="" id="bkmk-return-pkgs-standalone-posh"></a>To return a list of packages
+
+
+Use the following information to return a list of packages that are entitled to a specific user:
+
+**Cmdlet**: Get-AppvClientPackage
+
+**Parameters**: -Name -Version -PackageID -VersionID
+
+**Example**: Get-AppvClientPackage –Name “ContosoApplication” -Version 2
+
+## <a href="" id="bkmk-add-pkgs-standalone-posh"></a>To add a package
+
+
+Use the following information to add a package to a computer.
+
+**Important**  
+This example only adds a package. It does not publish the package to the user or the computer.
+
+ 
+
+**Cmdlet**: Add-AppvClientPackage
+
+**Example**: $Contoso = Add-AppvClientPackage \\\\path\\to\\appv\\package.appv
+
+## <a href="" id="bkmk-pub-pkg-standalone-posh"></a>To publish a package
+
+
+Use the following information to publish a package that has been added to a specific user or globally to any user on the computer.
+
+<table>
+<colgroup>
+<col width="30%" />
+<col width="70%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Publishing method</th>
+<th align="left">Cmdlet and example</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Publishing to the user</p></td>
+<td align="left"><p><strong>Cmdlet</strong>: Publish-AppvClientPackage</p>
+<p><strong>Example</strong>: Publish-AppvClientPackage “ContosoApplication”</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Publishing globally</p></td>
+<td align="left"><p><strong>Cmdlet</strong>: Publish-AppvClientPackage</p>
+<p><strong>Example</strong>: Publish-AppvClientPackage “ContosoApplication” -Global</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## <a href="" id="bkmk-pub-pkg-a-user-standalone-posh"></a>To publish a package to a specific user
+
+
+**Note**  
+You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
+
+ 
+
+An administrator can publish a package to a specific user by specifying the optional **–UserSID** parameter with the **Publish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID).
+
+To use this parameter:
+
+-   You can run this cmdlet from the user or administrator session.
+
+-   You must be logged in with administrative credentials to use the parameter.
+
+-   The end user must be logged in.
+
+-   You must provide the end user’s security identifier (SID).
+
+**Cmdlet**: Publish-AppvClientPackage
+
+**Example**: Publish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345
+
+## <a href="" id="bkmk-add-pub-pkg-standalone-posh"></a>To add and publish a package
+
+
+Use the following information to add a package to a computer and publish it to the user.
+
+**Cmdlet**: Add-AppvClientPackage
+
+**Example**: Add-AppvClientPackage \\\\path\\to\\appv\\package.appv | Publish-AppvClientPackage
+
+## <a href="" id="bkmk-unpub-pkg-standalone-posh"></a>To unpublish an existing package
+
+
+Use the following information to unpublish a package which has been entitled to a user but not remove the package from the computer.
+
+**Cmdlet**: Unpublish-AppvClientPackage
+
+**Example**: Unpublish-AppvClientPackage “ContosoApplication”
+
+## <a href="" id="bkmk-unpub-pkg-specfc-use"></a>To unpublish a package for a specific user
+
+
+**Note**  
+You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
+
+ 
+
+An administrator can unpublish a package for a specific user by using the optional **–UserSID** parameter with the **Unpublish-AppvClientPackage** cmdlet, where **-UserSID** represents the end user’s security identifier (SID).
+
+To use this parameter:
+
+-   You can run this cmdlet from the user or administrator session.
+
+-   You must be logged in with administrative credentials to use the parameter.
+
+-   The end user must be logged in.
+
+-   You must provide the end user’s security identifier (SID).
+
+**Cmdlet**: Unpublish-AppvClientPackage
+
+**Example**: Unpublish-AppvClientPackage “ContosoApplication” -UserSID S-1-2-34-56789012-3456789012-345678901-2345
+
+## <a href="" id="bkmk-remove-pkg-standalone-posh"></a>To remove an existing package
+
+
+Use the following information to remove a package from the computer.
+
+**Cmdlet**: Remove-AppvClientPackage
+
+**Example**: Remove-AppvClientPackage “ContosoApplication”
+
+**Note**  
+App-V cmdlets have been assigned to variables for the previous examples for clarity only; assignment is not a requirement. Most cmdlets can be combined as displayed in [To add and publish a package](#bkmk-add-pub-pkg-standalone-posh). For a detailed tutorial, see [App-V 5.0 Client PowerShell Deep Dive](https://blogs.technet.microsoft.com/appv/2012/12/03/app-v-5-0-client-powershell-deep-dive/).
+
+ 
+
+## <a href="" id="bkmk-admins-pub-pkgs"></a>To enable only administrators to publish or unpublish packages
+
+Starting in App-V 5.0 SP3, you can use the following cmdlet and parameter to enable only administrators (not end users) to publish or unpublish packages:
+
+<table>
+<colgroup>
+<col width="30%" />
+<col width="70%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Cmdlet</strong></p></td>
+<td align="left"><p>Set-AppvClientConfiguration</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Parameter</strong></p></td>
+<td align="left"><p>-RequirePublishAsAdmin</p>
+<p>Parameter values:</p>
+<ul>
+<li><p>0 - False</p></li>
+<li><p>1 - True</p></li>
+</ul>
+<p><strong>Example:</strong>: Set-AppvClientConfiguration –RequirePublishAsAdmin1</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+To use the App-V Management console to set this configuration, see [How to Publish a Package by Using the Management Console](appv-publish-a-packages-with-the-management-console.md).
+
+## <a href="" id="bkmk-understd-pend-pkgs"></a>Understanding pending packages (UserPending and GlobalPending)
+
+
+**Starting in App-V 5.0 SP2**: If you run a Windows PowerShell cmdlet that affects a package that is currently in use, the task that you are trying to perform is placed in a pending state. For example, if you try to publish a package when an application in that package is being used, and then run **Get-AppvClientPackage**, the pending status appears in the cmdlet output as follows:
+
+<table>
+<colgroup>
+<col width="30%" />
+<col width="70%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Cmdlet output item</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>UserPending</p></td>
+<td align="left"><p>Indicates whether the listed package has a pending task that is being applied to the user:</p>
+<ul>
+<li><p>True</p></li>
+<li><p>False</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>GlobalPending</p></td>
+<td align="left"><p>Indicates whether the listed package has a pending task that is being applied globally to the computer:</p>
+<ul>
+<li><p>True</p></li>
+<li><p>False</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+The pending task will run later, according to the following rules:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task type</th>
+<th align="left">Applicable rule</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>User-based task, e.g., publishing a package to a user</p></td>
+<td align="left"><p>The pending task will be performed after the user logs off and then logs back on.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Globally based task, e.g., enabling a connection group globally</p></td>
+<td align="left"><p>The pending task will be performed when the computer is shut down and then restarted.</p></td>
+</tr>
+</tbody>
+</table>
+
+For more information about pending tasks, see [Upgrading an in-use App-V package](appv-application-publishing-and-client-interaction.md#upgrading-an-in-use-app-v-package).
+
+## Have a suggestion for App-V? 
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
+
+[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
+
diff --git a/windows/manage/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/manage/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
new file mode 100644
index 0000000000..3d52191607
--- /dev/null
+++ b/windows/manage/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
@@ -0,0 +1,139 @@
+---
+title: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell (Windows 10)
+description: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
+
+**Applies to**
+-   Windows 10, version 1607
+
+An App-V connection group allows you to run all the virtual applications as a defined set of packages in a single virtual environment. For example, you can virtualize an application and its plug-ins by using separate packages, but run them together in a single connection group.
+
+A connection group XML file defines the connection group for the App-V client. For information about the connection group XML file and how to configure it, see [About the Connection Group File](appv-connection-group-file.md).
+
+This topic explains the following procedures:
+
+-   [To add and publish the App-V packages in the connection group](#bkmk-add-pub-pkgs-in-cg)
+
+-   [To add and enable the connection group on the App-V client](#bkmk-add-enable-cg-on-clt)
+
+-   [To enable or disable a connection group for a specific user](#bkmk-enable-cg-for-user-poshtopic)
+
+-   [To allow only administrators to enable connection groups](#bkmk-admin-only-posh-topic-cg)
+
+**To add and publish the App-V packages in the connection group**
+
+1.  To add and publish the App-V packages to the computer running the App-V client, type the following command:
+
+    Add-AppvClientPackage –path c:\\tmpstore\\quartfin.appv | Publish-AppvClientPackage
+
+2.  Repeat **step 1** of this procedure for each package in the connection group.
+
+**To add and enable the connection group on the App-V client**
+
+1.  Add the connection group by typing the following command:
+
+    Add-AppvClientConnectionGroup –path c:\\tmpstore\\financ.xml
+
+2.  Enable the connection group by typing the following command:
+
+    Enable-AppvClientConnectionGroup –name “Financial Applications”
+
+    When any virtual applications that are in the member packages are run on the target computer, they will run inside the connection group’s virtual environment and will be available to all the virtual applications in the other packages in the connection group.
+
+**To enable or disable a connection group for a specific user**
+
+1.  Review the parameter description and requirements:
+
+    -   The parameter enables an administrator to enable or disable a connection group for a specific user.
+
+    -   You must use App-V 5.0 SP2 Hotfix Package 5 or later to use this parameter.
+
+    -   You can run this cmdlet from the user or administrator session.
+
+    -   You must be logged in with administrative credentials to use the parameter.
+
+    -   The end user must be logged in.
+
+    -   You must provide the end user’s security identifier (SID).
+
+2.  Use the following cmdlets, and add the optional **–UserSID** parameter, where **-UserSID** represents the end user’s security identifier (SID):
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">Cmdlet</th>
+    <th align="left">Examples</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>Enable-AppVClientConnectionGroup</p></td>
+    <td align="left"><p>Enable-AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Disable-AppVClientConnectionGroup</p></td>
+    <td align="left"><p>Disable-AppVClientConnectionGroup “ConnectionGroupA” -UserSID S-1-2-34-56789012-3456789012-345678901-2345</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+**To allow only administrators to enable connection groups**
+
+1.  Review the description and requirement for using this cmdlet:
+
+    -   Use this cmdlet and parameter to configure the App-V client to allow only administrators (not end users) to enable or disable connection groups.
+
+    -   You must be using at least App-V 5.0 SP3 to use this cmdlet.
+
+2.  Run the following cmdlet and parameter:
+
+    <table>
+    <colgroup>
+    <col width="33%" />
+    <col width="33%" />
+    <col width="33%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">Cmdlet</th>
+    <th align="left">Parameter and values</th>
+    <th align="left">Example</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>Set-AppvClientConfiguration</p></td>
+    <td align="left"><p>-RequirePublishAsAdmin</p>
+    <ul>
+    <li><p>0 - False</p></li>
+    <li><p>1 - True</p></li>
+    </ul></td>
+    <td align="left"><p>Set-AppvClientConfiguration -RequirePublishAsAdmin 1</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+## Have a suggestion for App-V? 
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[Operations for App-V](appv-operations.md)
+
+[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
diff --git a/windows/manage/appv-managing-connection-groups.md b/windows/manage/appv-managing-connection-groups.md
new file mode 100644
index 0000000000..dad0496d45
--- /dev/null
+++ b/windows/manage/appv-managing-connection-groups.md
@@ -0,0 +1,83 @@
+---
+title: Managing Connection Groups (Windows 10)
+description: Managing Connection Groups
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Managing Connection Groups
+
+**Applies to**
+-   Windows 10, version 1607
+
+Connection groups enable the applications within a package to interact with each other in the virtual environment, while remaining isolated from the rest of the system. By using connection groups, administrators can manage packages independently and can avoid having to add the same application multiple times to a client computer.
+
+**Note**  
+In some previous versions of App-V, connection groups were referred to as Dynamic Suite Composition.
+
+**In this section:**
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p>[About the Connection Group Virtual Environment](appv-connection-group-virtual-environment.md)</p></td>
+<td align="left"><p>Describes the connection group virtual environment.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[About the Connection Group File](appv-connection-group-file.md)</p></td>
+<td align="left"><p>Describes the connection group file.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>[How to Create a Connection Group](appv-create-a-connection-group.md)</p></td>
+<td align="left"><p>Explains how to create a new connection group.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[How to Create a Connection Group with User-Published and Globally Published Packages](appv-create-a-connection-group-with-user-published-and-globally-published-packages.md)</p></td>
+<td align="left"><p>Explains how to create a new connection group that contains a mix of packages that are published to the user and published globally.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>[How to Delete a Connection Group](appv-delete-a-connection-group.md)</p></td>
+<td align="left"><p>Explains how to delete a connection group.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[How to Publish a Connection Group](appv-publish-a-connection-group.md)</p></td>
+<td align="left"><p>Explains how to publish a connection group.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>[How to Make a Connection Group Ignore the Package Version](appv-configure-connection-groups-to-ignore-the-package-version.md)</p></td>
+<td align="left"><p>Explains how to configure a connection group to accept any version of a package, which simplifies package upgrades and reduces the number of connection groups you need to create.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[How to Allow Only Administrators to Enable Connection Groups](appv-allow-administrators-to-enable-connection-groups.md)</p></td>
+<td align="left"><p>Explains how to configure the App-V client so that only administrators (not end users) can enable or disable connection groups.</p></td>
+</tr></tbody>
+</table>
+
+ 
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Other resources for App-V connection groups
+
+
+-   [Operations for App-V](appv-operations.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-migrating-to-appv-from-a-previous-version.md b/windows/manage/appv-migrating-to-appv-from-a-previous-version.md
new file mode 100644
index 0000000000..ff212a6b60
--- /dev/null
+++ b/windows/manage/appv-migrating-to-appv-from-a-previous-version.md
@@ -0,0 +1,258 @@
+---
+title: Migrating to App-V from a Previous Version (Windows 10)
+description: Migrating to App-V for Windows 10 from a previous version
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Migrating to App-V from previous versions
+
+**Applies to**
+-   Windows 10, version 1607
+
+To migrate from App-V 4.x to App-V for Windows 10, you must upgrade to App-V 5.x first. 
+
+## <a href="" id="bkmk-pkgconvimprove"></a>Improvements to the App-V Package Converter
+
+
+You can now use the package converter to convert App-V 4.6 packages that contain scripts, and registry information and scripts from source .osd files are now included in package converter output.
+
+You can also use the `–OSDsToIncludeInPackage` parameter with the `ConvertFrom-AppvLegacyPackage` cmdlet to specify which .osd files’ information is converted and placed within the new package.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">New in App-V for Windows 10</th>
+<th align="left">Prior to App-V for Windows 10</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>New .xml files are created corresponding to the .osd files associated with a package; these files include the following information:</p>
+<ul>
+<li><p>environment variables</p></li>
+<li><p>shortcuts</p></li>
+<li><p>file type associations</p></li>
+<li><p>registry information</p></li>
+<li><p>scripts</p></li>
+</ul>
+<p>You can now choose to add information from a subset of the .osd files in the source directory to the package using the <code>-OSDsToIncludeInPackage</code> parameter.</p></td>
+<td align="left"><p>Registry information and scripts included in .osd files associated with a package were not included in package converter output.</p>
+<p>The package converter would populate the new package with information from all of the .osd files in the source directory.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Example conversion statement
+
+To understand the new process, review the following example `ConvertFrom-AppvLegacyPackage` package converter statement.
+
+**If the source directory (\\\\OldPkgStore\\ContosoApp) includes the following:**
+
+-   ContosoApp.sft
+
+-   ContosoApp.msi
+
+-   ContosoApp.sprj
+
+-   ContosoApp\_manifest.xml
+
+-   X.osd
+
+-   Y.osd
+
+-   Z.osd
+
+**And you run this command:**
+
+``` syntax
+ConvertFrom-AppvLegacyPackage –SourcePath \\OldPkgStore\ContosoApp\ 
+-DestinationPath \\NewPkgStore\ContosoApp\
+-OSDsToIncludeInPackage X.osd,Y.osd
+```
+
+**The following is created in the destination directory (\\\\NewPkgStore\\ContosoApp):**
+
+-   ContosoApp.appv
+
+-   ContosoApp.msi
+
+-   ContosoApp\_DeploymentConfig.xml
+
+-   ContosoApp\_UserConfig.xml
+
+-   X\_Config.xml
+
+-   Y\_Config.xml
+
+-   Z\_Config.xml
+
+**In the above example:**
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">These Source directory files…</th>
+<th align="left">…are converted to these Destination directory files…</th>
+<th align="left">…and will contain these items</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><ul>
+<li><p>X.osd</p></li>
+<li><p>Y.osd</p></li>
+<li><p>Z.osd</p></li>
+</ul></td>
+<td align="left"><ul>
+<li><p>X_Config.xml</p></li>
+<li><p>Y_Config.xml</p></li>
+<li><p>Z_Config.xml</p></li>
+</ul></td>
+<td align="left"><ul>
+<li><p>Environment variables</p></li>
+<li><p>Shortcuts</p></li>
+<li><p>File type associations</p></li>
+<li><p>Registry information</p></li>
+<li><p>Scripts</p></li>
+</ul></td>
+<td align="left"><p>Each .osd file is converted to a separate, corresponding .xml file that contains the items listed here in App-V deployment configuration format. These items can then be copied from these .xml files and placed in the deployment configuration or user configuration files as desired.</p>
+<p>In this example, there are three .xml files, corresponding with the three .osd files in the source directory. Each .xml file contains the environment variables, shortcuts, file type associations, registry information, and scripts in its corresponding .osd file.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><ul>
+<li><p>X.osd</p></li>
+<li><p>Y.osd</p></li>
+</ul></td>
+<td align="left"><ul>
+<li><p>ContosoApp.appv</p></li>
+<li><p>ContosoApp_DeploymentConfig.xml</p></li>
+<li><p>ContosoApp_UserConfig.xml</p></li>
+</ul></td>
+<td align="left"><ul>
+<li><p>Environment variables</p></li>
+<li><p>Shortcuts</p></li>
+<li><p>File type associations</p></li>
+</ul></td>
+<td align="left"><p>The information from the .osd files specified in the <code>-OSDsToIncludeInPackage</code> parameter are converted and placed inside the package. The converter then populates the deployment configuration file and the user configuration file with the contents of the package, just as App-V Sequencer does when sequencing a new package.</p>
+<p>In this example, environment variables, shortcuts, and file type associations included in X.osd and Y.osd were converted and placed in the App-V package, and some of this information was also included in the deployment configuration and user configuration files. X.osd and Y.osd were used because they were included as arguments to the <code>-OSDsToIncludeInPackage</code> parameter. No information from Z.osd was included in the package, because it was not included as one of these arguments.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Converting packages created using a prior version of App-V
+
+
+Use the package converter utility to upgrade virtual application packages created using versions of App-V prior to App-V 5.0. The package converter uses Windows PowerShell to convert packages and can help automate the process if you have many packages that require conversion. App-V packages created with App-V 5.x don't need to be converted.
+
+
+**Important**  
+After you convert an existing package you should test the package prior to deploying the package to ensure the conversion process was successful.
+
+ 
+
+**What to know before you convert existing packages**
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Issue</th>
+<th align="left">Workaround</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Virtual packages using DSC are not linked after conversion.</p></td>
+<td align="left"><p>Link the packages using connection groups. See [Managing Connection Groups](appv-managing-connection-groups.md).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Environment variable conflicts are detected during conversion.</p></td>
+<td align="left"><p>Resolve any conflicts in the associated <strong>.osd</strong> file.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Hard-coded paths are detected during conversion.</p></td>
+<td align="left"><p>Hard-coded paths are difficult to convert correctly. The package converter will detect and return packages with files that contain hard-coded paths. View the file with the hard-coded path, and determine whether the package requires the file. If so, it is recommended to re-sequence the package.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+When converting a package check for failing files or shortcuts, locate the item in App-V 4.6 package. It could possibly be a hard-coded path. Convert the path.
+
+**Note**  
+It is recommended that you use the App-V sequencer for converting critical applications or applications that need to take advantage of features. See [How to Sequence a New Application with App-V](appv-sequence-a-new-application.md).
+
+If a converted package does not open after you convert it, it is also recommended that you re-sequence the application using the App-V sequencer.
+
+[How to Convert a Package Created in a Previous Version of App-V](appv-convert-a-package-created-in-a-previous-version-of-appv.md)
+
+## Migrating the App-V Server Full Infrastructure
+
+
+There is no direct method to upgrade to a full App-V infrastructure. Use the information in the following section for information about upgrading the App-V server.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task</th>
+<th align="left">More Information</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Review prerequisites.</p></td>
+<td align="left"><p>[App-V Server prerequisite software](appv-prerequisites.md#app-v-server-prerequisite-software).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Enable the App-V client.</p></td>
+<td align="left"><p>[Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Install App-V Server.</p></td>
+<td align="left"><p>[How to Deploy the App-V Server](appv-deploy-the-appv-server.md).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Migrate existing packages.</p></td>
+<td align="left"><p>See [Converting packages created using a prior version of App-V](#converting-packages-created-using-a-prior-version-of-app-v) earlier in this topic.</p></td>
+</tr>
+</tbody>
+</table>
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Other resources for performing App-V migration tasks
+
+- [Operations for App-V](appv-operations.md)
+
+- [A simplified Microsoft App-V 5.1 Management Server upgrade procedure](https://blogs.technet.microsoft.com/appv/2015/09/23/a-simplified-microsoft-app-v-5-1-management-server-upgrade-procedure/)
diff --git a/windows/manage/appv-modify-an-existing-virtual-application-package.md b/windows/manage/appv-modify-an-existing-virtual-application-package.md
new file mode 100644
index 0000000000..5c84ac6d8d
--- /dev/null
+++ b/windows/manage/appv-modify-an-existing-virtual-application-package.md
@@ -0,0 +1,172 @@
+---
+title: How to Modify an Existing Virtual Application Package (Windows 10)
+description: How to Modify an Existing Virtual Application Package
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Modify an Existing Virtual Application Package
+
+**Applies to**
+-   Windows 10, version 1607
+
+This topic explains how to:
+
+-   [Update an application in an existing virtual application package](#bkmk-update-app-in-pkg)
+
+-   [Modify the properties associated with an existing virtual application package](#bkmk-chg-props-in-pkg)
+
+-   [Add a new application to an existing virtual application package](#bkmk-add-app-to-pkg)
+
+**Before you update a package:**
+
+-   Ensure that you’ve installed the Microsoft Application Virtualization (App-V) Sequencer, which is required for modifying a virtual application package. To install the App-V Sequencer, see [How to Install the Sequencer](appv-install-the-sequencer.md).
+
+-   Save the .appv file in a secure location and always trust the source before trying to open the package for editing.
+
+-   The Managing Authority section is erroneously removed from the deployment configuration file when you update a package. Before starting the update, copy the Managing Authority section from the existing deployment configuration file, and then paste the copied section into the new configuration file after the conversion is complete.
+
+-   If you click **Modify an Existing Virtual Application Package** in the Sequencer in order to edit a package, but then make no changes and close the package, the streaming behavior of the package is changed. The primary feature block is removed from the StreamMap.xml file, and any files that were listed in the publishing feature block are removed. Users who receive the edited package experience that package as if it were stream-faulted, regardless of how the original package was configured.
+
+**Update an application in an existing virtual application package**
+
+1.  On the computer that runs the sequencer, click **All Programs**, point to **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+
+2.  In the App-V Sequencer, click **Modify an Existing Virtual Application Package** &gt; **Next**.
+
+3.  On the **Select Task** page, click **Update Application in Existing Package** &gt; **Next**.
+
+4.  On the **Select Package** page, click **Browse** to locate the virtual application package that contains the application to update, and then click **Next**.
+
+5.  On the **Prepare Computer** page, review the issues that could cause the application update to fail or cause the updated application to contain unnecessary data. Resolve all potential issues before you continue. After making any corrections and resolving all potential issues, click **Refresh** &gt; **Next**.
+
+    **Important**  
+    If you are required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files are added to the package.
+
+     
+
+6.  On the **Select Installer** page, click **Browse** and specify the update installation file for the application. If the update does not have an associated installer file, and if you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+
+7.  On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application update so the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and then locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
+
+    **Note**  
+    The sequencer monitors all changes and installations that occur on the computer that runs the sequencer. This includes any changes and installations that are performed outside of the sequencing wizard.
+
+     
+
+8.  On the **Installation Report** page, you can review information about the updated virtual application. In **Additional Information**, double-click the event to obtain more detailed information. To proceed, click **Next**.
+
+9.  On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all of the applications to run. After all applications have run, close each of the applications, and then click **Next**.
+
+    **Note**  
+    You can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop**, and then select either **Stop all applications** or **Stop this application only**.
+
+     
+
+10. On the **Create Package** page, to modify the package without saving it, select the check box for **Continue to modify package without saving using the package editor**. When you select this option, the package opens in the App-V Sequencer console, where you can modify the package before it is saved. Click **Next**.
+
+    To save the package immediately, select the default **Save the package now**. Add optional **Comments** to associate with the package. Comments are useful to identify the application version and provide other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. Click **Create**.
+
+11. On the **Completion** page, click **Close** to close the wizard. The package is now available in the sequencer.
+
+**Modify the properties associated with an existing virtual application package**
+
+1.  On the computer that runs the sequencer, click **All Programs**, point to **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+
+2.  In the App-V Sequencer, click **Modify an Existing Virtual Application Package** &gt; **Next**.
+
+3.  On the **Select Task** page, click **Edit Package** &gt; **Next**.
+
+4.  On the **Select Package** page, click **Browse** to locate the virtual application package that contains the application properties to modify, and then click **Edit**.
+
+5.  In the App-V Sequencer console, perform any of the following tasks as needed:
+
+    -   Import and export the manifest file.
+
+    -   Enable or disable Browser Helper Objects.
+
+    -   Import or export a VFS file.
+
+    -   Import a directory into the virtual file system.
+
+    -   Import and export virtual registry keys.
+
+    -   View package properties.
+
+    -   View associated package files.
+
+    -   Edit registry settings.
+
+    -   Review additional package settings (except operating system file properties).
+
+    -   Set virtualized registry key state (override or merge).
+
+    -   Set virtualized folder state.
+
+    -   Add or edit shortcuts and file type associations.
+
+        **Note**  
+        To edit shortcuts or file type associations, you must first open the package for upgrade to add a new application, and then proceed to the final editing page.
+
+         
+
+6.  When you finish changing the package properties, click **File** &gt; **Save** to save the package.
+
+**Add a new application to an existing virtual application package**
+
+1.  On the computer that runs the sequencer, click **All Programs**, point to **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+
+2.  In the App-V Sequencer, click **Modify an Existing Virtual Application Package** &gt; **Next**.
+
+3.  On the **Select Task** page, click **Add New Application** &gt; **Next**.
+
+4.  On the **Select Package** page, click **Browse** to locate the virtual application package to which you will add the application, and then click **Next**.
+
+5.  On the **Prepare Computer** page, review the issues that could cause the package creation to fail or cause the revised package to contain unnecessary data. Resolve all potential issues before you continue. After making any corrections and resolving all potential issues, click **Refresh** &gt; **Next**.
+
+    **Important**  
+    If you are required to disable virus scanning software, first scan the computer that runs the sequencer to ensure that no unwanted or malicious files can be added to the package.
+
+     
+
+6.  On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+
+7.  On the **Installation** page, when the sequencer and application installer are ready, install the application so that the sequencer can monitor the installation process. If additional installation files must be run as part of the installation, click **Run**, and locate and run the additional installation files. When you finish the installation, select **I am finished installing** &gt; **Next**. In the **Browse for Folder** dialog box, specify the primary directory where the application will be installed. Ensure that this is a new location so that you don’t overwrite the existing version of the virtual application package.
+
+    **Note**  
+    The sequencer monitors all changes and installations that occur on the computer that runs the sequencer. This includes any changes and installations that are performed outside of the sequencing wizard.
+
+     
+
+8.  On the **Configure Software** page, optionally run the programs contained in the package. This step completes any associated license or configuration tasks that are required to run the application before you deploy and run the package on target computers. To run all the programs at the same time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs you want to run, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. It can take several minutes for all programs to run. Click **Next**.
+
+9.  On the **Installation Report** page, you can review information about the updated virtual application. In **Additional Information**, double-click the event to obtain more detailed information, and then click **Next** to open the **Customize** page.
+
+10. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 13 of this procedure. If you want to perform the following described customization, click **Customize**.
+
+    If you are customizing, prepare the virtual package for streaming, and then click **Next**. Streaming improves the experience when the virtual application package is run on target computers.
+
+11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**.
+
+    **Note**  
+    You can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and then select either **Stop all applications** or **Stop this application only**.
+
+     
+
+12. On the **Create Package** page, to modify the package without saving it, select the **Continue to modify package without saving using the package editor** check box. Selecting this option opens the package in the App-V Sequencer console, where you can modify the package before saving it. Click **Next**.
+
+    To save the package immediately, select the default **Save the package now**. Add optional **Comments** to associate with the package. Comments are useful for providing application versions and other information about the package. The default **Save Location** is also displayed. To change the default location, click **Browse** and specify the new location. The uncompressed package size is displayed. Click **Create**.
+
+13. On the **Completion** page, click **Close**. The package is now available in the sequencer.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-modify-client-configuration-with-powershell.md b/windows/manage/appv-modify-client-configuration-with-powershell.md
new file mode 100644
index 0000000000..ef256839b0
--- /dev/null
+++ b/windows/manage/appv-modify-client-configuration-with-powershell.md
@@ -0,0 +1,36 @@
+---
+title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10)
+description: How to Modify Client Configuration by Using Windows PowerShell
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Modify Client Configuration by Using Windows PowerShell
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following procedure to configure the App-V client configuration.
+
+1.  To configure the client settings using Windows PowerShell, use the **Set-AppvClientConfiguration** cmdlet. For more information about installing Windows PowerShell, and a list of cmdlets see, [How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help](appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md).
+
+2.  To modify the client configuration, open a Windows PowerShell Command prompt and run **Set-AppvClientConfiguration** with any required parameters. For example:
+
+    `$config = Get-AppvClientConfiguration`
+
+    `Set-AppcClientConfiguration $config`
+
+    `Set-AppcClientConfiguration –Name1 MyConfig –Name2 “xyz”`
+
+
+## Have a suggestion for App-V? 
+ 
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-modify-client-configuration-with-the-admx-template-and-group-policy.md b/windows/manage/appv-modify-client-configuration-with-the-admx-template-and-group-policy.md
new file mode 100644
index 0000000000..5d1058e257
--- /dev/null
+++ b/windows/manage/appv-modify-client-configuration-with-the-admx-template-and-group-policy.md
@@ -0,0 +1,4 @@
+---
+title: How to Modify App-V Client Configuration Using the ADMX Template and Group Policy (Windows 10)
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/appv-deploying-the-appv-sequencer-and-client
+---
diff --git a/windows/manage/appv-move-the-appv-server-to-another-computer.md b/windows/manage/appv-move-the-appv-server-to-another-computer.md
new file mode 100644
index 0000000000..f883d31e98
--- /dev/null
+++ b/windows/manage/appv-move-the-appv-server-to-another-computer.md
@@ -0,0 +1,34 @@
+---
+title: How to Move the App-V Server to Another Computer (Windows 10)
+description: How to Move the App-V Server to Another Computer
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to move the App-V server to another computer
+
+**Applies to**
+-   Windows Server 2016
+
+Use the following information to create a new management server console in your environment.
+
+## To create a new management server console
+
+
+Follow these steps to create a new management server console:
+
+1.  Install the management server on a computer in your environment. For more information about installing the management server see [Deploying the App-V server](appv-deploying-the-appv-server.md).
+
+2.  After you have completed the installation, use the following link to connect it to the App-V database - [How to install the Management Server on a Standalone Computer and Connect it to the Database](appv-install-the-management-server-on-a-standalone-computer.md).
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-operations.md b/windows/manage/appv-operations.md
new file mode 100644
index 0000000000..d8fe8b05e6
--- /dev/null
+++ b/windows/manage/appv-operations.md
@@ -0,0 +1,77 @@
+---
+title: Operations for App-V (Windows 10)
+description: Operations for App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Operations for App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+This section of the Microsoft Application Virtualization (App-V) Administrator’s Guide includes information about the various types of App-V administration and operating tasks that are typically performed by an administrator. This section also includes step-by-step procedures to help you successfully perform those tasks.
+
+## Operations Information
+
+
+-   [Creating and Managing App-V Virtualized Applications](appv-creating-and-managing-virtualized-applications.md)
+
+    Describes how to create, modify, and convert virtualized packages.
+
+-   [Administering App-V Virtual Applications by Using the Management Console](appv-administering-virtual-applications-with-the-management-console.md)
+
+    Describes how to use the App-V Management console to perform tasks such as sequencing an application, changing a package, using a project template, and using a package accelerator.
+
+-   [Managing Connection Groups](appv-managing-connection-groups.md)
+
+    Describes how connection groups enable virtualized applications to communicate with each other in the virtual environment; explains how to create, publish, and delete them; and describes how connection groups can help you better manage your virtualized applications.
+
+-   [Deploying App-V Packages by Using Electronic Software Distribution (ESD)](appv-deploying-packages-with-electronic-software-distribution-solutions.md)
+
+    Describes how to deploy App-V packages by using an ESD.
+
+-   [Using the App-V Client Management Console](appv-using-the-client-management-console.md)
+
+    Describes how perform client configuration tasks using the client management console.
+
+-   [Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
+
+    Provides instructions for migrating to App-V from a previous version.
+
+-   [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
+
+    Describes the set of Windows PowerShell cmdlets available for administrators performing various App-V server tasks.
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Other Resources for App-V Operations
+
+
+-   [Application Virtualization (App-V) overview](appv-for-windows.md)
+
+-   [Getting Started with App-V](appv-getting-started.md)
+
+-   [Planning for App-V](appv-planning-for-appv.md)
+
+-   [Deploying App-V](appv-deploying-appv.md)
+
+-   [Troubleshooting App-V](appv-troubleshooting.md)
+
+-   [Technical Reference for App-V](appv-technical-reference.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-performance-guidance.md b/windows/manage/appv-performance-guidance.md
new file mode 100644
index 0000000000..e0a277bf9c
--- /dev/null
+++ b/windows/manage/appv-performance-guidance.md
@@ -0,0 +1,738 @@
+---
+title: Performance Guidance for Application Virtualization (Windows 10)
+description: Performance Guidance for Application Virtualization
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Performance Guidance for Application Virtualization
+
+**Applies to**
+-   Windows 10, version 1607
+
+Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
+
+Implementing multiple methods can help you improve the end-user experience. However, your environment may not support all methods.
+
+You should read and understand the following information before reading this document.
+
+-   [Application Virtualization (App-V) overview](appv-for-windows.md)
+
+-   [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md)
+
+-   [App-V Sequencing Guide](https://www.microsoft.com/en-us/download/details.aspx?id=27760)
+
+**Note**  
+Some terms used in this document may have different meanings depending on external source and context. For more information about terms used in this document followed by an asterisk <strong>*</strong> review the [Application Virtualization Performance Guidance Terminology](#bkmk-terms1) section of this document.
+
+Finally, this document will provide you with the information to configure the computer running App-V client and the environment for optimal performance. Optimize your virtual application packages for performance using the sequencer, and to understand how to use User Experience Virtualization (UE-V) or other user environment management technologies to provide the optimal user experience with App-V in both Remote Desktop Services (RDS) and non-persistent virtual desktop infrastructure (VDI).
+
+To help determine what information is relevant to your environment you should review each section’s brief overview and applicability checklist.
+
+## <a href="" id="---------app-v-5-1-in-stateful--non-persistent-deployments"></a> App-V in stateful\* non-persistent deployments
+
+This section provides information about an approach that helps ensure a user will have access to all virtual applications within seconds after logging in. This is achieved by uniquely addressing the often long-running App-V publishing refresh. As you will discover the basis of the approach, the fastest publishing refresh, is one that doesn’t have to actually do anything. A number of conditions must be met and steps followed to provide the optimal user experience.
+
+Use the information in the following section for more information:
+
+[Usage Scenarios](#bkmk-us) - As you review the two scenarios, keep in mind that these are the approach extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users and/or virtual applications packages.
+
+-   Optimized for Performance – To provide the optimal experience, you can expect the base image to include some of the App-V virtual application package. This and other requirements are discussed.
+
+-   Optimized for Storage – If you are concerned with the storage impact, following this scenario will help address those concerns.
+
+[Preparing your Environment](#bkmk-pe)
+
+-   Steps to Prepare the Base Image – Whether in a non-persistent VDI or RDSH environment, only a few steps must be completed in the base image to enable this approach.
+
+-   Use UE-V as the User Profile Management (UPM) solution for the App-V approach – the cornerstone of this approach is the ability of a UEM solution to persist the contents of just a few registry and file locations. These locations constitute the user integrations\*. Be sure to review the specific requirements for the UPM solution.
+
+[User Experience Walk-through](#bkmk-uewt)
+
+-   Walk-through – This is a step-by-step walk-through of the App-V and UE-V operations and the expectations users should have.
+
+-   Outcome – This describes the expected results.
+
+[Impact to Package Lifecycle](#bkmk-plc)
+
+[Enhancing the VDI Experience through Performance Optimization/Tuning](#bkmk-evdi)
+
+### <a href="" id="applicability-checklist-"></a>Applicability Checklist
+
+Deployment Environment
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>Non-Persistent VDI or RDSH.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>User Experience Virtualization (UE-V), other UPM solutions or User Profile Disks (UPD).</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+Expected Configuration
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>User Experience Virtualization (UE-V) with the App-V user state template enabled or User Profile Management (UPM) software. Non-UE-V UPM software must be capable of triggering on Login or Process/Application Start and Logoff.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>App-V Shared Content Store (SCS) is configured or can be configured.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+IT Administration
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>Admin may need to update the VM base image regularly to ensure optimal performance or Admin may need to manage multiple images for different user groups.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### <a href="" id="bkmk-us"></a>Usage Scenarios
+
+As you review the two scenarios, keep in mind that these approach the extremes. Based on your usage requirements, you may choose to apply these steps to a subset of users, virtual application packages, or both.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Optimized for Performance</th>
+<th align="left">Optimized for Storage</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>To provide the most optimal user experience, this approach leverages the capabilities of a UPM solution and requires additional image preparation and can incur some additional image management overhead.</p>
+<p>The following describes many performance improvements in stateful non-persistent deployments. For more information, see [Sequencing Steps to Optimize Packages for Publishing Performance](#sequencing-steps-to-optimize-packages-for-publishing-performance) later in this topic.</p></td>
+<td align="left"><p>The general expectations of the previous scenario still apply here. However, keep in mind that VM images are typically stored in very costly arrays; a slight alteration has been made to the approach. Do not pre-configure user-targeted virtual application packages in the base image.</p>
+<p>The impact of this alteration is detailed in the [User Experience Walk-through](#bkmk-uewt) section of this document.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### <a href="" id="bkmk-pe"></a>Preparing your Environment
+
+The following table displays the required steps to prepare the base image and the UE-V or another UPM solution for the approach.
+
+**Prepare the Base Image**
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Optimized for Performance</th>
+<th align="left">Optimized for Storage</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p></p>
+<ul>
+<li><p>Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).</p></li>
+<li><p>Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.</p></li>
+<li><p>Configure for Shared Content Store (SCS) mode. For more information see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).</p></li>
+<li><p>Configure Preserve User Integrations on Login Registry DWORD.</p></li>
+<li><p>Pre-configure all user- and global-targeted packages for example, <strong>Add-AppvClientPackage</strong>.</p></li>
+<li><p>Pre-configure all user- and global-targeted connection groups for example, <strong>Add-AppvClientConnectionGroup</strong>.</p></li>
+<li><p>Pre-publish all global-targeted packages.</p>
+<p></p>
+<p>Alternatively,</p>
+<ul>
+<li><p>Perform a global publishing/refresh.</p></li>
+<li><p>Perform a user publishing/refresh.</p></li>
+<li><p>Un-publish all user-targeted packages.</p></li>
+<li><p>Delete the following user-Virtual File System (VFS) entries.</p></li>
+</ul>
+<p><code>AppData\Local\Microsoft\AppV\Client\VFS</code></p>
+<p><code>AppData\Roaming\Microsoft\AppV\Client\VFS</code></p></li>
+</ul></td>
+<td align="left"><p></p>
+<ul>
+<li><p>Enable the App-V client as described in [Enable the App-V in-box client](appv-enable-the-app-v-desktop-client.md).</p></li>
+<li><p>Enable UE-V and download the App-V Settings Template from the UE-V template Gallery, see the following steps.</p></li>
+<li><p>Configure for Shared Content Store (SCS) mode. For more information see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).</p></li>
+<li><p>Configure Preserve User Integrations on Login Registry DWORD.</p></li>
+<li><p>Pre-configure all global-targeted packages for example, <strong>Add-AppvClientPackage</strong>.</p></li>
+<li><p>Pre-configure all global-targeted connection groups for example, <strong>Add-AppvClientConnectionGroup</strong>.</p></li>
+<li><p>Pre-publish all global-targeted packages.</p>
+<p></p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Configurations** - For critical App-V Client configurations and for a little more context and how-to, review the following information:
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Configuration Setting</th>
+<th align="left">What does this do?</th>
+<th align="left">How should I use it?</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Shared Content Store (SCS) Mode</p>
+<ul>
+<li><p>Configurable in Windows PowerShell with `Set-AppvClientConfiguration -SharedContentStoreMode 1`<br>or configurable with Group Policy, as described in [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).</p></li>
+</ul></td>
+<td align="left"><p>When running the shared content store only publishing data is maintained on hard disk; other virtual application assets are maintained in memory (RAM).</p>
+<p>This helps to conserve local storage and minimize disk I/O per second (IOPS).</p></td>
+<td align="left"><p>This is recommended when low-latency connections are available between the App-V Client endpoint and the SCS content server, SAN.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>PreserveUserIntegrationsOnLogin</p>
+<ul>
+<li><p>Configure in the Registry under <strong>HKEY_LOCAL_MACHINE</strong> \ <strong>Software</strong> \ <strong>Microsoft</strong> \ <strong>AppV</strong> \ <strong>Client</strong> \ <strong>Integration</strong>.</p></li>
+<li><p>Create the DWORD value <strong>PreserveUserIntegrationsOnLogin</strong> with a value of <strong>1</strong>.</p></li>
+<li><p>Restart the App-V client service or restart the computer running the App-V Client.</p></li>
+</ul></td>
+<td align="left"><p>If you have not pre-configured (<strong>Add-AppvClientPackage</strong>) a specific package and this setting is not configured, the App-V Client will de-integrate* the persisted user integrations, then re-integrate*.</p>
+<p>For every package that meets the above conditions, effectively twice the work will be done during publishing/refresh.</p></td>
+<td align="left"><p>If you don’t plan to pre-configure every available user package in the base image, use this setting.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>MaxConcurrentPublishingRefresh</p>
+<ul>
+<li><p>Configure in the Registry under <strong>HKEY_LOCAL_MACHINE</strong> \ <strong>Software</strong> \ <strong>Microsoft</strong> \ <strong>AppV</strong> \ <strong>Client</strong> \ <strong>Publishing</strong>.</p></li>
+<li><p>Create the DWORD value <strong>MaxConcurrentPublishingrefresh</strong> with the desired maximum number of concurrent publishing refreshes.</p></li>
+<li><p>The App-V client service and computer do not need to be restarted.</p></li>
+</ul></td>
+<td align="left"><p>This setting determines the number of users that can perform a publishing refresh/sync at the same time. The default setting is no limit.</p></td>
+<td align="left"><p>Limiting the number of concurrent publishing refreshes prevents excessive CPU usage that could impact computer performance. This limit is recommended in an RDS environment, where multiple users can log in to the same computer at the same time and perform a publishing refresh sync.</p>
+<p>If the concurrent publishing refresh threshold is reached, the time required to publish new applications and make them available to end users after they log in could take an indeterminate amount of time.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Configure UE-V solution for App-V Approach
+
+We recommend using User Experience Virtualization (UE-V) to capture and centralize application settings and Windows operating system settings for a specific user. These settings are then applied to the different computers that are accessed by the user, including desktop computers, laptop computers, and virtual desktop infrastructure (VDI) sessions. UE-V is optimized for RDS and VDI scenarios.
+
+For more information, see:
+
+- [User Experience Virtualization (UE-V) for Windows 10 overview](uev-for-windows.md)
+
+- [Get Started with UE-V](uev-getting-started.md)
+
+In essence all that is required is to enable the UE-V service and download the following Microsoft authored App-V settings template from the [Microsoft User Experience Virtualization (UE-V) template gallery](http://gallery.technet.microsoft.com/Authored-UE-V-Settings-bb442a33). Register the template. For more information about UE-V templates, see [User Experience Virtualization (UE-V) for Windows 10 overview](uev-for-windows.md).
+
+**Note**  
+Without performing an additional configuration step, User Environment Virtualization (UE-V) will not be able to synchronize the Start menu shortcuts (.lnk files) on the target computer. The .lnk file type is excluded by default.
+
+UE-V will only support removing the .lnk file type from the exclusion list in the RDS and VDI scenarios, where every user’s device will have the same set of applications installed to the same location and every .lnk file is valid for all the users’ devices. For example, UE-V would not currently support the following two scenarios, because the net result will be that the shortcut will be valid on one but not all devices.
+
+-   If a user has an application installed on one device with .lnk files enabled and the same native application installed on another device to a different installation root with .lnk files enabled.
+
+-   If a user has an application installed on one device but not another with .lnk files enabled.
+
+**Important**  
+This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
+
+ 
+
+Using the Microsoft Registry Editor (regedit.exe), navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **UEV** \\ **Agent** \\ **Configuration** \\ **ExcludedFileTypes** and remove **.lnk** from the excluded file types.
+
+## Configure other User Profile Management (UPM) solutions for App-V Approach
+
+The expectation in a stateful environment is that a UPM solution is implemented and can support persistence of user data across sessions and between logins.
+
+The requirements for the UPM solution are as follows.
+
+To enable an optimized login experience, for example the App-V approach for the user, the solution must be capable of:
+
+-   Persisting the below user integrations as part of the user profile/persona.
+
+-   Triggering a user profile sync on login (or application start), which can guarantee that all user integrations are applied before publishing/refresh begin, or,
+
+-   Attaching and detaching a user profile disk (UPD) or similar technology that contains the user integrations.
+
+    **Note**  
+    App-V is supported when using UPD only when the entire profile is stored on the user profile disk.
+
+    App-V packages are not supported when using UPD with selected folders stored in the user profile disk. The Copy on Write driver does not handle UPD selected folders.
+
+     
+
+-   Capturing changes to the locations, which constitute the user integrations, prior to session logoff.
+
+With App-V when you add a publishing server (**Add-AppvPublishingServer**) you can configure synchronization, for example refresh during log on and/or after a specified refresh interval. In both cases a scheduled task is created.
+
+In previous versions of App-V, both scheduled tasks were configured using a VBScript that would initiate the user and global refresh. Starting with Hotfix Package 4 for Application Virtualization 5.0 SP2 the user refresh on log on was initiated by **SyncAppvPublishingServer.exe**. This change was introduced to provide UPM solutions a trigger process. This process delays the publish /refresh to allow the UPM solution to apply the user integrations. It will exit once the publishing/refresh is complete.
+
+### User Integrations
+
+Registry – HKEY\_CURRENT\_USER
+
+-   Path - Software\\Classes
+
+    Exclude: Local Settings, ActivatableClasses, AppX\*
+
+-   Path - Software\\Microsoft\\AppV
+
+-   Path- Software\\Microsoft\\Windows\\CurrentVersion\\App Paths
+
+### File Locations
+
+-   Root – “Environment Variable” APPDATA
+
+    Path – Microsoft\\AppV\\Client\\Catalog
+
+-   Root – “Environment Variable” APPDATA
+
+    Path – Microsoft\\AppV\\Client\\Integration
+
+-   Root – “Environment Variable” APPDATA
+
+    Path - Microsoft\\Windows\\Start Menu\\Programs
+
+-   (To persist all desktop shortcuts, virtual and non-virtual)
+
+    Root - “KnownFolder” {B4BFCC3A-DB2C-424C-B029-7FE99A87C641}FileMask - \*.lnk
+
+### <a href="" id="bkmk-uewt"></a>User Experience Walk-through
+
+This following is a step-by-step walk-through of the App-V and UPM operations and the expectations users should expect.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Optimized for Performance</th>
+<th align="left">Optimized for Storage</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>After implementing this approach in the VDI/RDSH environment, on first login,</p>
+<ul>
+<li><p>(Operation) A user-publishing/refresh is initiated. (Expectation) If this is the first time a user has published virtual applications (e.g. non-persistent), this will take the usual duration of a publishing/refresh.</p></li>
+<li><p>(Operation) After the publishing/refresh, the UPM solution captures the user integrations. (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state.</p></li>
+</ul>
+<p>On subsequent logins:</p>
+<ul>
+<li><p>(Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.</p>
+<p>(Expectation) There will be shortcuts present on the desktop, or in the start menu, which work immediately. When the publishing/refresh completes (i.e., package entitlements change), some may go away.</p></li>
+<li><p>(Operation) Publishing/refresh will process un-publish and publish operations for changes in user package entitlements. (Expectation) If there are no entitlement changes, publishing1 will complete in seconds. Otherwise, the publishing/refresh will increase relative to the number and complexity* of virtual applications</p></li>
+<li><p>(Operation) UPM solution will capture user integrations again at logoff. (Expectation) Same as previous.</p></li>
+</ul>
+<p>¹ The publishing operation (<strong>Publish-AppVClientPackage</strong>) adds entries to the user catalog, maps entitlement to the user, identifies the local store, and finishes by completing any integration steps.</p></td>
+<td align="left"><p>After implementing this approach in the VDI/RDSH environment, on first login,</p>
+<ul>
+<li><p>(Operation) A user-publishing/refresh is initiated. (Expectation)</p>
+<ul>
+<li><p>If this is the first time a user has published virtual applications (e.g., non-persistent), this will take the usual duration of a publishing/refresh.</p></li>
+<li><p>First and subsequent logins will be impacted by pre-configuring of packages (add/refresh).</p>
+<p></p></li>
+</ul></li>
+<li><p>(Operation) After the publishing/refresh, the UPM solution captures the user integrations. (Expectation) Depending on how the UPM solution is configured, this may occur as part of the logoff process. This will incur the same/similar overhead as persisting the user state</p></li>
+</ul>
+<p>On subsequent logins:</p>
+<ul>
+<li><p>(Operation) UPM solution applies the user integrations to the system prior to publishing/refresh.</p></li>
+<li><p>(Operation) Add/refresh must pre-configure all user targeted applications. (Expectation)</p>
+<ul>
+<li><p>This may increase the time to application availability significantly (on the order of 10’s of seconds).</p></li>
+<li><p>This will increase the publishing refresh time relative to the number and complexity* of virtual applications.</p>
+<p></p></li>
+</ul></li>
+<li><p>(Operation) Publishing/refresh will process un-publish and publish operations for changes to user package entitlements.</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Outcome</th>
+<th align="left">Outcome</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p></p>
+<ul>
+<li><p>Because the user integrations are entirely preserved, there will be no work for example, integration for the publishing/refresh to complete. All virtual applications will be available within seconds of login.</p></li>
+<li><p>The publishing/refresh will process changes to the users entitled virtual applications which impacts the experience.</p></li>
+</ul></td>
+<td align="left"><p>Because the add/refresh must re-configure all the virtual applications to the VM, the publishing refresh time on every login will be extended.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### <a href="" id="bkmk-plc"></a>Impact to Package Life Cycle
+
+Upgrading a package is a crucial aspect of the package lifecycle. To help guarantee users have access to the appropriate upgraded (published) or downgraded (un-published) virtual application packages, it is recommended you update the base image to reflect these changes. To understand why review the following section:
+
+App-V 5.0 SP2 introduced the concept of pending states. In the past,
+
+-   If an administrator changed entitlements or created a new version of a package (upgraded) and during a publishing/refresh that package was in-use, the un-publish or publish operation, respectively, would fail.
+
+-   Now, if a package is in-use the operation will be pended. The un-publish and publish-pend operations will be processed on service restart or if another publish or un-publish command is issued. In the latter case, if the virtual application is in-use otherwise, the virtual application will remain in a pending state. For globally published packages, a restart (or service restart) often needed.
+
+In a non-persistent environment, it is unlikely these pended operations will be processed. The pended operations, for example tasks are captured under **HKEY\_CURRENT\_USER** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Client** \\ **PendingTasks**. Although this location is persisted by the UPM solution, if it is not applied to the environment prior to log on, it will not be processed.
+
+### <a href="" id="bkmk-evdi"></a>Enhancing the VDI Experience through Performance Optimization Tuning
+
+The following section contains lists with information about Microsoft documentation and downloads that may be useful when optimizing your environment for performance.
+
+<!-- Following bold text used to say **.NET NGEN Blog and Script (Highly Recommended)**  but the script doesn't seem to exist any more. The link to the script was [Script](http://aka.ms/DrainNGenQueue)  -->
+
+**.NET NGEN Blog (Highly Recommended)**
+
+-   [How to speed up NGEN optimization](http://blogs.msdn.com/b/dotnet/archive/2013/08/06/wondering-why-mscorsvw-exe-has-high-cpu-usage-you-can-speed-it-up.aspx)
+
+**Windows Server and Server Roles**
+
+Server Performance Tuning Guidelines for
+
+-   [Microsoft Windows Server 2012 R2](http://msdn.microsoft.com/library/windows/hardware/dn529133.aspx)
+
+-   [Microsoft Windows Server 2012](http://download.microsoft.com/download/0/0/B/00BE76AF-D340-4759-8ECD-C80BC53B6231/performance-tuning-guidelines-windows-server-2012.docx)
+
+-   [Microsoft Windows Server 2008 R2](http://download.microsoft.com/download/6/B/2/6B2EBD3A-302E-4553-AC00-9885BBF31E21/Perf-tun-srv-R2.docx)
+
+**Server Roles**
+
+-   [Remote Desktop Virtualization Host](http://msdn.microsoft.com/library/windows/hardware/dn567643.aspx)
+
+-   [Remote Desktop Session Host](http://msdn.microsoft.com/library/windows/hardware/dn567648.aspx)
+
+-   [IIS Relevance: App-V Management, Publishing, Reporting Web Services](http://msdn.microsoft.com/library/windows/hardware/dn567678.aspx)
+
+-   [File Server (SMB) Relevance: If used for App-V Content Storage and Delivery in SCS Mode](http://technet.microsoft.com/library/jj134210.aspx)
+
+**Windows Client (Guest OS) Performance Tuning Guidance**
+
+-   [Microsoft Windows 7](http://download.microsoft.com/download/E/5/7/E5783D68-160B-4366-8387-114FC3E45EB4/Performance Tuning Guidelines for Windows 7 Desktop Virtualization v1.9.docx)
+
+-   [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2012/10/15/the-microsoft-premier-field-engineer-pfe-view-on-virtual-desktop-vdi-density.aspx)
+
+-   [Microsoft Windows 8](http://download.microsoft.com/download/6/0/1/601D7797-A063-4FA7-A2E5-74519B57C2B4/Windows_8_VDI_Image_Client_Tuning_Guide.pdf)
+
+-   [Optimization Script: (Provided by Microsoft Support)](http://blogs.technet.com/b/jeff_stokes/archive/2013/04/09/hot-off-the-presses-get-it-now-the-windows-8-vdi-optimization-script-courtesy-of-pfe.aspx)
+
+## Sequencing Steps to Optimize Packages for Publishing Performance
+
+Several App-V features facilitate new scenarios or enable new customer deployment scenarios. These following features can impact the performance of the publishing and launch operations.
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Step</th>
+<th align="left">Consideration</th>
+<th align="left">Benefits</th>
+<th align="left">Tradeoffs</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>No Feature Block 1 (FB1, also known as Primary FB)</p></td>
+<td align="left"><p>No FB1 means the application will launch immediately and stream fault (application requires file, DLL and must pull down over the network) during launch. If there are network limitations, FB1 will:</p>
+<ul>
+<li><p>Reduce the number of stream faults and network bandwidth used when you launch an application for the first time.</p></li>
+<li><p>Delay launch until the entire FB1 has been streamed.</p></li>
+</ul></td>
+<td align="left"><p>Stream faulting decreases the launch time.</p></td>
+<td align="left"><p>Virtual application packages with FB1 configured will need to be re-sequenced.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Removing FB1
+
+Removing FB1 does not require the original application installer. After completing the following steps, it is suggested that you revert the computer running the sequencer to a clean snapshot.
+
+**Sequencer UI** - Create a New Virtual Application Package.
+
+1.  Complete the sequencing steps up to Customize -&gt; Streaming.
+
+2.  At the Streaming step, do not select **Optimize the package for deployment over slow or unreliable network**.
+
+3.  If desired, move on to **Target OS**.
+
+**Modify an Existing Virtual Application Package**
+
+1.  Complete the sequencing steps up to Streaming.
+
+2.  Do not select **Optimize the package for deployment over a slow or unreliable network**.
+
+3.  Move to **Create Package**.
+
+**Windows PowerShell** - Update an Existing Virtual Application Package.
+
+1.  Open an elevated Windows PowerShell session.
+
+2.  Import-module **appvsequencer**.
+
+3.  **Update-AppvSequencerPackage** - **AppvPackageFilePath**
+
+    "C:\\Packages\\MyPackage.appv" -Installer
+
+    "C:\\PackageInstall\\PackageUpgrade.exe empty.exe" -OutputPath
+
+    "C:\\UpgradedPackages"
+
+    **Note**  
+    This cmdlet requires an executable (.exe) or batch file (.bat). You must provide an empty (does nothing) executable or batch file.
+
+     
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Step</th>
+<th align="left">Considerations</th>
+<th align="left">Benefits</th>
+<th align="left">Tradeoffs</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>No SXS Install at Publish (Pre-Install SxS assemblies)</p></td>
+<td align="left"><p>Virtual Application packages do not need to be re-sequenced. SxS Assemblies can remain in the virtual application package.</p></td>
+<td align="left"><p>The SxS Assembly dependencies will not install at publishing time.</p></td>
+<td align="left"><p>SxS Assembly dependencies must be pre-installed.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Creating a new virtual application package on the sequencer
+
+If, during sequencer monitoring, an SxS Assembly (such as a VC++ Runtime) is installed as part of an application’s installation, SxS Assembly will be automatically detected and included in the package. The administrator will be notified and will have the option to exclude the SxS Assembly.
+
+**Client Side**:
+
+When publishing a virtual application package, the App-V Client will detect if a required SxS dependency is already installed. If the dependency is unavailable on the computer and it is included in the package, a traditional Windows Insataller (.**msi**) installation of the SxS assembly will be initiated. As previously documented, simply install the dependency on the computer running the client to ensure that the Windows Installer (.msi) installation will not occur.
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Step</th>
+<th align="left">Considerations</th>
+<th align="left">Benefits</th>
+<th align="left">Tradeoffs</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Selectively Employ Dynamic Configuration files</p></td>
+<td align="left"><p>The App-V client must parse and process these Dynamic Configuration files.</p>
+<p>Be conscious of size and complexity (script execution, VREG inclusions/exclusions) of the file.</p>
+<p>Numerous virtual application packages may already have User- or computer–specific dynamic configurations files.</p></td>
+<td align="left"><p>Publishing times will improve if these files are used selectively or not at all.</p></td>
+<td align="left"><p>Virtual application packages would need to be reconfigured individually or via the App-V server management console to remove associated Dynamic Configuration files.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Disabling a Dynamic Configuration by using Windows Powershell
+
+-   For already published packages, you can use `Set-AppVClientPackage –Name Myapp –Path c:\Packages\Apps\MyApp.appv` without
+
+    **-DynamicDeploymentConfiguration** parameter
+
+-   Similarly, when adding new packages using `Add-AppVClientPackage –Path c:\Packages\Apps\MyApp.appv`, do not use the
+
+    **-DynamicDeploymentConfiguration** parameter.
+
+For documentation on How to Apply a Dynamic Configuration, see:
+
+-   [How to Apply the User Configuration File by Using Windows PowerShell](appv-apply-the-user-configuration-file-with-powershell.md)
+
+-   [How to Apply the Deployment Configuration File by Using Windows PowerShell](appv-apply-the-deployment-configuration-file-with-powershell.md)
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Step</th>
+<th align="left">Considerations</th>
+<th align="left">Benefits</th>
+<th align="left">Tradeoffs</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Account for Synchronous Script Execution during Package Lifecycle.</p></td>
+<td align="left"><p>If script collateral is embedded in the package, Add cmdlets may be significantly slower.</p>
+<p>Running of scripts during virtual application launch (StartVirtualEnvironment, StartProcess) and/or Add+Publish will impact the perceived performance during one or more of these lifecycle operations.</p></td>
+<td align="left"><p>Use of Asynchronous (Non-Blocking) Scripts will ensure that the lifecycle operations complete efficiently.</p></td>
+<td align="left"><p>This step requires working knowledge of all virtual application packages with embedded script collateral, which have associated dynamic configurations files and which reference and run scripts synchronously.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Remove Extraneous Virtual Fonts from Package.</p></td>
+<td align="left"><p>The majority of applications investigated by the App-V product team contained a small number of fonts, typically fewer than 20.</p></td>
+<td align="left"><p>Virtual Fonts impact publishing refresh performance.</p></td>
+<td align="left"><p>Desired fonts will need to be enabled/installed natively. For instructions, see Install or uninstall fonts.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Determining what virtual fonts exist in the package
+
+-   Make a copy of the package.
+
+-   Rename Package\_copy.appv to Package\_copy.zip
+
+-   Open AppxManifest.xml and locate the following:
+
+    ```
+    <appv:Extension Category="AppV.Fonts">
+    <appv:Fonts>
+    <appv:Font Path="[{Fonts}]\private\CalibriL.ttf" DelayLoad="true"></appv:Font>
+    </appv:Fonts>
+    ```
+
+    **Note**&nbsp;&nbsp;If there are fonts marked as **DelayLoad**, those will not impact first launch.
+
+
+### Excluding virtual fonts from the package
+
+Use the dynamic configuration file that best suits the user scope – deployment configuration for all users on computer, user configuration for specific user or users.
+
+-   Disable fonts with the deployment or user configuration.
+
+Fonts
+
+```
+-->
+<Fonts Enabled="false" />
+<!--
+```
+
+## <a href="" id="bkmk-terms1"></a> App-V Performance Guidance Terminology
+
+
+The following terms are used when describing concepts and actions related to App-V performance optimization.
+
+-   **Complexity** – Refers to the one or more package characteristics that may impact performance during pre-configure (**Add-AppvClientPackage**) or integration (**Publish-AppvClientPackage**). Some example characteristics are: manifest size, number of virtual fonts, number of files.
+
+-   **De-Integrate** – Removes the user integrations
+
+-   **Re-Integrate** – Applies the user integrations.
+
+-   **Non-Persistent, Pooled** – Creates a computer running a virtual environment each time they log in.
+
+-   **Persistent, Personal** – A computer running a virtual environment that remains the same for every login.
+
+-   **Stateful** - For this document, implies that user integrations are persisted between sessions and a user environment management technology is used in conjunction with non-persistent RDSH or VDI.
+
+-   **Stateless** – Represents a scenario when no user state is persisted between sessions.
+
+-   **Trigger** – (or Native Action Triggers). UPM uses these types of triggers to initiate monitoring or synchronization operations.
+
+-   **User Experience** - In the context of App-V, the user experience, quantitatively, is the sum of the following parts:
+
+    -   From the point that users initiate a log-in to when they are able to manipulate the desktop.
+
+    -   From the point where the desktop can be interacted with to the point a publishing refresh begins (in Windows PowerShell terms, sync) when using the App-V full server infrastructure. In standalone instances, it is when the **Add-AppVClientPackage** and **Publish-AppVClientPackage** Windows Powershell commands are initiated.
+
+    -   From start to completion of the publishing refresh. In standalone instances, this is the first to last virtual application published.
+
+    -   From the point where the virtual application is available to launch from a shortcut. Alternatively, it is from the point at which the file type association is registered and will launch a specified virtual application.
+
+-   **User Profile Management** – The controlled and structured approach to managing user components associated with the environment. For example, user profiles, preference and policy management, application control and application deployment. You can use scripting or third-party solutions configure the environment as needed.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Application Virtualization (App-V) overview](appv-for-windows.md)
diff --git a/windows/manage/appv-planning-checklist.md b/windows/manage/appv-planning-checklist.md
new file mode 100644
index 0000000000..34315d038a
--- /dev/null
+++ b/windows/manage/appv-planning-checklist.md
@@ -0,0 +1,83 @@
+---
+title: App-V Planning Checklist (Windows 10)
+description: App-V Planning Checklist
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# App-V Planning Checklist
+
+**Applies to**
+-   Windows 10, version 1607
+
+This checklist can be used to help you plan for preparing your organization for an App-V deployment.
+
+> [!NOTE]    
+> This checklist outlines the recommended steps and a high-level list of items to consider when planning for an App-V deployment. It is recommended that you copy this checklist and customize it for your use.
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left"></th>
+<th align="left">Task</th>
+<th align="left">References</th>
+<th align="left">Notes</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>Review the getting started information about App-V to gain a basic understanding of the product before beginning deployment planning.</p></td>
+<td align="left"><p>[Getting Started with App-V](appv-getting-started.md)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>Plan for App-V deployment prerequisites and prepare your computing environment.</p></td>
+<td align="left"><p>[App-V Prerequisites](appv-prerequisites.md)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>If you plan to use the App-V management server, plan for the required roles.</p></td>
+<td align="left"><p>[Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>Plan for the App-V sequencer and client so you to create and run virtualized applications.</p></td>
+<td align="left"><p>[Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>If applicable, review the options and steps for migrating from a previous version of App-V.</p></td>
+<td align="left"><p>[Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><img src="images/checklistbox.gif" alt="Checklist box" /></td>
+<td align="left"><p>Decide whether to configure App-V clients in Shared Content Store mode.</p></td>
+<td align="left"><p>[Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)</p></td>
+<td align="left"><p></p></td>
+</tr>
+</tbody>
+</table>
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Planning for App-V](appv-planning-for-appv.md)
diff --git a/windows/manage/appv-planning-folder-redirection-with-appv.md b/windows/manage/appv-planning-folder-redirection-with-appv.md
new file mode 100644
index 0000000000..fbbe90799e
--- /dev/null
+++ b/windows/manage/appv-planning-folder-redirection-with-appv.md
@@ -0,0 +1,149 @@
+---
+title: Planning to Use Folder Redirection with App-V (Windows 10)
+description: Planning to Use Folder Redirection with App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Planning to Use Folder Redirection with App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+Microsoft Application Virtualization (App-V) supports the use of folder redirection, a feature that enables users and administrators to redirect the path of a folder to a new location.
+
+This topic contains the following sections:
+
+-   [Requirements for using folder redirection](#bkmk-folder-redir-reqs)
+
+-   [How to configure folder redirection for use with App-V](#bkmk-folder-redir-cfg)
+
+-   [How folder redirection works with App-V](#bkmk-folder-redir-works)
+
+-   [Overview of folder redirection](#bkmk-folder-redir-overview)
+
+## <a href="" id="bkmk-folder-redir-reqs"></a>Requirements and unsupported scenarios for using folder redirection
+
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Requirements</p></td>
+<td align="left"><p>To use %AppData% folder redirection, you must:</p>
+<ul>
+<li><p>Have an App-V package that has an AppData virtual file system (VFS) folder.</p></li>
+<li><p>Enable folder redirection and redirect users’ folders to a shared folder, typically a network folder.</p></li>
+<li><p>Roam both or neither of the following:</p>
+<ul>
+<li><p>Files under %appdata%\Microsoft\AppV\Client\Catalog</p></li>
+<li><p>Registry settings under HKEY_CURRENT_USER\Software\Microsoft\AppV\Client\Packages</p>
+<p>For more detail, see [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md#bkmk-clt-inter-roam-reqs).</p></li>
+</ul></li>
+<li><p>Ensure that the following folders are available to each user who logs into the computer that is running the App-V client:</p>
+<ul>
+<li><p>%AppData% is configured to the desired network location (with or without [Offline Files](http://technet.microsoft.com/library/cc780552.aspx) support).</p></li>
+<li><p>%LocalAppData% is configured to the desired local folder.</p></li>
+</ul></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Unsupported scenarios</p></td>
+<td align="left"><ul>
+<li><p>Configuring %LocalAppData% as a network drive.</p></li>
+<li><p>Redirecting the Start menu to a single folder for multiple users.</p></li>
+<li><p>If roaming AppData (%AppData%) is redirected to a network share that is not available, App-V applications will fail to launch, unless the unavailable network share has been enabled for Offline Files.</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## <a href="" id="bkmk-folder-redir-cfg"></a>How to configure folder redirection for use with App-V
+
+
+Folder redirection can be applied to different folders, such as Desktop, My Documents, My Pictures, etc. However, the only folder that impacts the use of App-V applications is the user’s roaming AppData folder (%AppData%). You can apply folder redirection to any other supported folders without impacting App-V.
+
+## <a href="" id="bkmk-folder-redir-works"></a>How folder redirection works with App-V
+
+
+The following table describes how folder redirection works when %AppData% is redirected to a network and when you have met the requirements listed earlier in this article.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Virtual environment state</th>
+<th align="left">Action that occurs</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>When the virtual environment starts</p></td>
+<td align="left"><p>The virtual file system (VFS) AppData folder is mapped to the local AppData folder (%LocalAppData%) instead of to the user’s roaming AppData folder (%AppData%).</p>
+<ul>
+<li><p>LocalAppData contains a local cache of the user’s roaming AppData folder for the package in use. The local cache is located under:</p>
+<p><code>%LocalAppData%\Microsoft\AppV\Client\VFS\PackageGUID\AppData</code></p></li>
+<li><p>The latest data from the user’s roaming AppData folder is copied to and replaces the data currently in the local cache.</p></li>
+<li><p>While the virtual environment is running, data continues to be saved to the local cache. Data is served only out of %LocalAppData% and is not moved or synchronized with %AppData% until the end user shuts down the computer.</p></li>
+<li><p>Entries to the AppData folder are made using the user context, not the system context.</p></li>
+</ul>
+</td>
+</tr>
+<tr class="even">
+<td align="left"><p>When the virtual environment shuts down</p></td>
+<td align="left"><p>The local cached data in AppData (roaming) is zipped up and copied to the “real” roaming AppData folder in %AppData%. A time stamp, which indicates the last known upload, is simultaneously saved as a registry key under:</p>
+<p><code>HKCU\Software\Microsoft\AppV\Client\Packages\&lt;PACKAGE_GUID&gt;\AppDataTime</code></p>
+<p>To provide redundancy, App-V keeps the three most recent copies of the compressed data under %AppData%.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## <a href="" id="bkmk-folder-redir-overview"></a>Overview of folder redirection
+
+
+<table>
+<colgroup>
+<col width="30%" />
+<col width="70%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Purpose</p></td>
+<td align="left"><p>Enables end users to work with files, which have been redirected to another folder, as if the files still existed on the local drive.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Description</p></td>
+<td align="left"><p>Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network.</p>
+<ul>
+<li><p>Folder redirection allows users and administrators to redirect the path of a folder to a network location. The documents in the folder are available to the user from any computer on the network.</p></li>
+<li><p>The new location can be a folder on the local computer or a folder on a shared network.</p></li>
+<li><p>Folder redirection updates the files immediately, whereas roaming data is typically synchronized when the user logs in or logs off.</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Usage example</p></td>
+<td align="left"><p>You can redirect the Documents folder, which is usually stored on the computer's local hard disk, to a network location. The user can access the documents in the folder from any computer on the network.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>More resources</p></td>
+<td align="left"><p>[Folder redirection overview](http://technet.microsoft.com/library/cc778976.aspx)</p></td>
+</tr>
+</tbody>
+</table>
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-planning-for-appv-server-deployment.md b/windows/manage/appv-planning-for-appv-server-deployment.md
new file mode 100644
index 0000000000..ecaa45a9f1
--- /dev/null
+++ b/windows/manage/appv-planning-for-appv-server-deployment.md
@@ -0,0 +1,106 @@
+---
+title: Planning for the App-V Server Deployment (Windows 10)
+description: Planning for the App-V 5.1 Server Deployment
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Planning for the App-V Server Deployment
+
+**Applies to**
+-   Windows Server 2016
+
+The Microsoft Application Virtualization (App-V) server infrastructure consists of a set of specialized features that can be installed on one or more server computers, based on the requirements of the enterprise.
+
+## Planning for App-V Server Deployment
+
+
+The App-V server consists of the following features:
+
+-   Management Server – provides overall management functionality for the App-V infrastructure.
+
+-   Management Database – facilitates database predeployments for App-V management.
+
+-   Publishing Server – provides hosting and streaming functionality for virtual applications.
+
+-   Reporting Server – provides App-V reporting services.
+
+-   Reporting Database – facilitates database predeployments for App-V reporting.
+
+The following list displays the recommended methods for installing the App-V server infrastructure:
+
+-   Install the App-V server. For more information, see [How to Deploy the App-V Server](appv-deploy-the-appv-server.md).
+
+-   Install the database, reporting, and management features on separate computers. For more information, see [How to Install the Management and Reporting Databases on Separate Computers from the Management and Reporting Services](appv-install-the-management-and-reporting-databases-on-separate-computers.md).
+
+-   Use Electronic Software Distribution (ESD). For more information, see [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md).
+
+-   Install all server features on a single computer.
+
+## <a href="" id="---------app-v-5-1-server-interaction"></a> App-V Server Interaction
+
+
+This section contains information about how the various App-V server roles interact with each other.
+
+The App-V Management Server contains the repository of packages and their assigned configurations. For Publishing Servers that are registered with the Management Server, the associated metadata is provided to the Publishing servers for use when publishing refresh requests are received from computers running the App-V Client. App-V publishing servers managed by a single management server can be serving different clients and can have different website names and port bindings. Additionally, all Publishing Servers managed by the same Management Server are replicas of each other.
+
+**Note**  
+The Management Server does not perform any load balancing. The associated metadata is simply passed to the publishing server for use when processing client requests.
+
+ 
+
+## Server-Related Protocols and External Features
+
+
+The following displays information about server-related protocols used by the App-V servers. The table also includes the reporting mechanism for each server type.
+
+<table>
+<colgroup>
+<col width="20%" />
+<col width="20%" />
+<col width="20%" />
+<col width="20%" />
+<col width="20%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Server Type</th>
+<th align="left">Protocols</th>
+<th align="left">External Features Needed</th>
+<th align="left">Reporting</th>
+<th align="left"></th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>IIS server</p></td>
+<td align="left"><p>HTTP</p>
+<p>HTTPS</p></td>
+<td align="left"><p>This server-protocol combination requires a mechanism to synchronize the content between the Management Server and the Streaming Server. When using HTTP or HTTPS, use an IIS server and a firewall to protect the server from exposure to the Internet.</p></td>
+<td align="left"><p>Internal</p></td>
+<td align="left"></td>
+</tr>
+<tr class="even">
+<td align="left"><p>File</p></td>
+<td align="left"><p>SMB</p></td>
+<td align="left"><p>This server-protocol combination requires support to synchronize the content between the Management Server and the Streaming Server. Use a client computer with file sharing or streaming capability.</p></td>
+<td align="left"><p>Internal</p></td>
+<td align="left"></td>
+</tr>
+</tbody>
+</table>
+
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+
+[Deploying the App-V Server](appv-deploying-the-appv-server.md)
diff --git a/windows/manage/appv-planning-for-appv.md b/windows/manage/appv-planning-for-appv.md
new file mode 100644
index 0000000000..9024c14cc4
--- /dev/null
+++ b/windows/manage/appv-planning-for-appv.md
@@ -0,0 +1,49 @@
+---
+title: Planning for App-V (Windows 10)
+description: Planning for App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Planning for App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use this information to plan how to deploy App-V so that it does not disrupt your users or the network.
+
+## Planning information
+
+-   [Preparing Your Environment for App-V](appv-preparing-your-environment.md)
+
+    This section describes the computing environment requirements and installation prerequisites that should be planned for before beginning App-V setup.
+
+-   [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+
+    This section describes the minimum hardware and software requirements and other planning information for the App-V sequencer and App-V server components.
+
+-   [App-V Planning Checklist](appv-planning-checklist.md)
+
+    Planning checklist that can be used to assist in App-V deployment planning.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Other resources for App-V planning
+
+-   [Application Virtualization (App-V) overview](appv-for-windows.md)
+
+-   [Getting started with App-V](appv-getting-started.md)
+
+-   [Deploying App-V](appv-deploying-appv.md)
+
+-   [Operations for App-V](appv-operations.md)
+
+-   [Troubleshooting App-V](appv-troubleshooting.md)
+
+-   [Technical reference for App-V](appv-technical-reference.md)
diff --git a/windows/manage/appv-planning-for-high-availability-with-appv.md b/windows/manage/appv-planning-for-high-availability-with-appv.md
new file mode 100644
index 0000000000..cf903010b8
--- /dev/null
+++ b/windows/manage/appv-planning-for-high-availability-with-appv.md
@@ -0,0 +1,137 @@
+---
+title: Planning for High Availability with App-V Server
+description: Planning for High Availability with App-V Server
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Planning for High Availability with App-V Server
+
+**Applies to**
+-   Windows 10, version 1607
+
+Microsoft Application Virtualization (App-V) system configurations can take advantage of options that maintain a high level of available service.
+
+Use the information in the following sections to help you understand the options to deploy App-V in a highly available configuration.
+
+-   [Support for Microsoft SQL Server clustering](#bkmk-sqlcluster)
+
+-   [Support for IIS Network Load Balancing](#bkmk-iisloadbal)
+
+-   [Support for clustered file servers when running (SCS) mode](#bkmk-clusterscsmode)
+
+-   [Support for Microsoft SQL Server Mirroring](#bkmk-sqlmirroring)
+
+-   [Support for Microsoft SQL Server Always On](#bkmk-sqlalwayson)
+
+## <a href="" id="bkmk-sqlcluster"></a>Support for Microsoft SQL Server clustering
+
+
+You can run the App-V Management database and Reporting database on computers that are running Microsoft SQL Server clusters. However, you must install the databases using scripts.
+
+For instructions, see [How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md).
+
+## <a href="" id="bkmk-iisloadbal"></a>Support for IIS Network Load Balancing
+
+
+You can use Internet Information Services (IIS) Network Load Balancing to configure a highly available environment for computers running the App-V Management, Publishing, and Reporting services which are deployed through IIS.
+
+Review the following for more information about configuring IIS and Network Load Balancing for computers running Windows Server operating systems:
+
+-   Provides information about configuring Internet Information Services (IIS) 7.0.
+
+    [Achieving High Availability and Scalability - ARR and NLB](http://www.iis.net/learn/extensions/configuring-application-request-routing-arr/achieving-high-availability-and-scalability-arr-and-nlb)
+
+-   Configuring Microsoft Windows Server
+
+    [Network Load Balancing Overview](https://technet.microsoft.com/library/hh831698(v=ws.11).aspx).
+
+    This information also applies to IIS Network Load Balancing (NLB) clusters in Windows Server 2008, Windows Server 2008 R2, or Windows Server 2012.
+
+    **Note**  
+    The IIS Network Load Balancing functionality in Windows Server 2012 is generally the same as in Windows Server 2008 R2. However, some task details are changed in Windows Server 2012. For information on new ways to do tasks, see [Common Management Tasks and Navigation in Windows](https://technet.microsoft.com/library/hh831491.aspx).
+
+## <a href="" id="bkmk-clusterscsmode"></a>Support for clustered file servers when running SCS mode
+
+Running App-V Server in Shared Content Store (SCS) mode with clustered file servers is supported.
+
+The following steps can be used to enable this configuration:
+
+-   Configure the App-V client to run in Shared Content Store mode. For more information, see [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md).
+
+-   Configure the file server cluster, configured in either the scale out mode (which started with Windows Server 2012) or the earlier clustering mode, with a virtual SAN.
+
+The following steps can be used to validate the configuration:
+
+1.  Add a package on the publishing server. For more information about adding a package, see [How to Add or Upgrade Packages by Using the Management Console](appv-add-or-upgrade-packages-with-the-management-console.md).
+
+2.  Perform a publishing refresh on the computer running the App-V client and open an application.
+
+3.  Switch cluster nodes mid-publishing refresh and mid-streaming to ensure failover works correctly.
+
+Review the following for more information about configuring Windows Server Failover clusters:
+
+-   [Create a Failover Cluster](https://technet.microsoft.com/library/dn505754(v=ws.11).aspx).
+
+-   [Use Cluster Shared Volumes in a Failover Cluster](https://technet.microsoft.com/library/jj612868(v=ws.11).aspx).
+
+## <a href="" id="bkmk-sqlmirroring"></a>Support for Microsoft SQL Server Mirroring
+
+Using Microsoft SQL Server mirroring, where the App-V management server database is mirrored utilizing two SQL Server instances, for App-V management server databases is supported.
+
+Review the following for more information about configuring Microsoft SQL Server Mirroring:
+
+-   [Prepare a Mirror Database for Mirroring (SQL Server)](https://technet.microsoft.com/library/ms189053.aspx)
+
+-   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://msdn.microsoft.com/library/ms188712.aspx)
+
+The following steps can be used to validate the configuration:
+
+1.  Initiate a Microsoft SQL Server Mirroring session.
+
+2.  Select **Failover** to designate a new master Microsoft SQL Server instance.
+
+3.  Verify that the App-V management server continues to function as expected after the failover.
+
+The connection string on the management server can be modified to include **failover partner = &lt;server2&gt;**. This will only help when the primary on the mirror has failed over to the secondary and the computer running the App-V client is doing a fresh connection (say after reboot).
+
+Use the following steps to modify the connection string to include **failover partner = &lt;server2&gt;**:
+
+**Important**  
+This topic describes how to change the Windows registry by using Registry Editor. If you change the Windows registry incorrectly, you can cause serious problems that might require you to reinstall Windows. You should make a backup copy of the registry files (System.dat and User.dat) before you change the registry. Microsoft cannot guarantee that the problems that might occur when you change the registry can be resolved. Change the registry at your own risk.
+
+
+1.  Login to the management server and open **regedit**.
+
+2.  Navigate to **HKEY\_LOCAL\_MACHINE** \\ **Software** \\ **Microsoft** \\ **AppV** \\ **Server** \\ **ManagementService**.
+
+3.  Modify the **MANAGEMENT\_SQL\_CONNECTION\_STRING** value with the **failover partner = &lt;server2&gt;**.
+
+4.  Restart management service using the IIS console.
+
+    **Note**  
+    Database Mirroring is on the list of Deprecated Database Engine Features for Microsoft SQL Server 2012 due to the **AlwaysOn** feature available starting with Microsoft SQL Server 2012.
+
+Click any of the following links for more information:
+
+-   [Prepare a Mirror Database for Mirroring (SQL Server)](https://technet.microsoft.com/library/ms189053.aspx).
+
+-   [Establish a Database Mirroring Session Using Windows Authentication (SQL Server Management Studio)](https://technet.microsoft.com/library/ms188712(v=sql.130).aspx).
+
+-   [Deprecated Database Engine Features in SQL Server 2012](https://msdn.microsoft.com/library/ms143729(v=sql.110).aspx).
+
+## <a href="" id="bkmk-sqlalwayson"></a>Support for Microsoft SQL Server Always On configuration
+
+The App-V management server database supports deployments to computers running Microsoft SQL Server with the **Always On** configuration. For more information, see [Always On Availability Groups (SQL Server)](https://technet.microsoft.com/library/hh510230.aspx).
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
diff --git a/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md b/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md
new file mode 100644
index 0000000000..5b98eac02b
--- /dev/null
+++ b/windows/manage/appv-planning-for-migrating-from-a-previous-version-of-appv.md
@@ -0,0 +1,4 @@
+---
+title: Planning for Migrating from a Previous Version of App-V (Windows 10)
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/appv-migrating-to-appv-from-a-previous-version
+---
diff --git a/windows/manage/appv-planning-for-sequencer-and-client-deployment.md b/windows/manage/appv-planning-for-sequencer-and-client-deployment.md
new file mode 100644
index 0000000000..bd7f629151
--- /dev/null
+++ b/windows/manage/appv-planning-for-sequencer-and-client-deployment.md
@@ -0,0 +1,71 @@
+---
+title: Planning for the App-V Sequencer and Client Deployment (Windows 10)
+description: Planning for the App-V Sequencer and Client Deployment
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Planning for the App-V Sequencer and Client Deployment
+
+**Applies to**
+-   Windows 10, version 1607
+
+Before you can use App-V, you must install the App-V Sequencer, enable the App-V client, and optionally the App-V shared content store. The following sections address planning for these installations.
+
+## Planning for App-V Sequencer deployment
+
+
+App-V uses a process called sequencing to create virtualized applications and application packages. Sequencing requires the use of a computer that runs the App-V Sequencer.
+
+> [!NOTE]  
+> For information about the new functionality of App-V sequencer, see [What's new in App-V](appv-about-appv.md#bkmk-seqimprove).
+
+
+The computer that runs the App-V sequencer must meet the minimum system requirements. For a list of these requirements, see [App-V Supported Configurations](appv-supported-configurations.md).
+
+Ideally, you should install the sequencer on a computer running as a virtual machine. This enables you to more easily revert the computer running the sequencer to a “clean” state before sequencing another application. When you install the sequencer using a virtual machine, you should perform the following steps:
+
+1.  Install all associated sequencer prerequisites.
+
+2.  Install the sequencer.
+
+3.  Take a “snapshot” of the environment.
+
+> [!IMPORTANT]  
+>You should have your corporate security team review and approve the sequencing process plan. For security reasons, you should keep the sequencer operations in a lab that is separate from the production environment. The separation arrangement can be as simple or as comprehensive as necessary, based on your business requirements. The sequencing computers must be able to connect to the corporate network to copy finished packages to the production servers. However, because the sequencing computers are typically operated without antivirus protection, they must not be on the corporate network unprotected. For example, you might be able to operate behind a firewall or on an isolated network segment. You might also be able to use virtual machines that are configured to share an isolated virtual network. Follow your corporate security policies to safely address these concerns.
+
+
+## Planning for App-V client deployment
+
+In Windows 10, version 1607, the App-V client is included with the operating system. For more information, see [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
+
+## Planning for the App-V Shared Content Store (SCS)
+
+The App-V Shared Content Store mode allows the computer running the App-V client to run virtualized applications and none of the package contents is saved on the computer running the App-V client. Virtual applications are streamed to target computers only when requested by the client.
+
+The following list displays some of the benefits of using the App-V Shared Content Store:
+
+-   Reduced app-to-app and multi-user application conflicts and hence a reduced need for regression testing
+
+-   Accelerated application deployment by reduction of deployment risk
+
+-   Simplified profile management
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Other resources for the App-V deployment
+
+- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+
+## Related topics
+
+- [How to Install the Sequencer](appv-install-the-sequencer.md)
+
+- [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md)
+
+- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
diff --git a/windows/manage/appv-planning-for-using-appv-with-office.md b/windows/manage/appv-planning-for-using-appv-with-office.md
new file mode 100644
index 0000000000..46907201bd
--- /dev/null
+++ b/windows/manage/appv-planning-for-using-appv-with-office.md
@@ -0,0 +1,312 @@
+---
+title: Planning for Using App-V with Office (Windows 10)
+description: Planning for Using App-V with Office
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Planning for Using App-V with Office
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following information to plan how to deploy Office by using Microsoft Application Virtualization (App-V). This article includes:
+
+-   [App-V support for Language Packs](#bkmk-lang-pack)
+
+-   [Supported versions of Microsoft Office](#bkmk-office-vers-supp-appv)
+
+-   [Planning for using App-V with coexisting versions of Office](#bkmk-plan-coexisting)
+
+-   [How Office integrates with Windows when you deploy use App-V to deploy Office](#bkmk-office-integration-win)
+
+## <a href="" id="bkmk-lang-pack"></a>App-V support for Language Packs
+
+You can use the App-V Sequencer to create plug-in packages for Language Packs, Language Interface Packs, Proofing Tools and ScreenTip Languages. You can then include the plug-in packages in a Connection Group, along with the Office 2013 package that you create by using the Office Deployment Toolkit. The Office applications and the plug-in Language Packs interact seamlessly in the same connection group, just like any other packages that are grouped together in a connection group.
+
+**Note**  
+Microsoft Visio and Microsoft Project do not provide support for the Thai Language Pack.
+
+ 
+
+## <a href="" id="bkmk-office-vers-supp-appv"></a>Supported versions of Microsoft Office
+
+
+The following table lists the versions of Microsoft Office that App-V supports, methods of Office package creation, supported licensing, and supported deployments.
+
+<table>
+<colgroup>
+<col width="20%" />
+<col width="20%" />
+<col width="20%" />
+<col width="20%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Supported Office Version</th>
+<th align="left">Package Creation</th>
+<th align="left">Supported Licensing</th>
+<th align="left">Supported Deployments</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Office 365 ProPlus</p>
+<p>Also supported:</p>
+<ul>
+<li><p>Visio Pro for Office 365</p></li>
+<li><p>Project Pro for Office 365</p></li>
+</ul></td>
+<td align="left"><p>Office Deployment Tool</p></td>
+<td align="left"><p>Subscription</p></td>
+<td align="left"><ul>
+<li><p>Desktop</p></li>
+<li><p>Personal VDI</p></li>
+<li><p>Pooled VDI</p></li>
+<li><p>RDS</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Office Professional Plus 2013</p>
+<p>Also supported:</p>
+<ul>
+<li><p>Visio Professional 2013</p></li>
+<li><p>Project Professional 2013</p></li>
+</ul></td>
+<td align="left"><p>Office Deployment Tool</p></td>
+<td align="left"><p>Volume Licensing</p></td>
+<td align="left"><ul>
+<li><p>Desktop</p></li>
+<li><p>Personal VDI</p></li>
+<li><p>Pooled VDI</p></li>
+<li><p>RDS</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## <a href="" id="bkmk-plan-coexisting"></a>Planning for using App-V with coexisting versions of Office
+
+
+You can install more than one version of Microsoft Office side by side on the same computer by using “Microsoft Office coexistence.” You can implement Office coexistence with combinations of all major versions of Office and with installation methods, as applicable, by using the Windows Installer-based (MSi) version of Office, Click-to-Run, and App-V. However, using Office coexistence is not recommended by Microsoft.
+
+Microsoft’s recommended best practice is to avoid Office coexistence completely to prevent compatibility issues. However, when you are migrating to a newer version of Office, issues occasionally arise that can’t be resolved immediately, so you can temporarily implement coexistence to help facilitate a faster migration to the latest product version. Using Office coexistence on a long-term basis is never recommended, and your organization should have a plan to fully transition in the immediate future.
+
+### Before you implement Office coexistence
+
+Before implementing Office coexistence, review the following Office documentation. Choose the article that corresponds to the newest version of Office for which you plan to implement coexistence.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Office version</th>
+<th align="left">Link to guidance</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Office 2013</p></td>
+<td align="left"><p>[Information about how to use Office 2013 suites and programs (MSI deployment) on a computer that is running another version of Office](http://support.microsoft.com/kb/2784668)</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Office 2010</p></td>
+<td align="left"><p>[Information about how to use Office 2010 suites and programs on a computer that is running another version of Office](http://support.microsoft.com/kb/2121447)</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+The Office documentation provides extensive guidance on coexistence for Windows Installer-based (MSi) and Click-to-Run installations of Office. This App-V topic on coexistence supplements the Office guidance with information that is more specific to App-V deployments.
+
+### Supported Office coexistence scenarios
+
+The following tables summarize the supported coexistence scenarios. They are organized according to the version and deployment method you’re starting with and the version and deployment method you are migrating to. Be sure to fully test all coexistence solutions before deploying them to a production audience.
+
+**Note**  
+Microsoft does not support the use of multiple versions of Office in Windows Server environments that have the Remote Desktop Session Host role service enabled. To run Office coexistence scenarios, you must disable this role service.
+
+ 
+
+### Windows integrations & Office coexistence
+
+The Windows Installer-based and Click-to-Run Office installation methods integrate with certain points of the underlying Windows operating system. When you use coexistence, common operating system integrations between two Office versions can conflict, causing compatibility and user experience issues. With App-V, you can sequence certain versions of Office to exclude integrations, thereby “isolating” them from the operating system.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left"></th>
+<th align="left">Mode in which App-V can sequence this version of Office</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Office 2007</p></td>
+<td align="left"><p>Always non-integrated. App-V does not offer any operating system integrations with a virtualized version of Office 2007.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Office 2010</p></td>
+<td align="left"><p>Integrated and non-integrated mode.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Office 2013</p></td>
+<td align="left"><p>Always integrated. Windows operating system integrations cannot be disabled.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+Microsoft recommends that you deploy Office coexistence with only one integrated Office instance. For example, if you’re using App-V to deploy Office 2010 and Office 2013, you should sequence Office 2010 in non-integrated mode. For more information about sequencing Office in non-integration (isolated) mode, see [How to sequence Microsoft Office 2010 in Microsoft Application Virtualization 5.0](http://support.microsoft.com/kb/2830069).
+
+### Known limitations of Office coexistence scenarios
+
+The following sections describe some issues that you might encounter when using App-V to implement coexistence with Office.
+
+### Limitations common to Windows Installer-based/Click-to-Run and App-V Office coexistence scenarios
+
+The following limitations can occur when you install the following versions of Office on the same computer:
+
+-   Office 2010 by using the Windows Installer-based version
+
+-   Office 2013 by using App-V
+
+After you publish Office 2013 by using App-V side by side with an earlier version of the Windows Installer-based Office 2010 might also cause the Windows Installer to start. This is because the Windows Installer-based or Click-to-Run version of Office 2010 is trying to automatically register itself to the computer.
+
+To bypass the auto-registration operation for native Word 2010, follow these steps:
+
+1.  Exit Word 2010.
+
+2.  Start the Registry Editor by doing the following:
+
+    -   In Windows 7: Click **Start**, type **regedit** in the Start Search box, and then press Enter.
+
+    -   In Windows 8.1 or Windows 10, type **regedit** press Enter on the Start page and then press Enter.
+
+    If you are prompted for an administrator password or for a confirmation, type the password, or click **Continue**.
+
+3.  Locate and then select the following registry subkey:
+
+    ``` syntax
+    HKEY_CURRENT_USER\Software\Microsoft\Office\14.0\Word\Options
+    ```
+
+4.  On the **Edit** menu, click **New**, and then click **DWORD Value**.
+
+5.  Type **NoReReg**, and then press Enter.
+
+6.  Right-click **NoReReg** and then click **Modify**.
+
+7.  In the **Valuedata** box, type **1**, and then click **OK**.
+
+8.  On the File menu, click **Exit** to close Registry Editor.
+
+## <a href="" id="bkmk-office-integration-win"></a>How Office integrates with Windows when you use App-V to deploy Office
+
+
+When you deploy Office 2013 by using App-V, Office is fully integrated with the operating system, which provides end users with the same features and functionality as Office has when it is deployed without App-V.
+
+The Office 2013 App-V package supports the following integration points with the Windows operating system:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Extension Point</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Lync meeting Join Plug-in for Firefox and Chrome</p></td>
+<td align="left"><p>User can join Lync meetings from Firefox and Chrome</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Sent to OneNote Print Driver</p></td>
+<td align="left"><p>User can print to OneNote</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>OneNote Linked Notes</p></td>
+<td align="left"><p>OneNote Linked Notes</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Send to OneNote Internet Explorer Add-In</p></td>
+<td align="left"><p>User can send to OneNote from IE</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Firewall Exception for Lync and Outlook</p></td>
+<td align="left"><p>Firewall Exception for Lync and Outlook</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>MAPI Client</p></td>
+<td align="left"><p>Native apps and add-ins can interact with virtual Outlook through MAPI</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>SharePoint Plug-in for Firefox</p></td>
+<td align="left"><p>User can use SharePoint features in Firefox</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Mail Control Panel Applet</p></td>
+<td align="left"><p>User gets the mail control panel applet in Outlook</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Primary Interop Assemblies</p></td>
+<td align="left"><p>Support managed add-ins</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Office Document Cache Handler</p></td>
+<td align="left"><p>Allows Document Cache for Office applications</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Outlook Protocol Search handler</p></td>
+<td align="left"><p>User can search in outlook</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Active X Controls</p></td>
+<td align="left"><p>For more information on ActiveX controls, refer to [ActiveX Control API Reference](https://msdn.microsoft.com/library/vs/alm/ms440037(v=office.14).aspx).</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>OneDrive Pro Icon Overlays</p></td>
+<td align="left"><p>Windows Explorer shell icon overlays when users look at folders OneDrive Pro folders</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Shell extensions</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Shortcuts</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Search</p></td>
+<td align="left"><p></p></td>
+</tr>
+</tbody>
+</table>
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Deploying Microsoft Office 2013 by Using App-V](appv-deploying-microsoft-office-2013-with-appv.md)
+
+- [Deploying Microsoft Office 2010 by Using App-V](appv-deploying-microsoft-office-2010-wth-appv.md)
diff --git a/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
new file mode 100644
index 0000000000..fa9a2274ee
--- /dev/null
+++ b/windows/manage/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
@@ -0,0 +1,36 @@
+---
+title: Planning to Deploy App-V with an Electronic Software Distribution System (Windows 10)
+description: Planning to Deploy App-V with an Electronic Software Distribution System
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Planning to Deploy App-V with an electronic software distribution system
+
+**Applies to**
+-   Windows 10, version 1607
+
+If you are using an electronic software distribution system to deploy App-V packages, review the following planning considerations. For information about using System Center Configuration Manager to deploy App-V, see [Introduction to Application Management in Configuration Manager](https://technet.microsoft.com/en-us/library/gg682125.aspx#BKMK_Appv).
+
+Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:
+
+| Deployment requirement or option | Description |
+| - | - |
+| The App-V Management server, Management database, and Publishing server are not required. | These functions are handled by the implemented ESD solution. |
+| You can deploy the App-V Reporting server and Reporting database side by side with the ESD. | The side-by-side deployment lets you to collect data and generate reports.<br/>If you enable the App-V client to send report information, and you are not using the App-V Reporting server, the reporting data is stored in associated .xml files. |
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Planning to deploy App-V](appv-planning-to-deploy-appv.md)
+
+- [How to deploy App-V Packages Using Electronic Software Distribution](appv-deploy-appv-packages-with-electronic-software-distribution-solutions.md)
+
+- [How to Enable Only Administrators to Publish Packages by Using an ESD](appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md)
+
diff --git a/windows/manage/appv-planning-to-deploy-appv.md b/windows/manage/appv-planning-to-deploy-appv.md
new file mode 100644
index 0000000000..a0f284e210
--- /dev/null
+++ b/windows/manage/appv-planning-to-deploy-appv.md
@@ -0,0 +1,81 @@
+---
+title: Planning to Deploy App-V (Windows 10)
+description: Planning to Deploy App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Planning to Deploy App-V for Windows 10
+
+**Applies to**
+-   Windows 10, version 1607
+
+There are a number of different deployment configurations and requirements to consider before you deploy App-V for Windows 10. Review this topic for information about what you'll need to formulate a deployment plan that best meets your business requirements.
+
+## App-V supported configurations
+
+Describes the minimum hardware and operating system requirements for each App-V components. For information about software that you must install before you install App-V, see [App-V Prerequisites](appv-prerequisites.md).
+
+[App-V Supported Configurations](appv-supported-configurations.md)
+
+## App-V capacity planning
+
+Describes the available options for scaling your App-V deployment.
+
+[App-V Capacity Planning](appv-capacity-planning.md)
+
+## Planning for high availability with App-V
+
+Describes the available options for ensuring high availability of App-V databases and services.
+
+[Planning for High Availability with App-V](appv-planning-for-high-availability-with-appv.md)
+
+## Planning to Deploy App-V with an Electronic Software Distribution System
+
+Describes the options and requirements for deploying App-V with an electronic software distribution system.
+
+[Planning to Deploy App-V with an Electronic Software Distribution System](appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md)
+
+## Planning for App-V server deployment
+
+Describes the planning considerations for the App-V Server components and their functions.
+
+[Planning for the App-V Server Deployment](appv-planning-for-appv-server-deployment.md)
+
+## Planning for the App-V Sequencer and Client deployment
+
+Describes the planning considerations for the App-V Client and for the Sequencer software, which you use to create virtual applications and application packages.
+
+[Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md)
+
+## Planning for migrating from a previous version of App-V
+
+Describes the recommended path for migrating from previous versions of App-V, while ensuring that existing server configurations, packages and clients continue to work in your new App-V environment.
+
+[Migrating to App-V from a Previous Version](appv-migrating-to-appv-from-a-previous-version.md)
+
+## Planning for using App-V with Office
+
+Describes the requirements for using App-V with Office and explains the supported scenarios, including information about coexisting versions of Office.
+
+[Planning for Using App-V with Office](appv-planning-for-using-appv-with-office.md)
+
+## Planning to use folder redirection with App-V
+
+Explains how folder redirection works with App-V.
+
+[Planning to Use Folder Redirection with App-V](appv-planning-folder-redirection-with-appv.md)
+
+## Other Resources for App-V Planning
+
+-   [Planning for App-V](appv-planning-for-appv.md)
+
+-   [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-preparing-your-environment.md b/windows/manage/appv-preparing-your-environment.md
new file mode 100644
index 0000000000..4441751908
--- /dev/null
+++ b/windows/manage/appv-preparing-your-environment.md
@@ -0,0 +1,36 @@
+---
+title: Preparing Your Environment for App-V (Windows 10)
+description: Preparing Your Environment for App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Preparing Your Environment for App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+There are a number of different deployment configurations and prerequisites that you must consider before you create your deployment plan for Microsoft Application Virtualization (App-V). This section includes information that can help you gather the information that you must have to formulate a deployment plan that best meets your business requirements.
+
+## App-V prerequisites
+
+-   [App-V Prerequisites](appv-prerequisites.md)
+
+    Lists the prerequisite software that you must install before installing App-V.
+
+## App-V security considerations
+
+-   [App-V Security Considerations](appv-security-considerations.md)
+
+    Describes accounts, groups, log files, and other considerations for securing your App-V environment.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Other resources for App-V planning
+
+-   [Planning for App-V](appv-planning-for-appv.md)
diff --git a/windows/manage/appv-prerequisites.md b/windows/manage/appv-prerequisites.md
new file mode 100644
index 0000000000..75d460f023
--- /dev/null
+++ b/windows/manage/appv-prerequisites.md
@@ -0,0 +1,578 @@
+---
+title: App-V Prerequisites (Windows 10)
+description: App-V Prerequisites
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# App-V for Windows 10 Prerequisites
+
+**Applies to**
+-   Windows 10, version 1607
+
+Before installing App-V for Windows 10, ensure that you have installed all of the following required prerequisite software.
+
+For a list of supported operating systems and hardware requirements for the App-V server, sequencer, and client, see [App-V Supported Configurations](appv-supported-configurations.md).
+
+## Summary of software preinstalled on each operating system
+
+
+The following table indicates the software that is already installed for different operating systems.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Operating system</th>
+<th align="left">Prerequisite description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Windows 10</p></td>
+<td align="left"><p>All of the prerequisite software is already installed.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows 8.1</p></td>
+<td align="left"><p>All of the prerequisite software is already installed.</p>
+<div class="alert">
+<strong>Note</strong>  
+<p>If you are running Windows 8, upgrade to Windows 8.1 before using App-V.</p>
+</div>
+<div>
+ 
+</div></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server 2016</p></td>
+<td align="left"><p>The following prerequisite software is already installed:</p>
+<ul>
+<li><p>Microsoft .NET Framework 4.5</p></li>
+<li><p>Windows PowerShell 3.0</p>
+<div class="alert">
+<strong>Note</strong>  
+<p>Installing Windows PowerShell 3.0 requires a restart.</p>
+</div>
+<div>
+ 
+</div></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows 7</p></td>
+<td align="left"><p>The prerequisite software is not already installed. You must install it before you can install App-V.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## App-V Server prerequisite software
+
+
+Install the required prerequisite software for the App-V server components.
+
+### What to know before you start
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Account for installing the App-V Server</p></td>
+<td align="left"><p>The account that you use to install the App-V Server components must have:</p>
+<ul>
+<li><p>Administrative rights on the computer on which you are installing the components.</p></li>
+<li><p>The ability to query Active Directory Domain Services.</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Port and firewall</p></td>
+<td align="left"><ul>
+<li><p>Specify a port where each component will be hosted.</p></li>
+<li><p>Add the associated firewall rules to allow incoming requests to the specified ports.</p></li>
+</ul>
+<p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Web Distributed Authoring and Versioning (WebDAV)</p></td>
+<td align="left"><p>WebDAV is automatically disabled for the Management Service.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Supported deployment scenarios</p></td>
+<td align="left"><ul>
+<li><p>A stand-alone deployment, where all components are deployed on the same server.</p></li>
+<li><p>A distributed deployment.</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Unsupported deployment scenarios</p></td>
+<td align="left"><ul>
+<li><p>Installing side-by-side instances of multiple App-V Server versions on the same server.</p></li>
+<li><p>Installing the App-V server components on a computer that runs server core or domain controller.</p></li>
+</ul></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Management server prerequisite software
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Prerequisites and required settings</th>
+<th align="left">Details</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Supported version of SQL Server</p></td>
+<td align="left"><p>For supported versions, see [App-V Supported Configurations](appv-supported-configurations.md).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>[Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)</p></td>
+<td align="left"><p>Installing Windows PowerShell 3.0 requires a restart.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Download and install [KB2533623](http://support.microsoft.com/kb/2533623)</p></td>
+<td align="left"><p>Applies to Windows 7 only.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>64-bit ASP.NET registration</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server Web Server Role</p></td>
+<td align="left"><p>This role must be added to a server operating system that is supported for the Management server.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Web Server (IIS) Management Tools</p></td>
+<td align="left"><p>Click <strong>IIS Management Scripts and Tools</strong>.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Web Server Role Services</p></td>
+<td align="left"><p><strong>Common HTTP Features:</strong></p>
+<ul>
+<li><p>Static Content</p></li>
+<li><p>Default Document</p></li>
+</ul>
+<p><strong>Application Development:</strong></p>
+<ul>
+<li><p>ASP.NET</p></li>
+<li><p>.NET Extensibility</p></li>
+<li><p>ISAPI Extensions</p></li>
+<li><p>ISAPI Filters</p></li>
+</ul>
+<p><strong>Security:</strong></p>
+<ul>
+<li><p>Windows Authentication</p></li>
+<li><p>Request Filtering</p></li>
+</ul>
+<p><strong>Management Tools:</strong></p>
+<ul>
+<li><p>IIS Management Console</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Default installation location</p></td>
+<td align="left"><p>%PROGRAMFILES%\Microsoft Application Virtualization Server</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Location of the Management database</p></td>
+<td align="left"><p>SQL Server database name, SQL Server database instance name, and database name.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Management console and Management database permissions</p></td>
+<td align="left"><p>A user or group that can access the Management console and database after the deployment is complete. Only these users or groups will have access to the Management console and database unless additional administrators are added by using the Management console.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Management service website name</p></td>
+<td align="left"><p>Name for the Management console website.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Management service port binding</p></td>
+<td align="left"><p>Unique port number for the Management service. This port cannot be used by another process on the computer.</p></td>
+</tr>
+</tbody>
+</table>
+
+> [!IMPORTANT]  
+> JavaScript must be enabled on the browser that opens the Web Management Console.
+
+### Management server database prerequisite software
+
+The Management database is required only if you are using the App-V Management server.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Prerequisites and required settings</th>
+<th align="left">Details</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Default installation location</p></td>
+<td align="left"><p>%PROGRAMFILES%\Microsoft Application Virtualization Server</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Custom SQL Server instance name (if applicable)</p></td>
+<td align="left"><p>Format to use: <strong>INSTANCENAME</strong></p>
+<p>This format is based on the assumption that the installation is on the local computer.</p>
+<p>If you specify the name with the format <strong>SVR\INSTANCE</strong>, the installation will fail.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Custom database name (if applicable)</p></td>
+<td align="left"><p>Unique database name.</p>
+<p>Default: AppVManagement</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Management server location</p></td>
+<td align="left"><p>Machine account on which the Management server is deployed.</p>
+<p>Format to use: Domain\MachineAccount</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Management server installation administrator</p></td>
+<td align="left"><p>Account used to install the Management server.</p>
+<p>Format to use: Domain\AdministratorLoginName</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Microsoft SQL Server Service Agent</p></td>
+<td align="left"><p>Configure the Management database computer so that the Microsoft SQL Server Agent service is restarted automatically. For instructions, see [Configure SQL Server Agent to Restart Services Automatically](http://technet.microsoft.com/magazine/gg313742.aspx).</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Publishing server prerequisite software
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Prerequisites and required settings</th>
+<th align="left">Details</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>64-bit ASP.NET registration</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Web Server Role</p></td>
+<td align="left"><p>This role must be added to a server operating system that is supported for the Management server.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Web Server (IIS) Management Tools</p></td>
+<td align="left"><p>Click <strong>IIS Management Scripts and Tools</strong>.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Web Server Role Services</p></td>
+<td align="left"><p><strong>Common HTTP Features:</strong></p>
+<ul>
+<li><p>Static Content</p></li>
+<li><p>Default Document</p></li>
+</ul>
+<p><strong>Application Development:</strong></p>
+<ul>
+<li><p>ASP.NET</p></li>
+<li><p>.NET Extensibility</p></li>
+<li><p>ISAPI Extensions</p></li>
+<li><p>ISAPI Filters</p></li>
+</ul>
+<p><strong>Security:</strong></p>
+<ul>
+<li><p>Windows Authentication</p></li>
+<li><p>Request Filtering</p></li>
+</ul>
+<p><strong>Management Tools:</strong></p>
+<ul>
+<li><p>IIS Management Console</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Default installation location</p></td>
+<td align="left"><p>%PROGRAMFILES%\Microsoft Application Virtualization Server</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Management service URL</p></td>
+<td align="left"><p>URL of the App-V Management service. This is the port with which the Publishing server communicates.</p>
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Installation architecture</th>
+<th align="left">Format to use for the URL</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Management server and Publishing server are installed on the same server</p></td>
+<td align="left"><p>http://localhost:12345</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Management server and Publishing server are installed on different servers</p></td>
+<td align="left"><p>http://MyAppvServer.MyDomain.com</p></td>
+</tr>
+</tbody>
+</table>
+<p> </p>
+<p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Publishing service website name</p></td>
+<td align="left"><p>Name for the Publishing website.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Publishing service port binding</p></td>
+<td align="left"><p>Unique port number for the Publishing service. This port cannot be used by another process on the computer.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Reporting server prerequisite software
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Prerequisites and required settings</th>
+<th align="left">Details</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Supported version of SQL Server</p></td>
+<td align="left"><p>For supported versions, see [App-V Supported Configurations](appv-supported-configurations.md).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>64-bit ASP.NET registration</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server Web Server Role</p></td>
+<td align="left"><p>This role must be added to a server operating system that is supported for the Management server.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Web Server (IIS) Management Tools</p></td>
+<td align="left"><p>Click <strong>IIS Management Scripts and Tools</strong>.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Web Server Role Services</p></td>
+<td align="left"><p>To reduce the risk of unwanted or malicious data being sent to the Reporting server, you should restrict access to the Reporting Web Service per your corporate security policy.</p>
+<p><strong>Common HTTP Features:</strong></p>
+<ul>
+<li><p>Static Content</p></li>
+<li><p>Default Document</p></li>
+</ul>
+<p><strong>Application Development:</strong></p>
+<ul>
+<li><p>ASP.NET</p></li>
+<li><p>.NET Extensibility</p></li>
+<li><p>ISAPI Extensions</p></li>
+<li><p>ISAPI Filters</p></li>
+</ul>
+<p><strong>Security:</strong></p>
+<ul>
+<li><p>Windows Authentication</p></li>
+<li><p>Request Filtering</p></li>
+</ul>
+<p><strong>Management Tools:</strong></p>
+<ul>
+<li><p>IIS Management Console</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Default installation location</p></td>
+<td align="left"><p>%PROGRAMFILES%\Microsoft Application Virtualization Server</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Reporting service website name</p></td>
+<td align="left"><p>Name for the Reporting website.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Reporting service port binding</p></td>
+<td align="left"><p>Unique port number for the Reporting service. This port cannot be used by another process on the computer.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Reporting database prerequisite software
+
+The Reporting database is required only if you are using the App-V Reporting server.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Prerequisites and required settings</th>
+<th align="left">Details</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[Visual C++ Redistributable Packages for Visual Studio 2013](http://www.microsoft.com/download/details.aspx?id=40784)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Default installation location</p></td>
+<td align="left"><p>%PROGRAMFILES%\Microsoft Application Virtualization Server</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Custom SQL Server instance name (if applicable)</p></td>
+<td align="left"><p>Format to use: <strong>INSTANCENAME</strong></p>
+<p>This format is based on the assumption that the installation is on the local computer.</p>
+<p>If you specify the name with the format <strong>SVR\INSTANCE</strong>, the installation will fail.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Custom database name (if applicable)</p></td>
+<td align="left"><p>Unique database name.</p>
+<p>Default: AppVReporting</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Reporting server location</p></td>
+<td align="left"><p>Machine account on which the Reporting server is deployed.</p>
+<p>Format to use: Domain\MachineAccount</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Reporting server installation administrator</p></td>
+<td align="left"><p>Account used to install the Reporting server.</p>
+<p>Format to use: Domain\AdministratorLoginName</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Microsoft SQL Server Service and Microsoft SQL Server Service Agent</p></td>
+<td align="left"><p>Configure these services to be associated with user accounts that have access to query AD DS.</p></td>
+</tr>
+</tbody>
+</table>
+
+
+## Sequencer prerequisite software
+
+
+**What to know before installing the prerequisites:**
+
+-   Best practice: The computer that runs the Sequencer should have the same hardware and software configurations as the computers that will run the virtual applications.
+
+-   The sequencing process is resource intensive, so make sure that the computer that runs the Sequencer has plenty of memory, a fast processor, and a fast hard drive. The system requirements of locally installed applications cannot exceed those of the Sequencer. For more information, see [App-V Supported Configurations](appv-supported-configurations.md).
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Prerequisite</th>
+<th align="left">Details</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>[Microsoft .NET Framework 4.5.1 (Web Installer)](http://www.microsoft.com//download/details.aspx?id=40773)</p></td>
+<td align="left"><p></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>[Windows PowerShell 3.0](http://www.microsoft.com/download/details.aspx?id=34595)</p>
+<p></p></td>
+<td align="left"><p>Installing Windows PowerShell 3.0 requires a restart.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>[KB2533623](http://support.microsoft.com/kb/2533623)</p></td>
+<td align="left"><p>Applies to Windows 7 only: Download and install the KB.</p></td>
+</tr>
+</tbody>
+</table>
+
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Planning for App-V](appv-planning-for-appv.md)
+- [App-V Supported Configurations](appv-supported-configurations.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-publish-a-connection-group.md b/windows/manage/appv-publish-a-connection-group.md
new file mode 100644
index 0000000000..014cc15335
--- /dev/null
+++ b/windows/manage/appv-publish-a-connection-group.md
@@ -0,0 +1,33 @@
+---
+title: How to Publish a Connection Group (Windows 10)
+description: How to Publish a Connection Group
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Publish a Connection Group
+
+**Applies to**
+-   Windows 10, version 1607
+
+After you create a connection group, you must publish it to computers that run the App-V client.
+
+**To publish a connection group**
+
+1.  Open the App-V Management Console, and select **CONNECTION GROUPS**.
+
+2.  Right-click the connection group to be published, and select **publish**.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
+
+[Managing Connection Groups](appv-managing-connection-groups.md)
diff --git a/windows/manage/appv-publish-a-packages-with-the-management-console.md b/windows/manage/appv-publish-a-packages-with-the-management-console.md
new file mode 100644
index 0000000000..78055ff155
--- /dev/null
+++ b/windows/manage/appv-publish-a-packages-with-the-management-console.md
@@ -0,0 +1,50 @@
+---
+title: How to Publish a Package by Using the Management Console (Windows 10)
+description: How to Publish a Package by Using the Management Console
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Publish a Package by Using the Management Console
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following procedure to publish an App-V package. Once you publish a package, computers that are running the App-V client can access and run the applications in that package.
+
+**Note**  
+The ability to enable only administrators to publish or unpublish packages (described below) is supported starting in App-V 5.0 SP3.
+
+ 
+
+**To publish an App-V package**
+
+1.  In the App-V Management console. Click or right-click the name of the package to be published. Select **Publish**.
+
+2.  Review the **Status** column to verify that the package has been published and is now available. If the package is available, the status **published** is displayed.
+
+    If the package is not published successfully, the status **unpublished** is displayed, along with error text that explains why the package is not available.
+
+**To enable only administrators to publish or unpublish packages**
+
+1.  Navigate to the following Group Policy Object node:
+
+    **Computer Configuration &gt; Administrative Templates &gt; System &gt; App-V &gt; Publishing**.
+
+2.  Enable the **Require publish as administrator** Group Policy setting.
+
+    To instead use Windows PowerShell to set this item, see [How to Manage App-V Packages Running on a Stand-Alone Computer by Using Windows PowerShell](appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md#bkmk-admins-pub-pkgs).
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
+
+[How to Configure Access to Packages by Using the Management Console](appv-configure-access-to-packages-with-the-management-console.md)
diff --git a/windows/manage/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/manage/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
new file mode 100644
index 0000000000..842ccdc2da
--- /dev/null
+++ b/windows/manage/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
@@ -0,0 +1,45 @@
+---
+title: How to Register and Unregister a Publishing Server by Using the Management Console (Windows 10)
+description: How to Register and Unregister a Publishing Server by Using the Management Console
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Register and Unregister a Publishing Server by Using the Management Console
+
+**Applies to**
+-   Windows 10, version 1607
+
+You can register and unregister publishing servers that will synchronize with the App-V management server. You can also see the last attempt that the publishing server made to synchronize the information with the management server.
+
+Use the following procedure to register or unregister a publishing server.
+
+**To register a publishing server using the Management Console**
+
+1.  Connect to the Management Console and select **Servers**. For more information about how to connect to the Management Console, see [How to Connect to the Management Console](appv-connect-to-the-management-console.md).
+
+2.  A list of publishing servers that already synchronize with the management server is displayed. Click Register New Server to register a new server.
+
+3.  Type a computer name of a domain joined computer on the **Server Name** line, to specify a name for the server. You should also include a domain name, for example, **MyDomain\\TestServer**. Click **Check**.
+
+4.  Select the computer and click **Add** to add the computer to the list of servers. The new server will be displayed in the list.
+
+**To unregister a publishing server using the Management Console**
+
+1.  Connect to the Management Console and select **Servers**. For more information about how to connect to the Management Console, see [How to Connect to the Management Console](appv-connect-to-the-management-console.md).
+
+2.  A list of publishing servers that synchronize with the management server is displayed.
+
+3.  To unregister the server, right-click the computer name and select the computer name and select **unregister server**.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-release-notes-for-appv-for-windows.md b/windows/manage/appv-release-notes-for-appv-for-windows.md
new file mode 100644
index 0000000000..a80d391a45
--- /dev/null
+++ b/windows/manage/appv-release-notes-for-appv-for-windows.md
@@ -0,0 +1,169 @@
+---
+title: Release Notes for App-V (Windows 10)
+description: Release Notes for App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Release Notes for App-V for Windows 10, version 1607
+
+**Applies to**
+-   Windows 10, version 1607
+
+The following are known issues in Application Virtualization (App-V) for Windows 10, version 1607.
+ 
+## Windows Installer packages (.msi files) generated by the App-V sequencer (version 5.1 and earlier) fail to install on computers with the in-box App-V client
+
+MSI packages that were generated using an App-V sequencer from previous versions of App-V (App-V versions 5.1 and earlier) include a check to validate that the App-V client is installed on client devices before allowing the MSI package to install. Now that the App-V client is installed automatically when you upgrade user devices to Windows 10, version 1607, the pre-requisite check fails and causes the MSI to fail.
+
+**Workaround**:
+
+1. Install the latest App-V sequencer, which you can get from the Windows Assessment and Deployment Kit (ADK) for Windows 10, version 1607. See [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). For more information, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
+
+2. Ensure that you have installed the **MSI Tools** included in the Windows 10 SDK, available as follows:
+
+    - For the **Visual Studio Community 2015 with Update 3** client, which includes the latest Windows 10 SDK and developer tools, see [Downloads and tools for Windows 10](https://developer.microsoft.com/en-us/windows/downloads).
+    
+    - For the standalone Windows 10 SDK without other tools, see [Standalone Windows 10 SDK](https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk).
+
+3. From an elevated Windows PowerShell prompt, navigate to the following folder:
+ 
+    &lt;Windows Kits 10 installation folder&gt;**\Microsoft Application Virtualization\Sequencer\** 
+
+    By default, this path will be:<br>**C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer** 
+
+4. Run the following command:
+
+    `Update-AppvPackageMsi -MsiPackage "<path to App-V Package .msi file>" -MsSdkPath "<path to Windows SDK installation>"` 
+
+    By default, the path to the Windows SDK installation will be:<br>**C:\Program Files (x86)\Windows Kits\10**
+
+## Error occurs during publishing refresh between App-V 5.0 SP3 Management Server and App-V Client on Windows 10
+
+An error is generated during publishing refresh when synchronizing packages from the App-V 5.0 SP3 management server to an App-V client on Windows 10. This error occurs because the App-V 5.0 SP3 server does not understand the Windows 10 operating system that is specified in the publishing URL. The issue is fixed for App-V publishing server, but is not backported to versions of App-V 5.0 SP3 or earlier.
+
+**Workaround**: Upgrade the App-V 5.0 Management server to the App-V Management server for Windows 10 Clients.
+
+## Custom configurations do not get applied for packages that will be published globally if they are set using the App-V Server
+
+If you assign a package to an AD group that contains machine accounts and apply a custom configuration to that group using the App-V Server, the custom configuration will not be applied to those machines. The App-V Client will publish packages assigned to a machine account globally. However, it stores custom configuration files per user in each user’s profile. Globally published packages will not have access to this custom configuration.
+
+**Workaround**: Do one of the following:
+
+-   Assign the package to groups containing only user accounts. This will ensure that the package’s custom configuration will be stored in each user’s profile and will be applied correctly.
+
+-   Create a custom deployment configuration file and apply it to the package on the client using the Add-AppvClientPackage cmdlet with the –DynamicDeploymentConfiguration parameter. See [About App-V Dynamic Configuration](appv-dynamic-configuration.md) for more information.
+
+-   Create a new package with the custom configuration using the App-V Sequencer.
+
+## Server files not deleted after new App-V Server installation
+
+If you uninstall the App-V 5.0 SP1 Server and then install the App-V Server, the installation fails, the wrong version of the Management server is installed, and an error message is returned. The issue occurs because the Server files are not being deleted when you uninstall App-V 5.0 SP1, so the installation process does an upgrade instead of a new installation.
+
+**Workaround**: Delete this registry key before you start installing App-V:
+
+Under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall, locate and delete the installation GUID key that contains the DWORD value "DisplayName" with value data "Microsoft Application Virtualization (App-V) Server". This is the only key that should be deleted.
+
+## File type associations added manually are not saved correctly
+
+File type associations added to an application package manually using the Shortcuts and FTAs tab at the end of the application upgrade wizard are not saved correctly. They will not be available to the App-V Client or to the Sequencer when updating the saved package again.
+
+**Workaround**: To add a file type association, open the package for modification and run the update wizard. During the Installation step, add the new file type association through the operating system. The sequencer will detect the new association in the system registry and add it to the package’s virtual registry, where it will be available to the client.
+
+## When streaming packages in Shared Content Store (SCS) mode to a client that is also managed with AppLocker, additional data is written to the local disk.
+
+To decrease the amount of data written to a client’s local disk, you can enable SCS mode on the App-V Client to stream the contents of a package on demand. However, if AppLocker manages an application within the package, some data might be written to the client’s local disk that would not otherwise be written.
+
+**Workaround**: None
+
+## In the Management Console Add Package dialog box, the Browse button is not available when using Chrome or Firefox
+
+On the Packages page of the Management Console, if you click **Add or Upgrade** in the lower-right corner, the **Add Package** dialog box appears. If you are accessing the Management Console using Chrome or Firefox as your browser, you will not be able to browse to the location of the package.
+
+**Workaround**: Type or copy and paste the path to the package into the **Add Package** input field. If the Management Console has access to this path, you will be able to add the package. If the package is on a network share, you can browse to the location using File Explorer by doing these steps:
+
+1.  While pressing **Shift**, right-click on the package file
+
+2.  Select **Copy as path**
+
+3.  Paste the path into the **Add Package** dialog box input field
+
+## <a href="" id="upgrading-app-v-management-server-to-5-1-sometimes-fails-with-the-message--a-database-error-occurred-"></a>Upgrading App-V Management Server to 5.1 sometimes fails with the message “A database error occurred”
+
+If you install the App-V 5.0 SP1 Management Server, and then try to upgrade to App-V Server when multiple connection groups are configured and enabled, the following error is displayed: “A database error occurred. Reason: 'Invalid column name 'PackageOptional'. Invalid column name 'VersionOptional'.”
+
+**Workaround**: Run this command on your SQL database:
+
+`ALTER TABLE AppVManagement.dbo.PackageGroupMembers ADD PackageOptional bit NOT NULL DEFAULT 0, VersionOptional bit NOT NULL DEFAULT 0`
+
+where “AppVManagement” is the name of the database.
+
+## Users cannot open a package in a user-published connection group if you add or remove an optional package
+
+In environments that are running the RDS Client or that have multiple concurrent users per computer, logged-in users cannot open applications in packages that are in a user-published connection group if an optional package is added to or removed from the connection group.
+
+**Workaround**: Have users log out and then log back in.
+
+## Error message is erroneously displayed when the connection group is published only to the user
+
+
+When you run Repair-AppvClientConnectionGroup, the following error is displayed, even when the connection group is published only to the user: “Internal App-V Integration error: Package not integrated for the user. Please ensure that the package is added to the machine and published to the user.”
+
+**Workaround**: Do one of the following:
+
+-   Publish all packages in a connection group.
+
+    The problem arises when the connection group being repaired has packages that are missing or not available to the user (that is, not published globally or to the user). However, the repair will work if all of the connection group’s packages are available, so ensure that all packages are published.
+
+-   Repair packages individually using the Repair-AppvClientPackage command rather than the Repair-AppvClientConnectionGroup command.
+
+    Determine which packages are available to users and then run the **Repair-AppvClientPackage** command once for each package. Use Windows PowerShell cmdlets to do the following:
+
+    1.  Get all the packages in a connection group.
+
+    2.  Check to see if each package is currently published.
+
+    3.  If the package is currently published, run **Repair-AppvClientPackage** on that package.
+
+## Icons not displayed properly in Sequencer
+
+Icons in the Shortcuts and File Type Associations tab are not displayed correctly when modifying a package in the App-V Sequencer. This problem occurs when the size of the icons are not 16x16 or 32x32.
+
+**Workaround**: Only use icons that are 16x16 or 32x32.
+
+## InsertVersionInfo.sql script no longer required for the Management Database
+
+
+The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3.
+
+The Permissions.sql script should be updated according to **Step 2** in [KB article 3031340](https://support.microsoft.com/kb/3031340).
+
+**Important**  
+**Step 1** is not required for versions of App-V later than App-V 5.0 SP3.
+
+
+## Microsoft Visual Studio 2012 not supported
+
+
+App-V does not support Visual Studio 2012.
+
+**Workaround**: None
+
+## Application filename restrictions for App-V Sequencer
+
+
+The App-V Sequencer cannot sequence applications with filenames matching "CO_&lt;x&gt;" where x is any numeral. Error 0x8007139F will be generated.
+
+**Workaround**: Use a different filename
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[What's new in App-V for Windows 10](appv-about-appv.md)
diff --git a/windows/manage/appv-reporting.md b/windows/manage/appv-reporting.md
new file mode 100644
index 0000000000..69722473af
--- /dev/null
+++ b/windows/manage/appv-reporting.md
@@ -0,0 +1,292 @@
+---
+title: About App-V Reporting (Windows 10)
+description: About App-V Reporting
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# About App-V Reporting
+
+**Applies to**
+-   Windows 10, version 1607
+
+Application Virtualization (App-V) includes a built-in reporting feature that helps you collect information about computers running the App-V client as well as information about virtual application package usage. You can use this information to generate reports from a centralized database.
+
+## <a href="" id="---------app-v-reporting-overview"></a> App-V Reporting Overview
+
+
+The following list displays the end–to-end high-level workflow for reporting in App-V.
+
+1.  The App-V Reporting server has the following prerequisites:
+
+    -   Internet Information Service (IIS) web server role
+
+    -   Windows Authentication role (under **IIS / Security**)
+
+    -   SQL Server installed and running with SQL Server Reporting Services (SSRS)
+
+    To confirm SQL Server Reporting Services is running, view `http://localhost/Reports` in a web browser as administrator on the server that will host App-V Reporting. The SQL Server Reporting Services Home page should display.
+
+2.  Install the App-V reporting server and associated database. For more information about installing the reporting server see [How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md). Configure the time when the computer running the App-V client should send data to the reporting server.
+
+3.  If you are not using an electronic software distribution system such as Configuration Manager to view reports then you can define reports in SQL Server Reporting Service. Download predefined appvshort Reports from the Download Center at [Application Virtualization SSRS Reports ](https://www.microsoft.com/en-us/download/details.aspx?id=42630).
+
+    >**Note**  
+    If you are using the Configuration Manager integration with App-V, most reports are generated from Configuration Manager rather than from App-V.
+
+     
+
+4.  After importing the App-V Windows PowerShell module using `Import-Module AppvClient` as administrator, enable App-V client reporting. This sample Windows PowerShell command enables App-V reporting:
+
+    ``` syntax
+    Set-AppvClientConfiguration -ReportingServerURL <url>:<port> -ReportingEnabled 1 -ReportingStartTime <0-23> -ReportingRandomDelay <#min>
+    ```
+
+    To immediately send App-V report data, run `Send-AppvClientReport` on the App-V client.
+
+    For more information about configuring reporting on the App-V client, see [About Client Configuration Settings](appv-client-configuration-settings.md). To administer App-V Reporting with Windows PowerShell, see [How to Enable Reporting on the App-V Client by Using PowerShell](appv-enable-reporting-on-the-appv-client-with-powershell.md).
+
+5.  After the reporting server receives the data from the App-V client it sends the data to the reporting database. When the database receives and processes the client data, a successful reply is sent to the reporting server and then a notification is sent to the App-V client.
+
+6.  When the App-V client receives the success notification, it empties the data cache to conserve space.
+
+    >**Note**  
+    By default, the cache is cleared after the server confirms receipt of data. You can manually configure the client to save the data cache.
+    
+    If the App-V client device does not receive a success notification from the server, it retains data in the cache and tries to resend data at the next configured interval. Clients continue to collect data and add it to the cache.
+
+### <a href="" id="-------------app-v-reporting-server-frequently-asked-questions"></a> App-V reporting server frequently asked questions
+
+The following list displays answers to common questions about App-V reporting.
+
+- **What is the frequency that reporting information is sent to the reporting database?**
+
+    The frequency depends on how the reporting task is configured on the computer running the App-V client. You must configure the frequency / interval for sending the reporting data. App-V Reporting is not enabled by default.
+
+- **What information is stored in the reporting server database?**
+
+    The following list displays what is stored in the reporting database:
+    - The operating system running on the computer running the App-V client: host name, version, service pack, type - client/server, processor architecture.
+    - App-V Client information: version.
+    - Published package list: GUID, version GUID, name.
+    - Application usage information: name, version, streaming server, user (domain\alias), package version GUID, launch status and time, shutdown time.
+
+- **What is the average volume of information that is sent to the reporting server?**
+
+    It depends. The following list displays the three sets of the data sent to the reporting server:
+    - Operating system, and App-V client information. ~150 Bytes, every time this data is sent.
+    - Published package list. ~7 KB for 30 packages. This is sent only when the package list is updated with a publishing refresh, which is done infrequently; if there is no change, this information is not sent.
+    - Virtual application usage information – about 0.25KB per event. Opening and closing count as one event if both occur before sending the information. When sending using a scheduled task, only the data since the last successful upload is sent to the server. If sending manually through the Windows PowerShell cmdlet, there is an optional argument that controls if the data needs to be re-sent next time around – that argument is **DeleteOnSuccess**.
+    
+    So for example, if twenty applications are opened and closed and reporting information is scheduled to be sent daily, the typical daily traffic should be about 0.15KB + 20 x 0.25KB, or about 5KB/user.
+
+- **Can reporting be scheduled?**
+
+    Yes. Besides manually sending reporting using Windows PowerShell cmdlets (**Send-AppvClientReport**), the task can be scheduled so it will happen automatically. There are two ways to schedule the reporting:
+    - Using a Windows PowerShell cmdlet: **Set-AppvClientConfiguration**. For example:
+    `Set-AppvClientConfiguration -ReportingEnabled 1 -ReportingServerURL http://any.com/appv-reporting`
+    
+    For a complete list of client configuration settings see [About Client Configuration Settings](appv-client-configuration-settings.md) and look for the following entries: **ReportingEnabled**, **ReportingServerURL**, **ReportingDataCacheLimit**, **ReportingDataBlockSize**, **ReportingStartTime**, **ReportingRandomDelay**, **ReportingInterval**.
+    
+    - By using Group Policy. If distributed using the domain controller, the settings are the same as previously listed.
+    
+    **Note**  
+    Group Policy settings override local settings configured using Windows PowerShell.
+
+
+## <a href="" id="---------app-v-client-reporting"></a> App-V Client Reporting
+
+
+To use App-V reporting you must enable and configure the App-V client. To configure reporting on the client, use the Windows PowerShell cmdlet **Set-AppVClientConfiguration**, or the Group Policy **ADMX Template**. For more information about the Windows PowerShell cmdlets, see [About Client Configuration Settings](appv-client-configuration-settings.md). The following section provides examples of Windows PowerShell commands for configuring App-V client reporting.
+
+### Configuring App-V Client reporting using Windows PowerShell
+
+The following examples show how Windows PowerShell parameters can configure the reporting features of the App-V client.
+
+**Note**  
+The following configuration task can also be configured using Group Policy settings in the App-V ADMX template. The App-V settings are under **Computer Configuration &gt; Administrative Templates &gt; System &gt; App-V**.
+
+**To enable reporting and to initiate data collection on the computer running the App-V client**:
+
+`Set-AppVClientConfiguration –ReportingEnabled 1`
+
+**To configure the client to automatically send data to a specific reporting server**:
+
+``` syntax
+Set-AppVClientConfiguration -ReportingServerURL http://MyReportingServer:MyPort/ -ReportingStartTime 20 -ReportingInterval 1 -ReportingRandomDelay 30
+```
+
+The preceding example configures the client to automatically send the reporting data to the reporting server URL **http://MyReportingServer:MyPort/**. Additionally, the reporting data will be sent daily between 8:00 and 8:30 PM, depending on the random delay generated for the session.
+
+**To limit the size of the data cache on the client**:
+
+`Set-AppvClientConfiguration –ReportingDataCacheLimit 100`
+
+Configures the maximum size of the reporting cache on the computer running the App-V client to 100 MB. If the cache limit is reached before the data is sent to the server, then the log rolls over and data will be overwritten as necessary.
+
+**To configure the data block size transmitted across the network between the client and the server**:
+
+`Set-AppvClientConfiguration –ReportingDataBlockSize 10240`
+
+Specifies the maximum data block that the client sends to 10240 MB.
+
+### Types of data collected
+
+The following table displays the types of information you can collect by using App-V reporting.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Client Information</th>
+<th align="left">Package Information</th>
+<th align="left">Application Usage</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Host Name</p></td>
+<td align="left"><p>Package Name</p></td>
+<td align="left"><p>Start and End Times</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>App-V Client Version</p></td>
+<td align="left"><p>Package Version</p></td>
+<td align="left"><p>Run Status</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Processor Architecture</p></td>
+<td align="left"><p>Package Source</p></td>
+<td align="left"><p>Shutdown State</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Operating System Version</p></td>
+<td align="left"><p>Percent Cached</p></td>
+<td align="left"><p>Application Name</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Service Pack Level</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>Application Version</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Operating System Type</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>Username</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p></p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>Connection Group</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+The client collects and saves this data in an **.xml** format. The data cache is hidden by default and requires administrator rights to open the XML file.
+
+### Sending data to the server
+
+You can configure the computer that is running the App-V client to automatically send data to the specified reporting server. To specify the server use the **Set-AppvClientConfiguration** cmdlet with the following settings:
+
+-   ReportingEnabled
+
+-   ReportingServerURL
+
+-   ReportingStartTime
+
+-   ReportingInterval
+
+-   ReportingRandomDelay
+
+After you configure the previous settings, you must create a scheduled task. The scheduled task will contact the server specified by the **ReportingServerURL** setting and will initiate the transfer. If you want to manually send data outside of the scheduled times, use the following Windows PowerShell cmdlet:
+
+`Send-AppVClientReport –URL http://MyReportingServer:MyPort/ -DeleteOnSuccess`
+
+If the reporting server has been previously configured, then the **–URL** parameter can be omitted. Alternatively, if the data should be sent to an alternate location, specify a different URL to override the configured **ReportingServerURL** for this data collection.
+
+The **-DeleteOnSuccess** parameter indicates that if the transfer is successful, then the data cache is cleared. If this is not specified, then the cache will not be cleared.
+
+### Manual Data Collection
+
+You can also use the **Send-AppVClientReport** cmdlet to manually collect data. This solution is helpful with or without an existing reporting server. The following list displays information about collecting data with or without a reporting server.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">With a Reporting Server</th>
+<th align="left">Without a Reporting Server</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>If you have an existing App-V reporting Server, create a customized scheduled task or script. Specify that the client send the data to the specified location with the desired frequency.</p></td>
+<td align="left"><p>If you do not have an existing App-V reporting Server, use the <strong>–URL</strong> parameter to send the data to a specified share. For example:</p>
+<p><code>Send-AppVClientReport –URL \\Myshare\MyData\ -DeleteOnSuccess</code></p>
+<p>The previous example will send the reporting data to <strong>\\MyShare\MyData\</strong> location indicated by the <strong>-URL</strong> parameter. After the data has been sent, the cache is cleared.</p>
+<div class="alert">
+<strong>Note</strong>  
+<p>If a location other than the Reporting Server is specified, the data is sent using <strong>.xml</strong> format with no additional processing.</p>
+</div>
+<div>
+ 
+</div></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Creating Reports
+
+To retrieve report information and create reports using App-V you must use one of the following methods:
+
+-   **Microsoft SQL Server Reporting Services (SSRS)** - Microsoft SQL Server Reporting Services is available with Microsoft SQL Server. SSRS is not installed when you install the App-V reporting server. It must be deployed separately to generate the associated reports.
+
+    Use the following link for more information about using [Microsoft SQL Server Reporting Services](https://technet.microsoft.com/en-us/library/ms159106(v=sql.130).aspx).
+
+-   **Scripting** – You can generate reports by scripting directly against the App-V reporting database. For example:
+
+    **Stored Procedure:**
+
+    **spProcessClientReport** is scheduled to run at midnight or 12:00 AM.
+
+    To run the Microsoft SQL Server Scheduled Stored procedure, the Microsoft SQL Server Agent must be running. You should ensure that the Microsoft SQL Server Agent is set to **AutoStart**. For more information see [Autostart SQL Server Agent (SQL Server Management Studio)](https://technet.microsoft.com/library/ms178130).
+
+    The stored procedure is also created when using the App-V database scripts.
+
+You should also ensure that the reporting server web service’s **Maximum Concurrent Connections** is set to a value that the server will be able to manage without impacting availability. The recommended number of **Maximum Concurrent Connections** for the **Reporting Web Service** is **10,000**.
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[Deploying the App-V server](appv-deploying-the-appv-server.md)
+
+[How to install the Reporting Server on a Standalone Computer and Connect it to the Database](appv-install-the-reporting-server-on-a-standalone-computer.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md
new file mode 100644
index 0000000000..44c8051ac6
--- /dev/null
+++ b/windows/manage/appv-running-locally-installed-applications-inside-a-virtual-environment.md
@@ -0,0 +1,167 @@
+---
+title: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications (Windows 10)
+description: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
+
+**Applies to**
+-   Windows 10, version 1607
+
+You can run a locally installed application in a virtual environment, alongside applications that have been virtualized by using Microsoft Application Virtualization (App-V). You might want to do this if you:
+
+-   Want to install and run an application locally on client computers, but want to virtualize and run specific plug-ins that work with that local application.
+
+-   Are troubleshooting an App-V client package and want to open a local application within the App-V virtual environment.
+
+Use any of the following methods to open a local application inside the App-V virtual environment:
+
+-   [RunVirtual registry key](#bkmk-runvirtual-regkey)
+
+-   [Get-AppvClientPackage Windows PowerShell cmdlet](#bkmk-get-appvclientpackage-posh)
+
+-   [Command line switch /appvpid:&lt;PID&gt;](#bkmk-cl-switch-appvpid)
+
+-   [Command line hook switch /appvve:&lt;GUID&gt;](#bkmk-cl-hook-switch-appvve)
+
+Each method accomplishes essentially the same task, but some methods may be better suited for some applications than others, depending on whether the virtualized application is already running.
+
+## <a href="" id="bkmk-runvirtual-regkey"></a>RunVirtual registry key
+
+
+To add a locally installed application to a package or to a connection group’s virtual environment, you add a subkey to the `RunVirtual` registry key in the Registry Editor, as described in the following sections.
+
+There is no Group Policy setting available to manage this registry key, so you have to use System Center Configuration Manager or another electronic software distribution (ESD) system, or manually edit the registry.
+
+Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages globally or to the user.
+
+### Steps to create the subkey
+
+1.  Using the information in the following table, create a new registry key using the name of the executable file, for example, **MyApp.exe**.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">Package publishing method</th>
+    <th align="left">Where to create the registry key</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>Published globally</p></td>
+    <td align="left"><p>HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual</p>
+    <p><strong>Example</strong>: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Published to the user</p></td>
+    <td align="left"><p>HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual</p>
+    <p><strong>Example</strong>: HKEY_CURRENT_USER \SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>Connection group can contain:</p>
+    <ul>
+    <li><p>Packages that are published just globally or just to the user</p></li>
+    <li><p>Packages that are published globally and to the user</p></li>
+    </ul></td>
+    <td align="left"><p>Either HKEY_LOCAL_MACHINE or HKEY_CURRENT_USER key, but all of the following must be true:</p>
+    <ul>
+    <li><p>If you want to include multiple packages in the virtual environment, you must include them in an enabled connection group.</p></li>
+    <li><p>Create only one subkey for one of the packages in the connection group. If, for example, you have one package that is published globally, and another package that is published to the user, you create a subkey for either of these packages, but not both. Although you create a subkey for only one of the packages, all of the packages in the connection group, plus the local application, will be available in the virtual environment.</p></li>
+    <li><p>The key under which you create the subkey must match the publishing method you used for the package.</p>
+    <p>For example, if you published the package to the user, you must create the subkey under <code>HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual</code>.</p></li>
+    </ul></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+2.  Set the new registry subkey’s value to the PackageId and VersionId of the package, separating the values with an underscore.
+
+    **Syntax**: &lt;PackageId&gt;\_&lt;VersionId&gt;
+
+    **Example**: 4c909996-afc9-4352-b606-0b74542a09c1\_be463724-Oct1-48f1-8604-c4bd7ca92fa
+
+    The application in the previous example would produce a registry export file (.reg file) like the following:
+
+    ``` syntax
+    Windows Registry Editor Version 5.00 
+    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual] 
+    @="" 
+    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\AppV\Client\RunVirtual\MyApp.exe] 
+    @="aaaaaaaa-bbbb-cccc-dddd-eeeeeeee_11111111-2222-3333-4444-555555555
+    ```
+
+## <a href="" id="bkmk-get-appvclientpackage-posh"></a>Get-AppvClientPackage Windows PowerShell cmdlet
+
+
+You can use the **Start-AppVVirtualProcess** cmdlet to retrieve the package name and then start a process within the specified package's virtual environment. This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running.
+
+Use the following example syntax, and substitute the name of your package for **&lt;Package&gt;**:
+
+`$AppVName = Get-AppvClientPackage <Package>`
+
+`Start-AppvVirtualProcess -AppvClientObject $AppVName cmd.exe`
+
+If you don’t know the exact name of your package, you can use the command line <strong>Get-AppvClientPackage \*executable\*</strong>, where **executable** is the name of the application, for example:<br>Get-AppvClientPackage \*Word\*
+
+## <a href="" id="bkmk-cl-switch-appvpid"></a>Command line switch /appvpid:&lt;PID&gt;
+
+
+You can apply the **/appvpid:&lt;PID&gt;** switch to any command, which enables that command to run within a virtual process that you select by specifying its process ID (PID). Using this method launches the new executable in the same App-V environment as an executable that is already running.
+
+Example: `cmd.exe /appvpid:8108`
+
+To find the process ID (PID) of your App-V process, run the command **tasklist.exe** from an elevated command prompt.
+
+## <a href="" id="bkmk-cl-hook-switch-appvve"></a>Command line hook switch /appvve:&lt;GUID&gt;
+
+
+This switch lets you run a local command within the virtual environment of an App-V package. Unlike the **/appvid** switch, where the virtual environment must already be running, this switch enables you to start the virtual environment.
+
+Syntax: `cmd.exe /appvve:<PACKAGEGUID_VERSIONGUID>`
+
+Example: `cmd.exe /appvve:aaaaaaaa-bbbb-cccc-dddd-eeeeeeee_11111111-2222-3333-4444-55555555`
+
+To get the package GUID and version GUID of your application, run the **Get-AppvClientPackage** cmdlet. Concatenate the **/appvve** switch with the following:
+
+-   A colon
+
+-   Package GUID of the desired package
+
+-   An underscore
+
+-   Version ID of the desired package
+
+If you don’t know the exact name of your package, use the command line <strong>Get-AppvClientPackage \*executable\*</strong>, where **executable** is the name of the application, for example:<br>Get-AppvClientPackage \*Word\*
+
+This method lets you launch any command within the context of an App-V package, regardless of whether the package is currently running.
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[Technical Reference for App-V](appv-technical-reference.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-security-considerations.md b/windows/manage/appv-security-considerations.md
new file mode 100644
index 0000000000..aca3a8d168
--- /dev/null
+++ b/windows/manage/appv-security-considerations.md
@@ -0,0 +1,147 @@
+---
+title: App-V Security Considerations (Windows 10)
+description: App-V Security Considerations
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# App-V Security Considerations
+
+**Applies to**
+-   Windows 10, version 1607
+
+This topic contains a brief overview of the accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
+
+**Important**  
+App-V is not a security product and does not provide any guarantees for a secure environment.
+
+ 
+
+## PackageStoreAccessControl (PSAC) feature has been deprecated
+
+
+Effective as of June, 2014, the PackageStoreAccessControl (PSAC) feature that was introduced in Microsoft Application Virtualization (App-V) 5.0 Service Pack 2 (SP2) has been deprecated in both single-user and multi-user environments.
+
+## General security considerations
+
+
+**Understand the security risks.** The most serious risk to App-V is that its functionality could be hijacked by an unauthorized user who could then reconfigure key data on App-V clients. The loss of App-V functionality for a short period of time due to a denial-of-service attack would not generally have a catastrophic impact.
+
+**Physically secure your computers**. Security is incomplete without physical security. Anyone with physical access to an App-V server could potentially attack the entire client base. Any potential physical attacks must be considered high risk and mitigated appropriately. App-V servers should be stored in a physically secure server room with controlled access. Secure these computers when administrators are not physically present by having the operating system lock the computer, or by using a secured screen saver.
+
+**Apply the most recent security updates to all computers**. To stay informed about the latest updates for operating systems, Microsoft SQL Server, and App-V, see the [Microsoft Security TechCenter](https://technet.microsoft.com/en-us/security/bb291012).
+
+**Use strong passwords or pass phrases**. Always use strong passwords with 15 or more characters for all App-V and App-V administrator accounts. Never use blank passwords. For more information about password concepts, see [Password Policy](https://technet.microsoft.com/library/hh994572.aspx).
+
+## Accounts and groups in App-V
+
+
+A best practice for user account management is to create domain global groups and add user accounts to them. Then, add the domain global accounts to the necessary App-V local groups on the App-V servers.
+
+**Note**  
+App-V client computer accounts that need to connect to the publishing server must be part of the publishing server’s **Users** local group. By default, all computers in the domain are part of the **Authorized Users** group, which is part of the **Users** local group.
+
+ 
+
+### <a href="" id="-------------app-v-5-1-server-security"></a> App-V server security
+
+No groups are created automatically during App-V Setup. You should create the following Active Directory Domain Services global groups to manage App-V server operations.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Group name</th>
+<th align="left">Details</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>App-V Management Admin group</p></td>
+<td align="left"><p>Used to manage the App-V management server. This group is created during the App-V Management Server installation.</p>
+<div class="alert">
+<strong>Important</strong>  
+<p>There is no method to create the group using the management console after you have completed the installation.</p>
+</div>
+<div>
+ 
+</div></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Database read/write for Management Service account</p></td>
+<td align="left"><p>Provides read/write access to the management database. This account should be created during the App-V management database installation.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>App-V Management Service install admin account</p>
+<div class="alert">
+<strong>Note</strong>  
+<p>This is only required if management database is being installed separately from the service.</p>
+</div>
+<div>
+ 
+</div></td>
+<td align="left"><p>Provides public access to schema-version table in management database. This account should be created during the App-V management database installation.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>App-V Reporting Service install admin account</p>
+<div class="alert">
+<strong>Note</strong>  
+<p>This is only required if reporting database is being installed separately from the service.</p>
+</div>
+<div>
+ 
+</div></td>
+<td align="left"><p>Public access to schema-version table in reporting database. This account should be created during the App-V reporting database installation.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+Consider the following additional information:
+
+-   Access to the package shares - If a share exists on the same computer as the management Server, the **Network** service requires read access to the share. In addition, each App-V client computer must have read access to the package share.
+
+    **Note**  
+    In previous versions of App-V, package share was referred to as content share.
+
+     
+
+-   Registering publishing servers with Management Server - A publishing server must be registered with the Management server. For example, it must be added to the database, so that the Publishing server machine accounts are able to call into the Management service API.
+
+### <a href="" id="-------------app-v-5-1-package-security"></a> App-V package security
+
+The following will help you plan how to ensure that virtualized packages are secure.
+
+-   If an application installer applies an access control list (ACL) to a file or directory, then that ACL is not persisted in the package. When the package is deployed, if the file or directory is modified by a user it will either inherit the ACL in the **%userprofile%** or inherit the ACL of the target computer’s directory. The former case occurs if the file or directory does not exist in a virtual file system location; the latter case occurs if the file or directory exists in a virtual file system location, for example **%windir%**.
+
+## <a href="" id="---------app-v-5-1-log-files"></a> App-V log files
+
+
+During App-V Setup, setup log files are created in the **%temp%** folder of the installing user.
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+
+[Preparing Your Environment for App-V](appv-preparing-your-environment.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/appv-sequence-a-new-application.md b/windows/manage/appv-sequence-a-new-application.md
new file mode 100644
index 0000000000..24b1fb9ba1
--- /dev/null
+++ b/windows/manage/appv-sequence-a-new-application.md
@@ -0,0 +1,233 @@
+---
+title: How to Sequence a New Application with App-V (Windows 10)
+description: How to Sequence a New Application with App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Sequence a New Application with App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+In Windows 10, version 1607, the App-V Sequencer is included with the Windows ADK. For more info on how to install the App-V Sequencer, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
+
+**To review or do before you start sequencing**
+
+1.  Determine the type of virtualized application package you want to create:
+
+    | Application type | Description |
+    | - | - |
+    | Standard | Creates a package that contains an application or a suite of applications. This is the preferred option for most application types. |
+    | Add-on or plug-in | Creates a package that extends the functionality of a standard application, for example, a plug-in for Microsoft Excel. Additionally, you can use plug-ins for natively installed applications, or for another package that is linked by using connection groups. |
+    | Middleware | Creates a package that is required by a standard application, for example, Java. Middleware packages are used for linking to other packages by using connection groups. |
+
+2.  Copy all required installation files to the computer that is running the sequencer.
+
+3.  Make a backup image of your virtual environment before sequencing an application, and then revert to that image each time after you finish sequencing an application.
+
+4.  Review the following items:
+
+    -   If an application installer changes the security access to a new or existing file or directory, those changes are not captured in the package.
+
+    -   If short paths have been disabled for the virtualized package’s target volume, you must also sequence the package to a volume that was created and still has short-paths disabled. It cannot be the system volume.
+
+> [!NOTE]    
+> The App-V Sequencer cannot sequence applications with filenames matching "CO_<_x_>" where x is any numeral. Error 0x8007139F will be generated.
+
+**To sequence a new standard application**
+
+1.  On the computer that runs the sequencer, click **All Programs**, and then click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+
+2.  In the sequencer, click **Create a New Virtual Application Package**. Select **Create Package (default)**, and then click **Next**.
+
+3.  On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
+
+    > [!IMPORTANT]  
+    > If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
+
+4.  On the **Type of Application** page, click the **Standard Application (default)** check box, and then click **Next**.
+
+5.  On the **Select Installer** page, click **Browse** and specify the installation file for the application.
+
+    > [!NOTE]  
+    > If the specified application installer modifies security access to a file or directory, existing or new, the associated changes will not be captured into the package.
+    
+    If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Perform a Custom Installation** check box, and then click **Next**.
+
+6.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console.
+
+    Click **Next**.
+
+7.  On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process.
+
+    > [!IMPORTANT]  
+    > You should always install applications to a secure location and make sure no other users are logged on to the computer running the sequencer during monitoring.
+    
+    Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** to locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**. Click **Next**.
+
+8.  On the **Installation** page, wait while the sequencer configures the virtualized application package.
+
+9.  On the **Configure Software** page, optionally run the programs contained in the package. This step allows you to complete any necessary license or configuration tasks before you deploy and run the package on target computers. To run all the programs at one time, select at least one program, and then click **Run All**. To run specific programs, select the program or programs, and then click **Run Selected**. Complete the required configuration tasks and then close the applications. You may need to wait several minutes for all programs to run.
+
+    > [!NOTE]  
+    > To run first-use tasks for any application that is not available in the list, open the application. The associated information will be captured during this step.
+    
+    Click **Next**.
+
+10. On the **Installation Report** page, you can review information about the virtualized application package you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
+
+11. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 14 of this procedure. To perform either of the following customizations, select **Customize**.
+
+    -   Prepare the virtual package for streaming. Streaming improves the experience when the virtual application package is run on target computers.
+
+    -   Specify the operating systems that can run this package.
+
+    Click **Next**.
+
+12. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. It can take several minutes for all the applications to run. After all applications have run, close each of the applications, and then click **Next**.
+
+    > [!NOTE]  
+    > If you do not open any applications during this step, the default streaming method is on-demand streaming delivery. This means applications will be downloaded bit by bit until it can be opened, and then depending on how the background loading is configured, will load the rest of the application.
+
+     
+
+13. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select **Allow this package to run on any operating system**. To configure this package to run only on specific operating systems, select **Allow this package to run only on the following operating systems** and select the operating systems that can run this package. Click **Next**.
+
+    > [!IMPORTANT]  
+    > Make sure that the operating systems you specify here are supported by the application you are sequencing.
+
+
+14. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
+
+    To save the package immediately, select **Save the package now** (default). Add optional **Comments** to be associated with the package. Comments are useful for identifying the program version and other information about the package.
+
+    > [!IMPORTANT]  
+    > The system does not support non-printable characters in **Comments** and **Descriptions**.
+    
+    The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+
+15. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory where the package was created.
+
+    The package is now available in the sequencer.
+
+    > [!IMPORTANT]  
+    > After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
+
+     
+
+**To sequence an add-on or plug-in application**
+
+> [!NOTE]  
+>Before performing the following procedure, install the parent application locally on the computer that is running the sequencer. Or if you have the parent application virtualized, you can follow the steps in the add-on or plug-in workflow to unpack the parent application on the computer.
+
+>For example, if you are sequencing a plug-in for Microsoft Excel, install Microsoft Excel locally on the computer that is running the sequencer. Also install the parent application in the same directory where the application is installed on target computers. If the plug-in or add-on is going to be used with an existing virtual application package, install the application on the same virtual application drive that was used when you created the parent virtual application package.
+
+1.  On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+
+2.  In the sequencer, click **Create a New Virtual Application Package**, select **Create Package (default)**, and then click **Next**.
+
+3.  On the **Prepare Computer** page, review the issues that might cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
+
+    > [!IMPORTANT] 
+    > If you are required to disable virus scanning software, you should first scan the computer that runs the sequencer in order to ensure that no unwanted or malicious files could be added to the package.
+
+
+4.  On the **Type of Application** page, select **Add-on or Plug-in**, and then click **Next**.
+
+5.  On the **Select Installer** page, click **Browse** and specify the installation file for the add-on or plug-in. If the add-on or plug-in does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+
+6.  On the **Install Primary** page, ensure that the primary application is installed on the computer that runs the sequencer. Alternatively, you can expand an existing package that has been saved locally on the computer that runs the sequencer. To do this, click **Expand Package**, and then select the package. After you have expanded or installed the parent program, select **I have installed the primary parent program**.
+
+    Click **Next**.
+
+7.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name will be displayed in the App-V Management Console.
+
+    Click **Next**.
+
+8.  On the **Installation** page, when the sequencer and application installer are ready you can proceed to install the plug-in or add-in application so the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run** and locate and run the additional installation files. When you are finished with the installation, select **I am finished installing**, and then click **Next**.
+
+9.  On the **Installation Report** page, you can review information about the virtual application package that you just sequenced. For a more detailed explanation about the information displayed in **Additional Information**, double-click the event. After you have reviewed the information, click **Next**.
+
+10. The **Customize** page is displayed. If you are finished installing and configuring the virtual application, select **Stop now** and skip to step 12 of this procedure. To perform either of the following customizations, select **Customize**.
+
+    -   Optimize how the package will run across a slow or unreliable network.
+
+    -   Specify the operating systems that can run this package.
+
+    Click **Next**.
+
+11. On the **Streaming** page, run each program so that it can be optimized and run more efficiently on target computers. Streaming improves the experience when the virtual application package is run on target computers on high-latency networks. It can take several minutes for all the applications to run. After all applications have run, close each of the applications. You can also configure the package to be required to be fully downloaded before opening by selecting the **Force applications to be downloaded** check-box. Click **Next**.
+
+    > [!NOTE]   
+    > If necessary, you can stop an application from loading during this step. In the **Application Launch** dialog box, click **Stop** and select one of the check boxes: **Stop all applications** or **Stop this application only**.
+
+     
+
+12. On the **Target OS** page, specify the operating systems that can run this package. To allow all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box, and then select the operating systems that can run this package. Click **Next**.
+
+13. The **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor** check box. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
+
+    To save the package immediately, select **Save the package now**. Optionally, add a **Description** that will be associated with the package. Descriptions are useful for identifying the version and other information about the package.
+
+    > [!IMPORTANT]   
+    > The system does not support non-printable characters in Comments and Descriptions.
+    
+    The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+
+**To sequence a middleware application**
+
+1.  On the computer that runs the sequencer, click **All Programs**, and then Click **Microsoft Application Virtualization**, and then click **Microsoft Application Virtualization Sequencer**.
+
+2.  In the sequencer, click **Create a New Virtual Application Package**, select **Create Package (default)**, and then click **Next**.
+
+3.  On the **Prepare Computer** page, review the issues that could cause the package creation to fail or could cause the package to contain unnecessary data. You should resolve all potential issues before you continue. After making any corrections, click **Refresh** to display the updated information. After you have resolved all potential issues, click **Next**.
+
+    > [!IMPORTANT] 
+    > If you are required to disable virus scanning software, you should first scan the computer that runs the App-V Sequencer in order to ensure that no unwanted or malicious files can be added to the package.
+
+
+4.  On the **Type of Application** page, select **Middleware**, and then click **Next**.
+
+5.  On the **Select Installer** page, click **Browse** and specify the installation file for the application. If the application does not have an associated installer file and you plan to run all installation steps manually, select the **Select this option to perform a custom installation** check box, and then click **Next**.
+
+6.  On the **Package Name** page, type a name that will be associated with the package. Use a name that helps identify the purpose and version of the application that will be added to the package. The package name is displayed in the App-V Management Console.
+
+    Click **Next**.
+
+7.  On the **Installation** page, when the sequencer and middleware application installer are ready you can proceed to install the application so that the sequencer can monitor the installation process. Use the application's installation process to perform the installation. If additional installation files must be run as part of the installation, click **Run**, to locate and run the additional installation files. When you are finished with the installation, select the **I am finished installing** check box, and then click **Next**.
+
+8.  On the **Installation** page, wait while the sequencer configures the virtual application package.
+
+9.  On the **Installation Report** page, you can review information about the virtual application package that you have just sequenced. In **Additional Information**, double-click an event to obtain more detailed information. To proceed, click **Next**.
+
+10. On the **Target OS** page, specify the operating systems that can run this package. To enable all supported operating systems in your environment to run this package, select the **Allow this package to run on any operating system** check box. To configure this package to run only on specific operating systems, select the **Allow this package to run only on the following operating systems** check box and select the operating systems that can run this package. Click **Next**.
+
+11. On the **Create Package** page is displayed. To modify the package without saving it, select **Continue to modify package without saving using the package editor**. This option opens the package in the sequencer console so that you can modify the package before it is saved. Click **Next**.
+
+    To save the package immediately, select **Save the package now**. Optionally, add a **Description** to be associated with the package. Descriptions are useful for identifying the program version and other information about the package.
+
+    > [!IMPORTANT]   
+    > The system does not support non-printable characters in Comments and Descriptions.
+    
+    The default **Save Location** is also displayed on this page. To change the default location, click **Browse** and specify the new location. Click **Create**.
+
+12. The **Completion** page is displayed. Review the information in the **Virtual Application Package Report** pane as needed, then click **Close**. This information is also available in the **Report.xml** file that is located in the directory specified in step 11 of this procedure.
+
+    The package is now available in the sequencer. To edit the package properties, click **Edit \[Package Name\]**.
+
+    > [!IMPORTANT]    
+    > After you have successfully created a virtual application package, you cannot run the virtual application package on the computer that is running the sequencer.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Install the App-V Sequencer](appv-install-the-sequencer.md)
+- [Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-sequence-a-package-with-powershell.md b/windows/manage/appv-sequence-a-package-with-powershell.md
new file mode 100644
index 0000000000..e1920755b9
--- /dev/null
+++ b/windows/manage/appv-sequence-a-package-with-powershell.md
@@ -0,0 +1,68 @@
+---
+title: How to sequence a package by using Windows PowerShell (Windows 10)
+description: How to sequence a package by using Windows PowerShell
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Sequence a Package by using Windows PowerShell
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following procedure to create a new App-V package using Windows PowerShell.
+
+> [!NOTE]   
+> Before you use this procedure you must copy the associated installer files to the computer running the sequencer and you have read and understand the sequencer section of [Planning for the App-V Sequencer and Client Deployment](appv-planning-for-sequencer-and-client-deployment.md).
+
+ 
+**To create a new virtual application by using Windows PowerShell**
+
+1.  Install the App-V sequencer. For more information about installing the sequencer see [How to Install the Sequencer](appv-install-the-sequencer.md).
+
+2.  Click **Start** and type **Windows PowerShell**. Right-click **Windows PowerShell**, and select **Run as Administrator**.
+
+3.  Using the Windows PowerShell console, type the following: **import-module appvsequencer**.
+
+4.  To create a package, use the **New-AppvSequencerPackage** cmdlet. The following parameters are required to create a package:
+
+    -   **Name** - specifies the name of the package.
+
+    -   **PrimaryVirtualApplicationDirectory** - specifies the path to the directory that will be used to install the application. This path must exist.
+
+    -   **Installer** - specifies the path to the associated application installer.
+
+    -   **Path** - specifies the output directory for the package.
+
+    For example:
+
+    ```
+    New-AppvSequencerPackage –Name <name of package> -PrimaryVirtualApplicationDirectory <path to the package root> -Installer <path to the installer executable> -OutputPath <directory of the output path>
+    ```
+
+
+Wait for the sequencer to create the package. Creating a package by using Windows PowerShell can take time. If the package was not created successfully, an error will be returned.
+
+The following list displays additional optional parameters that can be used with **New-AppvSequencerPackage** cmdlet:
+
+-   AcceleratorFilePath – specifies the path to the accelerator .cab file to generate a package.
+
+-   InstalledFilesPath - specifies the path to where the local installed files of the application are saved.
+
+-   InstallMediaPath - specifies the path of the installation media
+
+-   TemplateFilePath - specifies the path to a template file if you want to customize the sequencing process.
+
+-   FullLoad - specifies that the package must be fully downloaded to the computer running the App-V before it can be opened.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Administering App-V by using Windows PowerShell](appv-administering-appv-with-powershell.md)
diff --git a/windows/manage/appv-supported-configurations.md b/windows/manage/appv-supported-configurations.md
new file mode 100644
index 0000000000..e7a69f7b2a
--- /dev/null
+++ b/windows/manage/appv-supported-configurations.md
@@ -0,0 +1,239 @@
+---
+title: App-V Supported Configurations (Windows 10)
+description: App-V Supported Configurations
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# App-V Supported Configurations
+
+**Applies to**
+-   Windows 10, version 1607; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; and Windows Server 2008 R2
+
+This topic specifies the requirements to install and run App-V in your Windows 10 environment. For information about prerequisite software such as the .NET Framework, see [App-V Prerequisites](appv-prerequisites.md).
+
+## App-V Server system requirements
+
+This section lists the operating system and hardware requirements for all of the App-V server components.
+
+### Unsupported App-V server scenarios
+
+The App-V server does not support the following scenarios:
+
+-   Deployment to a computer that runs the Server Core installation option.
+
+-   Deployment to a computer that runs a previous version of the App-V server components. You can install App-V side by side with the App-V 4.5 Lightweight Streaming Server (LWS) server only. Deployment of App-V side by side with the Application Virtualization Management Service (HWS) 4.x is not supported.
+
+-   Deployment to a computer that runs Microsoft SQL Server Express edition.
+
+-   Deployment to a domain controller.
+
+-   Short paths. If you plan to use a short path, you must create a new volume.
+
+### Management server operating system requirements
+
+The App-V Management server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
+
+> [!IMPORTANT]  
+> Deployment of the Management server role to a computer with Remote Desktop Services enabled is not supported.
+
+ 
+
+### Management server hardware requirements
+
+-   Processor—1.4 GHz or faster, 64-bit (x64) processor
+
+-   RAM—1 GB RAM (64-bit)
+
+-   Disk space—200 MB available hard disk space, not including the content directory
+
+### Management server database requirements
+
+The following table lists the SQL Server versions that are supported for the App-V Management database installation.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">SQL Server version</th>
+<th align="left">Service pack</th>
+<th align="left">System architecture</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Microsoft SQL Server 2014</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>32-bit or 64-bit</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Microsoft SQL Server 2012</p></td>
+<td align="left"><p>SP2</p></td>
+<td align="left"><p>32-bit or 64-bit</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Microsoft SQL Server 2008 R2</p></td>
+<td align="left"><p>SP3</p></td>
+<td align="left"><p>32-bit or 64-bit</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Publishing server operating system requirements
+
+The App-V Publishing server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later.
+
+
+### Publishing server hardware requirements
+
+App-V adds no additional requirements beyond those of Windows Server.
+
+-   Processor—1.4 GHz or faster, 64-bit (x64) processor
+
+-   RAM—2 GB RAM (64-bit)
+
+-   Disk space—200 MB available hard disk space, not including the content directory
+
+### Reporting server operating system requirements
+
+The App-V Reporting server can be installed on a server that runs Windows Server 2008 R2 with SP1 or later. 
+
+### Reporting server hardware requirements
+
+App-V adds no additional requirements beyond those of Windows Server.
+
+-   Processor—1.4 GHz or faster, 64-bit (x64) processor
+
+-   RAM—2 GB RAM (64-bit)
+
+-   Disk space—200 MB available hard disk space
+
+### Reporting server database requirements
+
+The following table lists the SQL Server versions that are supported for the App-V Reporting database installation.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">SQL Server version</th>
+<th align="left">Service pack</th>
+<th align="left">System architecture</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Microsoft SQL Server 2014</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>32-bit or 64-bit</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Microsoft SQL Server 2012</p></td>
+<td align="left"><p>SP2</p></td>
+<td align="left"><p>32-bit or 64-bit</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Microsoft SQL Server 2008 R2</p></td>
+<td align="left"><p>SP3</p></td>
+<td align="left"><p>32-bit or 64-bit</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## App-V client requirements and Remote Desktop Services client requirements
+
+With Windows 10, version 1607 and later releases, the App-V client is included with Windows 10 Enterprise and Windows 10 Education. The App-V client is no longer part of the Microsoft Desktop Optimization Pack. Before you can use the App-V client, it must be enabled, as described in [Enable the App-V desktop client](appv-enable-the-app-v-desktop-client.md).
+
+Similarly, the App-V Remote Desktop Services (RDS) client is included with Windows Server 2016 Standard and Windows Server 2016 Datacenter.
+
+## Sequencer system requirements
+
+
+The following table lists the operating systems that are supported for the App-V Sequencer installation.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Operating system</th>
+<th align="left">Service pack</th>
+<th align="left">System architecture</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Microsoft Windows Server 2012 R2</p></td>
+<td align="left"></td>
+<td align="left"><p>64-bit</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Microsoft Windows Server 2012</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>64-bit</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Microsoft Windows Server 2008 R2</p></td>
+<td align="left"><p>SP1</p></td>
+<td align="left"><p>64-bit</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Microsoft Windows 10</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>32-bit and 64-bit</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Microsoft Windows 8.1</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>32-bit and 64-bit</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Microsoft Windows 8</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>32-bit and 64-bit</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Microsoft Windows 7</p></td>
+<td align="left"><p>SP1</p></td>
+<td align="left"><p>32-bit and 64-bit</p></td>
+</tr>
+</tbody>
+</table>
+
+
+### Sequencer hardware requirements
+
+See the Windows or Windows Server documentation for the hardware requirements. App-V adds no additional hardware requirements.
+
+## <a href="" id="bkmk-supp-ver-sccm"></a>Supported versions of System Center Configuration Manager
+
+The App-V client works with System Center Configuration Manager versions starting with Technical Preview for System Center Configuration Manager, version 1606.
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+- [Planning to Deploy App-V](appv-planning-to-deploy-appv.md)
+- [App-V Prerequisites](appv-prerequisites.md)
diff --git a/windows/manage/appv-technical-reference.md b/windows/manage/appv-technical-reference.md
new file mode 100644
index 0000000000..692da1bf49
--- /dev/null
+++ b/windows/manage/appv-technical-reference.md
@@ -0,0 +1,49 @@
+---
+title: Technical Reference for App-V (Windows 10)
+description: Technical Reference for App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Technical Reference for App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+This section provides reference information related to managing App-V.
+
+## In This Section
+
+
+-   [Performance Guidance for Application Virtualization](appv-performance-guidance.md)
+
+    Provides strategy and context for a number of performance optimization practices. Not all practices will be applicable although they are supported and have been tested. Using all suggested practices that are applicable to your organization will provide the optimal end-user experience.
+
+-   [Application Publishing and Client Interaction](appv-application-publishing-and-client-interaction.md)
+
+    Describes how the following App-V client operations affect the local operating system: App-V files and data storage locations, package registry, package store behavior, roaming registry and data, client application lifecycle management, integration of App-V packages, dynamic configuration, side-by-side assemblies, and client logging.
+
+-   [Viewing App-V Server Publishing Metadata](appv-viewing-appv-server-publishing-metadata.md)
+
+    Tells how to view publishing metadata, which can help you resolve publishing-related issues.
+
+-   [Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications](appv-running-locally-installed-applications-inside-a-virtual-environment.md)
+
+    Describes reasons and methods for running a locally installed application in a virtual environment, alongside applications that have been virtualized by using Application Virtualization (App-V).
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[How to Deploy the App-V Databases by Using SQL Scripts](appv-deploy-appv-databases-with-sql-scripts.md)
+
+[Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md)
+
+[Windows PowerShell reference for App-V](https://technet.microsoft.com/en-us/library/dn903534.aspx)
diff --git a/windows/manage/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/manage/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
new file mode 100644
index 0000000000..6311662ac3
--- /dev/null
+++ b/windows/manage/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
@@ -0,0 +1,35 @@
+---
+title: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console (Windows 10)
+description: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following procedure to transfer the access and default package configurations to another version of a package by using the management console.
+
+**To transfer access and configurations to another version of a package**
+
+1.  To view the package that you want to configure, open the App-V Management Console. Select the package to which you will transfer the new configuration, right-click the package and select **transfer default configuration from** or **transfer access and configurations from**, depending on the configuration that you want to transfer.
+
+2.  To transfer the configuration, in the **Select Previous Version** dialog box, select the package that contains the settings that you want to transfer, and then click **OK**.
+
+    If you select **transfer default configuration from**, then only the underlying dynamic deployment configuration will be transferred.
+
+    If you select **transfer access and configurations from**, then all access permissions, as well as the configuration settings, will be copied.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-troubleshooting.md b/windows/manage/appv-troubleshooting.md
new file mode 100644
index 0000000000..1851a31174
--- /dev/null
+++ b/windows/manage/appv-troubleshooting.md
@@ -0,0 +1,44 @@
+---
+title: Troubleshooting App-V (Windows 10)
+description: Troubleshooting App-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Troubleshooting App-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+For information that can help with troubleshooting App-V for Windows 10, see:
+
+- [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](http://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
+
+- [Microsoft App-V Team Blog](https://blogs.technet.microsoft.com/appv/)
+
+- [Release Notes for App-V](appv-release-notes-for-appv-for-windows.md)
+
+- [Technical Reference for App-V](appv-technical-reference.md)
+
+- [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv)
+
+
+## Other resources
+
+-   [Application Virtualization (App-V) for Windows 10 overview](appv-for-windows.md)
+
+-   [Getting Started with App-V for Windows 10](appv-getting-started.md)
+
+-   [Planning for App-V](appv-planning-for-appv.md)
+
+-   [Deploying App-V](appv-deploying-appv.md)
+
+-   [Operations for App-V](appv-operations.md)
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
diff --git a/windows/manage/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/manage/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
new file mode 100644
index 0000000000..819bd3c789
--- /dev/null
+++ b/windows/manage/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
@@ -0,0 +1,98 @@
+---
+title: Upgrading to App-V for Windows 10 from an existing installation (Windows 10)
+description: Upgrading to App-V for Windows 10 from an existing installation
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Upgrading to App-V for Windows 10 from an existing installation
+
+**Applies to**
+-   Windows 10, version 1607
+
+If you’re already using App-V and you’re planning to upgrade user devices to Windows 10, you need to make only the following few adjustments to your existing environment to start using App-V for Windows 10. 
+
+1. [Upgrade user devices to Windows 10](#upgrade-user-devices-to-windows-10). Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings.
+
+2. [Verify that App-V applications and settings were migrated correctly](#verify-that-app-v-applications-and-settings-were-migrated-correctly).
+
+3. [Enable the in-box App-V client](#enable-the-in-box-app-v-client).
+
+4. [Configure the in-box App-V client to point to previously installed App-V server components](#configure-the-in-box-app-v-client-to-point-to-previously-installed-app-v-server-components).
+
+5. [Verify that the in-box App-V client can receive and launch .appv packages](#verify-that-the-in-box-app-v-client-can-receive-and-launch-appv-packages).
+
+These steps are explained in more detail below.
+
+## Upgrade user devices to Windows 10
+
+Performing an in-place upgrade automatically installs the App-V client and migrates users’ App-V applications and settings. See the [Windows 10 and Windows 10 Mobile document set](https://technet.microsoft.com/itpro/windows/index) for information about upgrading user devices to Windows 10. 
+
+## Verify that App-V applications and settings were migrated correctly
+
+After upgrading a user device to Windows 10, it’s important to verify that App-V applications and settings were migrated correctly during the upgrade. 
+
+To verify that the user’s App-V application packages were migrated correctly, type `Get-AppvClientPackage` in Windows PowerShell.
+
+To verify that the user’s App-V settings were migrated correctly, type `Get-AppvClientConfiguration` in Windows PowerShell.
+
+## Enable the in-box App-V client
+
+With Windows 10, the App-V client is installed automatically. You need to enable the client to allow user devices to access and run virtual applications. You can enable the client with the Group Policy editor or with Windows PowerShell. 
+
+**To enable the App-V client with Group Policy**
+
+1. Open the device’s **Group Policy Editor**.
+
+2. Navigate to **Computer Configuration > Administrative Templates > System > App-V**. 
+
+3. Run **Enables App-V Client** and then select **Enabled** on the screen that appears.
+
+4. Restart the device.
+
+**To enable the App-V client with Windows PowerShell**
+
+1. Open Windows PowerShell.
+
+2. Type `Enable-Appv` and press enter.
+
+3. Restart the device.
+
+4. To verify that the App-V client is enabled on the device, enter `AppvClientEnabled` or `Get-AppvStatus` in Windows PowerShell.
+
+## Configure the in-box App-V client to point to previously installed App-V server components
+
+Once you’ve enabled the in-box App-V client, you need to configure it to point to your existing App-V server components. You can configure the App-V client with Windows PowerShell cmdlets or with the device’s local Group Policy editor.
+
+**To modify client settings to point to an existing App-V publishing server with Windows PowerShell**
+
+Type the following cmdlet in a Windows PowerShell window: 
+
+`Add-AppvPublishingServer -Name AppVServer -URL http:// appvserver:2222` 
+
+**To modify client settings to point to an existing App-V publishing server with Group Policy** 
+
+1. Open the device’s **Local Group Policy Editor**.
+
+2. Navigate to **Computer Configuration > Administrative Templates > System > App-V > Publishing**.  
+
+3. Enter your existing App-V publishing server’s details in **Options** and then click or press **Apply**.
+
+## Verify that the in-box App-V client can receive and launch .appv packages
+
+1. Add and publish a package using the following Windows PowerShell cmdlets: 
+
+    `Add-AppvClientPackage \\path\to\appv\package.appv | Publish-AppvClientPackage` 
+
+2. Launch the published package. 
+
+3. Unpublish an existing package use the following cmdlet: 
+
+    `Unpublish-AppvClientPackage "ContosoApplication"`
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
\ No newline at end of file
diff --git a/windows/manage/appv-using-the-client-management-console.md b/windows/manage/appv-using-the-client-management-console.md
new file mode 100644
index 0000000000..c029733b1d
--- /dev/null
+++ b/windows/manage/appv-using-the-client-management-console.md
@@ -0,0 +1,88 @@
+---
+title: Using the App-V Client Management Console (Windows 10)
+description: Using the App-V Client Management Console
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Using the App-V Client Management Console
+
+**Applies to**
+-   Windows 10, version 1607
+
+This topic provides information about about using the Application Virtualization (App-V) client management console to manage packages on the computer running the App-V client.
+
+## Obtain the client management console
+
+The client management console is separate from the App-V client itself. You can download the client management console from the [Microsoft Download Center](https://www.microsoft.com/en-us/download/details.aspx?id=41186).
+
+> [!NOTE]  
+To perform all of the actions available using the client management console, you must have administrative access on the computer running the App-V client.
+
+## Options for managing the App-V client
+
+The App-V client has associated settings that can be configured to determine how the client will run in your environment. You can manage these settings on the computer that runs the client, or you can use Windows PowerShell or Group Policy. For more information about configuring the client by using Windows PowerShell or Group Policy, see:
+
+- [Deploying the App-V Sequencer and Configuring the Client](appv-deploying-the-appv-sequencer-and-client.md)
+
+- [How to Modify Client Configuration by Using Windows PowerShell](appv-modify-client-configuration-with-powershell.md)
+
+- [How to Configure the Client to Receive Package and Connection Groups Updates From the Publishing Server](appv-configure-the-client-to-receive-updates-from-the-publishing-server.md) 
+
+## <a href="" id="the-app-v-5-1-client-management-console-"></a>The App-V client management console
+
+You can obtain information about the App-V client or perform specific tasks by using the App-V client management console. Many of the tasks that you can perform in the client management console you can also perform by using Windows PowerShell. The associated Windows PowerShell cmdlets for each action are also displayed in the following table. For more information about how to use Windows PowerShell, see [Administering App-V by Using Windows PowerShell](appv-administering-appv-with-powershell.md).
+
+The client management console contains the following described main tabs.
+
+<table>
+<colgroup>
+<col width="20%" />
+<col width="80%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Tab</th>
+<th align="left">Description</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Overview</p></td>
+<td align="left"><p>The <strong>Overview</strong> tab contains the following elements:</p>
+<ul>
+<li><p>Update – Use the <strong>Update</strong> tile to refresh a virtualized application or to receive a new virtualized package.</p>
+<p>The <strong>Last Refresh</strong> displays the current version of the virtualized package.</p></li>
+<li><p>Download all virtual applications – Use the <strong>Download</strong> tile to download all of the packages provisioned to the current user.</p>
+<p>(Associated Windows PowerShell cmdlet: <strong>Mount-AppvClientPackage</strong>)</p>
+<p></p></li>
+<li><p>Work Offline – Use this tile to disallow all automatic and manual virtual application updates.</p>
+<p>(Associated Windows PowerShell cmdlet: <strong>Set-AppvPublishServer –UserRefreshEnabled –GlobalRefreshEnabled</strong>)</p></li>
+</ul></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Virtual Apps</p></td>
+<td align="left"><p>The <strong>VIRTUAL APPS</strong> tab displays all of the packages that have been published to the user. You can also click a specific package and see all of the applications that are part of that package. This displays information about packages that are currently in use and how much of each package has been downloaded to the computer. You can also start and stop package downloads. Additionally, you can repair the user state. A repair will delete all user data that is associated with a package.</p>
+<p></p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>App Connection Groups</p></td>
+<td align="left"><p>The <strong>APP CONNECTION GROUPS</strong> tab displays all of the connection groups that are available to the current user. Click a specific connection group to see all of the packages that are part of the selected group. This displays information about connection groups that are already in use and how much of the connection group contents have been downloaded to the computer. Additionally, you can start and stop connection group downloads. You can use this section to initiate a repair. A repair will remove all of the user state that is associated a connection group.</p>
+<p>(Associated Windows PowerShell cmdlets: Download - <strong>Mount-AppvClientConnectionGroup</strong>. Repair -<strong>AppvClientConnectionGroup</strong>.)</p>
+<p></p></td>
+</tr>
+</tbody>
+</table>
+
+## Have a suggestion for App-V?
+
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md b/windows/manage/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
new file mode 100644
index 0000000000..be5ea2635f
--- /dev/null
+++ b/windows/manage/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
@@ -0,0 +1,39 @@
+---
+title: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console (Windows 10)
+description: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
+
+**Applies to**
+-   Windows 10, version 1607
+
+Use the following procedure to view and configure default package extensions.
+
+**To view and configure default virtual application extensions**
+
+1.  To view the package that you want to configure, open the App-V Management Console. Select the package that you want to configure, right-click the package name and select **edit default configuration**.
+
+2.  To view the applications contained in the specified package, in the **Default Configuration** pane, click **Applications**. To view the shortcuts for that package, click **Shortcuts**. To view the file type associations for that package, click **File Types**.
+
+3.  To enable the application extensions, select **ENABLE**.
+
+    To enable shortcuts, select **ENABLE SHORTCUTS**. To add a new shortcut for the selected application, right-click the application in the **SHORTCUTS** pane and select **Add new shortcut**. To remove a shortcut, right-click the application in the **SHORTCUTS** pane and select **Remove Shortcut**. To edit an existing shortcut, right-click the application and select **Edit Shortcut**.
+
+4.  To view any other application extensions, click **Advanced** and click **Export Configuration**. Type in a filename and click **Save**. You can view all application extensions associated with the package using the configuration file.
+
+5.  To edit other application extensions, modify the configuration file and click **Import and Overwrite this Configuration**. Select the modified file and click **Open**. In the dialog box, click **Overwrite** to complete the process.
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Operations for App-V](appv-operations.md)
diff --git a/windows/manage/appv-viewing-appv-server-publishing-metadata.md b/windows/manage/appv-viewing-appv-server-publishing-metadata.md
new file mode 100644
index 0000000000..c56544ab71
--- /dev/null
+++ b/windows/manage/appv-viewing-appv-server-publishing-metadata.md
@@ -0,0 +1,160 @@
+---
+title: Viewing App-V Server Publishing Metadata (Windows 10)
+description: Viewing App-V Server Publishing Metadata
+author: MaggiePucciEvans
+ms.pagetype: mdop, appcompat, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Viewing App-V Server Publishing Metadata
+
+**Applies to**
+-   Windows Server 2016
+
+Use this procedure to view App-V Server publishing metadata, which can help you resolve publishing-related issues. You must be using the App-V Management server to use this procedure.
+
+This article contains the following information:
+
+-   [Definition of publishing metadata](#bkmk-whatis-pub-metadata)
+
+-   [Syntax to use for viewing publishing metadata](#bkmk-syntax-view-pub-meta)
+
+-   [Query values for client operating system](#bkmk-values-query-pub-meta)
+
+## <a href="" id="bkmk-whatis-pub-metadata"></a>Definition of publishing metadata
+
+When packages are published to a computer that is running the App-V client, metadata is sent to that computer indicating which packages and connection groups are being published. The App-V Client makes two separate requests for the following:
+
+-   Packages and connection groups that are entitled to the client computer.
+
+-   Packages and connection groups that are entitled to the current user.
+
+The Publishing server communicates with the Management server to determine which packages and connection groups are available to the requester. The Publishing server must be registered with the Management server in order for the metadata to be generated.
+
+You can view the metadata for each request in an Internet browser by using a query that is in the context of the specific user or computer.
+
+## <a href="" id="bkmk-syntax-view-pub-meta"></a>Query syntax for viewing publishing metadata
+
+This section provides information about queries for viewing publishing metadata for App-V 5.0 SP3 Server and App-V 5.1 server. The App-V server components have not changed since App-V 5.0 was released, so App-V 5.x Server is the version of the server used with App-V for Windows 10.
+
+**Query syntax**
+
+`http://<PubServer>:<Publishing Port#>/?ClientVersion=<BuildNumber>&ClientOS=<OSStringValue>`
+
+For information about the variables in this syntax, see the table that follows.
+
+**Query example**
+
+`http://pubsvr01:2718/?ClientVersion=10.0.14393&ClientOS=WindowsClient_10.0_x64`
+
+In this example:
+
+- A computer running Windows Server 2016 named “pubsvr01” hosts the Publishing service.
+
+- The Windows client is Windows 10, 64-bit.
+
+**Query parameter descriptions**
+
+The following table describes the parameters shown in the preceding **Query syntax**.
+
+| Parameter  | Description   |
+|------------|---------------|
+| `<PubServer>`  |  Name of the App-V Publishing server. |
+| `<Publishing Port#>` | Port to the App-V Publishing server, which you defined when you configured the Publishing server. |
+| `ClientVersion=<BuildNumber>` | Windows 10 build number. You can obtain this number by running the following Windows PowerShell command:<br>`(Get-CimInstance Win32_OperatingSystem).version`  |
+| `ClientOS=<OSStringValue>` | Operating system of the computer that is running the App-V client. Refer to the table that follows for the correct value.<br>You can omit this parameter, with the result that only the packages that were sequenced to support all operating systems will appear in the metadata. |
+
+To get the name of the Publishing server and the port number (`http://<PubServer>:<Publishing Port#>`) from the App-V client, look at the URL configuration of the <strong>Get-AppvPublishingServer</strong> Windows PowerShell cmdlet.
+
+## <a href="" id="bkmk-values-query-pub-meta"></a>Query values for client operating system
+
+In your publishing metadata query, enter the string values that correspond to the client operating system that you’re using.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Operating system</th>
+<th align="left">Architecture</th>
+<th align="left">Operating string string value</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Windows 10</p></td>
+<td align="left"><p>64-bit</p></td>
+<td align="left"><p>WindowsClient_10.0_x64</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows 10</p></td>
+<td align="left"><p>32-bit</p></td>
+<td align="left"><p>WindowsClient_10.0_x86</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows 8.1</p></td>
+<td align="left"><p>64-bit</p></td>
+<td align="left"><p>WindowsClient_6.2_x64</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows 8.1</p></td>
+<td align="left"><p>32-bit</p></td>
+<td align="left"><p>WindowsClient_6.2_x86</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows 8</p></td>
+<td align="left"><p>64-bit</p></td>
+<td align="left"><p>WindowsClient_6.2_x64</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows 8</p></td>
+<td align="left"><p>32-bit</p></td>
+<td align="left"><p>WindowsClient_6.2_x86</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server 2012 R2</p></td>
+<td align="left"><p>64-bit</p></td>
+<td align="left"><p>WindowsServer_6.2_x64</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2012 R2</p></td>
+<td align="left"><p>32-bit</p></td>
+<td align="left"><p>WindowsServer_6.2_x86</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server 2012</p></td>
+<td align="left"><p>64-bit</p></td>
+<td align="left"><p>WindowsServer_6.2_x64</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2012</p></td>
+<td align="left"><p>32-bit</p></td>
+<td align="left"><p>WindowsServer_6.2_x86</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Windows Server 2008 R2</p></td>
+<td align="left"><p>64-bit</p></td>
+<td align="left"><p>WindowsServer_6.1_x64</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows Server 2008 R2</p></td>
+<td align="left"><p>32-bit</p></td>
+<td align="left"><p>WindowsServer_6.1_x86</p></td>
+</tr>
+</tbody>
+</table>
+
+
+## Have a suggestion for App-V?
+
+Add or vote on suggestions on the [Application Virtualization feedback site](http://appv.uservoice.com/forums/280448-microsoft-application-virtualization).<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+
+## Related topics
+
+[Technical Reference for App-V](appv-technical-reference.md)
diff --git a/windows/manage/assign-apps-to-employees.md b/windows/manage/assign-apps-to-employees.md
index adf354a31f..a329393689 100644
--- a/windows/manage/assign-apps-to-employees.md
+++ b/windows/manage/assign-apps-to-employees.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Assign apps to employees
diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md
index e2ae8bfc55..371cdedb8d 100644
--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@@ -12,21 +12,40 @@ author: jdeckerMS
 
 This topic lists new and updated topics in the [Manage and update Windows 10](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+## September 2016
+
+| New or changed topic | Description |
+| --- | --- |
+| [Lockdown features from Windows Embedded 8.1 Industry](lockdown-features-windows-10.md) | Added Group Policy setting to replace Gesture Filter |
+| [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added content for Windows Server 2016 |
+| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated the script for setting a custom shell using Shell Launcher. |
+
+## August 2016
+
+| New or changed topic | Description |
+| --- | --- |
+| [Create mandatory user profiles](mandatory-user-profile.md) | New |
+| [Configure Windows 10 taskbar](configure-windows-10-taskbar.md) | Updated sample XML for combined Start and taskbar layout; added note to explain the difference between applying taskbar configuration by Group Policy and by provisioning package |
+| [Set up a kiosk on Windows 10 Pro, Enterprise, or Education](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) | Updated instructions for exiting assigned access mode. |
+| Application development for Windows as a service  |  Topic moved to MSDN: [Application development for Windows as a service](https://msdn.microsoft.com/windows/uwp/get-started/application-development-for-windows-as-a-service)
+
 
 ## RELEASE: Windows 10, version 1607
 
 The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: 
 
 - [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md)
-- [Diagnostics for devices managed by MDM](diagnostics-for-mdm-devices.md)
 - [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
 - [Set up a shared or guest PC with Windows 10](set-up-shared-or-guest-pc.md)
-- [Guidelines for choosing an app for assigned access (kisok mode)](guidelines-for-assigned-access-app.md)
+- [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md)
+- [Application Virtualization (App-V) for Windows 10](appv-for-windows.md)
+- [User Experience Virtualization (UE-V) for Windows 10](uev-for-windows.md)
 
 ## July 2016
 
 | New or changed topic | Description |
 | ---|---|
+| [Manage Windows 10 and Windows Store tips, tricks, and suggestions](manage-tips-and-suggestions.md) | New |
 | [Windows 10 servicing options](introduction-to-windows-10-servicing.md)  | Added detailed content on servicing branches, moved from [Windows 10 servicing overview](../plan/windows-10-servicing-options.md). |
 
 
@@ -83,7 +102,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 | ---|---|
 | [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) | New |
 | [Manage Wi-Fi Sense in your company](manage-wifi-sense-in-enterprise.md) | New |
-|[Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | New |
+| [Customize Windows 10 Start with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md) | New |
 
 ## November 2015
 
diff --git a/windows/manage/changes-to-start-policies-in-windows-10.md b/windows/manage/changes-to-start-policies-in-windows-10.md
index 8697ff8945..743009e354 100644
--- a/windows/manage/changes-to-start-policies-in-windows-10.md
+++ b/windows/manage/changes-to-start-policies-in-windows-10.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Changes to Group Policy settings for Windows 10 Start
@@ -54,7 +55,7 @@ These policy settings are available in **Administrative Templates\\Start Menu an
 </tr>
 <tr class="even">
 <td align="left">Prevent users from customizing their Start Screen</td>
-<td align="left"><p>Use this policy in conjunction with [CopyProfile](http://go.microsoft.com/fwlink/p/?LinkId=623229) or other methods for configuring the layout of Start to prevent users from changing it</p></td>
+<td align="left"><p>Use this policy in conjunction with [CopyProfile](https://go.microsoft.com/fwlink/p/?LinkId=623229) or other methods for configuring the layout of Start to prevent users from changing it</p></td>
 </tr>
 <tr class="odd">
 <td align="left">Prevent users from uninstalling applications from Start</td>
diff --git a/windows/manage/configure-devices-without-mdm.md b/windows/manage/configure-devices-without-mdm.md
index 54a9faaaf4..b28734a5f6 100644
--- a/windows/manage/configure-devices-without-mdm.md
+++ b/windows/manage/configure-devices-without-mdm.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: mobile, devices
 author: jdeckerMS
+localizationpriority: medium
 ---
 
 # Configure devices without MDM
@@ -56,8 +57,8 @@ Provisioning packages are simple for employees to install. And when they remove
 
     Package might include company root certificate, Wi-Fi profiles, security policies, or company application.
 
-    **Note**  
-    Test to make sure that removing the provisioning package from a personal device removes everything that the package installed. Some settings are not reverted when a provisioning package is removed from the device.
+    > [!NOTE]  
+    > Test to make sure that removing the provisioning package from a personal device removes everything that the package installed. Some settings are not reverted when a provisioning package is removed from the device.
 
      
 
@@ -65,16 +66,16 @@ Provisioning packages are simple for employees to install. And when they remove
 
     Package might include computer name, company root certificate, Wi-Fi profile, or company application.
 
-    **Note**  
-    To return the **Start** menu to a specific state, you must reset the device. When you reset the device, you can apply the provisioning package during the first-run experience.
+    > [!NOTE]  
+    > To return the **Start** menu to a specific state, you must reset the device. When you reset the device, you can apply the provisioning package during the first-run experience.
 
      
 
-For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( http://go.microsoft.com/fwlink/p/?LinkId=619012).
+For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( https://go.microsoft.com/fwlink/p/?LinkId=619012).
 
 ## Create a provisioning package 
 
-Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a runtime provisioning package. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a runtime provisioning package. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
 
 When you run Windows ICD, you have several options for creating your package.
 
@@ -84,12 +85,12 @@ When you run Windows ICD, you have several options for creating your package.
 - Choose **Provision school devices** to quickly create provisioning packages that configure settings and policies tailored for students. Learn more about using Windows ICD to provision student PCs (link tb added).
 - Choose **Advanced provisioning** to create provisioning packages in the advanced settings editor and include classic (Win32) and Universal Windows Platform (UWP) apps for deployment on end-user devices.
 
-> **Important**
-When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
+> [!IMPORTANT]
+> When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
 ### Using Simple provisioning
 
-1. Open Windows ICD (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
+1. Open Windows ICD (by default, `%windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe`).
 2. Click **Simple provisioning**.
 2. Name your project and click **Finish**.
 3. In the **Set up device** step, enter a unique 15-character name for the device. For help generating a unique name, you can use %SERIAL%, which includes a hardware-specific serial number, or you can use %RAND:x%, which generates random characters of x length.
@@ -103,7 +104,8 @@ When you build a provisioning package, you may include sensitive information in
 6. Toggle **On** or **Off** for wireless network connectivity. If you select **On**, enter the SSID, type, and (if required) password for the wireless network.
 7. Click **Enroll into Active Directory**.
 8. Toggle **Yes** or **No** for Active Directory enrollment. If you select **Yes**, enter the credentials for an account with permissions to enroll the device. (Optional) Enter a user name and password to create a local administrator account.
-    > **Warning**: If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you will have to reimage the device and start over. As a best practice, we recommend:
+    > [!WARNING]
+    > If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you will have to reimage the device and start over. As a best practice, we recommend:
     - Use a least-privileged domain account to join the device to the domain.
     - Create a temporary administrator account to use for debugging or reprovisioning if the device fails to enroll successfully.
     - [Use Group Policy to delete the temporary administrator account](https://blogs.technet.microsoft.com/canitpro/2014/12/10/group-policy-creating-a-standard-local-admin-account/) after the device is enrolled in Active Directory.
@@ -123,19 +125,19 @@ When you build a provisioning package, you may include sensitive information in
 3.  Name your project, and click **Next**.
 4.  Choose **All Windows editions**, **All Windows desktop editions**, or **All Windows mobile editions**, depending on the devices you intend to provision, and click **Next**.
 5.  On **New project**, click **Finish**. The workspace for your package opens.
-6.  Configure settings. [Learn more about specific settings in provisioning packages.]( http://go.microsoft.com/fwlink/p/?LinkId=615916)
+6.  Configure settings. [Learn more about specific settings in provisioning packages.]( https://go.microsoft.com/fwlink/p/?LinkId=615916)
 7.  On the **File** menu, select **Save.**
 8.  On the **Export** menu, select **Provisioning package**.
 9.  Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
 10. Set a value for **Package Version**.
-    > **Tip**  
-    You can make changes to existing packages and change the version number to update previously applied packages.
+    > [!TIP]  
+    > You can make changes to existing packages and change the version number to update previously applied packages.
   
 11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
     -   **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
     -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
-       > **Important**  
-        We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently.
+       > [!IMPORTANT]  
+       > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently.
         
 12. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.
     Optionally, you can click **Browse** to change the default output location.
@@ -153,7 +155,7 @@ When you build a provisioning package, you may include sensitive information in
     -   Email
     -   USB tether (mobile only)
 
-Learn more: [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=629651)
+Learn more: [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=629651)
 
 ## Apply package
 
@@ -179,14 +181,14 @@ On a mobile device, the employee goes to **Settings** &gt; **Accounts** &gt; **P
 
 -   Optionally, keep packages when you reset a mobile device. When you reset a desktop, runtime packages are removed.
 
-    ![](images/resetdevice.png)
+    ![reset a device](images/resetdevice.png)
 
 ## Learn more
 
 
--   [Provisioning Windows 10 Devices with New Tools](http://go.microsoft.com/fwlink/p/?LinkId=615921)
+-   [Provisioning Windows 10 Devices with New Tools](https://go.microsoft.com/fwlink/p/?LinkId=615921)
 
--   [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](http://go.microsoft.com/fwlink/p/?LinkId=615922)
+-   [Windows 10 for Mobile Devices: Provisioning Is Not Imaging](https://go.microsoft.com/fwlink/p/?LinkId=615922)
 
  
 
diff --git a/windows/manage/configure-mdm-provider-windows-store-for-business.md b/windows/manage/configure-mdm-provider-windows-store-for-business.md
index e621a59e02..d4c07de29f 100644
--- a/windows/manage/configure-mdm-provider-windows-store-for-business.md
+++ b/windows/manage/configure-mdm-provider-windows-store-for-business.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Configure an MDM provider
diff --git a/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md b/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
index 66f10dbf1e..8a9777af29 100644
--- a/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
+++ b/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft.md
@@ -1,1259 +1,4 @@
 ---
 title: Configure Windows 10 devices to stop data flow to Microsoft (Windows 10)
-redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services
----
-
-# Configure Windows 10 devices to stop data flow to Microsoft
-
-**Applies to**
-
--   Windows 10
-
-If you're looking for content on what each telemetry level means and how to configure it in your organization, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md).
-
-Learn about the network connections that Windows components make to Microsoft and also the privacy settings that affect data that is shared with either Microsoft or apps and how they can be managed by an IT Pro.
-
-If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure telemetry at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
-
-Some of the network connections discussed in this article can be managed in Windows 10 Mobile, Windows 10 Mobile Enterprise, and the July release of Windows 10. However, you must use Windows 10 Enterprise, version 1511 or Windows 10 Education, version 1511 to manage them all.
-
-In Windows 10 Enterprise, version 1511 or Windows 10 Education, version 1511, you can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft services as described in this article to prevent Windows from sending any data to Microsoft. We strongly recommend against this, as this data helps us deliver a secure, reliable, and more delightful personalized experience.
-
-We are always working on improving Windows 10 for our customers. We invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows 10 work better for your organization.
-
-Here's what's covered in this article:
-
--   [Info management settings](#bkmk-othersettings)
-
-    -   [1. Cortana](#bkmk-cortana)
-
-        -   [1.1 Cortana Group Policies](#bkmk-cortana-gp)
-
-        -   [1.2 Cortana MDM policies](#bkmk-cortana-mdm)
-
-        -   [1.3 Cortana Windows Provisioning](#bkmk-cortana-prov)
-
-    -   [2. Date & Time](#bkmk-datetime)
-
-    -   [3. Device metadata retrieval](#bkmk-devinst)
-
-    -   [4. Font streaming](#font-streaming)
-
-    -   [5. Insider Preview builds](#bkmk-previewbuilds)
-
-    -   [6. Internet Explorer](#bkmk-ie)
-
-        -   [6.1 Internet Explorer Group Policies](#bkmk-ie-gp)
-
-        -   [6.2 ActiveX control blocking](#bkmk-ie-activex)
-
-    -   [7. Live Tiles](#live-tiles)
-    
-    -   [8. Mail synchronization](#bkmk-mailsync)
-
-    -   [9. Microsoft Edge](#bkmk-edge)
-
-        -   [9.1 Microsoft Edge Group Policies](#bkmk-edgegp)
-
-        -   [9.2 Microsoft Edge MDM policies](#bkmk-edge-mdm)
-
-        -   [9.3 Microsoft Edge Windows Provisioning](#bkmk-edge-prov)
-
-    -   [10. Network Connection Status Indicator](#bkmk-ncsi)
-
-    -   [11. Offline maps](#bkmk-offlinemaps)
-
-    -   [12. OneDrive](#bkmk-onedrive)
-
-    -   [13. Preinstalled apps](#bkmk-preinstalledapps)
-
-    -   [14. Settings &gt; Privacy](#bkmk-settingssection)
-
-        -   [14.1 General](#bkmk-priv-general)
-
-        -   [14.2 Location](#bkmk-priv-location)
-
-        -   [14.3 Camera](#bkmk-priv-camera)
-
-        -   [14.4 Microphone](#bkmk-priv-microphone)
-
-        -   [14.5 Speech, inking, & typing](#bkmk-priv-speech)
-
-        -   [14.6 Account info](#bkmk-priv-accounts)
-
-        -   [14.7 Contacts](#bkmk-priv-contacts)
-
-        -   [14.8 Calendar](#bkmk-priv-calendar)
-
-        -   [14.9 Call history](#bkmk-priv-callhistory)
-
-        -   [14.10 Email](#bkmk-priv-email)
-
-        -   [14.11 Messaging](#bkmk-priv-messaging)
-
-        -   [14.12 Radios](#bkmk-priv-radios)
-
-        -   [14.13 Other devices](#bkmk-priv-other-devices)
-
-        -   [14.14 Feedback & diagnostics](#bkmk-priv-feedback)
-
-        -   [14.15 Background apps](#bkmk-priv-background)
-
-    -   [15. Software Protection Platform](#bkmk-spp)
-
-    -   [16. Sync your settings](#bkmk-syncsettings)
-
-    -   [17. Teredo](#bkmk-teredo)
-
-    -   [18. Wi-Fi Sense](#bkmk-wifisense)
-
-    -   [19. Windows Defender](#bkmk-defender)
-
-    -   [20. Windows Media Player](#bkmk-wmp)
-
-    -   [21. Windows spotlight](#bkmk-spotlight)
-
-    -   [22. Windows Store](#bkmk-windowsstore)
-
-    -   [23. Windows Update Delivery Optimization](#bkmk-updates)
-
-        -   [23.1 Settings &gt; Update & security](#bkmk-wudo-ui)
-
-        -   [23.2 Delivery Optimization Group Policies](#bkmk-wudo-gp)
-
-        -   [23.3 Delivery Optimization MDM policies](#bkmk-wudo-mdm)
-
-        -   [23.4 Delivery Optimization Windows Provisioning](#bkmk-wudo-prov)
-
-    -   [24. Windows Update](#bkmk-wu)
-
-## What's new in Windows 10, version 1511
-
-
-Here's a list of changes that were made to this article for Windows 10, version 1511:
-
--   Added the following new sections:
-
-    -   [Mail synchronization](#bkmk-mailsync)
-
-    -   [Offline maps](#bkmk-offlinemaps)
-
-    -   [Windows spotlight](#bkmk-spotlight)
-
-    -   [Windows Store](#bkmk-windowsstore)
-
--   Added the following Group Policies:
-
-    -   Open a new tab with an empty tab
-
-    -   Configure corporate Home pages
-
-    -   Let Windows apps access location
-
-    -   Let Windows apps access the camera
-
-    -   Let Windows apps access the microphone
-
-    -   Let Windows apps access account information
-
-    -   Let Windows apps access contacts
-
-    -   Let Windows apps access the calendar
-
-    -   Let Windows apps access messaging
-
-    -   Let Windows apps control radios
-
-    -   Let Windows apps access trusted devices
-
-    -   Do not show feedback notifications
-
-    -   Turn off Automatic Download and Update of Map Data
-
-    -   Force a specific default lock screen image
-
--   Added the AllowLinguisticDataCollection MDM policy.
-
--   Added steps in the [Cortana](#bkmk-cortana) section on how to disable outbound traffic using Windows Firewall.
-
--   Changed the Windows Update section to apply system-wide settings, and not just per user.
-
-## <a href="" id="bkmk-othersettings"></a>Info management settings
-
-
-This section lists the components that make network connections to Microsoft services automatically. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections. We strongly recommend against this, as this data helps us deliver a secure, reliable, and more delightful personalized experience.
-
-The settings in this section assume you are using Windows 10, version 1511 (currently available in the Current Branch and Current Branch for Business). They will also be included in the next update for the Long Term Servicing Branch.
-
--   [1. Cortana](#bkmk-cortana)
-
--   [2. Date & Time](#bkmk-datetime)
-
--   [3. Device metadata retrieval](#bkmk-devinst)
-
--   [4. Font streaming](#font-streaming)
-
--   [5. Insider Preview builds](#bkmk-previewbuilds)
-
--   [6. Internet Explorer](#bkmk-ie)
-
--   [7. Live Tiles](#live-tiles)
-
--   [8. Mail synchronization](#bkmk-mailsync)
-
--   [9. Microsoft Edge](#bkmk-edge)
-
--   [10. Network Connection Status Indicator](#bkmk-ncsi)
-
--   [11. Offline maps](#bkmk-offlinemaps)
-
--   [12. OneDrive](#bkmk-onedrive)
-
--   [13. Preinstalled apps](#bkmk-preinstalledapps)
-
--   [14. Settings &gt; Privacy](#bkmk-settingssection)
-
--   [15. Software Protection Platform](#bkmk-spp)
-
--   [16. Sync your settings](#bkmk-syncsettings)
-
--   [17. Teredo](#bkmk-teredo)
-
--   [18. Wi-Fi Sense](#bkmk-wifisense)
-
--   [19. Windows Defender](#bkmk-defender)
-
--   [20. Windows Media Player](#bkmk-wmp)
-
--   [21. Windows spotlight](#bkmk-spotlight)
-
--   [22. Windows Store](#bkmk-windowsstore)
-
--   [23. Windows Update Delivery Optimization](#bkmk-updates)
-
--   [24. Windows Update](#bkmk-wu)
-
-
-See the following table for a summary of the management settings. For more info, see its corresponding section.
-
-![Management settings table](images/settings-table.png)
-
-### <a href="" id="bkmk-cortana"></a>1. Cortana
-
-Use either Group Policy or MDM policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730683).
-
-### <a href="" id="bkmk-cortana-gp"></a>1.1 Cortana Group Policies
-
-Find the Cortana Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Search**.
-
-| Policy                                               | Description                                                                           |
-|------------------------------------------------------|---------------------------------------------------------------------------------------|
-| Allow Cortana                                        | Choose whether to let Cortana install and run on the device.                          |
-| Allow search and Cortana to use location             | Choose whether Cortana and Search can provide location-aware search results.          |
-| Do not allow web search                              | Choose whether to search the web from Windows Desktop Search. <br /> Default: Disabled|
-| Don't search the web or display web results in Search| Choose whether to search the web from Cortana.                                        |
-| Set what information is shared in Search             | Control what information is shared with Bing in Search.                               |
-
-When you enable the **Don't search the web or display web results in Search** Group Policy, you can control the behavior of whether Cortana searches the web to display web results. However, this policy only covers whether or not web search is performed. There could still be a small amount of network traffic to Bing.com to evaluate if certain Cortana components are up-to-date or not. In order to turn off that network activity completely, you can create a Windows Firewall rule to prevent outbound traffic.
-
-1.  Expand **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Windows Firewall with Advanced Security** &gt; **Windows Firewall with Advanced Security - &lt;LDAP name&gt;**, and then click **Outbound Rules**.
-
-2.  Right-click **Outbound Rules**, and then click **New Rule**. The **New Outbound Rule Wizard** starts.
-
-3.  On the **Rule Type** page, click **Program**, and then click **Next**.
-
-4.  On the **Program** page, click **This program path**, type **%windir%\\systemapps\\Microsoft.Windows.Cortana\_cw5n1h2txyewy\\SearchUI.exe**, and then click **Next**.
-
-5.  On the **Action** page, click **Block the connection**, and then click **Next**.
-
-6.  On the **Profile** page, ensure that the **Domain**, **Private**, and **Public** check boxes are selected, and then click **Next**.
-
-7.  On the **Name** page, type a name for the rule, such as **Cortana firewall configuration**, and then click **Finish.**
-
-8.  Right-click the new rule, click **Properties**, and then click **Protocols and Ports**.
-
-9.  Configure the **Protocols and Ports** page with the following info, and then click **OK**.
-
-    -   For **Protocol type**, choose **TCP**.
-
-    -   For **Local port**, choose **All Ports**.
-
-    -   For **Remote port**, choose **All ports**.
-
-> **Note:**  If your organization tests network traffic, you should not use Fiddler to test Windows Firewall settings. Fiddler is a network proxy and Windows Firewall does not block proxy traffic. You should use a network traffic analyzer, such as WireShark or Message Analyzer.
-
-### <a href="" id="bkmk-cortana-mdm"></a>1.2 Cortana MDM policies
-
-The following Cortana MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-| Policy                                               | Description                                                                                         |
-|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Experience/AllowCortana                              | Choose whether to let Cortana install and run on the device.                                        |
-| Search/AllowSearchToUseLocation                      | Choose whether Cortana and Search can provide location-aware search results. <br /> Default: Allowed|
-
-### <a href="" id="bkmk-cortana-prov"></a>1.3 Cortana Windows Provisioning
-
-To use Windows Imaging and Configuration Designer (ICD) to create a provisioning package with the settings for these policies, go to **Runtime settings** &gt; **Policies** to find **Experience** &gt; **AllowCortana** and **Search** &gt; **AllowSearchToUseLocation**.
-
-### <a href="" id="bkmk-datetime"></a>2. Date & Time
-
-You can prevent Windows from setting the time automatically.
-
--   To turn off the feature in the UI: **Settings** &gt; **Time & language** &gt; **Date & time** &gt; **Set time automatically**
-
-    -or-
-
--   Create a REG\_SZ registry setting in **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters** with a value of **NoSync**.
-
-### <a href="" id="bkmk-devinst"></a>3. Device metadata retrieval
-
-To prevent Windows from retrieving device metadata from the Internet, apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Device Installation** &gt; **Prevent device metadata retrieval from the Internet**.
-
-### <a href="" id="font-streaming"></a>4. Font streaming
-
-Starting with Windows 10, fonts that are included in Windows but that are not stored on the local device can be downloaded on demand.
-
-To turn off font streaming, create a REG\_DWORD registry setting called **DisableFontProviders** in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\Parameters**, with a value of 1.
-
-> **Note:**  This may change in future versions of Windows.
-
-### <a href="" id="bkmk-previewbuilds"></a>5. Insider Preview builds
-
-To turn off Insider Preview builds if you're running a released version of Windows 10. If you're running a preview version of Windows 10, you must roll back to a released version before you can turn off Insider Preview builds.
-
--   Turn off the feature in the UI: **Settings** &gt; **Update & security** &gt; **Windows Update** &gt; **Advanced options** &gt; **Stop Insider builds**.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Toggle user control over Insider builds**.
-
-    -or-
-
--   Apply the System/AllowBuildPreview MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
-
-    -   **0**. Users cannot make their devices available for downloading and installing preview software.
-
-    -   **1**. Users can make their devices available for downloading and installing preview software.
-
-    -   **2**. (default) Not configured. Users can make their devices available for download and installing preview software.
-
-    -or-
-
--   Create a provisioning package: **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowBuildPreview**, where:
-
-    -   **0**. Users cannot make their devices available for downloading and installing preview software.
-
-    -   **1**. Users can make their devices available for downloading and installing preview software.
-
-    -   **2**. (default) Not configured. Users can make their devices available for download and installing preview software.
-
-### <a href="" id="bkmk-ie"></a>6. Internet Explorer
-
-Use Group Policy to manage settings for Internet Explorer.
-
-### <a href="" id="bkmk-ie-gp"></a>6.1 Internet Explorer Group Policies
-
-Find the Internet Explorer Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Internet Explorer**.
-
-| Policy                                               | Description                                                                                         |
-|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Turn on Suggested Sites| Choose whether an employee can configure Suggested Sites. <br /> Default: Enabled <br /> You can also turn this off in the UI by clearing the **Internet Options** &gt; **Advanced** &gt; **Enable Suggested Sites** check box.|
-| Allow Microsoft services to provide enhanced suggestions as the user types in the Address Bar | Choose whether an employee can configure enhanced suggestions, which are presented to the employee as they type in the address bar. <br /> Default: Enabled|
-| Turn off the auto-complete feature for web addresses | Choose whether auto-complete suggests possible matches when employees are typing web address in the address bar. <br /> Default: Disabled </br> You can also turn this off in the UI by clearing the <strong>Internet Options</strong> &gt; **Advanced** &gt; **Use inline AutoComplete in the Internet Explorer Address Bar and Open Dialog** check box.|
-| Disable Periodic Check for Internet Explorer software updates| Choose whether Internet Explorer periodically checks for a new version. <br /> Default: Enabled |
-| Turn off browser geolocation | Choose whether websites can request location data from Internet Explorer. <br /> Default: Disabled|
-
-### <a href="" id="bkmk-ie-activex"></a>6.2 ActiveX control blocking
-
-ActiveX control blocking periodically downloads a new list of out-of-date ActiveX controls that should be blocked. You can turn this off by changing the REG\_DWORD registry setting **HKEY\_CURRENT\_USER\\Software\\Microsoft\\Internet Explorer\\VersionManager\\DownloadVersionList** to 0 (zero).
-
-For more info, see [Out-of-date ActiveX control blocking](http://technet.microsoft.com/library/dn761713.aspx).
-
-### <a href="" id="live-tiles"></a>7. Live Tiles
-
-To turn off Live Tiles:
-
--   Apply the Group Policy: **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn Off notifications network usage**
-
-### <a href="" id="bkmk-mailsync"></a>8. Mail synchronization
-
-To turn off mail synchronization for Microsoft Accounts that are configured on a device:
-
--   In **Settings** &gt; **Accounts** &gt; **Your email and accounts**, remove any connected Microsoft Accounts.
-
-    -or-
-
--   Remove any Microsoft Accounts from the Mail app.
-
-    -or-
-
--   Apply the Accounts/AllowMicrosoftAccountConnection MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is not allowed and 1 is allowed. This does not apply to Microsoft Accounts that have already been configured on the device.
-
-To turn off the Windows Mail app:
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Mail** &gt; **Turn off Windows Mail application**
-
-### <a href="" id="bkmk-edge"></a>9. Microsoft Edge
-
-Use either Group Policy or MDM policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730682).
-
-### <a href="" id="bkmk-edgegp"></a>9.1 Microsoft Edge Group Policies
-
-Find the Microsoft Edge Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge**.
-
-> **Note:**  The Microsoft Edge Group Policy names were changed in Windows 10, version 1511. The table below reflects those changes.
-
-| Policy                                               | Description                                                                                         |
-|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Turn off autofill                                    | Choose whether employees can use autofill on websites. <br /> Default: Enabled                      |
-| Allow employees to send Do Not Track headers         | Choose whether employees can send Do Not Track headers.<br /> Default: Disabled                     |
-| Turn off password manager                            | Choose whether employees can save passwords locally on their devices. <br /> Default: Enabled       |
-| Turn off address bar search suggestions              | Choose whether the address bar shows search suggestions. <br /> Default: Enabled                    |
-| Turn off the SmartScreen Filter                      | Choose whether SmartScreen is turned on or off.  <br /> Default: Enabled                            |
-| Open a new tab with an empty tab                     | Choose whether a new tab page appears.  <br /> Default: Enabled                                     |
-| Configure corporate Home pages                       | Choose the corporate Home page for domain-joined devices. <br /> Set this to **about:blank**        |
-
-### <a href="" id="bkmk-edge-mdm"></a>9.2 Microsoft Edge MDM policies
-
-The following Microsoft Edge MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-| Policy                                               | Description                                                                                         |
-|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
-| Browser/AllowAutoFill                                | Choose whether employees can use autofill on websites. <br /> Default: Allowed                      |
-| Browser/AllowDoNotTrack                              | Choose whether employees can send Do Not Track headers.<br /> Default: Not allowed                  |
-| Browser/AllowPasswordManager                         | Choose whether employees can save passwords locally on their devices. <br /> Default: Allowed       |
-| Browser/AllowSearchSuggestionsinAddressBar           | Choose whether the address bar shows search suggestions.. <br /> Default: Allowed                   |
-| Browser/AllowSmartScreen                             | Choose whether SmartScreen is turned on or off.  <br /> Default: Allowed                            |
-
-### <a href="" id="bkmk-edge-prov"></a>9.3 Microsoft Edge Windows Provisioning
-
-Use Windows ICD to create a provisioning package with the settings for these policies, go to **Runtime settings** &gt; **Policies**.
-
-For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](http://technet.microsoft.com/library/mt270204.aspx).
-
-### <a href="" id="bkmk-ncsi"></a>10. Network Connection Status Indicator
-
-Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftncsi.com to determine if the device can communicate with the Internet. For more info about NCIS, see [The Network Connection Status Icon](http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx).
-
-You can turn off NCSI through Group Policy:
-
--   Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Internet Communication Management** &gt; **Internet Communication Settings** &gt; **Turn off Windows Network Connectivity Status Indicator active tests**
-
-> **Note**  After you apply this policy, you must restart the device for the policy setting to take effect.
-
-### <a href="" id="bkmk-offlinemaps"></a>11. Offline maps
-
-You can turn off the ability to download and update offline maps.
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Maps** &gt; **Turn off Automatic Download and Update of Map Data**
-
-### <a href="" id="bkmk-onedrive"></a>12. OneDrive
-
-To turn off OneDrive in your organization:
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **OneDrive** &gt; **Prevent the usage of OneDrive for file storage**
-
-### <a href="" id="bkmk-preinstalledapps"></a>13. Preinstalled apps
-
-Some preinstalled apps get content before they are opened to ensure a great experience. You can remove these using the steps in this section.
-
-To remove the News app:
-
--   Right-click the app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingNews"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingNews | Remove-AppxPackage**
-
-To remove the Weather app:
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingWeather"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingWeather | Remove-AppxPackage**
-
-To remove the Money app:
-
--   Right-click the app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingFinance"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingFinance | Remove-AppxPackage**
-
-To remove the Sports app:
-
--   Right-click the app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.BingSports"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.BingSports | Remove-AppxPackage**
-
-To remove the Twitter app:
-
--   Right-click the app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "\*.Twitter"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage \*.Twitter | Remove-AppxPackage**
-
-To remove the XBOX app:
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.XboxApp"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.XboxApp | Remove-AppxPackage**
-
-To remove the Sway app:
-
--   Right-click the app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.Office.Sway"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.Office.Sway | Remove-AppxPackage**
-
-To remove the OneNote app:
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.Office.OneNote"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.Office.OneNote | Remove-AppxPackage**
-
-To remove the Get Office app:
-
--   Right-click the app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.MicrosoftOfficeHub"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.MicrosoftOfficeHub | Remove-AppxPackage**
-
-To remove the Get Skype app:
-
--   Right-click the Sports app in Start, and then click **Uninstall**.
-
-    -or-
-
--   Remove the app for new user accounts. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxProvisionedPackage -Online | Where-Object {$\_.PackageName -Like "Microsoft.SkypeApp"} | ForEach-Object { Remove-AppxProvisionedPackage -Online -PackageName $\_.PackageName}**
-
-    -and-
-
-    Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage**
-
-### <a href="" id="bkmk-settingssection"></a>14. Settings &gt; Privacy
-
-Use Settings &gt; Privacy to configure some settings that may be important to your organization. Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC.
-
--   [14.1 General](#bkmk-general)
-
--   [14.2 Location](#bkmk-priv-location)
-
--   [14.3 Camera](#bkmk-priv-camera)
-
--   [14.4 Microphone](#bkmk-priv-microphone)
-
--   [14.5 Speech, inking, & typing](#bkmk-priv-speech)
-
--   [14.6 Account info](#bkmk-priv-accounts)
-
--   [14.7 Contacts](#bkmk-priv-contacts)
-
--   [14.8 Calendar](#bkmk-priv-calendar)
-
--   [14.9 Call history](#bkmk-priv-callhistory)
-
--   [14.10 Email](#bkmk-priv-email)
-
--   [14.11 Messaging](#bkmk-priv-messaging)
-
--   [14.12 Radios](#bkmk-priv-radios)
-
--   [14.13 Other devices](#bkmk-priv-other-devices)
-
--   [14.14 Feedback & diagnostics](#bkmk-priv-feedback)
-
--   [14.15 Background apps](#bkmk-priv-background)
-
-### <a href="" id="bkmk-general"></a>14.1 General
-
-**General** includes options that don't fall into other areas.
-
-To turn off **Let apps use my advertising ID for experiences across apps (turning this off will reset your ID)**:
-
-> **Note:** When you turn this feature off in the UI, it turns off the advertising ID, not just resets it.
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **User Profiles** &gt; **Turn off the advertising ID**.
-
-    -or-
-
--   Create a REG\_DWORD registry setting called **Enabled** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AdvertisingInfo**, with a value of 0 (zero).
-
-To turn off **Turn on SmartScreen Filter to check web content (URLs) that Windows Store apps use**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge** &gt; **Turn off the SmartScreen Filter**.
-
-    Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **File Explorer** &gt; **Configure Windows SmartScreen**.
-
-    -or-
-
--   Apply the Browser/AllowSmartScreen MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is turned off and 1 is turned on.
-
-    -or-
-
--   Create a provisioning package, using:
-
-    -   For Internet Explorer: **Runtime settings** &gt; **Policies** &gt; **Browser** &gt; **AllowSmartScreen**
-
-    -   For Microsoft Edge: **Runtime settings** &gt; **Policies** &gt; **MicrosoftEdge** &gt; **AllowSmartScreen**
-
-    -or-
-
--   Create a REG\_DWORD registry setting called **Enabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppHost\\EnableWebContentEvaluation**, with a value of 0 (zero).
-
-To turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**:
-
-> **Note: **  If the telemetry level is set to either **Basic** or **Security**, this is turned off automatically.
-
- 
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the TextInput/AllowLinguisticDataCollection MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where:
-
-    -   **0**. Not allowed
-
-    -   **1**. Allowed (default)
-
-To turn off **Let websites provide locally relevant content by accessing my language list**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Create a new REG\_DWORD registry setting called **HttpAcceptLanguageOptOut** in **HKEY\_CURRENT\_USER\\Control Panel\\International\\User Profile**, with a value of 1.
-
-### <a href="" id="bkmk-priv-location"></a>14.2 Location
-
-In the **Location** area, you choose whether devices have access to location-specific sensors and which apps have access to the device's location.
-
-To turn off **Location for this device**:
-
--   Click the **Change** button in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Location and Sensors** &gt; **Turn off location**.
-
-    -or-
-
--   Apply the System/AllowLocation MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
-    -   **0**. Turned off and the employee can't turn it back on.
-
-    -   **1**. Turned on, but lets the employee choose whether to use it. (default)
-
-    -   **2**. Turned on and the employee can't turn it off.
-
-    **Note**  
-    You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](http://msdn.microsoft.com/library/dn905224.aspx).
-
-    -or-
-
--   Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowLocation**, where
-
-    -   **No**. Turns off location service.
-
-    -   **Yes**. Turns on location service. (default)
-
-To turn off **Location**:
-
--   Turn off the feature in the UI.
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access location**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-    -or-
-
-To turn off **Location history**:
-
--   Erase the history using the **Clear** button in the UI.
-
-To turn off **Choose apps that can use your location**:
-
--   Turn off each app using the UI.
-
-### <a href="" id="bkmk-priv-camera"></a>14.3 Camera
-
-In the **Camera** area, you can choose which apps can access a device's camera.
-
-To turn off **Let apps use my camera**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the camera**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-    -or-
-
--   Apply the Camera/AllowCamera MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
-    -   **0**. Apps can't use the camera.
-
-    -   **1**. Apps can use the camera.
-
-    **Note**  
-    You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](http://msdn.microsoft.com/library/dn905224.aspx).
-    
-   -or-
-
--   Create a provisioning package with use Windows ICD, using **Runtime settings** &gt; **Policies** &gt; **Camera** &gt; **AllowCamera**, where:
-
-    -   **0**. Apps can't use the camera.
-
-    -   **1**. Apps can use the camera.
-
-To turn off **Choose apps that can use your camera**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-priv-microphone"></a>14.4 Microphone
-
-In the **Microphone** area, you can choose which apps can access a device's microphone.
-
-To turn off **Let apps use my microphone**:
-
--   Turn off the feature in the UI.
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the microphone**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-To turn off **Choose apps that can use your microphone**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-priv-speech"></a>14.5 Speech, inking, & typing
-
-In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better understand your employee's voice and written input by sampling their voice and writing, and by comparing verbal and written input to contact names and calendar entrees.
-
-> **Note:**  For more info on how to disable Cortana in your enterprise, see [Cortana](#bkmk-cortana) in this article.
-
- 
-
-To turn off the functionality:
-
--   Click the **Stop getting to know me** button, and then click **Turn off**.
-
-   -or-
-
--   Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Regional and Language Options** &gt; **Handwriting personalization** &gt; **Turn off automatic learning**
-
-   -or-
-
--   Create a REG\_DWORD registry setting called **AcceptedPrivacyPolicy** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Personalization\\Settings**, with a value of 0 (zero).
-
-   -and-
-
-    Create a REG\_DWORD registry setting called **HarvestContacts** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\InputPersonalization\\TrainedDataStore**, with a value of 0 (zero).
-
-### <a href="" id="bkmk-priv-accounts"></a>14.6 Account info
-
-In the **Account Info** area, you can choose which apps can access your name, picture, and other account info.
-
-To turn off **Let apps access my name, picture, and other account info**:
-
--   Turn off the feature in the UI.
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access account information**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-To turn off **Choose the apps that can access your account info**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-priv-contacts"></a>14.7 Contacts
-
-In the **Contacts** area, you can choose which apps can access an employee's contacts list.
-
-To turn off **Choose apps that can access contacts**:
-
--   Turn off the feature in the UI for each app.
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access contacts**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-### <a href="" id="bkmk-priv-calendar"></a>14.8 Calendar
-
-In the **Calendar** area, you can choose which apps have access to an employee's calendar.
-
-To turn off **Let apps access my calendar**:
-
--   Turn off the feature in the UI.
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access the calendar**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-To turn off **Choose apps that can access calendar**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-priv-callhistory"></a>14.9 Call history
-
-In the **Call history** area, you can choose which apps have access to an employee's call history.
-
-To turn off **Let apps access my call history**:
-
--   Turn off the feature in the UI.
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access call history**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-### <a href="" id="bkmk-priv-email"></a>14.10 Email
-
-In the **Email** area, you can choose which apps have can access and send email.
-
-To turn off **Let apps access and send email**:
-
--   Turn off the feature in the UI.
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access email**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-### <a href="" id="bkmk-priv-messaging"></a>14.11 Messaging
-
-In the **Messaging** area, you can choose which apps can read or send messages.
-
-To turn off **Let apps read or send messages (text or MMS)**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access messaging**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-To turn off **Choose apps that can read or send messages**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-priv-radios"></a>14.12 Radios
-
-In the **Radios** area, you can choose which apps can turn a device's radio on or off.
-
-To turn off **Let apps control radios**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps control radios**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-To turn off **Choose apps that can control radios**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-priv-other-devices"></a>14.13 Other devices
-
-In the **Other Devices** area, you can choose whether devices that aren't paired to PCs, such as an Xbox One, can share and sync info.
-
-To turn off **Let apps automatically share and sync info with wireless devices that don't explicitly pair with your PC, tablet, or phone**:
-
--   Turn off the feature in the UI.
-
-To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **App Privacy** &gt; **Let Windows apps access trusted devices**
-
-    -   Set the **Select a setting** box to **Force Deny**.
-
-### <a href="" id="bkmk-priv-feedback"></a>14.14 Feedback & diagnostics
-
-In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft.
-
-To change how frequently **Windows should ask for my feedback**:
-
-**Note**  
-Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device.
-
- 
-
--   To change from **Automatically (Recommended)**, use the drop-down list in the UI.
-
-   -or-
-
--   Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Do not show feedback notifications**
-
-   -or-
-
--   Create the registry keys (REG\_DWORD type):
-
-    -   HKEY\_CURRENT\_USER\\Software\\Microsoft\\Siuf\\Rules\\PeriodInNanoSeconds
-
-    -   HKEY\_CURRENT\_USER\\Software\\Microsoft\\Siuf\\Rules\\NumberOfSIUFInPeriod
-
-    Based on these settings:
-
-    | Setting       | PeriodInNanoSeconds         | NumberOfSIUFInPeriod        |
-    |---------------|-----------------------------|-----------------------------|
-    | Automatically | Delete the registry setting | Delete the registry setting |
-    | Never         | 0                           | 0                           |
-    | Always        | 100000000                   | Delete the registry setting |
-    | Once a day    | 864000000000                | 1                           |
-    | Once a week   | 6048000000000               | 1                           |
-
-     
-
-To change the level of diagnostic and usage data sent when you **Send your device data to Microsoft**:
-
--   To change from **Enhanced**, use the drop-down list in the UI. The other levels are **Basic** and **Full**.
-
-    > **Note:**  You can't use the UI to change the telemetry level to **Security**.
-
-     
-
-   -or-
-
--   Apply the Group Policy: **Computer Configuration\\Administrative Templates\\Windows Components\\Data Collection And Preview Builds\\Allow Telemetry**
-
-   -or-
-
--   Apply the System/AllowTelemetry MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
-    -   **0**. Maps to the **Security** level.
-
-    -   **1**. Maps to the **Basic** level.
-
-    -   **2**. Maps to the **Enhanced** level.
-
-    -   **3**. Maps to the **Full** level.
-
-   -or-
-
--   Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **System** &gt; **AllowTelemetry**, where:
-
-    -   **0**. Maps to the **Security** level.
-
-    -   **1**. Maps to the **Basic** level.
-
-    -   **2**. Maps to the **Enhanced** level.
-
-    -   **3**. Maps to the **Full** level.
-
-### <a href="" id="bkmk-priv-background"></a>14.15 Background apps
-
-In the **Background Apps** area, you can choose which apps can run in the background.
-
-To turn off **Let apps run in the background**:
-
--   Turn off the feature in the UI for each app.
-
-### <a href="" id="bkmk-spp"></a>15. Software Protection Platform
-
-Enterprise customers can manage their Windows activation status with volume licensing using an on-premise Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by applying the following Group Policy:
-
-**Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Activation**
-
-The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
-
-### <a href="" id="bkmk-syncsettings"></a>16. Sync your settings
-
-You can control if your settings are synchronized:
-
--   In the UI: **Settings** &gt; **Accounts** &gt; **Sync your settings**
-
-    -or-
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Sync your settings** &gt; **Do not sync**
-
-    -or-
-
--   Apply the Experience/AllowSyncMySettings MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is not allowed and 1 is allowed.
-
-    -or-
-
--   Create a provisioning package, using **Runtime settings** &gt; **Policies** &gt; **Experience** &gt; **AllowSyncMySettings**, where
-
-    -   **No**. Settings are not synchronized.
-
-    -   **Yes**. Settings are synchronized. (default)
-
-To turn off Messaging cloud sync:
-
--   Create a REG\_DWORD registry setting called **CloudServiceSyncEnabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Messaging**, with a value of 0 (zero).
-
-### <a href="" id="bkmk-teredo"></a>17. Teredo
-
-You can disable Teredo by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](http://technet.microsoft.com/library/cc722030.aspx).
-
--   From an elevated command prompt, run **netsh interface teredo set state disabled**
-
-### <a href="" id="bkmk-wifisense"></a>18. Wi-Fi Sense
-
-Wi-Fi Sense automatically connects devices to known hotspots and to the wireless networks the person’s contacts have shared with them.
-
-To turn off **Connect to suggested open hotspots** and **Connect to networks shared by my contacts**:
-
--   Turn off the feature in the UI.
-
-    -or-
-
--   Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Network** &gt; **WLAN Service** &gt; **WLAN Settings** &gt; **Allow Windows to automatically connect to suggested open hotspots, to networks shared by contacts, and to hotspots offering paid services**.
-
-    -or-
-
--   Create a new REG\_DWORD registry setting called **AutoConnectAllowedOEM** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\WcmSvc\\wifinetworkmanager\\config**, with a value of 0 (zero).
-
-    -or-
-
--   Change the Windows Provisioning setting, WiFISenseAllowed, to 0 (zero). For more info, see the Windows Provisioning Settings reference doc, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620909).
-
-    -or-
-
--   Use the Unattended settings to set the value of WiFiSenseAllowed to 0 (zero). For more info, see the Unattended Windows Setup reference doc, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620910).
-
-When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but they’re non-functional and they can’t be controlled by the employee.
-
-### <a href="" id="bkmk-defender"></a>19. Windows Defender
-
-You can opt out of the Microsoft Antimalware Protection Service.
-
--   Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **MAPS** &gt; **Join Microsoft MAPS**
-
-    -or-
-
--   Apply the Defender/AllowClouldProtection MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-    -or-
-
--   Use the registry to set the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SpyNetReporting** to 0 (zero).
-    
-    -and-
-    
-    From an elevated Windows PowerShell prompt, run **set-mppreference -Mapsreporting 0** 
-
-You can stop sending file samples back to Microsoft.
-
--   Set the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **MAPS** &gt; **Send file samples when further analysis is required** to **Always Prompt** or **Never Send**.
-
-    -or-
-
--   Apply the Defender/SubmitSamplesConsent MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
-    -   **0**. Always prompt.
-
-    -   **1**. (default) Send safe samples automatically.
-
-    -   **2**. Never send.
-
-    -   **3**. Send all samples automatically.
-
-    -or-
-
--   Use the registry to set the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows Defender\\Spynet\\SubmitSamplesConsent** to 0 (zero) to always prompt or 2 to never send.
-
-You can stop downloading definition updates:
-
--   Enable the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **Signature Updates** &gt; **Define the order of sources for downloading definition updates** and set it to **FileShares**.
-
-    -and-
-
--   Enable the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **Signature Updates** &gt; **Define file shares for downloading definition updates** and set it to nothing.
-
-You can also use the registry to turn off Malicious Software Reporting Tool telemetry by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
-
-### <a href="" id="bkmk-wmp"></a>20. Windows Media Player
-
-To remove Windows Media Player:
-
--   From the **Programs and Features** control panel, click **Turn Windows features on or off**, under **Media Features**, clear the **Windows Media Player** check box, and then click **OK**.
-
-    -or-
-
--   Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer**
-
-### <a href="" id="bkmk-spotlight"></a>21. Windows spotlight
-
-Windows spotlight provides different background images and text on the lock screen. You can control it by using the user interface or through Group Policy.
-
--   Configure the following in **Settings**:
-
-    -   **Personalization** &gt; **Lock screen** &gt; **Background** &gt; **Windows spotlight**, select a different background, and turn off **Show me tips, tricks, and more on the lock screen**.
-
-    -   **Personalization** &gt; **Start** &gt; **Occasionally show suggestions in Start**.
-
-    -   **System** &gt; **Notifications & actions** &gt; **Show me tips about Windows**.
-
-    -or-
-
--   Apply the Group Policies:
-
-    -   **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Force a specific default lock screen image**.
-        -   Add a location in the **Path to local lock screen image** box.
-
-        -   Set the **Turn off fun facts, tips, tricks, and more on lock screen** check box.
-
-        **Note**  This will only take effect if the policy is applied before the first logon. If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, you can apply this policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Do not display the lock screen**.
-
-         
-
-    -   **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Do not show Windows Tips**.
-
-    -   **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Turn off Microsoft consumer experiences**.
-
-For more info, see [Windows spotlight on the lock screen](../whats-new/windows-spotlight.md).
-
-### <a href="" id="bkmk-windowsstore"></a>22. Windows Store
-
-You can turn off the ability to launch apps from the Windows Store that were preinstalled or downloaded. This will also turn off automatic app updates, and the Windows Store will be disabled.
-
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Store** &gt; **Disable all apps from Windows Store**.
-
-### <a href="" id="bkmk-updates"></a>23. Windows Update Delivery Optimization
-
-Windows Update Delivery Optimization lets you get Windows updates and Windows Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet.
-
-By default, PCs running Windows 10 Enterprise and Windows 10 Education will only use Delivery Optimization to get and receive updates for PCs and apps on your local network.
-
-Use the UI, Group Policy, MDM policies, or Windows Provisioning to set up Delivery Optimization.
-
-### <a href="" id="bkmk-wudo-ui"></a>23.1 Settings &gt; Update & security
-
-You can set up Delivery Optimization from the **Settings** UI.
-
--   Go to **Settings** &gt; **Update & security** &gt; **Windows Update** &gt; **Advanced options** &gt; **Choose how updates are delivered**.
-
-### <a href="" id="bkmk-wudo-gp"></a>23.2 Delivery Optimization Group Policies
-
-You can find the Delivery Optimization Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Delivery Optimization**.
-
-| Policy                    | Description                                                                                         |
-|---------------------------|-----------------------------------------------------------------------------------------------------|
-| Download Mode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>None</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>Group</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>Internet</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li><li><p><strong>LAN</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li></ul>|
-| Group ID                  | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> ** Note** This ID must be a GUID.|
-| Max Cache Age             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. <br /> The default value is 259200 seconds (3 days).|
-| Max Cache Size            | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
-| Max Upload Bandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
-
-### <a href="" id="bkmk-wudo-mdm"></a>23.3 Delivery Optimization MDM policies
-
-The following Delivery Optimization MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
-
-| Policy                    | Description                                                                                         |
-|---------------------------|-----------------------------------------------------------------------------------------------------|
-| DeliveryOptimization/DODownloadMode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>0</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>1</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li><li><p><strong>2</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>3</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li></ul>|
-| DeliveryOptimization/DOGroupID                 | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> ** Note** This ID must be a GUID.|
-| DeliveryOptimization/DOMaxCacheAge             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. <br /> The default value is 259200 seconds (3 days).|
-| DeliveryOptimization/DOMaxCacheSize            | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
-| DeliveryOptimization/DOMaxUploadBandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
-
-
-### <a href="" id="bkmk-wudo-prov"></a>23.4 Delivery Optimization Windows Provisioning
-
-If you don't have an MDM server in your enterprise, you can use Windows Provisioning to configure the Delivery Optimization policies
-
-Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windows ADK)](http://go.microsoft.com/fwlink/p/?LinkId=526803), to create a provisioning package for Delivery Optimization.
-
-1.  Open Windows ICD, and then click **New provisioning package**.
-
-2.  In the **Name** box, type a name for the provisioning package, and then click **Next.**
-
-3.  Click the **Common to all Windows editions** option, click **Next**, and then click **Finish**.
-
-4.  Go to **Runtime settings** &gt; **Policies** &gt; **DeliveryOptimization** to configure the policies.
-
-For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730684).
-
-### <a href="" id="bkmk-wu"></a>24. Windows Update
-
-You can turn off Windows Update by setting the following registry entries:
-
--   Add a REG\_DWORD value called **DoNotConnectToWindowsUpdateInternetLocations** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
-
-    -and-
-
--   Add a REG\_DWORD value called **DisableWindowsUpdateAccess** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
-
-You can turn off automatic updates by doing one of the following. This is not recommended.
-
--   Add a REG\_DWORD value called **AutoDownload** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate** and set the value to 5.
-
-    -or-
-
--   Apply the Update/AllowAutoUpdate MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
-
-    -   **0**. Notify the user before downloading the update.
-
-    -   **1**. Auto install the update and then notify the user to schedule a device restart.
-
-    -   **2** (default). Auto install and restart.
-
-    -   **3**. Auto install and restart at a specified time.
-
-    -   **4**. Auto install and restart without end-user control.
-
-    -   **5**. Turn off automatic updates.
-
-To learn more, see [Device update management](http://msdn.microsoft.com/library/windows/hardware/dn957432.aspx) and [Configure Automatic Updates by using Group Policy](http://technet.microsoft.com/library/cc720539.aspx).
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services
+---
\ No newline at end of file
diff --git a/windows/manage/configure-windows-10-taskbar.md b/windows/manage/configure-windows-10-taskbar.md
index ed53b3c33c..8f9c046ff2 100644
--- a/windows/manage/configure-windows-10-taskbar.md
+++ b/windows/manage/configure-windows-10-taskbar.md
@@ -6,20 +6,23 @@ ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
-#Configure Windows 10 taskbar
+# Configure Windows 10 taskbar
 
 Starting in Windows 10, version 1607, administrators can pin additional apps to the taskbar and remove default pinned apps from the taskbar by adding a `<TaskbarLayout>` section to a layout modification XML file. This method never removes user-pinned apps from the taskbar.
 
-> **Note:** The only aspect of the taskbar that can currently be configured by the layout modification XML file is the layout.
+> [!NOTE]
+> The only aspect of the taskbar that can currently be configured by the layout modification XML file is the layout.
 
-You can specify different taskbar configurations based on device locale and region. There is no limit on the number of apps that you can pin. You specify apps using the [Application User Model ID (AUMID)](http://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path (the local path to the application). 
+You can specify different taskbar configurations based on device locale and region. There is no limit on the number of apps that you can pin. You specify apps using the [Application User Model ID (AUMID)](https://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path (the local path to the application). 
 
 If you specify an app to be pinned that is not installed on the computer, it won't appear on the taskbar.
 
 The order of apps in the xml file dictates order of apps on taskbar from left to right, to the right of any existing apps pinned by user.
 
-> **Note**  In operating systems configured to use a right-to-left language, the taskbar order will be reversed.
+> [!NOTE]
+> In operating systems configured to use a right-to-left language, the taskbar order will be reversed.
 
 The following example shows how apps will be pinned: Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using XML to the right (green square).
 
@@ -32,11 +35,14 @@ To configure the taskbar:
 1. Create the XML file.
    * If you are also [customizing the Start layout](customize-and-export-start-layout.md), use `Export-StartLayout` to create the XML, and then add the `<CustomTaskbarLayoutCollection>` section from the following sample to the file.
    * If you are only configuring the taskbar, use the following sample to create a layout modification XML file.
-2. Edit and save the XML file. You can use [AUMID](http://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path to identify the apps to pin to the taskbar.
-   * Use `<taskbar:UWA>` and [AUMID](http://go.microsoft.com/fwlink/p/?LinkId=614867) to pin Universal Windows Platform apps.
+2. Edit and save the XML file. You can use [AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867) or Desktop Application Link Path to identify the apps to pin to the taskbar.
+   * Use `<taskbar:UWA>` and [AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867) to pin Universal Windows Platform apps.
    * Use `<taskbar:DesktopApp>` and Desktop Application Link Path to pin desktop applications. 
 3. Apply the layout modification XML file to devices using [Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) or a [provisioning package created in Windows Imaging and Configuration Designer (Windows ICD)](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md).
 
+>[!IMPORTANT]
+>If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy.
+
 ### Tips for finding AUMID and Desktop Application Link Path
 
 In the layout modification XML file, you will need to add entries for applications in the XML markup. In order to pin an application, you need either its AUMID or Desktop Application Link Path. 
@@ -59,7 +65,6 @@ The easiest way to find this data for an application is to:
     xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
     xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"
     Version="1">
-
   <CustomTaskbarLayoutCollection>
     <defaultlayout:TaskbarLayout>
       <taskbar:TaskbarPinList>
@@ -73,7 +78,14 @@ The easiest way to find this data for an application is to:
 ### Sample taskbar configuration added to Start layout XML
 
 ```xml
-<LayoutModificationTemplate Version="1" xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+<?xml version="1.0" encoding="utf-8"?>
+<LayoutModificationTemplate
+    xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
+    xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
+    xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
+    xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout"
+    Version="1">
+  <LayoutOptions StartTileGroupCellWidth="6" StartTileGroupsColumnCount="1" />
   <DefaultLayoutOverride>
     <StartLayoutCollection>
       <defaultlayout:StartLayout GroupCellWidth="6" xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout">
@@ -84,6 +96,7 @@ The easiest way to find this data for an application is to:
         </start:Group>        
       </defaultlayout:StartLayout>
     </StartLayoutCollection>
+  </DefaultLayoutOverride>
     <CustomTaskbarLayoutCollection>
       <defaultlayout:TaskbarLayout>
         <taskbar:TaskbarPinList>
@@ -92,7 +105,6 @@ The easiest way to find this data for an application is to:
         </taskbar:TaskbarPinList>
       </defaultlayout:TaskbarLayout>
     </CustomTaskbarLayoutCollection>
-  </DefaultLayoutOverride>
 </LayoutModificationTemplate>
 ```
 
@@ -144,7 +156,7 @@ If you only want to remove some of the default pinned apps, you would use this m
   <CustomTaskbarLayoutCollection PinListPlacement="Replace">
     <defaultlayout:TaskbarLayout>
       <taskbar:TaskbarPinList>
-        <taskbar:DesktopApp DesktopApplicationLinkPath=”%APPDATA%Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk”/>
+        <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk"/>
         <taskbar:DesktopApp DesktopApplicationLinkPath="%ALLUSERSPROFILE%\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk" />
         <taskbar:UWA AppUserModelID="Microsoft.Office.Word_8wekyb3d8bbwe!microsoft.word" />
       </taskbar:TaskbarPinList>
@@ -163,7 +175,7 @@ If you only want to remove some of the default pinned apps, you would use this m
 
 ## Configure taskbar by country or region
 
-The following example shows you how to configure taskbars by country or region. When you specify one or more country or region in `<taskbar:TaskbarPinList>`, the pinned apps in that section are only pinned on computers that are configured for that country or region. When specifying taskbar configuration by country or region, the taskbar will concatenate pinlists together so long as the target computer meets the country or region requirements. If no country or region is specified for a `<TaskbarPinList>` node, it will apply to every country and region.
+The following example shows you how to configure taskbars by country or region. When the layout is applied to a computer, if there is no `<TaskbarPinList>` node with a region tag for the current region, the first `<TaskbarPinList>` node that has no specified region will be applied. When you specify one or more countries or regions in a `<TaskbarPinList>` node, the specified apps are pinned on computers configured for any of the specified countries or regions. 
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
@@ -219,7 +231,8 @@ The resulting taskbar for computers in any other country region:
 ![taskbar for all other regions](images/taskbar-region-other.png)
 
 
-> **Note**  [Look up country and region codes (use the ISO Short column)](http://go.microsoft.com/fwlink/p/?LinkId=786445)
+> [!NOTE]
+> [Look up country and region codes (use the ISO Short column)](https://go.microsoft.com/fwlink/p/?LinkId=786445)
 
 
 
diff --git a/windows/manage/configure-windows-telemetry-in-your-organization.md b/windows/manage/configure-windows-telemetry-in-your-organization.md
index db19b958a4..87818ca231 100644
--- a/windows/manage/configure-windows-telemetry-in-your-organization.md
+++ b/windows/manage/configure-windows-telemetry-in-your-organization.md
@@ -16,7 +16,7 @@ author: brianlic-msft
 
 -   Windows 10
 -   Windows 10 Mobile
--   Windows Server 2016 Technical Preview
+-   Windows Server 2016
 
 At Microsoft, we use Windows telemetry to inform our decisions and focus our efforts in providing the most robust, most valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry gives users a voice in the operating system’s development. This guide describes the importance of Windows telemetry and how we protect that data. Additionally, it differentiates between telemetry and functional data. It also describes the telemetry levels that Windows supports. Of course, you can choose how much telemetry is shared with Microsoft, and this guide demonstrates how.
 
@@ -31,12 +31,13 @@ To frame a discussion about telemetry, it is important to understand Microsoft
 
 This article applies to Windows and Windows Server telemetry only. Other Microsoft or third-party apps, such as System Center Configuration Manager, System Center Endpoint Protection, or System Center Data Protection Manager, might send data to their cloud services in ways that are inconsistent with this guide. Their publishers are responsible for notifying users of their privacy policies, telemetry controls, and so on. This article describes the types of telemetry we may gather, the ways you might manage it in your organization, and some examples of how telemetry can provide you with valuable insights into your enterprise deployments. Microsoft uses the data to quickly identify and address issues affecting its customers.
 
-
 Use this article to make informed decisions about how you might configure telemetry in your organization. Telemetry is a term that means different things to different people and organizations. For the purpose of this article, we discuss telemetry as system data that is uploaded by the Connected User Experience and Telemetry component. The telemetry data is used to help keep Windows devices secure by identifying malware trends and other threats and to help Microsoft improve the quality of Windows and Microsoft services.
 
+We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
+
 ## Overview
 
-In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016 Technical Preview, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM.
+In previous versions of Windows and Windows Server, Microsoft used telemetry to check for updated or new Windows Defender signatures, check whether Windows Update installations were successful, gather reliability information through the Reliability Analysis Component (RAC), and gather reliability information through the Windows Customer Experience Improvement Program (CEIP) on Windows. In Windows 10 and Windows Server 2016, you can control telemetry streams by using the Privacy option in Settings, Group Policy, or MDM.
 
 For Windows 10, we invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows work better for your organization.
 
@@ -66,7 +67,7 @@ Telemetry can sometimes be confused with functional data. Some Windows component
 
 There are subtle differences between telemetry and functional data. Windows collects and sends telemetry in the background automatically. You can control how much information is gathered by setting the telemetry level. Microsoft tries to avoid collecting personal information wherever possible (for example, if a crash dump is collected and a document was in memory at the time of the crash).    On the other hand, functional data can contain personal information. However, a user action, such as requesting news or asking Cortana a question, usually triggers collection and transmission of functional data.
 
-If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/en-us/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services).
+If you’re an IT pro that wants to manage Windows functional data sent from your organization to Microsoft, see [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services).
 
 The following are specific examples of functional data:
 
@@ -94,10 +95,10 @@ Windows telemetry also helps Microsoft better understand how customers use (or d
 
 **These examples show how the use of telemetry data enables Microsoft to build or enhance features which can help organizations increase employee productivity while lowering help desk calls.**
 
-<!--
+
 ### Insights into your own organization
 
-Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better, as well.  Microsoft is in the process of developing a set of analytics customized for your internal use.  The first of these, called Windows 10 Upgrade Analytics, will be available in Summer 2016.
+Sharing information with Microsoft helps make Windows and other products better, but it can also help make your internal processes and user experiences better, as well.  Microsoft is in the process of developing a set of analytics customized for your internal use.  The first of these, called [Windows 10 Upgrade Analytics](../deploy/manage-windows-upgrades-with-upgrade-analytics.md).
 
 #### Windows 10 Upgrade Analytics
 
@@ -119,12 +120,11 @@ Use Upgrade Analytics to get:
 
 The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
 
--->
 ## How is telemetry data handled by Microsoft?
 
 ### Data collection
 
-Windows 10 and Windows Server 2016 Technical Preview includes the Connected User Experience and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores telemetry events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology.
+Windows 10 and Windows Server 2016 includes the Connected User Experience and Telemetry component, which uses Event Tracing for Windows (ETW) tracelogging technology that gathers and stores telemetry events and data. The operating system and some Microsoft management solutions, such as System Center, use the same logging technology.
 
 1. Operating system features and some management applications are instrumented to publish events and data. Examples of management applications include Virtual Machine Manager (VMM), Server Manager, and Storage Spaces.
 2. Events are gathered using public operating system event logging and tracing APIs.
@@ -151,7 +151,7 @@ The following table defines the endpoints for telemetry services:
 
 ### Data use and access
 
-The principle of least privileged access guides access to telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement). Microsoft may share business reports with OEMs and third party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management.
+The principle of least privileged access guides access to telemetry data. Microsoft does not share personal data of our customers with third parties, except at the customer’s discretion or for the limited purposes described in the [Privacy Statement](https://privacy.microsoft.com/privacystatement). Microsoft may share business reports with OEMs and third party partners that include aggregated and anonymized telemetry information. Data-sharing decisions are made by an internal team including privacy, legal, and data management.
 
 ### Retention
 
@@ -160,7 +160,7 @@ Microsoft believes in and practices information minimization. We strive to gathe
 ## Telemetry levels
 
 
-This section explains the different telemetry levels in Windows 10, Windows Server 2016 Technical Preview, and System Center. These levels are available on all desktop and mobile editions of Windows 10, with the exception of the **Security** level which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016 Technical Preview.
+This section explains the different telemetry levels in Windows 10, Windows Server 2016, and System Center. These levels are available on all desktop and mobile editions of Windows 10, with the exception of the **Security** level which is limited to Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, Windows 10 IoT Core (IoT Core), and Windows Server 2016.
 
 The telemetry data is categorized into four levels:
 
@@ -172,7 +172,7 @@ The telemetry data is categorized into four levels:
 
 -   **Full**. All data necessary to identify and help to fix problems, plus data from the **Security**, **Basic**, and **Enhanced** levels.
 
-The levels are cumulative and are illustrated in the following diagram. Also, these levels apply to all editions of Windows Server 2016 Technical Preview.
+The levels are cumulative and are illustrated in the following diagram. Also, these levels apply to all editions of Windows Server 2016.
 
 ![breakdown of telemetry levels and types of administrative controls](images/priv-telemetry-levels.png)
 
@@ -180,7 +180,8 @@ The levels are cumulative and are illustrated in the following diagram. Also, th
 
 The Security level gathers only the telemetry info that is required to keep Windows devices, Windows Server, and guests protected with the latest security updates. This level is only available on Windows Server 2016, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile Enterprise, and Windos IoT Core editions.
 
-> **Note:**  If your organization relies on Windows Update for updates, you shouldn’t use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
+> [!NOTE]  
+> If your organization relies on Windows Update for updates, you shouldn’t use the **Security** level. Because no Windows Update information is gathered at this level, important information about update failures is not sent. Microsoft uses this information to fix the causes of those failures and improve the quality of our updates.
 
 Windows Server Update Services (WSUS) and System Center Configuration Manager functionality is not affected at this level, nor is telemetry data about Windows Server features or System Center gathered.
 
@@ -192,14 +193,15 @@ The data gathered at this level includes:
 
 -   **Malicious Software Removal Tool (MSRT)** The MSRT infection report contains information, including device info and IP address.
 
-    >**Note:**  You can turn off the MSRT infection report. No MSRT information is included if MSRT is not used. If Windows Update is turned off, MSRT will not be offered to users. For more info, see Microsoft KB article [891716](http://support.microsoft.com/kb/891716).
+    > [!NOTE]  
+    > You can turn off the MSRT infection report. No MSRT information is included if MSRT is not used. If Windows Update is turned off, MSRT will not be offered to users. For more info, see Microsoft KB article [891716](http://support.microsoft.com/kb/891716).
 
      
 
 -   **Windows Defender/Endpoint Protection**. Windows Defender and System Center Endpoint Protection requires some information to function, including: anti-malware signatures, diagnostic information, User Account Control settings, Unified Extensible Firmware Interface (UEFI) settings, and IP address.
 
-    **Note**  
-    This reporting can be turned off and no information is included if a customer is using third party antimalware software, or if Windows Defender is turned off. For more info, see [Windows Defender](disconnect-your-organization-from-microsoft.md#windows-defender).
+    > [!NOTE]  
+    > This reporting can be turned off and no information is included if a customer is using third party antimalware software, or if Windows Defender is turned off. For more info, see [Windows Defender](disconnect-your-organization-from-microsoft.md#windows-defender).
 
     Microsoft recommends that Windows Update, Windows Defender, and MSRT remain enabled unless the enterprise uses alternative solutions such as Windows Server Update Services, System Center Configuration Manager, or a third party antimalware solution. Windows Update, Windows Defender, and MSRT provide core Windows functionality such as driver and OS updates, including security updates.
 
@@ -215,7 +217,7 @@ The Basic level gathers a limited set of data that’s critical for understandin
 
 The data gathered at this level includes:
 
--   **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Server 2016 Technical Preview in the ecosystem. Examples include:
+-   **Basic device data**. Helps provide an understanding about the types of Windows devices and the configurations and types of native and virtualized Windows Server 2016 in the ecosystem. Examples include:
 
     -   Device attributes, such as camera resolution and display type
 
@@ -300,11 +302,12 @@ IT pros can use various methods, including Group Policy and Mobile Device Manage
 
 We do not recommend that you turn off telemetry in your organization as valuable functionality may be impacted, but we recognize that in some scenarios this may be required. Use the steps in this section to do so for Windows, Windows Server, and System Center.
 
->**Important:**  These telemetry levels only apply to Windows, Windows Server, and System Center components and apps that use the Connected User Experience and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these telemetry levels. You should work with your app vendors to understand their telemetry policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses telemetry, see [Overview of Office Telemetry](http://technet.microsoft.com/library/jj863580.aspx).
+> [!IMPORTANT]  
+> These telemetry levels only apply to Windows, Windows Server, and System Center components and apps that use the Connected User Experience and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these telemetry levels. You should work with your app vendors to understand their telemetry policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses telemetry, see [Overview of Office Telemetry](http://technet.microsoft.com/library/jj863580.aspx).
 
 You can turn on or turn off System Center telemetry gathering. The default is on and the data gathered at this level represents what is gathered by default when System Center telemetry is turned on. However, setting the operating system telemetry level to **Basic** will turn off System Center telemetry, even if the System Center telemetry switch is turned on.
 
-The lowest telemetry setting level supported through management policies is **Security**. The lowest telemetry setting supported through the Settings UI is **Basic**. The default telemetry setting for Windows Server 2016 Technical Preview is **Enhanced**.
+The lowest telemetry setting level supported through management policies is **Security**. The lowest telemetry setting supported through the Settings UI is **Basic**. The default telemetry setting for Windows Server 2016 is **Enhanced**.
 
 ### Configure the operating system telemetry level
 
@@ -368,21 +371,22 @@ There are a few more settings that you can turn off that may send telemetry info
 
 -   Turn off **Linguistic Data Collection** in **Settings** &gt; **Privacy**. At telemetry levels **Enhanced** and **Full**, Microsoft uses Linguistic Data Collection info to improve language model features such as autocomplete, spellcheck, suggestions, input pattern recognition, and dictionary.
 
-    >**Note:**  Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information.
+    > [!NOTE]  
+    > Microsoft does not intend to gather sensitive information, such as credit card numbers, usernames and passwords, email addresses, or other similarly sensitive information for Linguistic Data Collection. We guard against such events by using technologies to identify and remove sensitive information before linguistic data is sent from the user's device. If we determine that sensitive information has been inadvertently received, we delete the information.
 
 ## Additional resources
 
 FAQs
 
-- [Cortana, Search, and privacy](http://windows.microsoft.com/en-us/windows-10/cortana-privacy-faq)
-- [Windows 10 feedback, diagnostics, and privacy](http://windows.microsoft.com/en-us/windows-10/feedback-diagnostics-privacy-faq)
-- [Windows 10 camera and privacy](http://windows.microsoft.com/en-us/windows-10/camera-privacy-faq)
-- [Windows 10 location service and privacy](http://windows.microsoft.com/en-us/windows-10/location-service-privacy)
-- [Microsoft Edge and privacy](http://windows.microsoft.com/en-us/windows-10/edge-privacy-faq)
-- [Windows 10 speech, inking, typing, and privacy](http://windows.microsoft.com/en-us/windows-10/speech-inking-typing-privacy-faq)
-- [Windows Hello and privacy](http://windows.microsoft.com/en-us/windows-10/windows-hello-privacy-faq)
-- [Wi-Fi Sense](http://windows.microsoft.com/en-us/windows-10/wi-fi-sense-faq)
-- [Windows Update Delivery Optimization](http://windows.microsoft.com/en-us/windows-10/windows-update-delivery-optimization-faq)
+- [Cortana, Search, and privacy](https://privacy.microsoft.com/windows-10-cortana-and-privacy)
+- [Windows 10 feedback, diagnostics, and privacy](https://privacy.microsoft.com/windows-10-feedback-diagnostics-and-privacy)
+- [Windows 10 camera and privacy](https://privacy.microsoft.com/windows-10-camera-and-privacy)
+- [Windows 10 location service and privacy](https://privacy.microsoft.com/windows-10-location-and-privacy)
+- [Microsoft Edge and privacy](https://privacy.microsoft.com/windows-10-microsoft-edge-and-privacy)
+- [Windows 10 speech, inking, typing, and privacy](https://privacy.microsoft.com/windows-10-speech-inking-typing-and-privacy-faq)
+- [Windows Hello and privacy](https://privacy.microsoft.com/windows-10-windows-hello-and-privacy)
+- [Wi-Fi Sense](https://privacy.microsoft.com/windows-10-about-wifi-sense)
+- [Windows Update Delivery Optimization](https://privacy.microsoft.com/windows-10-windows-update-delivery-optimization)
 
 Blogs
 
@@ -390,11 +394,11 @@ Blogs
 
 Privacy Statement
 
-- [Microsoft Privacy Statement](https://privacy.microsoft.com/en-us/privacystatement)
+- [Microsoft Privacy Statement](https://privacy.microsoft.com/privacystatement)
 
 TechNet
 
-- [Manage connections from Windows operating system components to Microsoft services](https://technet.microsoft.com/en-us/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services)
+- [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md)
 
 Web Pages
 
diff --git a/windows/manage/connect-to-remote-aadj-pc.md b/windows/manage/connect-to-remote-aadj-pc.md
index 6d02435e5f..1c58be856c 100644
--- a/windows/manage/connect-to-remote-aadj-pc.md
+++ b/windows/manage/connect-to-remote-aadj-pc.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: devices
 author: jdeckerMS
+localizationpriority: medium
 ---
 
 # Connect to remote Azure Active Directory-joined PC
@@ -24,7 +25,7 @@ From its release, Windows 10 has supported remote connections to PCs that are jo
 ## Set up
 
 - Both PCs (local and remote) must be running Windows 10, version 1607. Remote connection to an Azure AD-joined PC that is running earlier versions of Windows 10 is not supported.
-- Ensure [Remote Credential Guard](https://tnstage.redmond.corp.microsoft.com/en-us/itpro/windows/keep-secure/remote-credential-guard?branch=bl-7475998), a new feature in Windows 10, version 1607, is turned off on the client PC.
+- Ensure [Remote Credential Guard](../keep-secure/remote-credential-guard.md), a new feature in Windows 10, version 1607, is turned off on the client PC.
 - On the PC that you want to connect to:
   1. Open system properties for the remote PC. 
   2. Enable **Allow remote connections to this computer** and select **Allow connections only from computers running Remote Desktop with Network Level Authentication**. 
@@ -65,9 +66,9 @@ In organizations using only Azure AD, you can connect from an Azure AD-joined PC
 
 ## Related topics
 
-[How to use Remote Desktop](http://windows.microsoft.com/en-us/windows-10/how-to-use-remote-desktop)
+[How to use Remote Desktop](https://support.microsoft.com/instantanswers/ff521c86-2803-4bc0-a5da-7df445788eb9/how-to-use-remote-desktop)
+
 
-[Remote Desktop Connection: frequently asked questions](http://windows.microsoft.com/en-us/windows/remote-desktop-connection-faq#1TC=windows-8) (Windows 8.1 documentation, still applicable to Windows 10)
 
 
  
diff --git a/windows/manage/customize-and-export-start-layout.md b/windows/manage/customize-and-export-start-layout.md
index 46e13d01b9..87f206380e 100644
--- a/windows/manage/customize-and-export-start-layout.md
+++ b/windows/manage/customize-and-export-start-layout.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Customize and export Start layout
@@ -18,7 +19,7 @@ author: jdeckerMS
 
 **Looking for consumer information?**
 
--   [Customize the Start menu](http://go.microsoft.com/fwlink/p/?LinkId=623630)
+-   [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
 The easiest method for creating a customized Start layout to apply to other Windows 10 devices is to set up the Start screen on a test computer and then export the layout.
 
@@ -73,7 +74,7 @@ To prepare a Start layout for export, you simply customize the Start layout on a
 ## <a href="" id="bmk-exportstartscreenlayout"></a>Export the Start layout
 
 
-When you have the Start layout that you want your users to see, use the [Export-StartLayout](http://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet in Windows PowerShell to export the Start layout to an .xml file.
+When you have the Start layout that you want your users to see, use the [Export-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet in Windows PowerShell to export the Start layout to an .xml file.
 
 **To export the Start layout to an .xml file**
 
@@ -85,7 +86,7 @@ When you have the Start layout that you want your users to see, use the [Export-
 
     In the previous command, `-path` is a required parameter that specifies the path and file name for the export file. You can specify a local path or a UNC path (for example, \\\\FileServer01\\StartLayouts\\StartLayoutMarketing.xml).
 
-    Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](http://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet does not append the file name extension, and the policy settings require the extension.
+    Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet does not append the file name extension, and the policy settings require the extension.
     
     Example of a layout file produced by `Export-StartLayout`:
 
diff --git a/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md b/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md
index acdd1656ab..d0d6b868e6 100644
--- a/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Customize Windows 10 Start and taskbar with Group Policy
@@ -18,7 +19,7 @@ author: jdeckerMS
 
 **Looking for consumer information?**
 
--   [Customize the Start menu](http://go.microsoft.com/fwlink/p/?LinkId=623630)
+-   [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
 In Windows 10 Enterprise and Windows 10 Education, you can use a Group Policy Object (GPO) to deploy a customized Start and taskbar layout to users in a domain. No reimaging is required, and the layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
 
@@ -36,24 +37,24 @@ When a full Start layout is applied with this method, the users cannot pin, unpi
 
 Start and taskbar layout control using Group Policy is supported in Windows 10 Enterprise and Windows 10 Education, Version 1607. Start and taskbar layout control is not supported in Windows 10 Pro.
 
-The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed. In Group Policy, ADMX files are used to define Registry-based policy settings in the Administrative Templates category. To find out how to create a central store for Administrative Templates files, see [article 929841, written for Windows Vista and still applicable](http://go.microsoft.com/fwlink/p/?LinkId=691687) in the Microsoft Knowledge Base.
+The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed. In Group Policy, ADMX files are used to define Registry-based policy settings in the Administrative Templates category. To find out how to create a central store for Administrative Templates files, see [article 929841, written for Windows Vista and still applicable](https://go.microsoft.com/fwlink/p/?LinkId=691687) in the Microsoft Knowledge Base.
 
 ## <a href="" id="bkmk-howstartscreencontrolworks"></a>How Start layout control works
 
 
 Three features enable Start and taskbar layout control:
 
--   The [Export-StartLayout](http://go.microsoft.com/fwlink/p/?LinkID=620879) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
+-   The [Export-StartLayout](https://go.microsoft.com/fwlink/p/?LinkID=620879) cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
 
     **Note**  
-    To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](http://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet.
+    To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet.
 
 -    [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include  `<CustomTaskbarLayoutCollection>` or create an .xml file just for the taskbar configuration.
 
 -   In Group Policy, you use the **Start Layout** settings for the **Start Menu and Taskbar** administrative template to set a Start and taskbar layout from an .xml file when the policy is applied.
 
 **Note**  
-To learn how customize Start to include your line-of-business apps when you deploy Windows 10, see [Customize the Windows 10 Start layout]( http://go.microsoft.com/fwlink/p/?LinkId=620863).
+To learn how customize Start to include your line-of-business apps when you deploy Windows 10, see [Customize the Windows 10 Start layout]( https://go.microsoft.com/fwlink/p/?LinkId=620863).
 
  
 
@@ -68,7 +69,7 @@ The GPO can be configured from any computer on which the necessary ADMX and ADML
 
 The .xml file with the Start and taskbar layout must be located on shared network storage that is available to the users’ computers when they sign in and the users must have Read-only access to the file. If the file is not available at sign-in, Start and the taskbar are not customized during the session, and the user can make changes to Start.
 
-For information about deploying GPOs in a domain, see [Working with Group Policy Objects](http://go.microsoft.com/fwlink/p/?LinkId=620889).
+For information about deploying GPOs in a domain, see [Working with Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=620889).
 
 ## <a href="" id="bkmk-localgpimport"></a>Use Group Policy to apply a customized Start layout on the local computer
 
@@ -76,9 +77,9 @@ For information about deploying GPOs in a domain, see [Working with Group Policy
 You can use the Local Group Policy Editor to provide a customized Start and taskbar layout for any user who signs in on the local computer. To display the customized Start and taskbar layout for any user who signs in, configure **Start Layout** policy settings for the **Start Menu and Taskbar** administrative template. You can use the **Start Menu and Taskbar** administrative template in **User Configuration** or **Computer Configuration**.
 
 **Note**  
-This procedure applies the policy settings on the local computer only. For information about deploying the Start and taskbar layout to users in a domain, see [Use Group Policy to deploy a customized Start layout in a domain](#bkmk-domaingpodeployment), later in this topic.
+This procedure applies the policy settings on the local computer only. For information about deploying the Start and taskbar layout to users in a domain, see [Use Group Policy to deploy a customized Start layout in a domain](#bkmk-domaingpodeployment).
 
-This procedure creates a Local Group Policy that applies to all users on the computer. To configure Local Group Policy that applies to a specific user or group on the computer, see [Step-by-Step Guide to Managing Multiple Local Group Policy Objects](http://go.microsoft.com/fwlink/p/?LinkId=620881). The guide was written for Windows Vista and the procedures still apply to Windows 10.
+This procedure creates a Local Group Policy that applies to all users on the computer. To configure Local Group Policy that applies to a specific user or group on the computer, see [Step-by-Step Guide to Managing Multiple Local Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=620881). The guide was written for Windows Vista and the procedures still apply to Windows 10.
 
  
 
diff --git a/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md
index de8f037cfe..cf6a6dab79 100644
--- a/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md
+++ b/windows/manage/customize-windows-10-start-screens-by-using-mobile-device-management.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: medium
 ---
 
 # Customize Windows 10 Start with mobile device management (MDM)
@@ -18,7 +19,7 @@ author: jdeckerMS
 
 **Looking for consumer information?**
 
--   [Customize the Start menu](http://go.microsoft.com/fwlink/p/?LinkId=623630)
+-   [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
 In Windows 10 Enterprise and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start layout to users. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.
 
@@ -39,11 +40,11 @@ Two features enable Start layout control:
 -   The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
 
     **Note**  
-    To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](http://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet.
+    To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet.
 
      
 
--   In MDM, you set the path to the .xml file that defines the Start layout using an OMA-URI setting, which is based on the [Policy configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkID=623244).
+-   In MDM, you set the path to the .xml file that defines the Start layout using an OMA-URI setting, which is based on the [Policy configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=623244).
 
 ## <a href="" id="bkmk-domaingpodeployment"></a>Create a policy for your customized Start layout
 
@@ -138,7 +139,7 @@ This example uses Microsoft Intune to configure an MDM policy that applies a cus
 
 [Customize Windows 10 Start and taskbar with ICD and provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
 
-[Use Windows 10 custom policies to manage device settings with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkID=616316)
+[Use Windows 10 custom policies to manage device settings with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkID=616316)
 
  
 
diff --git a/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
index 28609ad6b0..aca87ef5cc 100644
--- a/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/manage/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: medium
 ---
 
 # Customize Windows 10 Start and taskbar with ICD and provisioning packages
@@ -18,10 +19,13 @@ author: jdeckerMS
 
 **Looking for consumer information?**
 
--   [Customize the Start menu](http://go.microsoft.com/fwlink/p/?LinkId=623630)
+-   [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
 
 In Windows 10 Enterprise and Windows 10 Education, version 1607, you can use a provisioning package that you create with Windows Imaging and Configuration Designer (ICD) tool to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start and taskbar layout can be updated simply by overwriting the .xml file that contains the layout. The provisioning package can be applied to a running device. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
 
+>[!IMPORTANT]
+>If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy.
+
 **Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md)
 
 ## <a href="" id="bkmk-howstartscreencontrolworks"></a>How Start layout control works
@@ -32,7 +36,7 @@ Three features enable Start and taskbar layout control:
 -   The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
 
     **Note**  
-    To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](http://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet.
+    To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=623707) cmdlet.
 
 -    [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include  `<CustomTaskbarLayoutCollection>` or create an .xml file just for the taskbar configuration.
 
@@ -42,7 +46,7 @@ Three features enable Start and taskbar layout control:
 ## <a href="" id="bkmk-domaingpodeployment"></a>Create a provisioning package that contains a customized Start layout
 
 
-Use the [Imaging and Configuration Designer (ICD) tool](http://go.microsoft.com/fwlink/p/?LinkID=525483) included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that applies a customized Start and taskbar layout. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+Use the [Imaging and Configuration Designer (ICD) tool](https://go.microsoft.com/fwlink/p/?LinkID=525483) included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that applies a customized Start and taskbar layout. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
 
 > **Important**
 When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
@@ -60,7 +64,7 @@ When you build a provisioning package, you may include sensitive information in
 
 6.  Expand **Runtime settings** &gt; **Start**, and click **StartLayout**.
 
-7.  Specify the path and file name of the Start layout .xml that you created with the [Export-StartLayout](http://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet.
+7.  Specify the path and file name of the Start layout .xml that you created with the [Export-StartLayout](https://go.microsoft.com/fwlink/p/?LinkId=620879) cmdlet.
 
 8.  On the **File** menu, select **Save.**
 
diff --git a/windows/manage/device-guard-signing-portal.md b/windows/manage/device-guard-signing-portal.md
index 09c4d67158..e9dabd0581 100644
--- a/windows/manage/device-guard-signing-portal.md
+++ b/windows/manage/device-guard-signing-portal.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store, security
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Device Guard signing
diff --git a/windows/manage/diagnostics-for-mdm-devices.md b/windows/manage/diagnostics-for-mdm-devices.md
deleted file mode 100644
index 32998541e9..0000000000
--- a/windows/manage/diagnostics-for-mdm-devices.md
+++ /dev/null
@@ -1,102 +0,0 @@
----
-title: Diagnostics for Windows 10 devices  (Windows 10)
-description: Device Policy State log in Windows 10, Version 1607, collects info about policies.
-keywords: ["mdm", "udiag", "device policy", "mdmdiagnostics"]
-ms.prod: W10
-ms.mktglfcycl: manage
-ms.sitesec: library
-author: jdeckerMS
----
-
-# Diagnostics for Windows 10 devices  
-
-**Applies to**
-
--   Windows 10
--   Windows 10 Mobile
-
-(which SKUs?)
-
-(this isn't really MDM-managed only, is it? It can be done locally/email?)
-
-Two new diagnostic tools for Windows 10, version 1607, help IT administrators diagnose and resolve issues with remote devices enrolled in mobile device management (MDM): the [Device Policy State Log](#device-policy-state-log) and [UDiag](#udiag). Windows 10 for desktop editions and Windows 10 Mobile make it simple for users to export log files that you can then analyze with these tools.
-
-## Export management log files
-
-Go to **Settings > Accounts > Work access > Export your management log files**.
-
-![Export your management log files](images/export-mgt-desktop.png)
-
-- On desktop devices, the file is saved to C:/Users/Public/Public Documents/MDMDiagnostics/MDMDiagReport.xml
-- On phones, the file is saved to *phone*/Documents/MDMDiagnostics/MDMDiagReport.xml
-
-The MDMDiagReport.xml can be used with [Device Policy State Log](#device-policy-state-log) and [UDiag](#udiag) to help you resolve issues.
-
-## Device Policy State Log
-
-The Device Policy State Log collects information on the state of policies applied to the device to help you determine which sources are applying policies or configurations to the device. Help desk personnel can use this log to diagnose and resolve issues with a remote device. 
-
-After you obtain the management log file from the user's device, run the mdmReportGenerator.ps1 script on log to create report. (download mdmReportGenerator.ps1 and mdmDiagnoseHelpers.psm1) This PowerShell script asks you to enter the name of the management log file and a name for the report that it will create, as shown in the following example:
-
-![Enter file name for input and output](images/mdm-diag-report-powershell.png)
-
-The script produces the report in html format. There are two sections to the report, Configuration and Policy Information. 
-
- The configuration section lists the GUID of the sources that are applying configurations to the device.  
-
- ![Configuration source Exachange ActiveSync](images/config-source.png)
-
-The policy information section displays information about the specific policies that are being enforced and on the device.  For each policy, you will see the Area grouping, the Policy name, its default and current value, and the configuration source. You can compare the configuration source GUID in the policy information section to the GUIDs in the configuration section to identify the source of the policy.
-
-![Policies applied by a configuration source](images/config-policy.png)
-
-
-## UDiag
-
-The UDiag tool applies rules to Event Tracing for Windows (ETW) files to help determine the root cause of an issue. 
-
-(download UDiag)
-
-To analyze MDMDiagReport.xml using UDiag
-1. Open UDiag, and select Device Management.
-2. Select your source for the log files ("cab of logs" or "directory of logs")
-
-Investigating log content, identifying patterns, and adding a root cause analysis to the database (Advanced users/providers) 
-
-1. While at the 'Root Causes List' panel, click the 'Diagnose' button at the bottom. 
-2. You will then be brought to the Diagnosis panel where you can investigate and tag root causes from the content
-  - Evidence Groups: When a set of logs are loaded into UDiag, the contents are processed (e.g. ETW) and organized into evidence groups. 
-  - Decision Tree View: This view shows the loaded decision tree for the current topic/topic area. When a decision node is selected, a user can modify the regular expression and add/edit/delete an RCA for that node. Any RCA matches found in the current log set will have an 'RCA' label that is either Red or Yellow.
-  - Evidence View: Selecting an evidence group loads its content into this evidence view. Use this view to investigate issues and determine root causes. Drag and drop lines from the Evidence View into the Decision Tree View, to build your root cause analysis pattern. ([Learn more about techniques for root cause analysis.](https://technet.microsoft.com/en-us/library/cc543298.aspx))
-
-
-
- 	
-
-	Can admin pull logs without user action? [DK] Yes via the diagnostic log CSP
-
-	
-
-	"Run PowerShell script to process the file" – is that the user doing it? How can this workflow work in an enterprise where employees aren't computer-savvy? [DK] This is intended to be done by the help desk guy.  
-
-	Where did (user|admin) get mdmReportGenerator.ps1?  [DK] Publishing on DLC later this summer
-
-	In Viewing the report, how does the admin make sense of the source GUIDs? [DK] Correlates the value in the table with the entries at the top of the page. 
-
-	UDiag – where does admin get this? [DK] Publishing on DLC later this summer
-
-	Can admins create custom rule sets? [DK] Right now, no.  but open to feedback on this.
-
-	
-
-Link to [Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120%28v=vs.85%29.aspx)
-
-[Diagnostics capability for devices managed by any MDM provider.](https://microsoft.sharepoint.com/teams/osg_core_ens/mgmt/OSMan Wiki/MDM Diagnostics - Generating and Processing Log files.aspx)
-
-[Redstone spec](https://microsoft.sharepoint.com/teams/specstore/_layouts/15/WopiFrame.aspx?sourcedoc=%7b7E8742A2-03A1-451C-BA07-F2573B044CBF%7d&file=DM%20-%20MDM%20Diagnostics-RS.docx&action=default&DefaultItemOpen=1)
-
-## Related topics
-
-[DiagnosticLog CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt219118.aspx)
-
-[Diagnose MDM failures in Windows 10](https://msdn.microsoft.com/en-us/library/windows/hardware/mt632120.aspx)
\ No newline at end of file
diff --git a/windows/manage/disconnect-your-organization-from-microsoft.md b/windows/manage/disconnect-your-organization-from-microsoft.md
index f1077326eb..8a9777af29 100644
--- a/windows/manage/disconnect-your-organization-from-microsoft.md
+++ b/windows/manage/disconnect-your-organization-from-microsoft.md
@@ -1,4 +1,4 @@
 ---
 title: Configure Windows 10 devices to stop data flow to Microsoft (Windows 10)
-redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/configure-windows-10-devices-to-stop-data-flow-to-microsoft
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services
 ---
\ No newline at end of file
diff --git a/windows/manage/distribute-apps-from-your-private-store.md b/windows/manage/distribute-apps-from-your-private-store.md
index 500ff0c7b4..828dc965f4 100644
--- a/windows/manage/distribute-apps-from-your-private-store.md
+++ b/windows/manage/distribute-apps-from-your-private-store.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Distribute apps using your private store
@@ -25,15 +26,13 @@ You can make an app available in your private store when you acquire the app, or
 
 1.  Sign in to the [Store for Business](https://businessstore.microsoft.com).
 
-2.  Click an app and then click **Get the app** to acquire the app for your organization.
-
-3.  You'll have a few options for distributing the app -- choose **Add to your private store where all people in your organization can find and install it.**
+2.  Click an app, choose the license type, and then click **Get the app** to acquire the app for your organization.
 
     ![Image showing Distribute options for app in the Windows Store for Business.](images/wsfb-distribute.png)
 
-    It will take approximately twelve hours before the app is available in the private store.
+Windows Store for Business add the app to your **Inventory**. Click **Manage**, **Inventory** for app distribution options. 
 
-**To make an app in inventory available in your private store**
+**To make an app in Inventory available in your private store**
 
 1.  Sign in to the [Store for Business](https://businessstore.microsoft.com).
 
diff --git a/windows/manage/distribute-apps-to-your-employees-windows-store-for-business.md b/windows/manage/distribute-apps-to-your-employees-windows-store-for-business.md
index ffdae6061d..8863d87a80 100644
--- a/windows/manage/distribute-apps-to-your-employees-windows-store-for-business.md
+++ b/windows/manage/distribute-apps-to-your-employees-windows-store-for-business.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Distribute apps to your employees from the Windows Store for Business
diff --git a/windows/manage/distribute-apps-with-management-tool.md b/windows/manage/distribute-apps-with-management-tool.md
index 102b4d6d01..891c3c0ccc 100644
--- a/windows/manage/distribute-apps-with-management-tool.md
+++ b/windows/manage/distribute-apps-with-management-tool.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Distribute apps with a management tool
diff --git a/windows/manage/distribute-offline-apps.md b/windows/manage/distribute-offline-apps.md
index f6493b53b4..c1bc0b3a20 100644
--- a/windows/manage/distribute-offline-apps.md
+++ b/windows/manage/distribute-offline-apps.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Distribute offline apps
diff --git a/windows/manage/find-and-acquire-apps-overview.md b/windows/manage/find-and-acquire-apps-overview.md
index 4b4aab57ea..30ca08ff48 100644
--- a/windows/manage/find-and-acquire-apps-overview.md
+++ b/windows/manage/find-and-acquire-apps-overview.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Find and acquire apps
@@ -39,6 +40,10 @@ Use the Windows Store for Business to find apps for your organization. You can a
 <td align="left"><p>Store for Business has thousands of apps from many different categories.</p></td>
 </tr>
 <tr class="even">
+<td align="left"><p>[Acquire apps in the Windows Store for Business](acquire-apps-windows-store-for-business.md)</p></td>
+<td align="left"><p>You can acquire apps from the Windows Store for Business for your employees.</p></td>
+</tr>
+<tr class="odd">
 <td align="left"><p>[Working with line-of-business apps](working-with-line-of-business-apps.md)</p></td>
 <td align="left"><p>Your company can make line-of-business (LOB) applications available through Store for Business. These apps are custom to your company – they might be internal business apps, or apps specific to your business or industry.</p></td>
 </tr>
diff --git a/windows/manage/group-policies-for-enterprise-and-education-editions.md b/windows/manage/group-policies-for-enterprise-and-education-editions.md
index 748d4c7b86..40c5250e62 100644
--- a/windows/manage/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/manage/group-policies-for-enterprise-and-education-editions.md
@@ -1,31 +1,34 @@
 ---
-title: Group Policies that apply only to Windows 10 Enterprise and Education Editions (Windows 10)
-description: Use this topic to learn about Group Policy objects that apply only to Windows 10 Enterprise and Windows 10 Education.
+title: Group Policy settings that apply only to Windows 10 Enterprise and Education Editions (Windows 10)
+description: Use this topic to learn about Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education.
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: brianlic-msft
+localizationpriority: high
 ---
 
-# Group Policies that apply only to Windows 10 Enterprise and Education Editions
+# Group Policy settings that apply only to Windows 10 Enterprise and Education Editions
 
 **Applies to**
 
 -   Windows 10
 
-In Windows 10, version 1607, the following Group Policies apply only to Windows 10 Enterprise and Windows 10 Education.
+In Windows 10, version 1607, the following Group Policy settings apply only to Windows 10 Enterprise and Windows 10 Education.
 
 | Policy name | Policy path | Comments |
 | --- | --- | --- |
-| **Configure Spotlight on lock screen** | User Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight). Note that an additional **Cloud Content** policy, **Do not suggest third-party content in Windows spotlight**, does apply to Windows 10 Pro. |
-| **Turn off all Windows Spotlight features** | User Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
-| **Turn off Microsoft consumer features** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
-| **Do not display the lock screen** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
+| **Configure Spotlight on lock screen** | User Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md). Note that an additional **Cloud Content** policy, **Do not suggest third-party content in Windows spotlight**, does apply to Windows 10 Pro. |
+| **Turn off all Windows Spotlight features** | User Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) |
+| **Turn off Microsoft consumer features** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) |
+| **Do not display the lock screen** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) |
 | **Do not require CTRL+ALT+DEL** </br>combined with</br>**Turn off app notifications on the lock screen** | Computer Configuration > Administrative Templates > System > Logon </br>and</br>Computer Configuration > Windows Settings > Security Settings > Local Policies > Security Options > Interactive logon | When both of these policy settings are enabled, the combination will also disable lock screen apps ([assigned access](set-up-a-device-for-anyone-to-use.md)) on Windows 10 Enterprise and Windows 10 Education only. These policy settings can be applied to Windows 10 Pro, but lock screen apps will not be disabled on Windows 10 Pro. </br></br>**Important:** The description for **Interactive logon: Do not require CTRL+ALT+DEL** in the Group Policy Editor incorrectly states that it only applies to Windows 10 Enterprise and Education. The description will be corrected in a future release.|
-| **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
-| **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-spotlight) |
+| **Do not show Windows Tips** | Computer Configuration > Administrative Templates > Windows Components > Cloud Content | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md |
+| **Force a specific default lock screen image** | Computer Configuration > Administrative Templates > Control Panel > Personalization | For more info, see [Windows spotlight on the lock screen](windows-spotlight.md) |
 | **Start layout** | User Configuration\Administrative Templates\Start Menu and Taskbar | For more info, see [Manage Windows 10 Start layout options and policies](windows-10-start-layout-options-and-policies.md)  |
-| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/en-us/kb/3135657). |
+| **Turn off the Store application** | Computer Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application<br><br>User Configuration > Administrative Templates > Windows Components > Store > Turn off the Store application | For more info, see [Knowledge Base article# 3135657](https://support.microsoft.com/kb/3135657). |
+| **Only display the private store within the Windows Store app** | Computer Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app<br><br>User Configuration > Administrative Templates > Windows Components > Store > Only display the private store within the Windows Store app | For more info, see [Manage access to private store](manage-access-to-private-store.md) |
+| **Don't search the web or display web results** | Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results | For more info, see [Cortana integration in your enterprise](manage-cortana-in-enterprise.md) |
 
 
 
diff --git a/windows/manage/guidelines-for-assigned-access-app.md b/windows/manage/guidelines-for-assigned-access-app.md
index 28999f16fa..2d776f2cf5 100644
--- a/windows/manage/guidelines-for-assigned-access-app.md
+++ b/windows/manage/guidelines-for-assigned-access-app.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Guidelines for choosing an app for assigned access (kiosk mode)
@@ -23,7 +24,7 @@ The following guidelines may help you choose an appropriate Windows app for your
 
 ## General guidelines
 
-- Windows apps must be provisioned or installed for the assigned access account before they can be selected as the assigned access app. [Learn how to provision and install apps](https://msdn.microsoft.com/en-us/library/windows/hardware/mt228170(v=vs.85).aspx#install_your_apps). 
+- Windows apps must be provisioned or installed for the assigned access account before they can be selected as the assigned access app. [Learn how to provision and install apps](https://msdn.microsoft.com/library/windows/hardware/mt228170.aspx#install_your_apps). 
 
 - Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app. If this happens, you must update the assigned access settings to launch the updated app, because assigned access uses the AUMID to determine which app to launch. 
 
@@ -71,7 +72,7 @@ Check the guidelines published by your selected app and do the setup accordingly
 
 Assigned access in Windows 10 leverages the new lock framework. When an assigned access user signs in, the selected kiosk app is launched above lock  . The kiosk app is actually running as an above lock screen app. 
 
-Follow the [best practices guidance for developing a kiosk app for assigned access](https://msdn.microsoft.com/en-us/library/windows/hardware/mt633799%28v=vs.85%29.aspx). 
+Follow the [best practices guidance for developing a kiosk app for assigned access](https://msdn.microsoft.com/library/windows/hardware/mt633799%28v=vs.85%29.aspx). 
 
 ## Test your assigned access experience
 
diff --git a/windows/manage/how-it-pros-can-use-configuration-service-providers.md b/windows/manage/how-it-pros-can-use-configuration-service-providers.md
index e6ec60d6cd..26ab03140f 100644
--- a/windows/manage/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/manage/how-it-pros-can-use-configuration-service-providers.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: medium
 ---
 
 # Introduction to configuration service providers (CSPs) for IT pros
@@ -18,12 +19,12 @@ author: jdeckerMS
 
 Configuration service providers (CSPs) expose device configuration settings in Windows 10. This topic is written for people who have no experience with CSPs.
 
-The CSPs are documented on the [Hardware Dev Center](http://go.microsoft.com/fwlink/p/?LinkId=717390) because CSPs are used by mobile device management (MDM) service providers. This topic explains how IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 10 Mobile in their organizations.
+The CSPs are documented on the [Hardware Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=717390) because CSPs are used by mobile device management (MDM) service providers. This topic explains how IT pros and system administrators can take advantage of many settings available through CSPs to configure devices running Windows 10 and Windows 10 Mobile in their organizations.
 
 **Note**  
 The explanation of CSPs and CSP documentation also apply to Windows Mobile 5, Windows Mobile 6, Windows Phone 7, and Windows Phone 8, but links to current CSPs are for Windows 10 and Windows 10 Mobile.
 
- [See what's new for CSPs in Windows 10, version 1607.](https://msdn.microsoft.com/en-us/library/windows/hardware/mt299056(v=vs.85).aspx#whatsnew_1607)
+ [See what's new for CSPs in Windows 10, version 1607.](https://msdn.microsoft.com/library/windows/hardware/mt299056.aspx#whatsnew_1607)
 
 ## What is a CSP?
 
@@ -32,9 +33,9 @@ A CSP is an interface in the client operating system between configuration setti
 
 Starting in Windows Mobile 5.0, CSPs were used to manage Windows mobile devices. In the Windows 10 platform, the management approach for both desktop and mobile devices converges, taking advantage of the same CSPs to configure and manage all devices running Windows 10.
 
-Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](http://go.microsoft.com/fwlink/p/?LinkId=717438) contains the settings to create a Wi-Fi profile.
+Each CSP provides access to specific settings. For example, the [Wi-Fi CSP](https://go.microsoft.com/fwlink/p/?LinkId=717438) contains the settings to create a Wi-Fi profile.
 
-CSPs are behind many of the management tasks and policies for Windows 10 in Microsoft Intune and non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](http://go.microsoft.com/fwlink/p/?LinkID=623244).
+CSPs are behind many of the management tasks and policies for Windows 10 in Microsoft Intune and non-Microsoft MDM service providers. For example, in Intune, the policy to allow search suggestions in the Microsoft Edge address bar uses **Browser/AllowSearchSuggestionsinAddressBar** in the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244).
 
 ![how intune maps to csp](images/policytocsp.png)
 
@@ -48,7 +49,7 @@ The Open Mobile Alliance Device Management (OMA-DM) protocol uses the XML-based
 
 The WMI-to-CSP Bridge is a component allowing configuration of Windows 10 CSPs via scripts and traditional enterprise management software such as Configuration Manager using Windows Management Instrumentation (WMI). The bridge is responsible for reading WMI commands and through a component called the common device configurator pass them to a CSP for application on the device.
 
-[Learn how to use the WMI Bridge Provider with PowerShell.](http://go.microsoft.com/fwlink/p/?LinkId=761090)
+[Learn how to use the WMI Bridge Provider with PowerShell.](https://go.microsoft.com/fwlink/p/?LinkId=761090)
 
 ## Why should you learn about CSPs?
 
@@ -57,11 +58,11 @@ Generally, enterprises rely on Group Policy or MDM to configure and manage devic
 
 In addition, you may have unmanaged devices, or a large number of devices that you want to configure before enrolling them in management, or you want to apply custom settings that aren't available through your MDM service. The [CSP documentation](#bkmk-csp-doc) can help you understand the settings that can be configured or queried.
 
-In addition, some of the topics in the [Windows 10 and Windows 10 Mobile](../index.md) library on Technet include links to applicable CSP reference topics, such as [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) which links to the [Policy CSP](http://go.microsoft.com/fwlink/p/?LinkID=623244). In the CSP topics, you can learn about all of the available configuration settings.
+In addition, some of the topics in the [Windows 10 and Windows 10 Mobile](../index.md) library on Technet include links to applicable CSP reference topics, such as [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) which links to the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244). In the CSP topics, you can learn about all of the available configuration settings.
 
 ### CSPs in Windows Imaging and Configuration Designer (ICD)
 
-You can use Windows Imaging and Configuration Designer (ICD) to create [provisioning packages](http://go.microsoft.com/fwlink/p/?LinkId=717466) to apply settings to devices during the out-of-box-experience (OOBE) and after devices are set up. You can use provisioning packages to configure a device's connectivity and enroll the device in MDM. Many of the runtime settings in Windows ICD are based on CSPs.
+You can use Windows Imaging and Configuration Designer (ICD) to create [provisioning packages](https://go.microsoft.com/fwlink/p/?LinkId=717466) to apply settings to devices during the out-of-box-experience (OOBE) and after devices are set up. You can use provisioning packages to configure a device's connectivity and enroll the device in MDM. Many of the runtime settings in Windows ICD are based on CSPs.
 
 Many settings in Windows ICD will display documentation for that setting in the center pane, and will include a reference to the CSP if the setting uses one, as shown in the following image.
 
@@ -71,20 +72,20 @@ Many settings in Windows ICD will display documentation for that setting in the
 
 ### CSPs in MDM
 
-Most, if not all, CSPs are surfaced through your MDM service. If you see a CSP that provides a capability that you want to make use of and cannot find that capability in your MDM service, contact your MDM provider for assistance. It might simply be named differently than you expected. You can see the CSPs supported by MDM in the [Configuration service provider reference](http://go.microsoft.com/fwlink/p/?LinkId=717390).
+Most, if not all, CSPs are surfaced through your MDM service. If you see a CSP that provides a capability that you want to make use of and cannot find that capability in your MDM service, contact your MDM provider for assistance. It might simply be named differently than you expected. You can see the CSPs supported by MDM in the [Configuration service provider reference](https://go.microsoft.com/fwlink/p/?LinkId=717390).
 
-When a CSP is available but is not explicitly included in your MDM solution, you may be able to make use of the CSP by using OMA-URI settings. In Intune, for example, you can use [custom policy settings](http://go.microsoft.com/fwlink/p/?LinkID=616316) to deploy settings. Intune documents [a partial list of settings](http://go.microsoft.com/fwlink/p/?LinkID=616317) that you can enter in the **OMA-URI Settings** section of a custom policy, if your MDM service provides that extension. You'll notice that the list doesn't explain the meanings of the allowed and default values, so use the [CSP reference documentation](http://go.microsoft.com/fwlink/p/?LinkId=717390) to locate that information.
+When a CSP is available but is not explicitly included in your MDM solution, you may be able to make use of the CSP by using OMA-URI settings. In Intune, for example, you can use [custom policy settings](https://go.microsoft.com/fwlink/p/?LinkID=616316) to deploy settings. Intune documents [a partial list of settings](https://go.microsoft.com/fwlink/p/?LinkID=616317) that you can enter in the **OMA-URI Settings** section of a custom policy, if your MDM service provides that extension. You'll notice that the list doesn't explain the meanings of the allowed and default values, so use the [CSP reference documentation](https://go.microsoft.com/fwlink/p/?LinkId=717390) to locate that information.
 
 ### CSPs in Lockdown XML
 
-Lockdown XML can be used to configure devices running Windows 10 Mobile. You can manually author a [Lockdown XML file](lockdown-xml.md) to make use of the configuration settings available through the [EnterpriseAssignedAccess configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkID=618601).
+Lockdown XML can be used to configure devices running Windows 10 Mobile. You can manually author a [Lockdown XML file](lockdown-xml.md) to make use of the configuration settings available through the [EnterpriseAssignedAccess configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=618601).
 
 ## <a href="" id="bkmk-csp-doc"></a>How do you use the CSP documentation?
 
 
-All CSPs in Windows 10 are documented in the [Configuration service provider reference](http://go.microsoft.com/fwlink/p/?LinkId=717390).
+All CSPs in Windows 10 are documented in the [Configuration service provider reference](https://go.microsoft.com/fwlink/p/?LinkId=717390).
 
-The [main CSP topic](http://go.microsoft.com/fwlink/p/?LinkId=717390) tells you which CSPs are supported on each edition of Windows 10, and links to the documentation for each individual CSP.
+The [main CSP topic](https://go.microsoft.com/fwlink/p/?LinkId=717390) tells you which CSPs are supported on each edition of Windows 10, and links to the documentation for each individual CSP.
 
 ![csp per windows edition](images/csptable.png)
 
@@ -92,11 +93,11 @@ The documentation for each CSP follows the same structure. After an introduction
 
 The full path to a specific configuration setting is represented by its Open Mobile Alliance - Uniform Resource Identifier (OMA-URI). The URI is relative to the devices’ root node (MSFT, for example). Features supported by a particular CSP can be set by addressing the complete OMA-URI path.
 
-The following example shows the diagram for the [AssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=626608). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes and rectangular elements are settings or policies for which a value must be supplied.
+The following example shows the diagram for the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes and rectangular elements are settings or policies for which a value must be supplied.
 
 ![assigned access csp tree](images/provisioning-csp-assignedaccess.png)
 
-The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see it uses the [AssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=626608).
+The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see it uses the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608).
 
 ```XML
 ./Vendor/MSFT/AssignedAccess/KioskModeApp
@@ -108,7 +109,7 @@ When an element in the diagram uses italic font, it indicates a placeholder for
 
 After the diagram, the documentation describes each element. For each policy or setting, the valid values are listed.
 
-For example, in the [AssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=626608), the setting is **KioskModeApp**. The documentation tells you that the value for **KioskModeApp** is a JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app.
+For example, in the [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608), the setting is **KioskModeApp**. The documentation tells you that the value for **KioskModeApp** is a JSON string that contains the user account name and Application User Model ID (AUMID) of the Kiosk mode app.
 
 The documentation for most CSPs will also include an XML example.
 
@@ -117,7 +118,7 @@ The documentation for most CSPs will also include an XML example.
 
 CSPs provide access to a number of settings useful to enterprises. This section introduces two CSPs that an enterprise might find particularly useful.
 
--   [EnterpriseAssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=618601)
+-   [EnterpriseAssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=618601)
 
     The EnterpriseAssignedAccess configuration service provider allows IT administrators to configure settings on a Windows 10 Mobile device. An enterprise can make use of this CSP to create single-use or limited-use mobile devices, such as a handheld device that only runs a price-checking app.
 
@@ -131,7 +132,7 @@ CSPs provide access to a number of settings useful to enterprises. This section
     -   Restricting access to the context menu.
     -   Enabling or disabling tile manipulation.
     -   Creating role-specific configurations.
--   [Policy CSP](http://go.microsoft.com/fwlink/p/?LinkID=623244)
+-   [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244)
 
     The Policy configuration service provider enables the enterprise to configure policies on Windows 10 and Windows 10 Mobile. Some of these policy settings can also be applied using Group Policy, and the CSP documentation lists the equivalent Group Policy settings.
 
@@ -155,67 +156,67 @@ CSPs provide access to a number of settings useful to enterprises. This section
 
 Here is a list of CSPs supported on Windows 10 Enterprise, Windows 10 Mobile Enterprise, or both:
 
--   [ActiveSync CSP](http://go.microsoft.com/fwlink/p/?LinkId=723219)
--   [Application CSP](http://go.microsoft.com/fwlink/p/?LinkId=723220)
--   [AppLocker CSP](http://go.microsoft.com/fwlink/p/?LinkID=626609)
--   [AssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=626608)
--   [Bootstrap CSP](http://go.microsoft.com/fwlink/p/?LinkId=723224)
--   [BrowserFavorite CSP](http://go.microsoft.com/fwlink/p/?LinkId=723428)
--   [CellularSettings CSP](http://go.microsoft.com/fwlink/p/?LinkId=723427)
--   [CertificateStore CSP](http://go.microsoft.com/fwlink/p/?LinkId=723225)
--   [ClientCertificateInstall CSP](http://go.microsoft.com/fwlink/p/?LinkId=723226)
--   [CM\_CellularEntries CSP](http://go.microsoft.com/fwlink/p/?LinkId=723426)
--   [CM\_ProxyEntries CSP](http://go.microsoft.com/fwlink/p/?LinkId=723425)
--   [CMPolicy CSP](http://go.microsoft.com/fwlink/p/?LinkId=723424)
--   [Defender CSP](http://go.microsoft.com/fwlink/p/?LinkId=723227)
--   [DevDetail CSP](http://go.microsoft.com/fwlink/p/?LinkId=723228)
--   [DeviceInstanceService CSP](http://go.microsoft.com/fwlink/p/?LinkId=723275)
--   [DeviceLock CSP](http://go.microsoft.com/fwlink/p/?LinkId=723370)
--   [DeviceStatus CSP](http://go.microsoft.com/fwlink/p/?LinkId=723229)
--   [DevInfo CSP](http://go.microsoft.com/fwlink/p/?LinkId=723230)
--   [DiagnosticLog CSP](http://go.microsoft.com/fwlink/p/?LinkId=723231)
--   [DMAcc CSP](http://go.microsoft.com/fwlink/p/?LinkId=723232)
--   [DMClient CSP](http://go.microsoft.com/fwlink/p/?LinkId=723233)
--   [Email2 CSP](http://go.microsoft.com/fwlink/p/?LinkId=723234)
--   [EnterpriseAPN CSP](http://go.microsoft.com/fwlink/p/?LinkId=723235)
--   [EnterpriseAppManagement CSP](http://go.microsoft.com/fwlink/p/?LinkId=723237)
--   [EnterpriseAssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=618601)
--   [EnterpriseDesktopAppManagement CSP](http://go.microsoft.com/fwlink/p/?LinkId=723236)
--   [EnterpriseExt CSP](http://go.microsoft.com/fwlink/p/?LinkId=723423)
--   [EnterpriseExtFileSystem CSP](http://go.microsoft.com/fwlink/p/?LinkID=703716)
--   [EnterpriseModernAppManagement CSP](http://go.microsoft.com/fwlink/p/?LinkId=723257)
--   [FileSystem CSP](http://go.microsoft.com/fwlink/p/?LinkId=723422)
--   [HealthAttestation CSP](http://go.microsoft.com/fwlink/p/?LinkId=723258)
--   [HotSpot CSP](http://go.microsoft.com/fwlink/p/?LinkId=723421)
--   [Maps CSP](http://go.microsoft.com/fwlink/p/?LinkId=723420)
--   [NAP CSP](http://go.microsoft.com/fwlink/p/?LinkId=723419)
--   [NAPDEF CSP](http://go.microsoft.com/fwlink/p/?LinkId=723371)
--   [NodeCache CSP]( http://go.microsoft.com/fwlink/p/?LinkId=723265)
--   [PassportForWork CSP](http://go.microsoft.com/fwlink/p/?LinkID=692070)
--   [Policy CSP](http://go.microsoft.com/fwlink/p/?LinkID=623244)
--   [PolicyManager CSP]( http://go.microsoft.com/fwlink/p/?LinkId=723418)
--   [Provisioning CSP](http://go.microsoft.com/fwlink/p/?LinkId=723266)
--   [Proxy CSP]( http://go.microsoft.com/fwlink/p/?LinkId=723372)
--   [PXLOGICAL CSP](http://go.microsoft.com/fwlink/p/?LinkId=723374)
--   [Registry CSP](http://go.microsoft.com/fwlink/p/?LinkId=723417)
--   [RemoteFind CSP](http://go.microsoft.com/fwlink/p/?LinkId=723267)
--   [RemoteWipe CSP](http://go.microsoft.com/fwlink/p/?LinkID=703714)
--   [Reporting CSP](http://go.microsoft.com/fwlink/p/?LinkId=723375)
--   [RootCATrustedCertificates CSP](http://go.microsoft.com/fwlink/p/?LinkId=723270)
--   [SecurityPolicy CSP](http://go.microsoft.com/fwlink/p/?LinkId=723376)
--   [Storage CSP](http://go.microsoft.com/fwlink/p/?LinkId=723377)
--   [SUPL CSP](http://go.microsoft.com/fwlink/p/?LinkId=723378)
--   [UnifiedWriteFilter CSP](http://go.microsoft.com/fwlink/p/?LinkId=723272)
--   [Update CSP](http://go.microsoft.com/fwlink/p/?LinkId=723271)
--   [VPN CSP](http://go.microsoft.com/fwlink/p/?LinkId=723416)
--   [VPNv2 CSP](http://go.microsoft.com/fwlink/p/?LinkID=617588)
--   [Wi-Fi CSP](http://go.microsoft.com/fwlink/p/?LinkID=71743)
--   [WindowsLicensing CSP](http://go.microsoft.com/fwlink/p/?LinkId=723274)
--   [WindowsSecurityAuditing CSP](http://go.microsoft.com/fwlink/p/?LinkId=723415)
+-   [ActiveSync CSP](https://go.microsoft.com/fwlink/p/?LinkId=723219)
+-   [Application CSP](https://go.microsoft.com/fwlink/p/?LinkId=723220)
+-   [AppLocker CSP](https://go.microsoft.com/fwlink/p/?LinkID=626609)
+-   [AssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=626608)
+-   [Bootstrap CSP](https://go.microsoft.com/fwlink/p/?LinkId=723224)
+-   [BrowserFavorite CSP](https://go.microsoft.com/fwlink/p/?LinkId=723428)
+-   [CellularSettings CSP](https://go.microsoft.com/fwlink/p/?LinkId=723427)
+-   [CertificateStore CSP](https://go.microsoft.com/fwlink/p/?LinkId=723225)
+-   [ClientCertificateInstall CSP](https://go.microsoft.com/fwlink/p/?LinkId=723226)
+-   [CM\_CellularEntries CSP](https://go.microsoft.com/fwlink/p/?LinkId=723426)
+-   [CM\_ProxyEntries CSP](https://go.microsoft.com/fwlink/p/?LinkId=723425)
+-   [CMPolicy CSP](https://go.microsoft.com/fwlink/p/?LinkId=723424)
+-   [Defender CSP](https://go.microsoft.com/fwlink/p/?LinkId=723227)
+-   [DevDetail CSP](https://go.microsoft.com/fwlink/p/?LinkId=723228)
+-   [DeviceInstanceService CSP](https://go.microsoft.com/fwlink/p/?LinkId=723275)
+-   [DeviceLock CSP](https://go.microsoft.com/fwlink/p/?LinkId=723370)
+-   [DeviceStatus CSP](https://go.microsoft.com/fwlink/p/?LinkId=723229)
+-   [DevInfo CSP](https://go.microsoft.com/fwlink/p/?LinkId=723230)
+-   [DiagnosticLog CSP](https://go.microsoft.com/fwlink/p/?LinkId=723231)
+-   [DMAcc CSP](https://go.microsoft.com/fwlink/p/?LinkId=723232)
+-   [DMClient CSP](https://go.microsoft.com/fwlink/p/?LinkId=723233)
+-   [Email2 CSP](https://go.microsoft.com/fwlink/p/?LinkId=723234)
+-   [EnterpriseAPN CSP](https://go.microsoft.com/fwlink/p/?LinkId=723235)
+-   [EnterpriseAppManagement CSP](https://go.microsoft.com/fwlink/p/?LinkId=723237)
+-   [EnterpriseAssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=618601)
+-   [EnterpriseDesktopAppManagement CSP](https://go.microsoft.com/fwlink/p/?LinkId=723236)
+-   [EnterpriseExt CSP](https://go.microsoft.com/fwlink/p/?LinkId=723423)
+-   [EnterpriseExtFileSystem CSP](https://go.microsoft.com/fwlink/p/?LinkID=703716)
+-   [EnterpriseModernAppManagement CSP](https://go.microsoft.com/fwlink/p/?LinkId=723257)
+-   [FileSystem CSP](https://go.microsoft.com/fwlink/p/?LinkId=723422)
+-   [HealthAttestation CSP](https://go.microsoft.com/fwlink/p/?LinkId=723258)
+-   [HotSpot CSP](https://go.microsoft.com/fwlink/p/?LinkId=723421)
+-   [Maps CSP](https://go.microsoft.com/fwlink/p/?LinkId=723420)
+-   [NAP CSP](https://go.microsoft.com/fwlink/p/?LinkId=723419)
+-   [NAPDEF CSP](https://go.microsoft.com/fwlink/p/?LinkId=723371)
+-   [NodeCache CSP]( https://go.microsoft.com/fwlink/p/?LinkId=723265)
+-   [PassportForWork CSP](https://go.microsoft.com/fwlink/p/?LinkID=692070)
+-   [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkID=623244)
+-   [PolicyManager CSP]( https://go.microsoft.com/fwlink/p/?LinkId=723418)
+-   [Provisioning CSP](https://go.microsoft.com/fwlink/p/?LinkId=723266)
+-   [Proxy CSP]( https://go.microsoft.com/fwlink/p/?LinkId=723372)
+-   [PXLOGICAL CSP](https://go.microsoft.com/fwlink/p/?LinkId=723374)
+-   [Registry CSP](https://go.microsoft.com/fwlink/p/?LinkId=723417)
+-   [RemoteFind CSP](https://go.microsoft.com/fwlink/p/?LinkId=723267)
+-   [RemoteWipe CSP](https://go.microsoft.com/fwlink/p/?LinkID=703714)
+-   [Reporting CSP](https://go.microsoft.com/fwlink/p/?LinkId=723375)
+-   [RootCATrustedCertificates CSP](https://go.microsoft.com/fwlink/p/?LinkId=723270)
+-   [SecurityPolicy CSP](https://go.microsoft.com/fwlink/p/?LinkId=723376)
+-   [Storage CSP](https://go.microsoft.com/fwlink/p/?LinkId=723377)
+-   [SUPL CSP](https://go.microsoft.com/fwlink/p/?LinkId=723378)
+-   [UnifiedWriteFilter CSP](https://go.microsoft.com/fwlink/p/?LinkId=723272)
+-   [Update CSP](https://go.microsoft.com/fwlink/p/?LinkId=723271)
+-   [VPN CSP](https://go.microsoft.com/fwlink/p/?LinkId=723416)
+-   [VPNv2 CSP](https://go.microsoft.com/fwlink/p/?LinkID=617588)
+-   [Wi-Fi CSP](https://go.microsoft.com/fwlink/p/?LinkID=71743)
+-   [WindowsLicensing CSP](https://go.microsoft.com/fwlink/p/?LinkId=723274)
+-   [WindowsSecurityAuditing CSP](https://go.microsoft.com/fwlink/p/?LinkId=723415)
 
 ## Related topics
 
-[What's new in MDM enrollment and management in Windows 10, version 1607](https://msdn.microsoft.com/en-us/library/windows/hardware/mt299056(v=vs.85).aspx#whatsnew_1607)
+[What's new in MDM enrollment and management in Windows 10, version 1607](https://msdn.microsoft.com/library/windows/hardware/mt299056.aspx#whatsnew_1607)
 
 [Lock down Windows 10](lock-down-windows-10.md)
 
diff --git a/windows/manage/images/app-v-in-adk.png b/windows/manage/images/app-v-in-adk.png
new file mode 100644
index 0000000000..a36ef9f00f
Binary files /dev/null and b/windows/manage/images/app-v-in-adk.png differ
diff --git a/windows/manage/images/checklistbox.gif b/windows/manage/images/checklistbox.gif
new file mode 100644
index 0000000000..44cf17b07b
Binary files /dev/null and b/windows/manage/images/checklistbox.gif differ
diff --git a/windows/manage/images/checklistdone.png b/windows/manage/images/checklistdone.png
new file mode 100644
index 0000000000..7e53f74d0e
Binary files /dev/null and b/windows/manage/images/checklistdone.png differ
diff --git a/windows/manage/images/copy-to-change.png b/windows/manage/images/copy-to-change.png
new file mode 100644
index 0000000000..21aa250c0c
Binary files /dev/null and b/windows/manage/images/copy-to-change.png differ
diff --git a/windows/manage/images/copy-to-path.png b/windows/manage/images/copy-to-path.png
new file mode 100644
index 0000000000..1ef00fc86b
Binary files /dev/null and b/windows/manage/images/copy-to-path.png differ
diff --git a/windows/manage/images/copy-to.PNG b/windows/manage/images/copy-to.PNG
new file mode 100644
index 0000000000..dad84cedc8
Binary files /dev/null and b/windows/manage/images/copy-to.PNG differ
diff --git a/windows/manage/images/deploymentworkflow.png b/windows/manage/images/deploymentworkflow.png
new file mode 100644
index 0000000000..b665a0bfea
Binary files /dev/null and b/windows/manage/images/deploymentworkflow.png differ
diff --git a/windows/manage/images/gp-branch.png b/windows/manage/images/gp-branch.png
new file mode 100644
index 0000000000..997bcc830a
Binary files /dev/null and b/windows/manage/images/gp-branch.png differ
diff --git a/windows/manage/images/gp-exclude-drivers.png b/windows/manage/images/gp-exclude-drivers.png
new file mode 100644
index 0000000000..0010749139
Binary files /dev/null and b/windows/manage/images/gp-exclude-drivers.png differ
diff --git a/windows/manage/images/gp-feature.png b/windows/manage/images/gp-feature.png
new file mode 100644
index 0000000000..b862d545d4
Binary files /dev/null and b/windows/manage/images/gp-feature.png differ
diff --git a/windows/manage/images/gp-quality.png b/windows/manage/images/gp-quality.png
new file mode 100644
index 0000000000..d7ff30172d
Binary files /dev/null and b/windows/manage/images/gp-quality.png differ
diff --git a/windows/manage/images/packageaddfileandregistrydata-global.png b/windows/manage/images/packageaddfileandregistrydata-global.png
new file mode 100644
index 0000000000..775e290a36
Binary files /dev/null and b/windows/manage/images/packageaddfileandregistrydata-global.png differ
diff --git a/windows/manage/images/packageaddfileandregistrydata-stream.png b/windows/manage/images/packageaddfileandregistrydata-stream.png
new file mode 100644
index 0000000000..0e1205c62b
Binary files /dev/null and b/windows/manage/images/packageaddfileandregistrydata-stream.png differ
diff --git a/windows/manage/images/packageaddfileandregistrydata.png b/windows/manage/images/packageaddfileandregistrydata.png
new file mode 100644
index 0000000000..603420e627
Binary files /dev/null and b/windows/manage/images/packageaddfileandregistrydata.png differ
diff --git a/windows/manage/images/settings-table.png b/windows/manage/images/settings-table.png
deleted file mode 100644
index 6b77ce6002..0000000000
Binary files a/windows/manage/images/settings-table.png and /dev/null differ
diff --git a/windows/manage/images/spotlight2.png b/windows/manage/images/spotlight2.png
new file mode 100644
index 0000000000..27401c1a2b
Binary files /dev/null and b/windows/manage/images/spotlight2.png differ
diff --git a/windows/manage/images/sysprep-error.png b/windows/manage/images/sysprep-error.png
new file mode 100644
index 0000000000..aa004efbb6
Binary files /dev/null and b/windows/manage/images/sysprep-error.png differ
diff --git a/windows/manage/images/twain.png b/windows/manage/images/twain.png
new file mode 100644
index 0000000000..53cd5eadc7
Binary files /dev/null and b/windows/manage/images/twain.png differ
diff --git a/windows/manage/images/uev-adk-select-uev-feature.png b/windows/manage/images/uev-adk-select-uev-feature.png
new file mode 100644
index 0000000000..1556f115c0
Binary files /dev/null and b/windows/manage/images/uev-adk-select-uev-feature.png differ
diff --git a/windows/manage/images/uev-archdiagram.png b/windows/manage/images/uev-archdiagram.png
new file mode 100644
index 0000000000..eae098e666
Binary files /dev/null and b/windows/manage/images/uev-archdiagram.png differ
diff --git a/windows/manage/images/uev-checklist-box.gif b/windows/manage/images/uev-checklist-box.gif
new file mode 100644
index 0000000000..8af13c51d1
Binary files /dev/null and b/windows/manage/images/uev-checklist-box.gif differ
diff --git a/windows/manage/images/uev-deployment-preparation.png b/windows/manage/images/uev-deployment-preparation.png
new file mode 100644
index 0000000000..b665a0bfea
Binary files /dev/null and b/windows/manage/images/uev-deployment-preparation.png differ
diff --git a/windows/manage/images/uev-generator-process.png b/windows/manage/images/uev-generator-process.png
new file mode 100644
index 0000000000..e16cedd0a7
Binary files /dev/null and b/windows/manage/images/uev-generator-process.png differ
diff --git a/windows/manage/images/waas-do-fig1.png b/windows/manage/images/waas-do-fig1.png
new file mode 100644
index 0000000000..e739d0b670
Binary files /dev/null and b/windows/manage/images/waas-do-fig1.png differ
diff --git a/windows/manage/images/waas-do-fig2.png b/windows/manage/images/waas-do-fig2.png
new file mode 100644
index 0000000000..0c315fddaa
Binary files /dev/null and b/windows/manage/images/waas-do-fig2.png differ
diff --git a/windows/manage/images/waas-do-fig3.png b/windows/manage/images/waas-do-fig3.png
new file mode 100644
index 0000000000..66ac342b51
Binary files /dev/null and b/windows/manage/images/waas-do-fig3.png differ
diff --git a/windows/manage/images/waas-do-fig4.png b/windows/manage/images/waas-do-fig4.png
new file mode 100644
index 0000000000..3de9605bac
Binary files /dev/null and b/windows/manage/images/waas-do-fig4.png differ
diff --git a/windows/manage/images/waas-overview-patch.png b/windows/manage/images/waas-overview-patch.png
new file mode 100644
index 0000000000..b16c211c59
Binary files /dev/null and b/windows/manage/images/waas-overview-patch.png differ
diff --git a/windows/manage/images/waas-overview-timeline.png b/windows/manage/images/waas-overview-timeline.png
new file mode 100644
index 0000000000..8488b2b680
Binary files /dev/null and b/windows/manage/images/waas-overview-timeline.png differ
diff --git a/windows/manage/images/waas-rings.png b/windows/manage/images/waas-rings.png
new file mode 100644
index 0000000000..a5446f3dff
Binary files /dev/null and b/windows/manage/images/waas-rings.png differ
diff --git a/windows/manage/images/waas-sccm-fig1.png b/windows/manage/images/waas-sccm-fig1.png
new file mode 100644
index 0000000000..7557888301
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig1.png differ
diff --git a/windows/manage/images/waas-sccm-fig10.png b/windows/manage/images/waas-sccm-fig10.png
new file mode 100644
index 0000000000..b029618b67
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig10.png differ
diff --git a/windows/manage/images/waas-sccm-fig11.png b/windows/manage/images/waas-sccm-fig11.png
new file mode 100644
index 0000000000..fc6528e7ef
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig11.png differ
diff --git a/windows/manage/images/waas-sccm-fig12.png b/windows/manage/images/waas-sccm-fig12.png
new file mode 100644
index 0000000000..87464dd5f1
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig12.png differ
diff --git a/windows/manage/images/waas-sccm-fig2.png b/windows/manage/images/waas-sccm-fig2.png
new file mode 100644
index 0000000000..a1d7183a7c
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig2.png differ
diff --git a/windows/manage/images/waas-sccm-fig3.png b/windows/manage/images/waas-sccm-fig3.png
new file mode 100644
index 0000000000..cd406d9c5d
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig3.png differ
diff --git a/windows/manage/images/waas-sccm-fig4.png b/windows/manage/images/waas-sccm-fig4.png
new file mode 100644
index 0000000000..782c5ca6ef
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig4.png differ
diff --git a/windows/manage/images/waas-sccm-fig5.png b/windows/manage/images/waas-sccm-fig5.png
new file mode 100644
index 0000000000..5f215dec58
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig5.png differ
diff --git a/windows/manage/images/waas-sccm-fig6.png b/windows/manage/images/waas-sccm-fig6.png
new file mode 100644
index 0000000000..bd7df6f6d2
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig6.png differ
diff --git a/windows/manage/images/waas-sccm-fig7.png b/windows/manage/images/waas-sccm-fig7.png
new file mode 100644
index 0000000000..5b7c37b6a1
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig7.png differ
diff --git a/windows/manage/images/waas-sccm-fig8.png b/windows/manage/images/waas-sccm-fig8.png
new file mode 100644
index 0000000000..1db4dae84a
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig8.png differ
diff --git a/windows/manage/images/waas-sccm-fig9.png b/windows/manage/images/waas-sccm-fig9.png
new file mode 100644
index 0000000000..632b859232
Binary files /dev/null and b/windows/manage/images/waas-sccm-fig9.png differ
diff --git a/windows/manage/images/waas-strategy-fig1.png b/windows/manage/images/waas-strategy-fig1.png
new file mode 100644
index 0000000000..c12cc660de
Binary files /dev/null and b/windows/manage/images/waas-strategy-fig1.png differ
diff --git a/windows/manage/images/waas-wsus-fig1.png b/windows/manage/images/waas-wsus-fig1.png
new file mode 100644
index 0000000000..1d0dd4cc6b
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig1.png differ
diff --git a/windows/manage/images/waas-wsus-fig10.png b/windows/manage/images/waas-wsus-fig10.png
new file mode 100644
index 0000000000..fe9f6a6447
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig10.png differ
diff --git a/windows/manage/images/waas-wsus-fig11.png b/windows/manage/images/waas-wsus-fig11.png
new file mode 100644
index 0000000000..0ad08f70c2
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig11.png differ
diff --git a/windows/manage/images/waas-wsus-fig12.png b/windows/manage/images/waas-wsus-fig12.png
new file mode 100644
index 0000000000..fa9fb5c7a4
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig12.png differ
diff --git a/windows/manage/images/waas-wsus-fig13.png b/windows/manage/images/waas-wsus-fig13.png
new file mode 100644
index 0000000000..d2e916dc48
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig13.png differ
diff --git a/windows/manage/images/waas-wsus-fig14.png b/windows/manage/images/waas-wsus-fig14.png
new file mode 100644
index 0000000000..a0c8e30736
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig14.png differ
diff --git a/windows/manage/images/waas-wsus-fig15.png b/windows/manage/images/waas-wsus-fig15.png
new file mode 100644
index 0000000000..fd59e9ce23
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig15.png differ
diff --git a/windows/manage/images/waas-wsus-fig16.png b/windows/manage/images/waas-wsus-fig16.png
new file mode 100644
index 0000000000..57a34228d9
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig16.png differ
diff --git a/windows/manage/images/waas-wsus-fig17.png b/windows/manage/images/waas-wsus-fig17.png
new file mode 100644
index 0000000000..13e755e456
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig17.png differ
diff --git a/windows/manage/images/waas-wsus-fig18.png b/windows/manage/images/waas-wsus-fig18.png
new file mode 100644
index 0000000000..0b13e936fb
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig18.png differ
diff --git a/windows/manage/images/waas-wsus-fig19.png b/windows/manage/images/waas-wsus-fig19.png
new file mode 100644
index 0000000000..b67d17a56e
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig19.png differ
diff --git a/windows/manage/images/waas-wsus-fig2.png b/windows/manage/images/waas-wsus-fig2.png
new file mode 100644
index 0000000000..ff273ea10f
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig2.png differ
diff --git a/windows/manage/images/waas-wsus-fig20.png b/windows/manage/images/waas-wsus-fig20.png
new file mode 100644
index 0000000000..58fa43444f
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig20.png differ
diff --git a/windows/manage/images/waas-wsus-fig3.png b/windows/manage/images/waas-wsus-fig3.png
new file mode 100644
index 0000000000..1247e2f874
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig3.png differ
diff --git a/windows/manage/images/waas-wsus-fig4.png b/windows/manage/images/waas-wsus-fig4.png
new file mode 100644
index 0000000000..9fbc673814
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig4.png differ
diff --git a/windows/manage/images/waas-wsus-fig5.png b/windows/manage/images/waas-wsus-fig5.png
new file mode 100644
index 0000000000..7068f487cd
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig5.png differ
diff --git a/windows/manage/images/waas-wsus-fig6.png b/windows/manage/images/waas-wsus-fig6.png
new file mode 100644
index 0000000000..6256f5d617
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig6.png differ
diff --git a/windows/manage/images/waas-wsus-fig7.png b/windows/manage/images/waas-wsus-fig7.png
new file mode 100644
index 0000000000..69d3e6fe6f
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig7.png differ
diff --git a/windows/manage/images/waas-wsus-fig8.png b/windows/manage/images/waas-wsus-fig8.png
new file mode 100644
index 0000000000..8ec17f2741
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig8.png differ
diff --git a/windows/manage/images/waas-wsus-fig9.png b/windows/manage/images/waas-wsus-fig9.png
new file mode 100644
index 0000000000..dd430897ff
Binary files /dev/null and b/windows/manage/images/waas-wsus-fig9.png differ
diff --git a/windows/manage/images/waas-wufb-gp-broad.png b/windows/manage/images/waas-wufb-gp-broad.png
new file mode 100644
index 0000000000..9fdd9e97f1
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-broad.png differ
diff --git a/windows/manage/images/waas-wufb-gp-cb2-settings.png b/windows/manage/images/waas-wufb-gp-cb2-settings.png
new file mode 100644
index 0000000000..97dc6ce41a
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-cb2-settings.png differ
diff --git a/windows/manage/images/waas-wufb-gp-cb2.png b/windows/manage/images/waas-wufb-gp-cb2.png
new file mode 100644
index 0000000000..9be7638ed7
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-cb2.png differ
diff --git a/windows/manage/images/waas-wufb-gp-cbb1-settings.png b/windows/manage/images/waas-wufb-gp-cbb1-settings.png
new file mode 100644
index 0000000000..dae9866faf
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-cbb1-settings.png differ
diff --git a/windows/manage/images/waas-wufb-gp-cbb2-settings.png b/windows/manage/images/waas-wufb-gp-cbb2-settings.png
new file mode 100644
index 0000000000..2aa7bc212c
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-cbb2-settings.png differ
diff --git a/windows/manage/images/waas-wufb-gp-cbb2q-settings.png b/windows/manage/images/waas-wufb-gp-cbb2q-settings.png
new file mode 100644
index 0000000000..8076b5a99e
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-cbb2q-settings.png differ
diff --git a/windows/manage/images/waas-wufb-gp-create.png b/windows/manage/images/waas-wufb-gp-create.png
new file mode 100644
index 0000000000..63c2ce74aa
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-create.png differ
diff --git a/windows/manage/images/waas-wufb-gp-edit-defer.png b/windows/manage/images/waas-wufb-gp-edit-defer.png
new file mode 100644
index 0000000000..40da5b7709
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-edit-defer.png differ
diff --git a/windows/manage/images/waas-wufb-gp-edit.png b/windows/manage/images/waas-wufb-gp-edit.png
new file mode 100644
index 0000000000..e39bc829ff
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-edit.png differ
diff --git a/windows/manage/images/waas-wufb-gp-scope-cb2.png b/windows/manage/images/waas-wufb-gp-scope-cb2.png
new file mode 100644
index 0000000000..bb29adf5e1
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-scope-cb2.png differ
diff --git a/windows/manage/images/waas-wufb-gp-scope.png b/windows/manage/images/waas-wufb-gp-scope.png
new file mode 100644
index 0000000000..b8e6863c82
Binary files /dev/null and b/windows/manage/images/waas-wufb-gp-scope.png differ
diff --git a/windows/manage/images/waas-wufb-intune-cb2.png b/windows/manage/images/waas-wufb-intune-cb2.png
new file mode 100644
index 0000000000..3e8c1ce19e
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-cb2.png differ
diff --git a/windows/manage/images/waas-wufb-intune-cbb1.png b/windows/manage/images/waas-wufb-intune-cbb1.png
new file mode 100644
index 0000000000..6f1e815334
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-cbb1.png differ
diff --git a/windows/manage/images/waas-wufb-intune-cbb2.png b/windows/manage/images/waas-wufb-intune-cbb2.png
new file mode 100644
index 0000000000..b8eef5bb5e
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-cbb2.png differ
diff --git a/windows/manage/images/waas-wufb-intune-step11.png b/windows/manage/images/waas-wufb-intune-step11.png
new file mode 100644
index 0000000000..48db2f63af
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-step11.png differ
diff --git a/windows/manage/images/waas-wufb-intune-step19.png b/windows/manage/images/waas-wufb-intune-step19.png
new file mode 100644
index 0000000000..5a68ca7211
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-step19.png differ
diff --git a/windows/manage/images/waas-wufb-intune-step2.png b/windows/manage/images/waas-wufb-intune-step2.png
new file mode 100644
index 0000000000..1c7a8a1cae
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-step2.png differ
diff --git a/windows/manage/images/waas-wufb-intune-step7.png b/windows/manage/images/waas-wufb-intune-step7.png
new file mode 100644
index 0000000000..daa96ba18c
Binary files /dev/null and b/windows/manage/images/waas-wufb-intune-step7.png differ
diff --git a/windows/manage/images/wsfb-distribute.png b/windows/manage/images/wsfb-distribute.png
index f276ca5211..d0482f6ebe 100644
Binary files a/windows/manage/images/wsfb-distribute.png and b/windows/manage/images/wsfb-distribute.png differ
diff --git a/windows/manage/images/wsfb-inventory.png b/windows/manage/images/wsfb-inventory.png
new file mode 100644
index 0000000000..b060fb30e4
Binary files /dev/null and b/windows/manage/images/wsfb-inventory.png differ
diff --git a/windows/manage/images/wsfb-inventoryaddprivatestore.png b/windows/manage/images/wsfb-inventoryaddprivatestore.png
index b7152ea973..bb1152e35b 100644
Binary files a/windows/manage/images/wsfb-inventoryaddprivatestore.png and b/windows/manage/images/wsfb-inventoryaddprivatestore.png differ
diff --git a/windows/manage/images/wsfb-private-store-gpo.PNG b/windows/manage/images/wsfb-private-store-gpo.PNG
new file mode 100644
index 0000000000..5e7fe44ec2
Binary files /dev/null and b/windows/manage/images/wsfb-private-store-gpo.PNG differ
diff --git a/windows/manage/images/wufb-config1.png b/windows/manage/images/wufb-config1.png
new file mode 100644
index 0000000000..76185e86fe
Binary files /dev/null and b/windows/manage/images/wufb-config1.png differ
diff --git a/windows/manage/images/wufb-config2.png b/windows/manage/images/wufb-config2.png
new file mode 100644
index 0000000000..0ab09d4868
Binary files /dev/null and b/windows/manage/images/wufb-config2.png differ
diff --git a/windows/manage/images/wufb-config3.png b/windows/manage/images/wufb-config3.png
new file mode 100644
index 0000000000..a76d1569be
Binary files /dev/null and b/windows/manage/images/wufb-config3.png differ
diff --git a/windows/manage/images/wufb-do.png b/windows/manage/images/wufb-do.png
new file mode 100644
index 0000000000..8d6c9d0b8a
Binary files /dev/null and b/windows/manage/images/wufb-do.png differ
diff --git a/windows/manage/images/wufb-groups.png b/windows/manage/images/wufb-groups.png
new file mode 100644
index 0000000000..13cdea04b0
Binary files /dev/null and b/windows/manage/images/wufb-groups.png differ
diff --git a/windows/manage/images/wufb-pause-feature.png b/windows/manage/images/wufb-pause-feature.png
new file mode 100644
index 0000000000..afeac43e29
Binary files /dev/null and b/windows/manage/images/wufb-pause-feature.png differ
diff --git a/windows/manage/images/wufb-qual.png b/windows/manage/images/wufb-qual.png
new file mode 100644
index 0000000000..4a93408522
Binary files /dev/null and b/windows/manage/images/wufb-qual.png differ
diff --git a/windows/manage/images/wufb-sccm.png b/windows/manage/images/wufb-sccm.png
new file mode 100644
index 0000000000..1d568c1fe4
Binary files /dev/null and b/windows/manage/images/wufb-sccm.png differ
diff --git a/windows/manage/index.md b/windows/manage/index.md
index 28f9aa851f..6f91d1ac21 100644
--- a/windows/manage/index.md
+++ b/windows/manage/index.md
@@ -30,40 +30,45 @@ Learn about managing and updating Windows 10.
 </tr>
 <tr class="odd">
 <td align="left"><p>[Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md)</p></td>
-<td align="left"><p>The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Manage corporate devices](manage-corporate-devices.md)</p></td>
-<td align="left"><p>You can use the same management tools to manage all device types running Windows 10 : desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, Orchestrator runbooks, System Center tools, and so on, will continue to work for Windows 10 on desktop editions.</p></td>
+<td align="left"><p>The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.</p></td></tr>
+<tr><td align="left"><p>[Manage corporate devices](manage-corporate-devices.md)</p></td>
+<td align="left"><p>You can use the same management tools to manage all device types running Windows 10: desktops, laptops, tablets, and phones. And your current management tools, such as Group Policy, Windows Management Instrumentation (WMI), PowerShell scripts, Orchestrator runbooks, System Center tools, and so on, will continue to work for Windows 10 on desktop editions.</p></td>
 </tr>
 <tr class="odd">
+<td align="left"><p>[Windows Spotlight on the lock screen](windows-spotlight.md)</p></td>
+<td align="left"><p>Windows Spotlight is an option for the lock screen background that displays different background images and occasionally offers suggestions on the lock screen.</p></td>
+</tr>
+<tr class="even">
 <td align="left"><p>[Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md)</p></td>
 <td align="left"><p>Organizations might want to deploy a customized Start screen and menu to devices running Windows 10 Enterprise or Windows 10 Education. A standard Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes.</p></td>
 </tr>
-<tr class="even">
+<tr><td><p>[Create mandatory user profiles](mandatory-user-profile.md)</p></td><td><p>Mandatory user profiles are useful when standardization is important, such as on a kiosk device or in educational settings.</p></td></tr>
+<tr class="odd">
 <td align="left"><p>[Lock down Windows 10](lock-down-windows-10.md)</p></td>
 <td align="left"><p>Enterprises often need to manage how people use corporate devices. Windows 10 provides a number of features and methods to help you lock down specific parts of a Windows 10 device.</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td align="left"><p>[Join Windows 10 Mobile to Azure Active Directory](join-windows-10-mobile-to-azure-active-directory.md)</p></td>
 <td align="left"><p>Devices running Windows 10 Mobile can join Azure Active Directory (Azure AD) when the device is configured during the out-of-box experience (OOBE).</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td align="left"><p>[Configure devices without MDM](configure-devices-without-mdm.md)</p></td>
 <td align="left"><p>Create a runtime provisioning package to apply settings, profiles, and file assets to a device running Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile, or Windows 10 Mobile Enterprise.</p></td>
 </tr>
+<tr><td>[Windows 10 servicing options](introduction-to-windows-10-servicing.md)</td><td>This article describes the new servicing options available in Windows 10, Windows 10 Mobile, and Windows 10 IoT Core (IoT Core) and how they enable enterprises to keep their devices current with the latest feature upgrades. It also covers related topics, such as how enterprises can make better use of Windows Update, and what the new servicing options mean for support lifecycles.</td></tr>
+<tr class="even">
+<td align="left"><p>[Application Virtualization for Windows (App-V)](appv-for-windows.md)</p></td>
+<td align="left"><p>When you deploy Application Virtualization (App-V) in your orgnazation, you can deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Windows Store, and interact with them as if they were installed locally.</p></td>
+</tr>
 <tr class="odd">
-<td align="left"><p>[Windows 10 servicing options](introduction-to-windows-10-servicing.md)</p></td>
-<td align="left"><p>This article describes the new servicing options available in Windows 10, Windows 10 Mobile, and Windows 10 IoT Core (IoT Core) and how they enable enterprises to keep their devices current with the latest feature upgrades. It also covers related topics, such as how enterprises can make better use of Windows Update, and what the new servicing options mean for support lifecycles.</p></td>
+<td align="left"><p>[User Experience Virtualization for Windows (UE-V)](uev-for-windows.md)</p></td>
+<td align="left"><p>When you deploy User Experience Virtualization (UE-V) in your organization, you can synchronize users' personalized application and operating system settings across all the devices they work from. UE-V allows you to capture user-customized application and Windows settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Application development for Windows as a service](application-development-for-windows-as-a-service.md)</p></td>
-<td align="left"><p>In today’s environment, where user expectations frequently are set by device-centric experiences, complete product cycles need to be measured in months, not years. Additionally, new releases must be made available on a continual basis, and must be deployable with minimal impact on users. Microsoft designed Windows 10 to meet these requirements by implementing a new approach to innovation, development, and delivery called [Windows as a service (WaaS)](introduction-to-windows-10-servicing.md). The key to enabling significantly shorter product cycles while maintaining high quality levels is an innovative community-centric approach to testing that Microsoft has implemented for Windows 10. The community, known as Windows Insiders, is comprised of millions of users around the world. When Windows Insiders opt in to the community, they test many builds over the course of a product cycle and provide feedback to Microsoft through an iterative methodology called flighting.</p></td>
-</tr>
-<tr class="odd">
 <td align="left"><p>[Windows Store for Business](windows-store-for-business.md)</p></td>
 <td align="left"><p>Welcome to the Windows Store for Business! You can use the Store for Business, to find, acquire, distribute, and manage apps for your organization.</p></td>
-</tr><tr class="odd">
+</tr>
+<tr class="odd">
 <td align="left"><p>[Change history for Manage and update Windows 10](change-history-for-manage-and-update-windows-10.md)</p></td>
 <td align="left"><p>This topic lists new and updated topics in the Manage and update Windows 10 documentation for [Windows 10 and Windows 10 Mobile](../index.md).</p></td>
 </tr>
@@ -72,5 +77,6 @@ Learn about managing and updating Windows 10.
  
 ## Related topics
 [Windows 10 and Windows 10 Mobile](../index.md)
+
  
- [Learn how Microsoft does IT at the IT Showcase](https://www.microsoft.com/itshowcase)
+[Learn how Microsoft does IT at the IT Showcase](https://www.microsoft.com/itshowcase)
diff --git a/windows/manage/introduction-to-windows-10-servicing.md b/windows/manage/introduction-to-windows-10-servicing.md
index 8e531b3827..65114bd167 100644
--- a/windows/manage/introduction-to-windows-10-servicing.md
+++ b/windows/manage/introduction-to-windows-10-servicing.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security, servicing
-author: greg-lindsay
+author: jdeckerMS
 ---
 
 # Windows 10 servicing options
@@ -108,7 +108,7 @@ At the end of each approximately four month period, Microsoft executes a set of
 
 **The role of Windows Update for Business**
 
-Although Windows 10 will enable IT administrators to defer installation of new feature upgrades using Windows Update, enterprises may also want additional control over how and when Windows Update installs releases. With this need in mind, Microsoft [announced Windows Update for Business](http://go.microsoft.com/fwlink/p/?LinkId=624798) in May of 2015. Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing releases. This article will be updated with additional information about the role of Windows Update for Business in servicing Windows 10 devices as it becomes available.
+Although Windows 10 will enable IT administrators to defer installation of new feature upgrades using Windows Update, enterprises may also want additional control over how and when Windows Update installs releases. With this need in mind, Microsoft [announced Windows Update for Business](https://go.microsoft.com/fwlink/p/?LinkId=624798) in May of 2015. Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing releases. This article will be updated with additional information about the role of Windows Update for Business in servicing Windows 10 devices as it becomes available.
 
 ## Windows 10 servicing branches
 
@@ -485,8 +485,8 @@ universal apps removed
 
 [Plan for Windows 10 deployment](../plan/index.md)
 
-[Deploy Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=624776)
+[Deploy Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=624776)
 
-[Manage and update Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=624796)
+[Manage and update Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=624796)
  
  
diff --git a/windows/manage/join-windows-10-mobile-to-azure-active-directory.md b/windows/manage/join-windows-10-mobile-to-azure-active-directory.md
index 3a8047bf80..6c398d7d27 100644
--- a/windows/manage/join-windows-10-mobile-to-azure-active-directory.md
+++ b/windows/manage/join-windows-10-mobile-to-azure-active-directory.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: mobile
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Join Windows 10 Mobile to Azure Active Directory
@@ -25,7 +26,7 @@ When a device running Windows 10 Mobile is joined to Azure AD, the device can e
 
 -   Single sign-on (SSO) in applications like Mail, Word, and OneDrive using resources backed by Azure AD.
 
--   SSO in Microsoft Edge browser to Azure AD-connected web applications like Office 365 Portal, Visual Studio, and more than [2500 non-Microsoft apps](http://go.microsoft.com/fwlink/p/?LinkID=746211).
+-   SSO in Microsoft Edge browser to Azure AD-connected web applications like Office 365 Portal, Visual Studio, and more than [2500 non-Microsoft apps](https://go.microsoft.com/fwlink/p/?LinkID=746211).
 
 -   SSO to resources on-premises.
 
@@ -40,7 +41,7 @@ When a device running Windows 10 Mobile is joined to Azure AD, the device can e
 
 Windows Phone 8.1 only supported the ability to connect the device to personal cloud services using a Microsoft account for authentication. This required creating Microsoft accounts to be used for work purposes. In Windows 10 Mobile, you have the ability to join devices directly to Azure AD without requiring a personal Microsoft account.
 
-If you have existing Windows Phone 8.1 devices, the first thing to understand is whether the devices you have can be upgraded to Windows 10 Mobile. Microsoft will be releasing more information about upgrade availability soon. As more information becomes available, it will be posted at [How to get Windows 10 Mobile]( http://go.microsoft.com/fwlink/p/?LinkId=746312). Premier Enterprise customers that have a business need to postpone Windows 10 Mobile upgrade should contact their Technical Account Manager to understand what options may be available.
+If you have existing Windows Phone 8.1 devices, the first thing to understand is whether the devices you have can be upgraded to Windows 10 Mobile. Microsoft will be releasing more information about upgrade availability soon. As more information becomes available, it will be posted at [How to get Windows 10 Mobile]( https://go.microsoft.com/fwlink/p/?LinkId=746312). Premier Enterprise customers that have a business need to postpone Windows 10 Mobile upgrade should contact their Technical Account Manager to understand what options may be available.
 
 Before upgrading and joining devices to Azure AD, you will want to consider existing data usage. How users are using the existing devices and what data is stored locally will vary for every customer. Are text messages used for work purposes and need to be backed up and available after the upgrade? Are there photos stored locally or stored associated with an Microsoft account? Are there device and app settings that to be retained? Are there contacts stored in the SIM or associated with an Microsoft account? You will need to explore methods for capturing and storing the data that needs to be retained before you join the devices to Azure AD. Photos, music files, and documents stored locally on the device can be copied from the device using a USB connection to a PC.
 
@@ -57,9 +58,9 @@ Even though Azure AD Join on Windows 10 Mobile provides the best overall experi
 
 -   You can add access to Azure AD-backed resources on the device without resetting the device.
 
-However, neither of these methods provides SSO in the Windows Store or SSO to resources on-premises, and does not provide the ability to roam settings based on the Azure AD account using enterprise roaming. [Learn about enterprise state roaming in Azure AD.](http://go.microsoft.com/fwlink/p/?LinkId=734996)
+However, neither of these methods provides SSO in the Windows Store or SSO to resources on-premises, and does not provide the ability to roam settings based on the Azure AD account using enterprise roaming. [Learn about enterprise state roaming in Azure AD.](https://go.microsoft.com/fwlink/p/?LinkId=734996)
 
-Using **Settings** &gt; **Accounts** &gt; **Your email and accounts** &gt; **Add work or school account**, users can add their Azure AD account to the device. Alternatively, a work account can be added when the user signs in to an application like Mail, Word, etc. If you [enable auto-enrollment in your MDM settings](http://go.microsoft.com/fwlink/p/?LinkID=691615), the device will automatically be enrolled in MDM.
+Using **Settings** &gt; **Accounts** &gt; **Your email and accounts** &gt; **Add work or school account**, users can add their Azure AD account to the device. Alternatively, a work account can be added when the user signs in to an application like Mail, Word, etc. If you [enable auto-enrollment in your MDM settings](https://go.microsoft.com/fwlink/p/?LinkID=691615), the device will automatically be enrolled in MDM.
 
 An added work account provides the same SSO experience in browser apps like Office 365 (Office portal, Outlook Web Access, Calendar, People, OneDrive), Azure AD profile and change password app, and Visual Studio. You get SSO to built-in applications like Mail, Calendar, People, OneDrive and files hosted on OneDrive without prompts for a password. In Office apps like Microsoft Word, Microsoft Excel, etc., you simply select the Azure AD account and you are able to open files without entering a password.
 
@@ -70,7 +71,7 @@ An added work account provides the same SSO experience in browser apps like Offi
 
     Currently, Azure AD Join only supports self-provisioning, meaning the credentials of the user of the device must be used during the initial setup of the device. If your mobile operator prepares devices on your behalf, this will impact your ability to join the device to Azure AD. Many IT administrators may start with a desire to set up devices for their employees, but the Azure AD Join experience is optimized for end-users, including the option for automatic MDM enrollment.
 
-    By default, Azure AD is set up to allow devices to join and to allow users to use their corporate credentials on organizational-owned devices or personal devices. The blog post [Azure AD Join on Windows 10 devices](http://go.microsoft.com/fwlink/p/?LinkID=616791) has more information on where you can review your Azure AD settings. You can configure Azure AD to not allow anyone to join, to allow everyone in your organization to join, or you can select specific Azure AD groups which are allowed to join.
+    By default, Azure AD is set up to allow devices to join and to allow users to use their corporate credentials on organizational-owned devices or personal devices. The blog post [Azure AD Join on Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkID=616791) has more information on where you can review your Azure AD settings. You can configure Azure AD to not allow anyone to join, to allow everyone in your organization to join, or you can select specific Azure AD groups which are allowed to join.
 
 -   **Device setup**
 
@@ -78,11 +79,11 @@ An added work account provides the same SSO experience in browser apps like Offi
 
 -   **Mobile device management**
 
-    An MDM service is required for managing Azure AD-joined devices. You can use MDM to push settings to devices, as well as application and certificates used by VPN, Wi-Fi, etc. Azure AD Premium or [Enterprise Mobility Suite (EMS)](http://go.microsoft.com/fwlink/p/?LinkID=723984) licenses are required to set up your Azure AD-joined devices to automatically enroll in MDM. [Learn more about setting up your Azure AD tenant for MDM auto-enrollment.](http://go.microsoft.com/fwlink/p/?LinkID=691615)
+    An MDM service is required for managing Azure AD-joined devices. You can use MDM to push settings to devices, as well as application and certificates used by VPN, Wi-Fi, etc. Azure AD Premium or [Enterprise Mobility Suite (EMS)](https://go.microsoft.com/fwlink/p/?LinkID=723984) licenses are required to set up your Azure AD-joined devices to automatically enroll in MDM. [Learn more about setting up your Azure AD tenant for MDM auto-enrollment.](https://go.microsoft.com/fwlink/p/?LinkID=691615)
 
 -   **Microsoft Passport**
 
-    Creating a Microsoft Passport (PIN) is required on Windows 10 Mobile by default and cannot be disabled. [You can control Microsoft Passport policies](http://go.microsoft.com/fwlink/p/?LinkId=735079) using controls in MDM, such as Intune. Because the device is joined using organizational credentials, the device must have a PIN to unlock the device. Windows Hello (biometrics such as fingerprint or iris) can be used for Passport authentication. Creating a Microsoft Passport requires the user to perform an multi-factor authentication since the PIN is a strong authentication credential. [Learn more about Microsoft Passport for Azure AD.](http://go.microsoft.com/fwlink/p/?LinkId=735004)
+    Creating a Microsoft Passport (PIN) is required on Windows 10 Mobile by default and cannot be disabled. [You can control Microsoft Passport policies](https://go.microsoft.com/fwlink/p/?LinkId=735079) using controls in MDM, such as Intune. Because the device is joined using organizational credentials, the device must have a PIN to unlock the device. Windows Hello (biometrics such as fingerprint or iris) can be used for Passport authentication. Creating a Microsoft Passport requires the user to perform an multi-factor authentication since the PIN is a strong authentication credential. [Learn more about Microsoft Passport for Azure AD.](https://go.microsoft.com/fwlink/p/?LinkId=735004)
 
 -   **Conditional access**
 
diff --git a/windows/manage/lock-down-windows-10-to-specific-apps.md b/windows/manage/lock-down-windows-10-to-specific-apps.md
index 232ab26d13..a585ae2a4f 100644
--- a/windows/manage/lock-down-windows-10-to-specific-apps.md
+++ b/windows/manage/lock-down-windows-10-to-specific-apps.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Lock down Windows 10 to specific apps
@@ -107,13 +108,17 @@ In addition to specifying the apps that users can run, you should also restrict
 
      
 
-To learn more about locking down features, see [Customizations for Windows 10 Enterprise](http://go.microsoft.com/fwlink/p/?LinkId=691442).
+To learn more about locking down features, see [Customizations for Windows 10 Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=691442).
 
 ## Customize Start screen layout for the device
 
 
 Configure the Start menu on the device to only show tiles for the permitted apps. You will make the changes manually, export the layout to an .xml file, and then apply that file to devices to prevent users from making changes. For instructions, see [Manage Windows 10 Start layout options](windows-10-start-layout-options-and-policies.md).
 
+## Related topics
+
+- [Provisioning packages for Windows 10](../deploy/provisioning-packages.md)
+
  
 
  
diff --git a/windows/manage/lock-down-windows-10.md b/windows/manage/lock-down-windows-10.md
index 23461ca922..a3374f6d0f 100644
--- a/windows/manage/lock-down-windows-10.md
+++ b/windows/manage/lock-down-windows-10.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security, mobile
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Lock down Windows 10
diff --git a/windows/manage/lockdown-features-windows-10.md b/windows/manage/lockdown-features-windows-10.md
index b0d0851d25..c6eaa7e68d 100644
--- a/windows/manage/lockdown-features-windows-10.md
+++ b/windows/manage/lockdown-features-windows-10.md
@@ -8,13 +8,14 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Lockdown features from Windows Embedded 8.1 Industry
 
 **Applies to**
 -   Windows 10
--   Windows 10 Mobile
+
 
 Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10. This table maps Windows Embedded Industry 8.1 features to Windows 10 Enterprise features, along with links to documentation.
 
@@ -33,33 +34,33 @@ Many of the lockdown features available in Windows Embedded 8.1 Industry have be
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>[Hibernate Once/Resume Many (HORM)](http://go.microsoft.com/fwlink/p/?LinkId=626758): Quick boot to device</p></td>
+<td align="left"><p>[Hibernate Once/Resume Many (HORM)](https://go.microsoft.com/fwlink/p/?LinkId=626758): Quick boot to device</p></td>
 <td align="left">N/A</td>
 <td align="left"><p>HORM is supported in Windows 10, version 1607. </p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Unified Write Filter](http://go.microsoft.com/fwlink/p/?LinkId=626757): protect a device's physical storage media</p></td>
-<td align="left">[Unified Write Filter](http://go.microsoft.com/fwlink/p/?LinkId=626607)</td>
+<td align="left"><p>[Unified Write Filter](https://go.microsoft.com/fwlink/p/?LinkId=626757): protect a device's physical storage media</p></td>
+<td align="left">[Unified Write Filter](https://msdn.microsoft.com/en-us/library/windows/hardware/mt572001.aspx)</td>
 <td align="left"><p>The Unified Write Filter is continued in Windows 10, with the exception of HORM which has been deprecated.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[Keyboard Filter]( http://go.microsoft.com/fwlink/p/?LinkId=626761): block hotkeys and other key combinations</p></td>
-<td align="left">[Keyboard Filter](http://go.microsoft.com/fwlink/p/?LinkId=708391)</td>
+<td align="left"><p>[Keyboard Filter]( https://go.microsoft.com/fwlink/p/?LinkId=626761): block hotkeys and other key combinations</p></td>
+<td align="left">[Keyboard Filter](https://go.microsoft.com/fwlink/p/?LinkId=708391)</td>
 <td align="left"><p>Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via <strong>Turn Windows Features On/Off</strong>. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Shell Launcher](http://go.microsoft.com/fwlink/p/?LinkId=626676): launch a Classic Windows application on sign-on</p></td>
-<td align="left">[Shell Launcher](http://go.microsoft.com/fwlink/p/?LinkId=618603)</td>
+<td align="left"><p>[Shell Launcher](https://go.microsoft.com/fwlink/p/?LinkId=626676): launch a Classic Windows application on sign-on</p></td>
+<td align="left">[Shell Launcher](https://go.microsoft.com/fwlink/p/?LinkId=618603)</td>
 <td align="left"><p>Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the <strong>SMISettings</strong> category.</p>
-<p>Learn [how to use Shell Launcher to create a kiosk device](http://go.microsoft.com/fwlink/p/?LinkId=626922) that runs a Classic Windows application.</p></td>
+<p>Learn [how to use Shell Launcher to create a kiosk device](https://go.microsoft.com/fwlink/p/?LinkId=626922) that runs a Classic Windows application.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[Application Launcher]( http://go.microsoft.com/fwlink/p/?LinkId=626675): launch a Universal Windows Platform (UWP) app on sign-on</p></td>
-<td align="left">[Assigned Access](http://go.microsoft.com/fwlink/p/?LinkId=626608)</td>
+<td align="left"><p>[Application Launcher]( https://go.microsoft.com/fwlink/p/?LinkId=626675): launch a Universal Windows Platform (UWP) app on sign-on</p></td>
+<td align="left">[Assigned Access](https://go.microsoft.com/fwlink/p/?LinkId=626608)</td>
 <td align="left"><p>The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Dialog Filter](http://go.microsoft.com/fwlink/p/?LinkId=626762): suppress system dialogs and control which processes can run</p></td>
+<td align="left"><p>[Dialog Filter](https://go.microsoft.com/fwlink/p/?LinkId=626762): suppress system dialogs and control which processes can run</p></td>
 <td align="left">[AppLocker](../keep-secure/applocker-overview.md)</td>
 <td align="left"><p>Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.</p>
 <ul>
@@ -68,44 +69,44 @@ Many of the lockdown features available in Windows Embedded 8.1 Industry have be
 </ul></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[Toast Notification Filter]( http://go.microsoft.com/fwlink/p/?LinkId=626673): suppress toast notifications</p></td>
+<td align="left"><p>[Toast Notification Filter]( https://go.microsoft.com/fwlink/p/?LinkId=626673): suppress toast notifications</p></td>
 <td align="left">Mobile device management (MDM) and Group Policy</td>
 <td align="left"><p>Toast Notification Filter has been replaced by MDM and Group Policy settings for blocking the individual components of non-critical system toasts that may appear. For example, to prevent a toast from appearing when a USB drive is connected, ensure that USB connections have been blocked using the USB-related policies, and turn off notifications from apps.</p>
 <p>Group Policy: <strong>User Configuration</strong> &gt; <strong>Administrative Templates</strong> &gt; <strong>Start Menu and Taskbar</strong> &gt; <strong>Notifications</strong></p>
-<p>MDM policy name may vary depending on your MDM service. In Microsoft Intune, use <strong>Allow action center notifications</strong> and a [custom OMA-URI setting](http://go.microsoft.com/fwlink/p/?LinkID=616317) for <strong>AboveLock/AllowActionCenterNotifications</strong>.</p></td>
+<p>MDM policy name may vary depending on your MDM service. In Microsoft Intune, use <strong>Allow action center notifications</strong> and a [custom OMA-URI setting](https://go.microsoft.com/fwlink/p/?LinkID=616317) for <strong>AboveLock/AllowActionCenterNotifications</strong>.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Embedded Lockdown Manager](http://go.microsoft.com/fwlink/p/?LinkId=626763): configure lockdown features</p></td>
-<td align="left">[Windows Imaging and Configuration Designer (ICD)](http://go.microsoft.com/fwlink/p/?LinkID=525483)</td>
+<td align="left"><p>[Embedded Lockdown Manager](https://go.microsoft.com/fwlink/p/?LinkId=626763): configure lockdown features</p></td>
+<td align="left">[Windows Imaging and Configuration Designer (ICD)](https://go.microsoft.com/fwlink/p/?LinkID=525483)</td>
 <td align="left"><p>The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[USB Filter](http://go.microsoft.com/fwlink/p/?LinkId=626674): restrict USB devices and peripherals on system</p></td>
+<td align="left"><p>[USB Filter](https://go.microsoft.com/fwlink/p/?LinkId=626674): restrict USB devices and peripherals on system</p></td>
 <td align="left">MDM and Group Policy</td>
 <td align="left"><p>The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.</p>
 <p>Group Policy: <strong>Computer Configuration</strong> &gt; <strong>Administrative Templates</strong> &gt; <strong>System</strong> &gt; <strong>Device Installation</strong> &gt; <strong>Device Installation Restrictions</strong></p>
 <p>MDM policy name may vary depending on your MDM service. In Microsoft Intune, use <strong>Allow removable storage</strong> or <strong>Allow USB connection (Windows 10 Mobile only)</strong>.</p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Assigned Access](http://go.microsoft.com/fwlink/p/?LinkID=613653): launch a UWP app on sign-in and lock access to system</p></td>
-<td align="left">[Assigned Access](http://go.microsoft.com/fwlink/p/?LinkId=626608)</td>
+<td align="left"><p>[Assigned Access](https://go.microsoft.com/fwlink/p/?LinkID=613653): launch a UWP app on sign-in and lock access to system</p></td>
+<td align="left">[Assigned Access](https://go.microsoft.com/fwlink/p/?LinkId=626608)</td>
 <td align="left"><p>Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.</p>
 <p>In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.</p>
-<p>Learn [how to use Assigned Access to create a kiosk device](http://go.microsoft.com/fwlink/p/?LinkId=626922) that runs a Universal Windows app.</p></td>
+<p>Learn [how to use Assigned Access to create a kiosk device](https://go.microsoft.com/fwlink/p/?LinkId=626922) that runs a Universal Windows app.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[Gesture Filter](http://go.microsoft.com/fwlink/p/?LinkId=626672): block swipes from top, left, and right edges of screen</p></td>
-<td align="left">[Assigned Access](http://go.microsoft.com/fwlink/p/?LinkId=626608)</td>
-<td align="left"><p>The capabilities of Gesture Filter have been consolidated into Assigned Access for Windows 10. In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. For Windows 10, Charms have been removed, and blocking the closing or switching of apps is part of Assigned Access.</p></td>
+<td align="left"><p>[Gesture Filter](https://go.microsoft.com/fwlink/p/?LinkId=626672): block swipes from top, left, and right edges of screen</p></td>
+<td align="left">MDM and Group Policy</td>
+<td align="left"><p>In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. In Windows 10, Charms have been removed. In Windows 10, version 1607, you can block swipes using the [Allow edge swipe](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#LockDown_AllowEdgeSwipe) policy. </p></td>
 </tr>
 <tr class="even">
-<td align="left"><p>[Custom Logon]( http://go.microsoft.com/fwlink/p/?LinkId=626759): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown</p></td>
-<td align="left">[Embedded Logon](http://go.microsoft.com/fwlink/p/?LinkId=626760)</td>
+<td align="left"><p>[Custom Logon]( https://go.microsoft.com/fwlink/p/?LinkId=626759): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown</p></td>
+<td align="left">[Embedded Logon](https://go.microsoft.com/fwlink/p/?LinkId=626760)</td>
 <td align="left"><p>No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.</p></td>
 </tr>
 <tr class="odd">
-<td align="left"><p>[Unbranded Boot](http://go.microsoft.com/fwlink/p/?LinkId=626872): custom brand a device by removing or replacing Windows boot UI elements</p></td>
-<td align="left">[Unbranded Boot](http://go.microsoft.com/fwlink/p/?LinkId=626873)</td>
+<td align="left"><p>[Unbranded Boot](https://go.microsoft.com/fwlink/p/?LinkId=626872): custom brand a device by removing or replacing Windows boot UI elements</p></td>
+<td align="left">[Unbranded Boot](https://go.microsoft.com/fwlink/p/?LinkId=626873)</td>
 <td align="left"><p>No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.</p></td>
 </tr>
 </tbody>
diff --git a/windows/manage/lockdown-xml.md b/windows/manage/lockdown-xml.md
index d763e5ec9b..2e5addcac7 100644
--- a/windows/manage/lockdown-xml.md
+++ b/windows/manage/lockdown-xml.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security, mobile
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Configure Windows 10 Mobile using Lockdown XML
@@ -20,9 +21,10 @@ Windows 10 Mobile allows enterprises to lock down a device, define multiple use
 
 This topic provides example XML that you can use in your own lockdown XML file that can be included in a provisioning package or when using a mobile device management (MDM) solution to push lockdown settings to enrolled devices.
 
-Lockdown XML is an XML file that contains settings for Windows 10 Mobile. When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. In this topic, you'll learn how to create an XML file that contains all lockdown entries available in the AssignedAccessXml area of the [EnterpriseAssignedAccess configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkID=618601).
+Lockdown XML is an XML file that contains settings for Windows 10 Mobile. When you deploy the lockdown XML file to a device, it is saved on the device as **wehlockdown.xml**. When the device boots, it looks for wehlockdown.xml and applies any settings configured in the file. In this topic, you'll learn how to create an XML file that contains all lockdown entries available in the AssignedAccessXml area of the [EnterpriseAssignedAccess configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=618601).
 
->  **Note**&nbsp;&nbsp;On Windows 10 desktop editions, *assigned access* is a feature that lets you configure the device to run a single app above the lockscreen ([kiosk mode](set-up-a-device-for-anyone-to-use.md)). On a Windows 10 Mobile device, assigned access refers to the lockdown settings in AssignedAccessXml in the [EnterpriseAssignedAccess configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkID=618601).
+> [!NOTE]
+>  On Windows 10 desktop editions, *assigned access* is a feature that lets you configure the device to run a single app above the lockscreen ([kiosk mode](set-up-a-device-for-anyone-to-use.md)). On a Windows 10 Mobile device, assigned access refers to the lockdown settings in AssignedAccessXml in the [EnterpriseAssignedAccess configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkID=618601).
 
 If you're not familiar with CSPs, read [Introduction to configuration service providers (CSPs)](how-it-pros-can-use-configuration-service-providers.md) first.
 
@@ -211,7 +213,8 @@ Search | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | ![yes](im
 Camera | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | ![yes](images/checkmark.png)
 Custom 1, 2, and 3 | ![yes](images/checkmark.png) | ![yes](images/checkmark.png) | ![yes](images/checkmark.png)
 
->  **Note**&nbsp;&nbsp;Custom buttons are hardware buttons that can be added to devices by OEMs.
+> [!NOTE]
+>  Custom buttons are hardware buttons that can be added to devices by OEMs.
 
 In the following example, press-and-hold is disabled for the Back button.
 
@@ -240,7 +243,8 @@ If you don't specify a button event, all actions for the button are disabled. In
 
 ButtonRemapList lets you change the app that a button will run. You can remap the Search button and any custom buttons included by the OEM. You can't remap the Back, Start, or Camera buttons.
 
->  **Warning**&nbsp;&nbsp;Button remapping can enable a user to open an application that is not in the allow list for that user role. Use button lock down to prevent application access for a user role.
+> [!WARNING]
+>  Button remapping can enable a user to open an application that is not in the allow list for that user role. Use button lock down to prevent application access for a user role.
  
 To remap a button, you specify the button, the event, and the product ID for the app that you want the event to open. 
 In the following example, when a user presses the Search button, the phone dialer will open instead of the Search app.
@@ -262,13 +266,14 @@ In the following example, when a user presses the Search button, the phone diale
 
 ![XML for CSP Runner](images/CSPRunnerXML.jpg)
 
-You can use CSPRunner to include settings that are not defined in AssignedAccessXML. For example, you can include settings from other sections of EnterpriseAssignedAccess CSP, such as lockscreen, theme, and time zone. You can also include settings from other CSPs, such as [Wi-Fi CSP](http://go.microsoft.com/fwlink/p/?LinkID=717460) or [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962%28v=vs.85%29.aspx).
+You can use CSPRunner to include settings that are not defined in AssignedAccessXML. For example, you can include settings from other sections of EnterpriseAssignedAccess CSP, such as lockscreen, theme, and time zone. You can also include settings from other CSPs, such as [Wi-Fi CSP](https://go.microsoft.com/fwlink/p/?LinkID=717460) or [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962%28v=vs.85%29.aspx).
  
 CSPRunner is helpful when you are configuring a device to support multiple roles. It lets you apply different policies according to the role that is signed on. For example, Wi-Fi could be enabled for a supervisor role and disabled for a stocking clerk role. 
 
 In CSPRunner, you specify the CSP and settings using SyncML, a standardized markup language for device management. A SyncML section can include multiple settings, or you can use multiple SyncML sections -- it's up to you how you want to organize settings in this section.
 
->  **Note**&nbsp;&nbsp;This description of SyncML is just the information that you need to use SyncML in a lockdown XML file. To learn more about SyncML, see [Structure of OMA DM provisioning files](https://msdn.microsoft.com/en-us/windows/hardware/dn914774.aspx).
+> [!NOTE]
+> This description of SyncML is just the information that you need to use SyncML in a lockdown XML file. To learn more about SyncML, see [Structure of OMA DM provisioning files](https://msdn.microsoft.com/windows/hardware/dn914774.aspx).
 
 Let's start with the structure of SyncML in the following example:
 
@@ -354,7 +359,9 @@ For a list of the settings and quick actions that you can allow or block, see [S
  ![XML for tiles](images/TilesXML.png)
  
  By default, under Assigned Access, tile manipulation is turned off (blocked) and only available if enabled in the user’s profile. If tile manipulation is enabled in the user’s profile, they can pin/unpin, move, and resize tiles based on their preferences. When multiple people use one device and you want to enable tile manipulation for multiple users, you must enable it for each user in their user profile. 
- > **Important**   If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile. 
+ 
+ > [!IMPORTANT]
+ > If a device is turned off then back on, the tiles reset to their predefined layout. If a device has only one profile, the only way to reset the tiles is to turn off then turn on the device. If a device has multiple profiles, the device resets the tiles to the predefined layout based on the logged-in user’s profile. 
  
  ```xml
  <Tiles>
@@ -371,7 +378,7 @@ For a list of the settings and quick actions that you can allow or block, see [S
  
  If you have existing lockdown xml, you must update start screen size if your device has >=400epx on its short axis so that tiles on Start can fill all 8 columns if you want to use all 8 columns instead of 6, or use 6 columns instead of 4. 
  
- [Learn about effective pixel width (epx) for different device size classes.](http://go.microsoft.com/fwlink/p/?LinkId=733340)
+ [Learn about effective pixel width (epx) for different device size classes.](https://go.microsoft.com/fwlink/p/?LinkId=733340)
  
  
  ## Configure additional roles
@@ -421,9 +428,9 @@ For a list of the settings and quick actions that you can allow or block, see [S
 ## Add lockdown XML to a provisioning package
 
 
-Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package. [Install the ADK.](https://go.microsoft.com/fwlink/p/?LinkId=526740)
 
-1.  Follow the instructions at [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=629651) to create a project, selecting **Common to all Windows mobile editions** for your project.
+1.  Follow the instructions at [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkID=629651) to create a project, selecting **Common to all Windows mobile editions** for your project.
 
 2.  In **Available customizations**, go to **Runtime settings** &gt; **EmbeddedLockdownProfiles** &gt; **AssignedAccessXml**.
 
@@ -460,12 +467,12 @@ Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (
     -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
     -   If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
 
-After you build the provisioning package, follow the instructions for [applying a provisioning package at runtime to Windows 10 Mobile](http://go.microsoft.com/fwlink/p/?LinkID=619164).
+After you build the provisioning package, follow the instructions for [applying a provisioning package at runtime to Windows 10 Mobile](https://go.microsoft.com/fwlink/p/?LinkID=619164).
 
 ## Push lockdown XML using MDM
 
 
-After you deploy your devices, you can still configure lockdown settings through your MDM solution if it supports the [EnterpriseAssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=618601).
+After you deploy your devices, you can still configure lockdown settings through your MDM solution if it supports the [EnterpriseAssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=618601).
 
 To push lockdown settings to enrolled devices, use the AssignedAccessXML setting and use the lockdown XML as the value. The lockdown XML will be in a HandheldLockdown section that becomes XML embedded in XML, so the XML that you enter must use escaped characters (such as &lt; in place of &lt;). After the MDM provider pushes your lockdown settings to the device, the CSP processes the file and updates the device.
 
diff --git a/windows/manage/manage-access-to-private-store.md b/windows/manage/manage-access-to-private-store.md
index 8e2f813d33..634eb7c4a9 100644
--- a/windows/manage/manage-access-to-private-store.md
+++ b/windows/manage/manage-access-to-private-store.md
@@ -27,6 +27,22 @@ The private store is a feature in Store for Business that organizations receive
 
 Organizations using an MDM to manage apps can use a policy to show only the private store. When your MDM supports the Store for Business, the MDM can use the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#group-policy-table). More specifically, the **ApplicationManagement/RequirePrivateStoreOnly** policy.
 
+## Show private store only using Group Policy 
+
+If you're using Windows Store for Business and you want employees to only see apps you're managing in your private store, you can use Group Policy to show only the private store. Windows Store app will still be available, but employees can't view or purchase apps. Employees can view and install apps that the admin has added to your organization's private store.  
+
+**To show private store only in Windows Store app**
+
+1. Type **gpedit** in the search bar, and then select **Edit group policy (Control panel)** to find and start Group Policy Editor.
+
+2. In the console tree of the snap-in, go to **User Configuration** or **Computer Configuration** > **Administrative Templates** > **Windows Components**, and then click **Store**.
+
+3. Right-click **Only display the private store within the Windows Store app** in the right pane, and click **Edit**.
+
+    This opens the **Only display the private store within the Windows Store app** policy settings.
+
+4. On the **Only display the private store within the Windows Store app** setting page, click **Enabled**, and then click **OK**.
+
 You can also prevent employees from using the Windows Store. For more information, see [Configure access to Windows Store](stop-employees-from-using-the-windows-store.md).
 
 ## Related topics
diff --git a/windows/manage/manage-apps-windows-store-for-business-overview.md b/windows/manage/manage-apps-windows-store-for-business-overview.md
index 6856a7683d..76b2ee98e8 100644
--- a/windows/manage/manage-apps-windows-store-for-business-overview.md
+++ b/windows/manage/manage-apps-windows-store-for-business-overview.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Manage apps in Windows Store for Business
diff --git a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
index f127fe3045..a22f59c100 100644
--- a/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/manage/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@@ -2,19 +2,22 @@
 title: Manage connections from Windows operating system components to Microsoft services (Windows 10)
 description: If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider.
 ms.assetid: ACCEB0DD-BC6F-41B1-B359-140B242183D9
-keywords: privacy, manage connections to Microsoft
+keywords: privacy, manage connections to Microsoft, Windows 10, Windows Server 2016
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
-LocalizationPriority: High
+localizationpriority: high
 author: brianlic-msft
 ---
 
 # Manage connections from Windows operating system components to Microsoft services
 
+<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span> 
+
 **Applies to**
 
 -   Windows 10
+-   Windows Server 2016
 
 If you're looking for content on what each telemetry level means and how to configure it in your organization, see [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md).
 
@@ -22,246 +25,195 @@ Learn about the network connections that Windows components make to Microsoft an
 
 If you want to minimize connections from Windows to Microsoft services, or configure particular privacy settings, this article covers the settings that you could consider. You can configure telemetry at the lowest level for your edition of Windows, and also evaluate which other connections Windows makes to Microsoft services you want to turn off in your environment from the list in this article.
 
-Some of the network connections discussed in this article can be managed in Windows 10 Mobile, Windows 10 Mobile Enterprise, and the July release of Windows 10. However, you must use Windows 10 Enterprise, version 1511 or Windows 10 Education, version 1511 to manage them all.
+You can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft network endpoints as described in this article to help prevent Windows from sending any data to Microsoft. There are many reason why these communications are enabled by default, such as updating malware definitions and maintain current certificate revocation lists, which is why we strongly recommend against this. This data helps us deliver a secure, reliable, and more delightful personalized experience.
+
+We are always striving to improve our documentation and welcome your feedback. You can provide feedback by contacting telmhelp@microsoft.com.
+
+
+## What's new in Windows 10, version 1607 and Windows Server 2016
+
+Here's a list of changes that were made to this article for Windows 10, version 1607 and Windows Server 2016:
+
+- Added instructions on how to turn off speech recognition and speech synthesis model updates in [14.5 Speech, inking, & typing](#bkmk-priv-speech).
+- Added instructions on how to turn off flip ahead with an Internet Explorer Group Policy.
+- Added a section on how to turn off automatic root updates to stop updating the certificate trust list in [1. Certificate trust lists](#certificate-trust-lists).
+- Added a new setting in [25. Windows Update](#bkmk-wu). 
+- Changed the NCSI URL in [11. Network Connection Status Indicator](#bkmk-ncsi).
+- Added a section on how to turn off features that depend on Microsoft Account cloud authentication service [10. Microsoft Account](#bkmk-microsoft-account).
+
+- Added the following Group Policies:
+
+    - Turn off unsolicited network traffic on the Offline Maps settings page
+    - Turn off all Windows spotlight features
+
+## <a href="" id="bkmk-othersettings"></a>Settings
+
+
+The following sections list the components that make network connections to Microsoft services by default. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections.
+
+If you're running Windows 10, they will be included in the next update for the Long Term Servicing Branch.
+
+### Settings for Windows 10 Enterprise, version 1607
+
+See the following table for a summary of the management settings for Windows 10 Enterprise, version 1607.
+
+| Setting | UI | Group Policy | MDM policy | Registry | Command line |
+| - | :-: | :-: | :-: | :-: | :-: |
+| [1. Certificate trust lists](#certificate-trust-lists) | | ![Check mark](images/checkmark.png) | | | |
+| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) |
+| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | | | ![Check mark](images/checkmark.png) | |
+| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | | | |
+| [5. Font streaming](#font-streaming) | | | | ![Check mark](images/checkmark.png) | |
+| [6. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) |
+| [7. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| [8. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | | | |
+| [9. Mail synchronization](#bkmk-mailsync) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | | |
+| [10. Microsoft Account](#bkmk-microsoft-account) | | | | ![Check mark](images/checkmark.png) | |
+| [11. Microsoft Edge](#bkmk-edge) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) |
+| [12. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | | | |
+| [13. Offline maps](#bkmk-offlinemaps) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| [14. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
+| [15. Preinstalled apps](#bkmk-preinstalledapps) | ![Check mark](images/checkmark.png) | | | | ![Check mark](images/checkmark.png) |
+| [16. Settings > Privacy](#bkmk-settingssection) | | | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.1 General](#bkmk-priv-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.2 Location](#bkmk-priv-location) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.3 Camera](#bkmk-priv-camera) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.4 Microphone](#bkmk-priv-microphone) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.5 Notifications](#bkmk-priv-notifications) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.6 Speech, inking, & typing](#bkmk-priv-speech) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.7 Account info](#bkmk-priv-accounts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.8 Contacts](#bkmk-priv-contacts) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.9 Calendar](#bkmk-priv-calendar) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.10 Call history](#bkmk-priv-callhistory) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.11 Email](#bkmk-priv-email) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.12 Messaging](#bkmk-priv-messaging) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.13 Radios](#bkmk-priv-radios) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.14 Other devices](#bkmk-priv-other-devices) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.15 Feedback & diagnostics](#bkmk-priv-feedback) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.16 Background apps](#bkmk-priv-background) | ![Check mark](images/checkmark.png) | | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.17 Motion](#bkmk-priv-motion) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| [17. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [18. Sync your settings](#bkmk-syncsettings) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [19. Teredo](#bkmk-teredo) | | | | | ![Check mark](images/checkmark.png) |
+| [20. Wi-Fi Sense](#bkmk-wifisense) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
+| [21. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [22. Windows Media Player](#bkmk-wmp) | ![Check mark](images/checkmark.png) | | | | ![Check mark](images/checkmark.png) |
+| [23. Windows spotlight](#bkmk-spotlight) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | | |
+| [24. Windows Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | | |
+| [25. Windows Update Delivery Optimization](#bkmk-updates) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [26. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+
+### Settings for Windows Server 2016 with Desktop Experience
+
+See the following table for a summary of the management settings for Windows Server 2016 with Desktop Experience.
+
+| Setting | UI | Group Policy | Registry | Command line |
+| - | :-: | :-: | :-: | :-: |
+| [1. Certificate trust lists](#certificate-trust-lists) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [2. Cortana and Search](#bkmk-cortana) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | | ![Check mark](images/checkmark.png) | |
+| [4. Device metadata retrieval](#bkmk-devinst) | | ![Check mark](images/checkmark.png) | | |
+| [5. Font streaming](#font-streaming) | | | ![Check mark](images/checkmark.png) | |
+| [6. Insider Preview builds](#bkmk-previewbuilds) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [7. Internet Explorer](#bkmk-ie) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | | |
+| [8. Live Tiles](#live-tiles) | | ![Check mark](images/checkmark.png) | | |
+| [10. Microsoft Account](#bkmk-microsoft-account) | | | ![Check mark](images/checkmark.png) | |
+| [12. Network Connection Status Indicator](#bkmk-ncsi) | | ![Check mark](images/checkmark.png) | | |
+| [14. OneDrive](#bkmk-onedrive) | | ![Check mark](images/checkmark.png) | | |
+| [16. Settings > Privacy](#bkmk-settingssection) | | | | |
+| &nbsp;&nbsp;&nbsp;&nbsp;[16.1 General](#bkmk-priv-general) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [17. Software Protection Platform](#bkmk-spp) | | ![Check mark](images/checkmark.png) | | |
+| [19. Teredo](#bkmk-teredo) | | | | ![Check mark](images/checkmark.png) |
+| [21. Windows Defender](#bkmk-defender) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [22. Windows Media Player](#bkmk-wmp) | | | | ![Check mark](images/checkmark.png) |
+| [24. Windows Store](#bkmk-windowsstore) | | ![Check mark](images/checkmark.png) | | |
+| [26. Windows Update](#bkmk-wu) | | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+
+### Settings for Windows Server 2016 Server Core
+
+See the following table for a summary of the management settings for Windows Server 2016 Server Core.
+
+| Setting | Group Policy | Registry | Command line |
+| - | :-: | :-: | :-: | :-: | :-: |
+| [1. Certificate trust lists](#certificate-trust-lists) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [3. Date & Time](#bkmk-datetime) | | ![Check mark](images/checkmark.png) | |
+| [5. Font streaming](#font-streaming) | | ![Check mark](images/checkmark.png) | |
+| [12. Network Connection Status Indicator](#bkmk-ncsi) | ![Check mark](images/checkmark.png) | | |
+| [17. Software Protection Platform](#bkmk-spp) | ![Check mark](images/checkmark.png) | | |
+| [19. Teredo](#bkmk-teredo) | | | ![Check mark](images/checkmark.png) |
+| [21. Windows Defender](#bkmk-defender) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+| [26. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | ![Check mark](images/checkmark.png) | |
+
+### Settings for Windows Server 2016 Nano Server
+
+See the following table for a summary of the management settings for Windows Server 2016 Nano Server.
+
+| Setting | Registry | Command line |
+| - | :-: | :-: | :-: | :-: | :-: |
+| [1. Certificate trust lists](#certificate-trust-lists) | ![Check mark](images/checkmark.png) | |
+| [3. Date & Time](#bkmk-datetime) | ![Check mark](images/checkmark.png) | |
+| [19. Teredo](#bkmk-teredo) | | ![Check mark](images/checkmark.png) |
+| [26. Windows Update](#bkmk-wu) | ![Check mark](images/checkmark.png) | |
+
+## Settings
+
+Use the following sections for more information about how to configure each setting.
+
+### <a href="" id="certificate-trust-lists"></a>1. Certificate trust lists
+
+A certificate trust list is a predefined list of items, such as a list of certificate hashes or a list of file name, that are signed by a trusted entity. Windows automatically downloads an updated certificate trust list when it is available.
+
+To turn off the automatic download of an updated certificate trust list, you can turn off automatic root updates, which also includes the disallowed certificate list and the pin rules list.
+
+For Windows 10, Windows Server 2016 with Desktop Experience, and Windows Server 2016 Server Core:
+
+- Enable the Group Policy: **Computer Configuration** > **Administrative Templates** > **System** > **Internet Communication Management** > **Internet Communication Settings** > **Turn off Automatic Root Certificates Update**
+
+    -and-
+
+1. Navigate to **Computer Configuration** > **Windows Settings** > **Security Settings** > **Public Key Policies**.
+2. Double-click **Certificate Path Validation Settings**.
+3. On the **Network Retrieval** tab, select the **Define these policy settings** check box.
+4. Clear the **Automatically update certificates in the Microsoft Root Certificate Program (recommended)** check box, and then click **OK**.
+
+    -or-
+
+- Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, called **DisableRootAutoUpdate**, with a value of 1.
+
+    -and-
+
+1. Navigate to **Computer Configuration** > **Windows Settings** > **Security Settings** > **Public Key Policies**.
+2. Double-click **Certificate Path Validation Settings**.
+3. On the **Network Retrieval** tab, select the **Define these policy settings** check box.
+4. Clear the **Automatically update certificates in the Microsoft Root Certificate Program (recommended)** check box, and then click **OK**.
 
-In Windows 10 Enterprise, version 1511 or Windows 10 Education, version 1511, you can configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all other connections to Microsoft services as described in this article to prevent Windows from sending any data to Microsoft. We strongly recommend against this, as this data helps us deliver a secure, reliable, and more delightful personalized experience.
+On Windows Server 2016 Nano Server:
 
-We are always working on improving Windows 10 for our customers. We invite IT pros to join the [Windows Insider Program](http://insider.windows.com) to give us feedback on what we can do to make Windows 10 work better for your organization.
+- Create the registry path **HKEY\_LOCAL\_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\AuthRoot** and then add a REG\_DWORD registry setting, called **DisableRootAutoUpdate**, with a value of 1.
 
-Here's what's covered in this article:
+>[!NOTE]  
+>CRL and OCSP network traffic is currently whitelisted and will still show up in network traces.  CRL and OCSP checks are made to the issuing certificate authorities. Microsoft is one of them, but there are many others, such as DigiCert, Thawte, Google, Symantec, and VeriSign.
 
--   [Info management settings](#bkmk-othersettings)
+### <a href="" id="bkmk-cortana"></a>2. Cortana and Search
 
-    -   [1. Cortana](#bkmk-cortana)
+Use either Group Policy or MDM policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730683).
 
-        -   [1.1 Cortana Group Policies](#bkmk-cortana-gp)
-
-        -   [1.2 Cortana MDM policies](#bkmk-cortana-mdm)
-
-        -   [1.3 Cortana Windows Provisioning](#bkmk-cortana-prov)
-
-    -   [2. Date & Time](#bkmk-datetime)
-
-    -   [3. Device metadata retrieval](#bkmk-devinst)
-
-    -   [4. Font streaming](#font-streaming)
-
-    -   [5. Insider Preview builds](#bkmk-previewbuilds)
-
-    -   [6. Internet Explorer](#bkmk-ie)
-
-        -   [6.1 Internet Explorer Group Policies](#bkmk-ie-gp)
-
-        -   [6.2 ActiveX control blocking](#bkmk-ie-activex)
-
-    -   [7. Live Tiles](#live-tiles)
-    
-    -   [8. Mail synchronization](#bkmk-mailsync)
-
-    -   [9. Microsoft Edge](#bkmk-edge)
-
-        -   [9.1 Microsoft Edge Group Policies](#bkmk-edgegp)
-
-        -   [9.2 Microsoft Edge MDM policies](#bkmk-edge-mdm)
-
-        -   [9.3 Microsoft Edge Windows Provisioning](#bkmk-edge-prov)
-
-    -   [10. Network Connection Status Indicator](#bkmk-ncsi)
-
-    -   [11. Offline maps](#bkmk-offlinemaps)
-
-    -   [12. OneDrive](#bkmk-onedrive)
-
-    -   [13. Preinstalled apps](#bkmk-preinstalledapps)
-
-    -   [14. Settings &gt; Privacy](#bkmk-settingssection)
-
-        -   [14.1 General](#bkmk-priv-general)
-
-        -   [14.2 Location](#bkmk-priv-location)
-
-        -   [14.3 Camera](#bkmk-priv-camera)
-
-        -   [14.4 Microphone](#bkmk-priv-microphone)
-
-        -   [14.5 Speech, inking, & typing](#bkmk-priv-speech)
-
-        -   [14.6 Account info](#bkmk-priv-accounts)
-
-        -   [14.7 Contacts](#bkmk-priv-contacts)
-
-        -   [14.8 Calendar](#bkmk-priv-calendar)
-
-        -   [14.9 Call history](#bkmk-priv-callhistory)
-
-        -   [14.10 Email](#bkmk-priv-email)
-
-        -   [14.11 Messaging](#bkmk-priv-messaging)
-
-        -   [14.12 Radios](#bkmk-priv-radios)
-
-        -   [14.13 Other devices](#bkmk-priv-other-devices)
-
-        -   [14.14 Feedback & diagnostics](#bkmk-priv-feedback)
-
-        -   [14.15 Background apps](#bkmk-priv-background)
-
-    -   [15. Software Protection Platform](#bkmk-spp)
-
-    -   [16. Sync your settings](#bkmk-syncsettings)
-
-    -   [17. Teredo](#bkmk-teredo)
-
-    -   [18. Wi-Fi Sense](#bkmk-wifisense)
-
-    -   [19. Windows Defender](#bkmk-defender)
-
-    -   [20. Windows Media Player](#bkmk-wmp)
-
-    -   [21. Windows spotlight](#bkmk-spotlight)
-
-    -   [22. Windows Store](#bkmk-windowsstore)
-
-    -   [23. Windows Update Delivery Optimization](#bkmk-updates)
-
-        -   [23.1 Settings &gt; Update & security](#bkmk-wudo-ui)
-
-        -   [23.2 Delivery Optimization Group Policies](#bkmk-wudo-gp)
-
-        -   [23.3 Delivery Optimization MDM policies](#bkmk-wudo-mdm)
-
-        -   [23.4 Delivery Optimization Windows Provisioning](#bkmk-wudo-prov)
-
-    -   [24. Windows Update](#bkmk-wu)
-
-## What's new in Windows 10, version 1511
-
-
-Here's a list of changes that were made to this article for Windows 10, version 1511:
-
--   Added the following new sections:
-
-    -   [Mail synchronization](#bkmk-mailsync)
-
-    -   [Offline maps](#bkmk-offlinemaps)
-
-    -   [Windows spotlight](#bkmk-spotlight)
-
-    -   [Windows Store](#bkmk-windowsstore)
-
--   Added the following Group Policies:
-
-    -   Open a new tab with an empty tab
-
-    -   Configure corporate Home pages
-
-    -   Let Windows apps access location
-
-    -   Let Windows apps access the camera
-
-    -   Let Windows apps access the microphone
-
-    -   Let Windows apps access account information
-
-    -   Let Windows apps access contacts
-
-    -   Let Windows apps access the calendar
-
-    -   Let Windows apps access messaging
-
-    -   Let Windows apps control radios
-
-    -   Let Windows apps access trusted devices
-
-    -   Do not show feedback notifications
-
-    -   Turn off Automatic Download and Update of Map Data
-
-    -   Force a specific default lock screen image
-
--   Added the AllowLinguisticDataCollection MDM policy.
-
--   Added steps in the [Cortana](#bkmk-cortana) section on how to disable outbound traffic using Windows Firewall.
-
--   Changed the Windows Update section to apply system-wide settings, and not just per user.
-
-## <a href="" id="bkmk-othersettings"></a>Info management settings
-
-
-This section lists the components that make network connections to Microsoft services automatically. You can configure these settings to control the data that is sent to Microsoft. To prevent Windows from sending any data to Microsoft, configure telemetry at the Security level, turn off Windows Defender telemetry and MSRT reporting, and turn off all of these connections. We strongly recommend against this, as this data helps us deliver a secure, reliable, and more delightful personalized experience.
-
-The settings in this section assume you are using Windows 10, version 1511 (currently available in the Current Branch and Current Branch for Business). They will also be included in the next update for the Long Term Servicing Branch.
-
--   [1. Cortana](#bkmk-cortana)
-
--   [2. Date & Time](#bkmk-datetime)
-
--   [3. Device metadata retrieval](#bkmk-devinst)
-
--   [4. Font streaming](#font-streaming)
-
--   [5. Insider Preview builds](#bkmk-previewbuilds)
-
--   [6. Internet Explorer](#bkmk-ie)
-
--   [7. Live Tiles](#live-tiles)
-
--   [8. Mail synchronization](#bkmk-mailsync)
-
--   [9. Microsoft Edge](#bkmk-edge)
-
--   [10. Network Connection Status Indicator](#bkmk-ncsi)
-
--   [11. Offline maps](#bkmk-offlinemaps)
-
--   [12. OneDrive](#bkmk-onedrive)
-
--   [13. Preinstalled apps](#bkmk-preinstalledapps)
-
--   [14. Settings &gt; Privacy](#bkmk-settingssection)
-
--   [15. Software Protection Platform](#bkmk-spp)
-
--   [16. Sync your settings](#bkmk-syncsettings)
-
--   [17. Teredo](#bkmk-teredo)
-
--   [18. Wi-Fi Sense](#bkmk-wifisense)
-
--   [19. Windows Defender](#bkmk-defender)
-
--   [20. Windows Media Player](#bkmk-wmp)
-
--   [21. Windows spotlight](#bkmk-spotlight)
-
--   [22. Windows Store](#bkmk-windowsstore)
-
--   [23. Windows Update Delivery Optimization](#bkmk-updates)
-
--   [24. Windows Update](#bkmk-wu)
-
-
-See the following table for a summary of the management settings. For more info, see its corresponding section.
-
-![Management settings table](images/settings-table.png)
-
-### <a href="" id="bkmk-cortana"></a>1. Cortana
-
-Use either Group Policy or MDM policies to manage settings for Cortana. For more info, see [Cortana, Search, and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730683).
-
-### <a href="" id="bkmk-cortana-gp"></a>1.1 Cortana Group Policies
+### <a href="" id="bkmk-cortana-gp"></a>2.1 Cortana and Search Group Policies
 
 Find the Cortana Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Search**.
 
 | Policy                                               | Description                                                                           |
 |------------------------------------------------------|---------------------------------------------------------------------------------------|
-| Allow Cortana                                        | Choose whether to let Cortana install and run on the device.                          |
-| Allow search and Cortana to use location             | Choose whether Cortana and Search can provide location-aware search results.          |
-| Do not allow web search                              | Choose whether to search the web from Windows Desktop Search. <br /> Default: Disabled|
-| Don't search the web or display web results in Search| Choose whether to search the web from Cortana.                                        |
-| Set what information is shared in Search             | Control what information is shared with Bing in Search.                               |
+| Allow Cortana                                        | Choose whether to let Cortana install and run on the device.<br/><br/>Disable this policy to turn off Cortana. |
+| Allow search and Cortana to use location             | Choose whether Cortana and Search can provide location-aware search results.<br/><br/>Disable this policy to block access to location information for Cortana. |
+| Do not allow web search                              | Choose whether to search the web from Windows Desktop Search.<br/><br/>Enable this policy to remove the option to search the Internet from Cortana. |
+| Don't search the web or display web results in Search| Choose whether to search the web from Cortana.<br/><br/>Enable this policy to stop web queries and results from showing in Search. |
+| Set what information is shared in Search             | Control what information is shared with Bing in Search.<br/><br/>If you enable this policy and set it to **Anonymous info**, usage information will be shared but not search history, Microsoft Account information, or specific location. |
 
-When you enable the **Don't search the web or display web results in Search** Group Policy, you can control the behavior of whether Cortana searches the web to display web results. However, this policy only covers whether or not web search is performed. There could still be a small amount of network traffic to Bing.com to evaluate if certain Cortana components are up-to-date or not. In order to turn off that network activity completely, you can create a Windows Firewall rule to prevent outbound traffic.
+In Windows 10, version 1507 and Windows 10, version 1511, when you enable the **Don't search the web or display web results in Search** Group Policy, you can control the behavior of whether Cortana searches the web to display web results. However, this policy only covers whether or not web search is performed. There could still be a small amount of network traffic to Bing.com to evaluate if certain Cortana components are up-to-date or not. In order to turn off that network activity completely, you can create a Windows Firewall rule to prevent outbound traffic.
+
+>[!IMPORTANT]
+>These steps are not required for devices running Windows 10, version 1607 or Windows Server 2016. 
 
 1.  Expand **Computer Configuration** &gt; **Windows Settings** &gt; **Security Settings** &gt; **Windows Firewall with Advanced Security** &gt; **Windows Firewall with Advanced Security - &lt;LDAP name&gt;**, and then click **Outbound Rules**.
 
@@ -287,22 +239,18 @@ When you enable the **Don't search the web or display web results in Search** Gr
 
     -   For **Remote port**, choose **All ports**.
 
-> **Note:**  If your organization tests network traffic, you should not use Fiddler to test Windows Firewall settings. Fiddler is a network proxy and Windows Firewall does not block proxy traffic. You should use a network traffic analyzer, such as WireShark or Message Analyzer.
+If your organization tests network traffic, you should not use Fiddler to test Windows Firewall settings. Fiddler is a network proxy and Windows Firewall does not block proxy traffic. You should use a network traffic analyzer, such as WireShark or Message Analyzer.
 
-### <a href="" id="bkmk-cortana-mdm"></a>1.2 Cortana MDM policies
+### <a href="" id="bkmk-cortana-mdm"></a>2.2 Cortana and Search MDM policies
 
-The following Cortana MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+For Windows 10 only, the following Cortana MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
 
 | Policy                                               | Description                                                                                         |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
 | Experience/AllowCortana                              | Choose whether to let Cortana install and run on the device.                                        |
 | Search/AllowSearchToUseLocation                      | Choose whether Cortana and Search can provide location-aware search results. <br /> Default: Allowed|
 
-### <a href="" id="bkmk-cortana-prov"></a>1.3 Cortana Windows Provisioning
-
-To use Windows Imaging and Configuration Designer (ICD) to create a provisioning package with the settings for these policies, go to **Runtime settings** &gt; **Policies** to find **Experience** &gt; **AllowCortana** and **Search** &gt; **AllowSearchToUseLocation**.
-
-### <a href="" id="bkmk-datetime"></a>2. Date & Time
+### <a href="" id="bkmk-datetime"></a>3. Date & Time
 
 You can prevent Windows from setting the time automatically.
 
@@ -312,23 +260,34 @@ You can prevent Windows from setting the time automatically.
 
 -   Create a REG\_SZ registry setting in **HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Services\\W32Time\\Parameters\\Type** with a value of **NoSync**.
 
-### <a href="" id="bkmk-devinst"></a>3. Device metadata retrieval
+### <a href="" id="bkmk-devinst"></a>4. Device metadata retrieval
 
 To prevent Windows from retrieving device metadata from the Internet, apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Device Installation** &gt; **Prevent device metadata retrieval from the Internet**.
 
-### <a href="" id="font-streaming"></a>4. Font streaming
+### <a href="" id="font-streaming"></a>5. Font streaming
 
-Starting with Windows 10, fonts that are included in Windows but that are not stored on the local device can be downloaded on demand.
+Fonts that are included in Windows but that are not stored on the local device can be downloaded on demand.
 
 To turn off font streaming, create a REG\_DWORD registry setting called **DisableFontProviders** in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\FontCache\\Parameters**, with a value of 1.
 
-> **Note:**  This may change in future versions of Windows.
 
-### <a href="" id="bkmk-previewbuilds"></a>5. Insider Preview builds
+### <a href="" id="bkmk-previewbuilds"></a>6. Insider Preview builds
 
-To turn off Insider Preview builds if you're running a released version of Windows 10. If you're running a preview version of Windows 10, you must roll back to a released version before you can turn off Insider Preview builds.
+The Windows Insider Preview program lets you help shape the future of Windows, be part of the community, and get early access to releases of Windows 10.
 
--   Turn off the feature in the UI: **Settings** &gt; **Update & security** &gt; **Windows Update** &gt; **Advanced options** &gt; **Stop Insider builds**.
+> [!NOTE]  
+> This setting stops communication with the Windows Insider Preview service that checks for new builds. Windows Insider Preview builds only apply to Windows 10 and are not available for Windows Server 2016.
+
+To turn off Insider Preview builds for a released version of Windows 10:
+
+- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Data Collection and Preview Builds** &gt; **Toggle user control over Insider builds**.
+
+To turn off Insider Preview builds for Windows 10:
+
+> [!NOTE]  
+> If you're running a preview version of Windows 10, you must roll back to a released version before you can turn off Insider Preview builds.
+
+-   Turn off the feature in the UI: **Settings** > **Update & security** > **Windows Insider Program** > **Stop Insider Preview builds**.
 
     -or-
 
@@ -354,13 +313,9 @@ To turn off Insider Preview builds if you're running a released version of Windo
 
     -   **2**. (default) Not configured. Users can make their devices available for download and installing preview software.
 
-### <a href="" id="bkmk-ie"></a>6. Internet Explorer
+### <a href="" id="bkmk-ie"></a>7. Internet Explorer
 
-Use Group Policy to manage settings for Internet Explorer.
-
-### <a href="" id="bkmk-ie-gp"></a>6.1 Internet Explorer Group Policies
-
-Find the Internet Explorer Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Internet Explorer**.
+Use Group Policy to manage settings for Internet Explorer.  You can find the Internet Explorer Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Internet Explorer**.
 
 | Policy                                               | Description                                                                                         |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
@@ -370,19 +325,26 @@ Find the Internet Explorer Group Policy objects under **Computer Configuration**
 | Disable Periodic Check for Internet Explorer software updates| Choose whether Internet Explorer periodically checks for a new version. <br /> Default: Enabled |
 | Turn off browser geolocation | Choose whether websites can request location data from Internet Explorer. <br /> Default: Disabled|
 
-### <a href="" id="bkmk-ie-activex"></a>6.2 ActiveX control blocking
+There are two more Group Policy objects that are used by Internet Explorer:
+
+| Path | Policy | Description |
+| - | - | - |
+| **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Internet Explorer** > **Internet Control Panel** > **Advanced Page**  | Turn off the flip ahead with page prediction feature | Choose whether an employee can swipe across a screen or click forward to go to the next pre-loaded page of a website. <br /> Default: Enabled |
+| **Computer Configuration** > **Administrative Templates** > **Windows Components** > **RSS Feeds** | Turn off background synchronization for feeds and Web Slices | Choose whether to have background synchronization for feeds and Web Slices. <br /> Default: Enabled |
+
+### <a href="" id="bkmk-ie-activex"></a>7.1 ActiveX control blocking
 
 ActiveX control blocking periodically downloads a new list of out-of-date ActiveX controls that should be blocked. You can turn this off by changing the REG\_DWORD registry setting **HKEY\_CURRENT\_USER\\Software\\Microsoft\\Internet Explorer\\VersionManager\\DownloadVersionList** to 0 (zero).
 
 For more info, see [Out-of-date ActiveX control blocking](http://technet.microsoft.com/library/dn761713.aspx).
 
-### <a href="" id="live-tiles"></a>7. Live Tiles
+### <a href="" id="live-tiles"></a>8. Live Tiles
 
 To turn off Live Tiles:
 
 -   Apply the Group Policy: **User Configuration** > **Administrative Templates** > **Start Menu and Taskbar** > **Notifications** > **Turn Off notifications network usage**
 
-### <a href="" id="bkmk-mailsync"></a>8. Mail synchronization
+### <a href="" id="bkmk-mailsync"></a>9. Mail synchronization
 
 To turn off mail synchronization for Microsoft Accounts that are configured on a device:
 
@@ -400,15 +362,36 @@ To turn off the Windows Mail app:
 
 -   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Mail** &gt; **Turn off Windows Mail application**
 
-### <a href="" id="bkmk-edge"></a>9. Microsoft Edge
+### <a href="" id="bkmk-microsoft-account"></a>10. Microsoft Account
 
-Use either Group Policy or MDM policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730682).
+To prevent communication to the Microsoft Account cloud authentication service. Many apps and system components that depend on Microsoft Account authentication may lose functionality. Some of them could be in unexpected ways.
 
-### <a href="" id="bkmk-edgegp"></a>9.1 Microsoft Edge Group Policies
+-   Change the **Start** REG\_DWORD registry setting in **HKEY\_LOCAL\_MACHINE\\System\\CurrentControlSet\\Services\\wlidsvc** to 4.
+
+
+### <a href="" id="bkmk-edge"></a>11. Microsoft Edge
+
+Use either Group Policy or MDM policies to manage settings for Microsoft Edge. For more info, see [Microsoft Edge and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730682).
+
+### <a href="" id="bkmk-edgegp"></a>11.1 Microsoft Edge Group Policies
 
 Find the Microsoft Edge Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge**.
 
-> **Note:**  The Microsoft Edge Group Policy names were changed in Windows 10, version 1511. The table below reflects those changes.
+> [!NOTE] 
+> The Microsoft Edge Group Policy names were changed in Windows 10, version 1607. The table below reflects those changes.
+
+| Policy                                               | Description                                                                                         |
+|------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
+| Configure autofill                                    | Choose whether employees can use autofill on websites. <br /> Default: Enabled                      |
+| Configure Do Not Track         | Choose whether employees can send Do Not Track headers.<br /> Default: Disabled                     |
+| Configure password manager                            | Choose whether employees can save passwords locally on their devices. <br /> Default: Enabled       |
+| Configure search suggestions in Address bar              | Choose whether the address bar shows search suggestions. <br /> Default: Enabled                    |
+| Configure SmartScreen Filter                      | Choose whether SmartScreen is turned on or off.  <br /> Default: Enabled                            |
+| Allow web content on New Tab page                     | Choose whether a new tab page appears.  <br /> Default: Enabled                                     |
+| Configure Home pages                       | Choose the corporate Home page for domain-joined devices. <br /> Set this to **about:blank**        |
+
+
+The Windows 10, version 1511 Microsoft Edge Group Policy names are:
 
 | Policy                                               | Description                                                                                         |
 |------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
@@ -420,7 +403,7 @@ Find the Microsoft Edge Group Policy objects under **Computer Configuration** &g
 | Open a new tab with an empty tab                     | Choose whether a new tab page appears.  <br /> Default: Enabled                                     |
 | Configure corporate Home pages                       | Choose the corporate Home page for domain-joined devices. <br /> Set this to **about:blank**        |
 
-### <a href="" id="bkmk-edge-mdm"></a>9.2 Microsoft Edge MDM policies
+### <a href="" id="bkmk-edge-mdm"></a>11.2 Microsoft Edge MDM policies
 
 The following Microsoft Edge MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
 
@@ -432,35 +415,39 @@ The following Microsoft Edge MDM policies are available in the [Policy CSP](http
 | Browser/AllowSearchSuggestionsinAddressBar           | Choose whether the address bar shows search suggestions.. <br /> Default: Allowed                   |
 | Browser/AllowSmartScreen                             | Choose whether SmartScreen is turned on or off.  <br /> Default: Allowed                            |
 
-### <a href="" id="bkmk-edge-prov"></a>9.3 Microsoft Edge Windows Provisioning
-
-Use Windows ICD to create a provisioning package with the settings for these policies, go to **Runtime settings** &gt; **Policies**.
 
 For a complete list of the Microsoft Edge policies, see [Available policies for Microsoft Edge](http://technet.microsoft.com/library/mt270204.aspx).
 
-### <a href="" id="bkmk-ncsi"></a>10. Network Connection Status Indicator
+### <a href="" id="bkmk-ncsi"></a>12. Network Connection Status Indicator
 
-Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftncsi.com to determine if the device can communicate with the Internet. For more info about NCIS, see [The Network Connection Status Icon](http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx).
+Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to http://www.msftconnecttest.com/connecttest.txt to determine if the device can communicate with the Internet. For more info about NCSI, see [The Network Connection Status Icon](http://blogs.technet.com/b/networking/archive/2012/12/20/the-network-connection-status-icon.aspx).
+
+In versions of Windows 10 prior to Windows 10, version 1607 and Windows Server 2016, the URL was http://www.msftncsi.com. 
 
 You can turn off NCSI through Group Policy:
 
 -   Enable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Internet Communication Management** &gt; **Internet Communication Settings** &gt; **Turn off Windows Network Connectivity Status Indicator active tests**
 
-> **Note**  After you apply this policy, you must restart the device for the policy setting to take effect.
+> [!NOTE] 
+> After you apply this policy, you must restart the device for the policy setting to take effect.
 
-### <a href="" id="bkmk-offlinemaps"></a>11. Offline maps
+### <a href="" id="bkmk-offlinemaps"></a>13. Offline maps
 
 You can turn off the ability to download and update offline maps.
 
 -   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Maps** &gt; **Turn off Automatic Download and Update of Map Data**
 
-### <a href="" id="bkmk-onedrive"></a>12. OneDrive
+    -and-
+
+- In Windows 10, version 1607 and later, apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Maps** > **Turn off unsolicited network traffic on the Offline Maps settings page**
+
+### <a href="" id="bkmk-onedrive"></a>14. OneDrive
 
 To turn off OneDrive in your organization:
 
 -   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **OneDrive** &gt; **Prevent the usage of OneDrive for file storage**
 
-### <a href="" id="bkmk-preinstalledapps"></a>13. Preinstalled apps
+### <a href="" id="bkmk-preinstalledapps"></a>15. Preinstalled apps
 
 Some preinstalled apps get content before they are opened to ensure a great experience. You can remove these using the steps in this section.
 
@@ -572,47 +559,52 @@ To remove the Get Skype app:
 
     Remove the app for the current user. From an elevated command prompt, run the following Windows PowerShell command: **Get-AppxPackage Microsoft.SkypeApp | Remove-AppxPackage**
 
-### <a href="" id="bkmk-settingssection"></a>14. Settings &gt; Privacy
+### <a href="" id="bkmk-settingssection"></a>16. Settings &gt; Privacy
 
 Use Settings &gt; Privacy to configure some settings that may be important to your organization. Except for the Feedback & Diagnostics page, these settings must be configured for every user account that signs into the PC.
 
--   [14.1 General](#bkmk-general)
+-   [16.1 General](#bkmk-general)
 
--   [14.2 Location](#bkmk-priv-location)
+-   [16.2 Location](#bkmk-priv-location)
 
--   [14.3 Camera](#bkmk-priv-camera)
+-   [16.3 Camera](#bkmk-priv-camera)
 
--   [14.4 Microphone](#bkmk-priv-microphone)
+-   [16.4 Microphone](#bkmk-priv-microphone)
 
--   [14.5 Speech, inking, & typing](#bkmk-priv-speech)
+-   [16.5 Notifications](#bkmk-priv-notifications)
 
--   [14.6 Account info](#bkmk-priv-accounts)
+-   [16.6 Speech, inking, & typing](#bkmk-priv-speech)
 
--   [14.7 Contacts](#bkmk-priv-contacts)
+-   [16.7 Account info](#bkmk-priv-accounts)
 
--   [14.8 Calendar](#bkmk-priv-calendar)
+-   [16.8 Contacts](#bkmk-priv-contacts)
 
--   [14.9 Call history](#bkmk-priv-callhistory)
+-   [16.9 Calendar](#bkmk-priv-calendar)
 
--   [14.10 Email](#bkmk-priv-email)
+-   [16.10 Call history](#bkmk-priv-callhistory)
 
--   [14.11 Messaging](#bkmk-priv-messaging)
+-   [16.11 Email](#bkmk-priv-email)
 
--   [14.12 Radios](#bkmk-priv-radios)
+-   [16.12 Messaging](#bkmk-priv-messaging)
 
--   [14.13 Other devices](#bkmk-priv-other-devices)
+-   [16.13 Radios](#bkmk-priv-radios)
 
--   [14.14 Feedback & diagnostics](#bkmk-priv-feedback)
+-   [16.14 Other devices](#bkmk-priv-other-devices)
 
--   [14.15 Background apps](#bkmk-priv-background)
+-   [16.15 Feedback & diagnostics](#bkmk-priv-feedback)
 
-### <a href="" id="bkmk-general"></a>14.1 General
+-   [16.16 Background apps](#bkmk-priv-background)
+
+-   [16.17 Motion](#bkmk-priv-motion)
+
+### <a href="" id="bkmk-general"></a>16.1 General
 
 **General** includes options that don't fall into other areas.
 
 To turn off **Let apps use my advertising ID for experiences across apps (turning this off will reset your ID)**:
 
-> **Note:** When you turn this feature off in the UI, it turns off the advertising ID, not just resets it.
+> [!NOTE] 
+> When you turn this feature off in the UI, it turns off the advertising ID, not just resets it.
 
 -   Turn off the feature in the UI.
 
@@ -630,7 +622,7 @@ To turn off **Turn on SmartScreen Filter to check web content (URLs) that Window
 
     -or-
 
--   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge** &gt; **Turn off the SmartScreen Filter**.
+-   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft Edge** &gt; **Configure SmartScreen Filter**.
 
     Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **File Explorer** &gt; **Configure Windows SmartScreen**.
 
@@ -648,11 +640,12 @@ To turn off **Turn on SmartScreen Filter to check web content (URLs) that Window
 
     -or-
 
--   Create a REG\_DWORD registry setting called **Enabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppHost\\EnableWebContentEvaluation**, with a value of 0 (zero).
+-   Create a REG\_DWORD registry setting called **EnableWebContentEvaluation** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\AppHost**, with a value of 0 (zero).
 
 To turn off **Send Microsoft info about how I write to help us improve typing and writing in the future**:
 
-> **Note: **  If the telemetry level is set to either **Basic** or **Security**, this is turned off automatically.
+> [!NOTE] 
+> If the telemetry level is set to either **Basic** or **Security**, this is turned off automatically.
 
  
 
@@ -674,7 +667,19 @@ To turn off **Let websites provide locally relevant content by accessing my lang
 
 -   Create a new REG\_DWORD registry setting called **HttpAcceptLanguageOptOut** in **HKEY\_CURRENT\_USER\\Control Panel\\International\\User Profile**, with a value of 1.
 
-### <a href="" id="bkmk-priv-location"></a>14.2 Location
+To turn off **Let apps on my other devices open apps and continue experiences on this devices**:
+
+- Turn off the feature in the UI.
+
+    -or-
+
+-   Disable the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **Group Policy** &gt; **Continue experiences on this device**.
+
+To turn off **Let apps on my other devices use Bluetooth to open apps and continue experiences on this device**:
+
+- Turn off the feature in the UI.
+
+### <a href="" id="bkmk-priv-location"></a>16.2 Location
 
 In the **Location** area, you choose whether devices have access to location-specific sensors and which apps have access to the device's location.
 
@@ -696,8 +701,8 @@ To turn off **Location for this device**:
 
     -   **2**. Turned on and the employee can't turn it off.
 
-    **Note**  
-    You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](http://msdn.microsoft.com/library/dn905224.aspx).
+    > [!NOTE]   
+    > You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](http://msdn.microsoft.com/library/dn905224.aspx).
 
     -or-
 
@@ -725,7 +730,7 @@ To turn off **Choose apps that can use your location**:
 
 -   Turn off each app using the UI.
 
-### <a href="" id="bkmk-priv-camera"></a>14.3 Camera
+### <a href="" id="bkmk-priv-camera"></a>16.3 Camera
 
 In the **Camera** area, you can choose which apps can access a device's camera.
 
@@ -747,8 +752,8 @@ To turn off **Let apps use my camera**:
 
     -   **1**. Apps can use the camera.
 
-    **Note**  
-    You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](http://msdn.microsoft.com/library/dn905224.aspx).
+    > [!NOTE]
+    > You can also set this MDM policy in System Center Configuration Manager using the [WMI Bridge Provider](http://msdn.microsoft.com/library/dn905224.aspx).
     
    -or-
 
@@ -762,7 +767,7 @@ To turn off **Choose apps that can use your camera**:
 
 -   Turn off the feature in the UI for each app.
 
-### <a href="" id="bkmk-priv-microphone"></a>14.4 Microphone
+### <a href="" id="bkmk-priv-microphone"></a>16.4 Microphone
 
 In the **Microphone** area, you can choose which apps can access a device's microphone.
 
@@ -780,13 +785,26 @@ To turn off **Choose apps that can use your microphone**:
 
 -   Turn off the feature in the UI for each app.
 
-### <a href="" id="bkmk-priv-speech"></a>14.5 Speech, inking, & typing
+### <a href="" id="bkmk-priv-notifications"></a>16.5 Notifications
+
+In the **Notifications** area, you can choose which apps have access to notifications.
+
+To turn off **Let apps access my notifications**:
+
+-   Turn off the feature in the UI.
+
+   -or-
+
+-   Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access my notifications**
+
+    -   Set the **Select a setting** box to **Force Deny**.
+
+### <a href="" id="bkmk-priv-speech"></a>16.6 Speech, inking, & typing
 
 In the **Speech, Inking, & Typing** area, you can let Windows and Cortana better understand your employee's voice and written input by sampling their voice and writing, and by comparing verbal and written input to contact names and calendar entrees.
 
-> **Note:**  For more info on how to disable Cortana in your enterprise, see [Cortana](#bkmk-cortana) in this article.
-
- 
+> [!NOTE] 
+> For more info on how to disable Cortana in your enterprise, see [Cortana](#bkmk-cortana) in this article.
 
 To turn off the functionality:
 
@@ -802,9 +820,21 @@ To turn off the functionality:
 
    -and-
 
-    Create a REG\_DWORD registry setting called **HarvestContacts** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\InputPersonalization\\TrainedDataStore**, with a value of 0 (zero).
+-  Create a REG\_DWORD registry setting called **HarvestContacts** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\InputPersonalization\\TrainedDataStore**, with a value of 0 (zero).
 
-### <a href="" id="bkmk-priv-accounts"></a>14.6 Account info
+
+If you're running at least Windows 10, version 1607, you can turn off updates to the speech recognition and speech synthesis models:
+
+Apply the Speech/AllowSpeechModelUpdate MDM policy from the [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962(v=vs.85).aspx#Speech_AllowSpeechModelUpdate), where:
+
+-   **0** (default). Not allowed.
+-   **1**. Allowed.
+
+   -or-
+
+- Create a REG\_DWORD registry setting called **AllowSpeechModelUpdate** in **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\PolicyManager\\Current\\Device\\Speech**, with a value of 0 (zero).
+
+### <a href="" id="bkmk-priv-accounts"></a>16.7 Account info
 
 In the **Account Info** area, you can choose which apps can access your name, picture, and other account info.
 
@@ -822,7 +852,7 @@ To turn off **Choose the apps that can access your account info**:
 
 -   Turn off the feature in the UI for each app.
 
-### <a href="" id="bkmk-priv-contacts"></a>14.7 Contacts
+### <a href="" id="bkmk-priv-contacts"></a>16.8 Contacts
 
 In the **Contacts** area, you can choose which apps can access an employee's contacts list.
 
@@ -836,7 +866,7 @@ To turn off **Choose apps that can access contacts**:
 
     -   Set the **Select a setting** box to **Force Deny**.
 
-### <a href="" id="bkmk-priv-calendar"></a>14.8 Calendar
+### <a href="" id="bkmk-priv-calendar"></a>16.9 Calendar
 
 In the **Calendar** area, you can choose which apps have access to an employee's calendar.
 
@@ -854,7 +884,7 @@ To turn off **Choose apps that can access calendar**:
 
 -   Turn off the feature in the UI for each app.
 
-### <a href="" id="bkmk-priv-callhistory"></a>14.9 Call history
+### <a href="" id="bkmk-priv-callhistory"></a>16.10 Call history
 
 In the **Call history** area, you can choose which apps have access to an employee's call history.
 
@@ -868,7 +898,7 @@ To turn off **Let apps access my call history**:
 
     -   Set the **Select a setting** box to **Force Deny**.
 
-### <a href="" id="bkmk-priv-email"></a>14.10 Email
+### <a href="" id="bkmk-priv-email"></a>16.11 Email
 
 In the **Email** area, you can choose which apps have can access and send email.
 
@@ -882,7 +912,7 @@ To turn off **Let apps access and send email**:
 
     -   Set the **Select a setting** box to **Force Deny**.
 
-### <a href="" id="bkmk-priv-messaging"></a>14.11 Messaging
+### <a href="" id="bkmk-priv-messaging"></a>16.12 Messaging
 
 In the **Messaging** area, you can choose which apps can read or send messages.
 
@@ -900,7 +930,7 @@ To turn off **Choose apps that can read or send messages**:
 
 -   Turn off the feature in the UI for each app.
 
-### <a href="" id="bkmk-priv-radios"></a>14.12 Radios
+### <a href="" id="bkmk-priv-radios"></a>16.13 Radios
 
 In the **Radios** area, you can choose which apps can turn a device's radio on or off.
 
@@ -918,7 +948,7 @@ To turn off **Choose apps that can control radios**:
 
 -   Turn off the feature in the UI for each app.
 
-### <a href="" id="bkmk-priv-other-devices"></a>14.13 Other devices
+### <a href="" id="bkmk-priv-other-devices"></a>16.14 Other devices
 
 In the **Other Devices** area, you can choose whether devices that aren't paired to PCs, such as an Xbox One, can share and sync info.
 
@@ -926,6 +956,10 @@ To turn off **Let apps automatically share and sync info with wireless devices t
 
 -   Turn off the feature in the UI.
 
+     -or-
+
+-   Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps sync with devices**
+
 To turn off **Let your apps use your trusted devices (hardware you've already connected, or comes with your PC, tablet, or phone)**:
 
 -   Turn off the feature in the UI.
@@ -936,14 +970,14 @@ To turn off **Let your apps use your trusted devices (hardware you've already co
 
     -   Set the **Select a setting** box to **Force Deny**.
 
-### <a href="" id="bkmk-priv-feedback"></a>14.14 Feedback & diagnostics
+### <a href="" id="bkmk-priv-feedback"></a>16.15 Feedback & diagnostics
 
 In the **Feedback & Diagnostics** area, you can choose how often you're asked for feedback and how much diagnostic and usage information is sent to Microsoft.
 
 To change how frequently **Windows should ask for my feedback**:
 
-**Note**  
-Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device.
+> [!NOTE] 
+> Feedback frequency only applies to user-generated feedback, not diagnostic and usage data sent from the device.
 
  
 
@@ -977,7 +1011,8 @@ To change the level of diagnostic and usage data sent when you **Send your devic
 
 -   To change from **Enhanced**, use the drop-down list in the UI. The other levels are **Basic** and **Full**.
 
-    > **Note:**  You can't use the UI to change the telemetry level to **Security**.
+    > [!NOTE] 
+    > You can't use the UI to change the telemetry level to **Security**.
 
      
 
@@ -1009,7 +1044,7 @@ To change the level of diagnostic and usage data sent when you **Send your devic
 
     -   **3**. Maps to the **Full** level.
 
-### <a href="" id="bkmk-priv-background"></a>14.15 Background apps
+### <a href="" id="bkmk-priv-background"></a>16.16 Background apps
 
 In the **Background Apps** area, you can choose which apps can run in the background.
 
@@ -1017,15 +1052,39 @@ To turn off **Let apps run in the background**:
 
 -   Turn off the feature in the UI for each app.
 
-### <a href="" id="bkmk-spp"></a>15. Software Protection Platform
+    -   Set the **Select a setting** box to **Force Deny**.
 
-Enterprise customers can manage their Windows activation status with volume licensing using an on-premise Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by applying the following Group Policy:
+### <a href="" id="bkmk-priv-motion"></a>16.17 Motion
 
-**Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client Online AVS Activation**
+In the **Motion** area, you can choose which apps have access to your motion data.
+
+To turn off **Let Windows and your apps use your motion data and collect motion history**:
+
+-   Turn off the feature in the UI.
+
+     -or-
+
+-   Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access motion**
+
+### <a href="" id="bkmk-spp"></a>17. Software Protection Platform
+
+Enterprise customers can manage their Windows activation status with volume licensing using an on-premise Key Management Server. You can opt out of sending KMS client activation data to Microsoft automatically by doing one of the following:
+
+For Windows 10:
+
+- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client AVS Validation**
+
+    -or-
+
+-   Apply the Licensing/DisallowKMSClientOnlineAVSValidation MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) where 0 is disabled (default) and 1 is enabled.
+
+For Windows Server 2016 with Desktop Experience or Windows Server 2016 Server Core:
+
+- Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Software Protection Platform** &gt; **Turn off KMS Client AVS Validation**
 
 The Windows activation status will be valid for a rolling period of 180 days with weekly activation status checks to the KMS.
 
-### <a href="" id="bkmk-syncsettings"></a>16. Sync your settings
+### <a href="" id="bkmk-syncsettings"></a>18. Sync your settings
 
 You can control if your settings are synchronized:
 
@@ -1051,13 +1110,13 @@ To turn off Messaging cloud sync:
 
 -   Create a REG\_DWORD registry setting called **CloudServiceSyncEnabled** in **HKEY\_CURRENT\_USER\\SOFTWARE\\Microsoft\\Messaging**, with a value of 0 (zero).
 
-### <a href="" id="bkmk-teredo"></a>17. Teredo
+### <a href="" id="bkmk-teredo"></a>19. Teredo
 
 You can disable Teredo by using the netsh.exe command. For more info on Teredo, see [Internet Protocol Version 6, Teredo, and Related Technologies](http://technet.microsoft.com/library/cc722030.aspx).
 
 -   From an elevated command prompt, run **netsh interface teredo set state disabled**
 
-### <a href="" id="bkmk-wifisense"></a>18. Wi-Fi Sense
+### <a href="" id="bkmk-wifisense"></a>20. Wi-Fi Sense
 
 Wi-Fi Sense automatically connects devices to known hotspots and to the wireless networks the person’s contacts have shared with them.
 
@@ -1075,15 +1134,15 @@ To turn off **Connect to suggested open hotspots** and **Connect to networks sha
 
     -or-
 
--   Change the Windows Provisioning setting, WiFISenseAllowed, to 0 (zero). For more info, see the Windows Provisioning Settings reference doc, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620909).
+-   Change the Windows Provisioning setting, WiFISenseAllowed, to 0 (zero). For more info, see the Windows Provisioning Settings reference doc, [WiFiSenseAllowed](https://go.microsoft.com/fwlink/p/?LinkId=620909).
 
     -or-
 
--   Use the Unattended settings to set the value of WiFiSenseAllowed to 0 (zero). For more info, see the Unattended Windows Setup reference doc, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620910).
+-   Use the Unattended settings to set the value of WiFiSenseAllowed to 0 (zero). For more info, see the Unattended Windows Setup reference doc, [WiFiSenseAllowed](https://go.microsoft.com/fwlink/p/?LinkId=620910).
 
 When turned off, the Wi-Fi Sense settings still appear on the Wi-Fi Settings screen, but they’re non-functional and they can’t be controlled by the employee.
 
-### <a href="" id="bkmk-defender"></a>19. Windows Defender
+### <a href="" id="bkmk-defender"></a>21. Windows Defender
 
 You can disconnect from the Microsoft Antimalware Protection Service.
 
@@ -1091,7 +1150,7 @@ You can disconnect from the Microsoft Antimalware Protection Service.
 
     -or-
 
--   Apply the Defender/AllowClouldProtection MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
+-   For Windows 10 only, apply the Defender/AllowClouldProtection MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
 
     -or-
 
@@ -1107,7 +1166,7 @@ You can stop sending file samples back to Microsoft.
 
     -or-
 
--   Apply the Defender/SubmitSamplesConsent MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+-   For Windows 10 only, apply the Defender/SubmitSamplesConsent MDM policy from the [Defender CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
 
     -   **0**. Always prompt.
 
@@ -1127,13 +1186,17 @@ You can stop downloading definition updates:
 
     -and-
 
--   Enable the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **Signature Updates** &gt; **Define file shares for downloading definition updates** and set it to nothing.
+-   Disable the Group Policy **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Defender** &gt; **Signature Updates** &gt; **Define file shares for downloading definition updates** and set it to nothing.
+
+For Windows 10 only, you can stop Enhanced Notifications:
+
+- Turn off the feature in the UI.
 
 You can also use the registry to turn off Malicious Software Reporting Tool telemetry by setting the REG\_DWORD value **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\MRT\\DontReportInfectionInformation** to 1.
 
-### <a href="" id="bkmk-wmp"></a>20. Windows Media Player
+### <a href="" id="bkmk-wmp"></a>22. Windows Media Player
 
-To remove Windows Media Player:
+To remove Windows Media Player on Windows 10:
 
 -   From the **Programs and Features** control panel, click **Turn Windows features on or off**, under **Media Features**, clear the **Windows Media Player** check box, and then click **OK**.
 
@@ -1141,13 +1204,26 @@ To remove Windows Media Player:
 
 -   Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer**
 
-### <a href="" id="bkmk-spotlight"></a>21. Windows spotlight
+To remove Windows Media Player on Windows Server 2016:
 
-Windows spotlight provides different background images and text on the lock screen. You can control it by using the user interface or through Group Policy.
+-   Run the following DISM command from an elevated command prompt: **dism /online /Disable-Feature /FeatureName:WindowsMediaPlayer**
+
+### <a href="" id="bkmk-spotlight"></a>23. Windows spotlight
+
+Windows spotlight provides features such as different background images and text on the lock screen, suggested apps, Microsoft account notifications, and Windows tips. You can control it by using the user interface or through Group Policy.
+
+If you're running Windows 10, version 1607 or later, you only need to enable the following Group Policy:
+
+- **User Configuration** > **Administrative Templates** > **Windows Components** > **Cloud Content** > **Turn off all Windows spotlight features**
+
+If you're not running Windows 10, version 1607 or later, you can use the other options in this section.
 
 -   Configure the following in **Settings**:
 
-    -   **Personalization** &gt; **Lock screen** &gt; **Background** &gt; **Windows spotlight**, select a different background, and turn off **Show me tips, tricks, and more on the lock screen**.
+    -   **Personalization** > **Lock screen** > **Background** > **Windows spotlight**, select a different background, and turn off **Get fun facts, tips, tricks and more on your lock screen**.
+
+        > [!NOTE]  
+        > In Windows 10, version 1507 and Windows 10, version 1511, this setting was called **Show me tips, tricks, and more on the lock screen**.
 
     -   **Personalization** &gt; **Start** &gt; **Occasionally show suggestions in Start**.
 
@@ -1162,7 +1238,8 @@ Windows spotlight provides different background images and text on the lock scre
 
         -   Set the **Turn off fun facts, tips, tricks, and more on lock screen** check box.
 
-        **Note**  This will only take effect if the policy is applied before the first logon. If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, you can apply this policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Do not display the lock screen**.
+        > [!NOTE] 
+        > This will only take effect if the policy is applied before the first logon. If you cannot apply the **Force a specific default lock screen image** policy before the first logon to the device, you can apply this policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Do not display the lock screen**.
 
          
 
@@ -1170,15 +1247,15 @@ Windows spotlight provides different background images and text on the lock scre
 
     -   **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Cloud Content** &gt; **Turn off Microsoft consumer experiences**.
 
-For more info, see [Windows spotlight on the lock screen](../whats-new/windows-spotlight.md).
+For more info, see [Windows Spotlight on the lock screen](../manage/windows-spotlight.md).
 
-### <a href="" id="bkmk-windowsstore"></a>22. Windows Store
+### <a href="" id="bkmk-windowsstore"></a>24. Windows Store
 
-You can turn off the ability to launch apps from the Windows Store that were preinstalled or downloaded. This will also turn off automatic app updates, and the Windows Store will be disabled.
+You can turn off the ability to launch apps from the Windows Store that were preinstalled or downloaded. This will also turn off automatic app updates, and the Windows Store will be disabled. On Windows Server 2016, this will block Windows Store calls from Universal Windows Apps.
 
 -   Apply the Group Policy: **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Store** &gt; **Disable all apps from Windows Store**.
 
-### <a href="" id="bkmk-updates"></a>23. Windows Update Delivery Optimization
+### <a href="" id="bkmk-updates"></a>25. Windows Update Delivery Optimization
 
 Windows Update Delivery Optimization lets you get Windows updates and Windows Store apps from sources in addition to Microsoft, which not only helps when you have a limited or unreliable Internet connection, but can also help you reduce the amount of bandwidth needed to keep all of your organization's PCs up-to-date. If you have Delivery Optimization turned on, PCs on your network may send and receive updates and apps to other PCs on your local network, if you choose, or to PCs on the Internet.
 
@@ -1186,42 +1263,44 @@ By default, PCs running Windows 10 Enterprise and Windows 10 Education will only
 
 Use the UI, Group Policy, MDM policies, or Windows Provisioning to set up Delivery Optimization.
 
-### <a href="" id="bkmk-wudo-ui"></a>23.1 Settings &gt; Update & security
+In Windows 10, version 1607, you can stop network traffic related to Windows Update Delivery Optimization by setting **Download Mode** to **Simple** (99) or **Bypass** (100), as described below.
+
+### <a href="" id="bkmk-wudo-ui"></a>25.1 Settings &gt; Update & security
 
 You can set up Delivery Optimization from the **Settings** UI.
 
 -   Go to **Settings** &gt; **Update & security** &gt; **Windows Update** &gt; **Advanced options** &gt; **Choose how updates are delivered**.
 
-### <a href="" id="bkmk-wudo-gp"></a>23.2 Delivery Optimization Group Policies
+### <a href="" id="bkmk-wudo-gp"></a>25.2 Delivery Optimization Group Policies
 
 You can find the Delivery Optimization Group Policy objects under **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Delivery Optimization**.
 
 | Policy                    | Description                                                                                         |
 |---------------------------|-----------------------------------------------------------------------------------------------------|
-| Download Mode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>None</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>Group</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>Internet</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li><li><p><strong>LAN</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li></ul>|
-| Group ID                  | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> ** Note** This ID must be a GUID.|
+| Download Mode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>None</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>Group</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>Internet</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li><li><p><strong>LAN</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li><li><p><strong>Simple</strong>. Simple download mode with no peering.</p></li><li><p><strong>Bypass</strong>. Use BITS instead of Windows Update Delivery Optimization.</p></li></ul>|
+| Group ID                  | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> **Note:** This ID must be a GUID.|
 | Max Cache Age             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. <br /> The default value is 259200 seconds (3 days).|
 | Max Cache Size            | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
 | Max Upload Bandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
 
-### <a href="" id="bkmk-wudo-mdm"></a>23.3 Delivery Optimization MDM policies
+### <a href="" id="bkmk-wudo-mdm"></a>25.3 Delivery Optimization MDM policies
 
 The following Delivery Optimization MDM policies are available in the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx).
 
 | Policy                    | Description                                                                                         |
 |---------------------------|-----------------------------------------------------------------------------------------------------|
-| DeliveryOptimization/DODownloadMode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>0</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>1</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li><li><p><strong>2</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>3</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li></ul>|
+| DeliveryOptimization/DODownloadMode             | Lets you choose where Delivery Optimization gets or sends updates and apps, including <ul><li><p><strong>0</strong>. Turns off Delivery Optimization.</p></li><li><p><strong>1</strong>. Gets or sends updates and apps to PCs on the same NAT only.</p></li><li><p><strong>2</strong>. Gets or sends updates and apps to PCs on the same local network domain.</p></li><li><p><strong>3</strong>. Gets or sends updates and apps to PCs on the Internet.</p></li><li><p><strong>99</strong>. Simple download mode with no peering.</p></li><li><p><strong>100</strong>. Use BITS instead of Windows Update Delivery Optimization.</p></li></ul>|
 | DeliveryOptimization/DOGroupID                 | Lets you provide a Group ID that limits which PCs can share apps and updates. <br /> **Note** This ID must be a GUID.|
 | DeliveryOptimization/DOMaxCacheAge             | Lets you specify the maximum time (in seconds) that a file is held in the Delivery Optimization cache. <br /> The default value is 259200 seconds (3 days).|
 | DeliveryOptimization/DOMaxCacheSize            | Lets you specify the maximum cache size as a percentage of disk size. <br /> The default value is 20, which represents 20% of the disk.|
 | DeliveryOptimization/DOMaxUploadBandwidth      | Lets you specify the maximum upload bandwidth (in KB/second) that a device uses across all concurrent upload activity. <br /> The default value is 0, which means unlimited possible bandwidth.|
 
 
-### <a href="" id="bkmk-wudo-prov"></a>23.4 Delivery Optimization Windows Provisioning
+### <a href="" id="bkmk-wudo-prov"></a>25.4 Delivery Optimization Windows Provisioning
 
 If you don't have an MDM server in your enterprise, you can use Windows Provisioning to configure the Delivery Optimization policies
 
-Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windows ADK)](http://go.microsoft.com/fwlink/p/?LinkId=526803), to create a provisioning package for Delivery Optimization.
+Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windows ADK)](https://go.microsoft.com/fwlink/p/?LinkId=526803), to create a provisioning package for Delivery Optimization.
 
 1.  Open Windows ICD, and then click **New provisioning package**.
 
@@ -1231,9 +1310,9 @@ Use Windows ICD, included with the [Windows Assessment and Deployment Kit (Windo
 
 4.  Go to **Runtime settings** &gt; **Policies** &gt; **DeliveryOptimization** to configure the policies.
 
-For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=730684).
+For more info about Delivery Optimization in general, see [Windows Update Delivery Optimization: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=730684).
 
-### <a href="" id="bkmk-wu"></a>24. Windows Update
+### <a href="" id="bkmk-wu"></a>26. Windows Update
 
 You can turn off Windows Update by setting the following registry entries:
 
@@ -1243,13 +1322,18 @@ You can turn off Windows Update by setting the following registry entries:
 
 -   Add a REG\_DWORD value called **DisableWindowsUpdateAccess** to **HKEY\_LOCAL\_MACHINE\\Software\\Policies\\Microsoft\\Windows\\WindowsUpdate** and set the value to 1.
 
+    -and-
+
+-   Add a REG\_DWORD value called **UseWUServer** to **HKEY\_LOCAL\_MACHINE\Software\Policies\Microsoft\Windows\WindowsUpdate\AU** and set the value to 1.
+
+
 You can turn off automatic updates by doing one of the following. This is not recommended.
 
 -   Add a REG\_DWORD value called **AutoDownload** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\Windows\\CurrentVersion\\WindowsStore\\WindowsUpdate** and set the value to 5.
 
     -or-
 
--   Apply the Update/AllowAutoUpdate MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
+-   For Windows 10 only, apply the Update/AllowAutoUpdate MDM policy from the [Policy CSP](http://msdn.microsoft.com/library/windows/hardware/dn904962.aspx), where:
 
     -   **0**. Notify the user before downloading the update.
 
diff --git a/windows/manage/manage-corporate-devices.md b/windows/manage/manage-corporate-devices.md
index f377f9a8fe..f96628d60a 100644
--- a/windows/manage/manage-corporate-devices.md
+++ b/windows/manage/manage-corporate-devices.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: devices
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Manage corporate devices
@@ -33,7 +34,7 @@ Your employees using devices that are owned by the organization can connect to A
 
 You can join a device running Windows 10 to an on-premises Active Directory domain after the first-run experience (sometimes called out-of-box experience or OOBE). You can add devices running Windows 10 to your existing Active Directory infrastructure and manage them just as you've always been used to managing PCs running Windows.
 
-Desktop devices running Windows 10 that are joined to an Active Directory domain can be managed using Group Policy and System Center 2012 R2 Configuration Manager. The following table shows the management support for Windows 10 in Configuration Manager.
+Desktop devices running Windows 10 that are joined to an Active Directory domain can be managed using Group Policy and System Center Configuration Manager (current branch). The following table shows the management support for Windows 10 in Configuration Manager.
 
 <table>
 <colgroup>
@@ -48,7 +49,7 @@ Desktop devices running Windows 10 that are joined to an Active Directory domai
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>[Microsoft System Center Configuration Manager 2016](http://go.microsoft.com/fwlink/p/?LinkId=613622)</p></td>
+<td align="left"><p>[System Center Configuration Manager (current branch) ](https://technet.microsoft.com/en-us/library/mt346023.aspx)</p></td>
 <td align="left"><p>Client deployment, upgrade, and management with new and existing features</p></td>
 </tr>
 <tr class="even">
@@ -70,7 +71,7 @@ Devices joined to Azure AD can be managed using Microsoft Intune or other mobile
 
 ![mdm options for mobile, desktop, and iot through device lifecycle](images/mdm.png)
 
-For flexibility in identity and management, you can combine Active Directory and Azure AD. Learn about [integrating Active Directory and Azure Active Directory for a hybrid identity solution](http://go.microsoft.com/fwlink/p/?LinkId=613209).
+For flexibility in identity and management, you can combine Active Directory and Azure AD. Learn about [integrating Active Directory and Azure Active Directory for a hybrid identity solution](https://go.microsoft.com/fwlink/p/?LinkId=613209).
 
 ## How setting conflicts are resolved
 
@@ -91,30 +92,31 @@ When setting values that do not have a security implication conflict, last write
 
 Devices running Windows 10 include a built-in agent that can be used by MDM servers to enroll and manage devices. MDM servers do not need to create a separate agent or client to install on devices running Windows 10.
 
-For more information about the MDM protocols, see [Mobile device management](http://go.microsoft.com/fwlink/p/?LinkID=533172).
+For more information about the MDM protocols, see [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkID=533172).
 
 ## Learn more
 
-[How to bulk-enroll devices with On-premises Mobile Device Management in System Center Configuration Manager](https://technet.microsoft.com/en-us/library/mt627898.aspx)
+[How to bulk-enroll devices with On-premises Mobile Device Management in System Center Configuration Manager](https://technet.microsoft.com/library/mt627898.aspx)
 
 [Azure AD, Microsoft Intune and Windows 10 - Using the cloud to modernize enterprise mobility](https://blogs.technet.microsoft.com/enterprisemobility/2015/06/12/azure-ad-microsoft-intune-and-windows-10-using-the-cloud-to-modernize-enterprise-mobility/)
 
-[Microsoft Intune End User Enrollment Guide](http://go.microsoft.com/fwlink/p/?LinkID=617169)
+[Microsoft Intune End User Enrollment Guide](https://go.microsoft.com/fwlink/p/?LinkID=617169)
 
-[Azure AD Join on Windows 10 devices](http://go.microsoft.com/fwlink/p/?LinkId=616791)
+[Azure AD Join on Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkId=616791)
 
-[Azure AD support for Windows 10](http://go.microsoft.com/fwlink/p/?LinkID=615765)
+[Azure AD support for Windows 10](https://go.microsoft.com/fwlink/p/?LinkID=615765)
 
-[Windows 10 and Azure Active Directory: Embracing the Cloud](http://go.microsoft.com/fwlink/p/?LinkId=615768)
+[Windows 10 and Azure Active Directory: Embracing the Cloud](https://go.microsoft.com/fwlink/p/?LinkId=615768)
 
-[How to manage Windows 10 devices using Intune](http://go.microsoft.com/fwlink/p/?LinkId=613620)
+[How to manage Windows 10 devices using Intune](https://go.microsoft.com/fwlink/p/?LinkId=613620)
 
-[Using Intune alone and with Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=613207)
+[Using Intune alone and with Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=613207)
 
-Microsoft Virtual Academy course: [System Center 2012 R2 Configuration Manager & Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=613208)
+Microsoft Virtual Academy course: [System Center 2012 R2 Configuration Manager & Windows Intune](https://go.microsoft.com/fwlink/p/?LinkId=613208)
 
 ## Related topics
 
+[Manage Windows 10 and Windows Store tips, tricks, and suggestions](manage-tips-and-suggestions.md)
 
 - [Connect to remote Azure Active Directory-joined PC](connect-to-remote-aadj-pc.md) 
 - [New policies for Windows 10](new-policies-for-windows-10.md)
diff --git a/windows/manage/manage-cortana-in-enterprise.md b/windows/manage/manage-cortana-in-enterprise.md
index b44e4c4920..36b77add2e 100644
--- a/windows/manage/manage-cortana-in-enterprise.md
+++ b/windows/manage/manage-cortana-in-enterprise.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: eross-msft
+localizationpriority: high
 ---
 
 # Cortana integration in your business or enterprise
@@ -14,6 +15,8 @@ author: eross-msft
 -   Windows 10
 -   Windows 10 Mobile
 
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 The world’s first personal digital assistant helps users get things done, even at work. Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and enterprise environments.
 
 ## Cortana integration with Office 365
@@ -23,48 +26,49 @@ But Cortana works even harder when she connects to Office 365, helping employees
 
 **More info:**
 
--   For specific info about what you need to know as a company administrator, including how to turn off Cortana with Office 365, see the [Cortana integration with Office 365](http://go.microsoft.com/fwlink/p/?LinkId=717378) support topic.
+-   For specific info about what you need to know as a company administrator, including how to turn off Cortana with Office 365, see the [Cortana integration with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=717378) support topic.
 
--   For a quick review of the frequently asked questions about Cortana and Office 365 integration, see the blog post, [An early look at Cortana integration with Office 365](http://go.microsoft.com/fwlink/p/?LinkId=717379).
+-   For a quick review of the frequently asked questions about Cortana and Office 365 integration, see the blog post, [An early look at Cortana integration with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=717379).
 
 ## Cortana and Power BI
 Integration between Cortana and Power BI shows how Cortana can work with custom business analytics solutions to enable you to get answers directly from your key business data, including introducing new features that let you create custom Cortana answers using the full capabilities of Power BI Desktop.
 
 **More info:**
 
--   For specific info about how to start using Power BI and Cortana integration, how to customize your data results, and how to use the “Hey Cortana” functionality, see the [Power BI: Announcing Power BI integration with Cortana and new ways to quickly find insights in your data](http://go.microsoft.com/fwlink/p/?LinkId=717382) blog.
+-   For specific info about how to start using Power BI and Cortana integration, how to customize your data results, and how to use the “Hey Cortana” functionality, see the [Power BI: Announcing Power BI integration with Cortana and new ways to quickly find insights in your data](https://go.microsoft.com/fwlink/p/?LinkId=717382) blog.
 
 ## Cortana and Microsoft Dynamics CRM
 Cortana integration is a Preview feature that's available for your test or dev environment, starting with the CRM Online 2016 Update. If you decide to use this Preview feature, you'll need to turn in on and accept the license terms. After that, salespeople will get proactive insights from Cortana on important CRM activities, including sales leads, accounts, and opportunities; presenting the most relevant info at any given time.
 
 **More info:**
--   For more info about Preview features, see [What are Preview features and how do I enable them?](http://go.microsoft.com/fwlink/p/?LinkId=746817).
--   For more info about Cortana, see [What is Cortana?](http://go.microsoft.com/fwlink/p/?LinkId=746818).
--   For more info about CRM integration, how to turn on Cortana, and how to provide feedback, see [Preview feature: Set up Cortana integration](http://go.microsoft.com/fwlink/p/?LinkId=746819).
+-   For more info about Preview features, see [What are Preview features and how do I enable them?](https://go.microsoft.com/fwlink/p/?LinkId=746817).
+-   For more info about Cortana, see [What is Cortana?](https://go.microsoft.com/fwlink/p/?LinkId=746818).
+-   For more info about CRM integration, how to turn on Cortana, and how to provide feedback, see [Preview feature: Set up Cortana integration](https://go.microsoft.com/fwlink/p/?LinkId=746819).
 
 ## Cortana and privacy
-We understand that there are concerns about Cortana and enterprise privacy, so we’ve put together the [Cortana, Search, and privacy: FAQ](http://go.microsoft.com/fwlink/p/?LinkId=717383) topic that covers many of the frequently asked questions. These questions include things such as what info is collected by Cortana, where the info is saved, how to manage what data is collected, how to turn Cortana off, how to opt completely out of data collection, and what info is shared with other Microsoft apps and services.
+We understand that there are concerns about Cortana and enterprise privacy, so we’ve put together the [Cortana, Search, and privacy: FAQ](https://go.microsoft.com/fwlink/p/?LinkId=717383) topic that covers many of the frequently asked questions. These questions include things such as what info is collected by Cortana, where the info is saved, how to manage what data is collected, how to turn Cortana off, how to opt completely out of data collection, and what info is shared with other Microsoft apps and services.
 
 ## Set up Cortana using Group Policy and MDM policies
 Set up and manage Cortana by using the following Group Policy and mobile device management (MDM) policies.
 
 |Group policy |MDM policy |Description |
 |-------------|-----------|------------|
-|Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana |Experience/AllowCortana |Specifies whether employees can use Cortana.<p>**Note**<br>Employees can still perform searches even with Cortana turned off. |
-|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow input personalization |Privacy/AllowInput Personalization |Specifies whether to turn on automatic learning, which allows the collection of speech and handwriting patterns, typing history, contacts, and recent calendar information. It is required for the use of Cortana.<p>**Important**<br>Cortana won’t work if this setting is turned off (disabled). |
-|None |System/AllowLocation |Specifies whether to allow app access to the Location service. |
-|Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results |None |Specifies whether search can perform queries on the web and if the web results are displayed in search.<p>**Important**<br>Cortana won’t work if this setting is turned off (disabled). |
-|Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location |Search/AllowSearchToUse Location |Specifies whether search and Cortana can provide location aware search and Cortana results.<p>**Important**<br>Cortana won’t work if this setting is turned off (disabled). |
-|Computer Configuration\Administrative Templates\Windows Components\Search\Set the SafeSearch setting for Search |Search/SafeSearch Permissions |Specifies what level of safe search (filtering adult content) is required.<p>**Note**<br>This setting only applies to Windows 10 Mobile. |
-|User Configuration\Administrative Templates\Windows Components\File Explorer\Turn off display of recent search entries in the File Explorer search box |None |Specifies whether the search box can suggest recent queries and prevent entries from being stored in the registry for future reference.<p>**Important**<br>Cortana won’t work if this setting is turned off (disabled). |
-|User Configuration\Administrative Templates\Start Menu and Taskbar\Do not search communications |None |Specifies whether the Start menu search box searches communications.<p>**Important**<br>Cortana won’t work if this setting is turned off (disabled). |
+|Computer Configuration\Administrative Templates\Windows Components\Search\AllowCortanaAboveLock |AboveLock/AllowCortanaAboveLock |Specifies whether an employee can interact with Cortana using voice commands when the system is locked.<p>**Note**<br>This setting only applies to Windows 10 for desktop devices. |
+|Computer Configuration\Administrative Templates\Control Panel\Regional and Language Options\Allow input personalization |Privacy/AllowInputPersonalization |Specifies whether an employee can use voice commands with Cortana in the enterprise.<p>**In Windows 10, version 1511**<br>Cortana won’t work if this setting is turned off (disabled).<p>**In Windows 10, version 1607 and later**<br>Cortana still works if this setting is turned off (disabled). |
+|None |System/AllowLocation |Specifies whether to allow app access to the Location service.<p>**In Windows 10, version 1511**<br>Cortana won’t work if this setting is turned off (disabled).<p>**In Windows 10, version 1607 and later**<br>Cortana still works if this setting is turned off (disabled). |
+|None |Accounts/AllowMicrosoftAccountConnection |Specifies whether to allow employees to sign in using a Microsoft account (MSA) from Windows apps.<p>Use this setting if you only want to support Azure AD in your organization. |
+|Computer Configuration\Administrative Templates\Windows Components\Search\Allow search and Cortana to use location |Search/AllowSearchToUseLocation |Specifies whether Cortana can use your current location during searches and for location reminders. |
+|Computer Configuration\Administrative Templates\Windows Components\Search\Set the SafeSearch setting for Search |Search/SafeSearchPermissions |Specifies what level of safe search (filtering adult content) is required.<p>**Note**<br>This setting only applies to Windows 10 Mobile. |
+|User Configuration\Administrative Templates\Windows Components\File Explorer\Turn off display of recent search entries in the File Explorer search box |None |Specifies whether the search box can suggest recent queries and prevent entries from being stored in the registry for future reference. |
+|Computer Configuration\Administrative Templates\Windows Components\Search\Don't search the web or display web results |None |Specifies whether search can perform queries on the web and if the web results are displayed in search.<p>**In Windows 10 Pro edition**<br>This setting can’t be managed.<p>**In Windows 10 Enterprise edition**<br>Cortana won't work if this setting is turned off (disabled). |
+|Computer Configuration\Administrative Templates\Windows Components\Search\Allow Cortana |Experience/AllowCortana |Specifies whether employees can use Cortana.<p>**Important**<br>Cortana won’t work if this setting is turned off (disabled). However, employees can still perform local searches even with Cortana turned off. |
 
 **More info:**
--   For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](http://go.microsoft.com/fwlink/p/?LinkId=717380) topic, located in the configuration service provider reference topics. For specific info about how to set, manage, and use each of these Group Policies to configure Cortana in your enterprise, see the [Group Policy TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=717381).
+-   For specific info about how to set, manage, and use each of these MDM policies to configure Cortana in your enterprise, see the [Policy CSP](https://go.microsoft.com/fwlink/p/?LinkId=717380) topic, located in the configuration service provider reference topics. For specific info about how to set, manage, and use each of these Group Policies to configure Cortana in your enterprise, see the [Group Policy TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=717381).
 
 ## Related topics
-- [Cortana and Windows](http://go.microsoft.com/fwlink/p/?LinkId=717384)
-- [Cortana for developers](http://go.microsoft.com/fwlink/p/?LinkId=717385)
+- [Cortana and Windows](https://go.microsoft.com/fwlink/p/?LinkId=717384)
+- [Cortana for developers](https://go.microsoft.com/fwlink/p/?LinkId=717385)
 
  
 
diff --git a/windows/manage/manage-inventory-windows-store-for-business.md b/windows/manage/manage-inventory-windows-store-for-business.md
index 8535d16d65..f8db99379b 100644
--- a/windows/manage/manage-inventory-windows-store-for-business.md
+++ b/windows/manage/manage-inventory-windows-store-for-business.md
@@ -1,70 +1,10 @@
 ---
 title: Manage inventory in Windows Store for Business (Windows 10)
 description: When you acquire apps from the Windows Store for Business, we add them to the Inventory for your organization. Once an app is part of your inventory, you can distribute the app, and manage licenses.
-redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/app-inventory-management-windows-store-for-business
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/app-inventory-managemement-windows-store-for-business
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ---
 
-# Manage inventory in Window Store for Business
-When you acquire apps from the Windows Store for Business, we add them to the inventory for your organization. Once an app is part of your inventory, you can distribute the app, and manage licenses.
-
-## Distribute apps
-You can assign apps to people, or you can make apps available in your private store. Once an app is in your private store, people in your org can install the app on their devices. For more information, see [Distribute apps using your private store](distribute-apps-from-your-private-store.md).
-
-**To make an app in inventory available in your private store**
-
-1.	Sign in to the [Store for Business](http://businessstore.microsoft.com).
-2.	Click **Manage**, and then choose **Inventory**.
-3.	Click **Refine**, and then choose **Online**. Store for Business will update the list of apps on the **Inventory** page.
-4.	From an app in **Inventory**, click the ellipses under **Action**, and then choose **Add to private store**.
-
-The value under Private store for the app will change to pending. It will take approximately twelve hours before the app is available in the private store. 
-
-Employees can claim apps that admins added to the private store by doing the following.
-
-**To claim an app from the private store**
-
-1.	Sign in to your computer with your Azure Active Directory (AD) credentials, and start the Windows Store app.
-2.	Click the private store tab.
-3.	Click the app you want to install, and then click **Install**.
-
-Another way to distribute apps is by assigning them to people in your organization. 
-
-**To assign an app to an employee**
-
-1.	Sign in to the [Store for Business](http://businessstore.microsoft.com).
-2.	Click **Manage**, and then choose **Inventory**.
-3.	Find an app, click the ellipses under **Action**, and then choose **Assign to people**.
-4.	Type the email address for the employee that you're assigning the app to, and click **Confirm**.
-
-Employees will receive an email with a link that will install the app on their device. Click the link to start the Windows Store app, and then click **Install**. Also, in the Windows Store app, they can find the app under **My Library**. 
-
-## Manage licenses
-For apps in inventory, when you assign an app to an employee, a license for the app is assigned to them. You can manage these licenses, either by assigning them, or reclaiming them so you can assign them to another employee. You can also remove an app from the private store. 
-
-**To assign licenses**
-1.  Sign in to the [Store for Business](http://businessstore.microsoft.com).
-2.	Click **Manage**, and then choose **Inventory**.
-3.	Find an app, click the ellipses under **Action**, and then choose **View license details**.
-4.  Click **Assign to people**, type the name you are assigning the license to, and then click **Assign**. 
-
-Store for Business assigns a license to the person, and adds them to the list of assigned licenses. 
-
-**To reclaim licenses**
-1.  Sign in to the [Store for Business](http://businessstore.microsoft.com).
-2.	Click **Manage**, and then choose **Inventory**.
-3.	Find an app, click the ellipses under **Action**, and then choose **View license details**.
-4.  Click the name of the person you are reclaiming the license from, and then click **Reclaim licenses**. 
-
-Store for Business reclaims the license, and updates the number of avialable licenses. After you reclaim a license, you can assign a license to another employee. 
-
-**To remove an app from the private store**
-
-If you decide that you don't want an app available for employees to install on their own, you can remove it from your private store. 
-1.  Sign in to the [Store for Business](http://businessstore.microsoft.com).
-2.	Click **Manage**, and then choose **Inventory**.
-3.	Find an app, click the ellipses under **Action**, and then choose **Remove from private store**, and then click **Remove**.
-
-The app will still be in your inventory, but your employees will not have access to the app from your private store. 
+ 
diff --git a/windows/manage/manage-orders-windows-store-for-business.md b/windows/manage/manage-orders-windows-store-for-business.md
index 03d95f9433..9ca7ce1322 100644
--- a/windows/manage/manage-orders-windows-store-for-business.md
+++ b/windows/manage/manage-orders-windows-store-for-business.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Manage app orders in Windows Store for Business
diff --git a/windows/manage/manage-private-store-settings.md b/windows/manage/manage-private-store-settings.md
index 6132f1e513..e070bd57ea 100644
--- a/windows/manage/manage-private-store-settings.md
+++ b/windows/manage/manage-private-store-settings.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Manage private store settings
diff --git a/windows/manage/manage-settings-windows-store-for-business.md b/windows/manage/manage-settings-windows-store-for-business.md
index 04bd40016e..704d4d4401 100644
--- a/windows/manage/manage-settings-windows-store-for-business.md
+++ b/windows/manage/manage-settings-windows-store-for-business.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Manage settings for the Windows Store for Business
@@ -36,7 +37,7 @@ You can add users and groups, as well as update some of the settings associated
 <tbody>
 <tr class="odd">
 <td align="left"><p>[Update Windows Store for Business account settings](update-windows-store-for-business-account-settings.md)</p></td>
-<td align="left"><p>The <strong>Account information</strong> page in Windows Store for Business shows information about your organization that you can update, including: country or region, organization name, default domain, and language preference. These are settings in the Azure AD directory that you used when signing up for Store for Business</p></td>
+<td align="left"><p>The <strong>Account information</strong> page in Windows Store for Business shows information about your organization that you can update, including: organization information, payment options, and offline licensing settings.</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>[Manage user accounts in Windows Store for Business](manage-users-and-groups-windows-store-for-business.md)</p></td>
diff --git a/windows/manage/manage-tips-and-suggestions.md b/windows/manage/manage-tips-and-suggestions.md
new file mode 100644
index 0000000000..2fbb2e3cda
--- /dev/null
+++ b/windows/manage/manage-tips-and-suggestions.md
@@ -0,0 +1,64 @@
+---
+title: Manage Windows 10 and Windows Store tips, tricks, and suggestions (Windows 10)
+description: Windows 10 provides organizations with various options to manage auser experiences to provide a consistent and predictable experience for employees. 
+keywords: ["device management"]
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+ms.pagetype: devices
+author: jdeckerMS
+localizationpriority: high
+---
+
+# Manage Windows 10 and Windows Store tips, tricks, and suggestions
+
+
+**Applies to**
+
+-   Windows 10
+
+
+Since its inception, Windows 10 has included a number of user experience features that provide useful tips, tricks, and suggestions as you use Windows, as well as app suggestions from the Windows Store. These features are designed to help people get the most out of their Windows 10 experience by, for example, sharing new features, providing more details on the features they use, or sharing content available in the Windows Store. Examples of such user experiences include: 
+
+* **Windows Spotlight on the lock screen**.  Daily updated images on the lock screen that can include additional facts and tips in “hotspots” that are revealed on hover. 
+
+* **Start menu app suggestions**. App suggestions in Start that recommend productivity tool or utilities from the Windows Store. 
+
+* **Additional apps on Start**.  Additional apps pre-installed on the Start screen which can enhance the user’s experience. 
+
+* **Windows tips**.  Contextual tips that appear based on specific user actions to reveal related Windows features or help users complete a scenario. 
+
+* **Microsoft account notifications**.  For users who have a connected Microsoft account, toast notifications about their account like parental control notifications or subscription expiration. 
+
+>[!TIP]
+> On all Windows desktop editions, users can directly enable and disable Windows 10 tips, tricks, and suggestions and Windows Store suggestions.  For example, users are able to select personal photos for the lock screen as opposed to the images provided by Microsoft, or turn off tips, tricks, or suggestions as they use Windows.   
+
+Windows 10, version 1607 (also known as the Anniversary Update), provides organizations the ability to centrally manage the type of content provided by these features through Group Policy or mobile device management (MDM). The following table describes how administrators can manage suggestions and tips in Windows 10 commercial and education editions.  
+
+## Options available to manage Windows 10 tips and tricks and Windows Store suggestions
+
+| Windows 10 edition | Disable |Show Microsoft apps only | Show Microsoft and popular third-party apps |
+| --- | --- | --- | --- |
+| Windows 10 Pro | No | Yes | Yes (default)  |
+| Windows 10 Enterprise | Yes  | Yes | Yes (default)  |
+| Windows 10 Pro Education | Yes (default)  | Yes | No (setting cannot be changed) |
+| Windows 10 Education | Yes (default) | Yes | No (setting cannot be changed) |
+
+
+
+## Related topics
+
+- [Manage Windows 10 Start layout](windows-10-start-layout-options-and-policies.md)
+- [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md)
+- [Windows spotlight on the lock screen](../whats-new/windows-spotlight.md)
+- [Windows 10 editions for education customers](https://technet.microsoft.com/en-us/edu/windows/windows-editions-for-education-customers)
+
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/manage-users-and-groups-windows-store-for-business.md b/windows/manage/manage-users-and-groups-windows-store-for-business.md
index 42fb25bfa2..23783a767d 100644
--- a/windows/manage/manage-users-and-groups-windows-store-for-business.md
+++ b/windows/manage/manage-users-and-groups-windows-store-for-business.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Manage user accounts in Windows Store for Business
@@ -32,20 +33,20 @@ Azure AD is an Azure service that provides identity and access management capabi
 
 -   Integrate with on-premises Active Directory.
 
-For more information on Azure AD, see [About Office 365 and Azure Active Directory](http://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](http://go.microsoft.com/fwlink/p/?LinkId=708611).
+For more information on Azure AD, see [About Office 365 and Azure Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](https://go.microsoft.com/fwlink/p/?LinkId=708611).
 
 ## Add user accounts to your Azure AD directory
 
 
 If you created a new Azure AD directory when you signed up for Store for Business, you'll have a directory set up with one user account - the global administrator. That global administrator can add user accounts to your Azure AD directory. However, adding user accounts to your Azure AD directory will not give those employees access to Store for Business. You'll need to assign Store for Business roles to your employees. For more information, see [Roles and permissions in the Store for Business.](roles-and-permissions-windows-store-for-business.md)
 
-You can use the [Office 365 admin dashboard](http://go.microsoft.com/fwlink/p/?LinkId=708616) or [Azure management portal](http://go.microsoft.com/fwlink/p/?LinkId=691086) to add user accounts to your Azure AD directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](http://go.microsoft.com/fwlink/p/?LinkId=708617).
+You can use the [Office 365 admin dashboard](https://go.microsoft.com/fwlink/p/?LinkId=708616) or [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=691086) to add user accounts to your Azure AD directory. If you'll be using Azure management portal, you'll need an active subscription to [Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708617).
 
 For more information, see:
 
--   [Add user accounts using Office 365 admin dashboard](http://go.microsoft.com/fwlink/p/?LinkId=708618)
+-   [Add user accounts using Office 365 admin dashboard](https://go.microsoft.com/fwlink/p/?LinkId=708618)
 
--   [Add user accounts using Azure management portal](http://go.microsoft.com/fwlink/p/?LinkId=708619)
+-   [Add user accounts using Azure management portal](https://go.microsoft.com/fwlink/p/?LinkId=708619)
 
  
 
diff --git a/windows/manage/manage-wifi-sense-in-enterprise.md b/windows/manage/manage-wifi-sense-in-enterprise.md
index 172b930871..6f0d6a2526 100644
--- a/windows/manage/manage-wifi-sense-in-enterprise.md
+++ b/windows/manage/manage-wifi-sense-in-enterprise.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: mobile
 author: eross-msft
+localizationpriority: medium
 ---
 
 # Manage Wi-Fi Sense in your company
@@ -16,6 +17,8 @@ author: eross-msft
 -   Windows 10
 -   Windows 10 Mobile
 
+>Learn more about what features and functionality are supported in each Windows edition at [Compare Windows 10 Editions](https://www.microsoft.com/en-us/WindowsForBusiness/Compare).
+
 Wi-Fi Sense learns about open Wi-Fi hotspots your Windows PC or Windows phone connects to by collecting information about the network, like whether the open Wi-Fi network has a high-quality connection to the Internet. By using that information from your device and from other Wi-Fi Sense customers' devices too, Wi-Fi Sense builds a database of these high-quality networks. When you’re in range of one of these Wi-Fi hotspots, you automatically get connected to it.
 
 The initial settings for Wi-Fi Sense are determined by the options you chose when you first set up your PC with Windows 10.
@@ -49,7 +52,7 @@ You can manage your Wi-Fi Sense settings by using registry keys and the Registry
 1.  Open your Registry Editor and go to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WcmSvc\wifinetworkmanager\config\`
 
 2.  Create and set a new **DWORD (32-bit) Value** named, **AutoConnectAllowedOEM**, with a **Value data** of **0 (zero)**.
-<p>Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see [How to configure Wi-Fi Sense on Windows 10 in an enterprise](http://go.microsoft.com/fwlink/p/?LinkId=620959).
+<p>Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see [How to configure Wi-Fi Sense on Windows 10 in an enterprise](https://go.microsoft.com/fwlink/p/?LinkId=620959).
 
     ![Registry Editor, showing the creation of a new DWORD value](images/wifisense-registry.png)
 
@@ -59,7 +62,7 @@ You can manage your Wi-Fi Sense settings by changing the Windows provisioning se
 **To set up Wi-Fi Sense using WiFISenseAllowed**
 
 -   Change the Windows Provisioning setting, **WiFISenseAllowed**, to **0**.
-<p>Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Windows Provisioning settings reference topic, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620909).
+<p>Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Windows Provisioning settings reference topic, [WiFiSenseAllowed](https://go.microsoft.com/fwlink/p/?LinkId=620909).
 
 ### Using Unattended Windows Setup settings
 If your company still uses Unattend, you can manage your Wi-Fi Sense settings by changing the Unattended Windows Setup setting, **WiFiSenseAllowed**.
@@ -67,7 +70,7 @@ If your company still uses Unattend, you can manage your Wi-Fi Sense settings by
 **To set up Wi-Fi Sense using WiFISenseAllowed**
 
 -   Change the Unattended Windows Setup setting, **WiFISenseAllowed**, to **0**.
-<p>Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Unattended Windows Setup Reference topic, [WiFiSenseAllowed](http://go.microsoft.com/fwlink/p/?LinkId=620910).
+<p>Setting this value to **0** turns off Wi-Fi Sense and all Wi-Fi sense features. When turned off, the Wi-Fi Sense settings still appear on the **Wi-Fi Settings** screen, but can't be controlled by the employee and all of the Wi-Fi Sense features are turned off. For more info, see the Unattended Windows Setup Reference topic, [WiFiSenseAllowed](https://go.microsoft.com/fwlink/p/?LinkId=620910).
 
 ### How employees can change their own Wi-Fi Sense settings
 If you don’t turn off the ability for your employees to use Wi-Fi Sense, they can turn it on locally by selecting **Settings &gt; Network & Internet &gt; Wi-Fi &gt; Manage Wi-Fi settings**, and then turning on **Connect to suggested open hotspots**.
@@ -83,8 +86,8 @@ Even if you selected **Automatically connect to networks shared by your contacts
 If you select the **Share network with my contacts** check box the first time you connect to a new network, the network won’t be shared.
 
 ## Related topics
-- [Wi-Fi Sense and Privacy](http://go.microsoft.com/fwlink/p/?LinkId=620911)
-- [How to configure Wi-Fi Sense on Windows 10 in an enterprise](http://go.microsoft.com/fwlink/p/?LinkId=620959)
+- [Wi-Fi Sense and Privacy](https://go.microsoft.com/fwlink/p/?LinkId=620911)
+- [How to configure Wi-Fi Sense on Windows 10 in an enterprise](https://go.microsoft.com/fwlink/p/?LinkId=620959)
 
  
 
diff --git a/windows/manage/mandatory-user-profile.md b/windows/manage/mandatory-user-profile.md
new file mode 100644
index 0000000000..5a19dddc3e
--- /dev/null
+++ b/windows/manage/mandatory-user-profile.md
@@ -0,0 +1,171 @@
+---
+title: Create mandatory user profiles (Windows 10)
+description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users.
+keywords: [".man","ntuser"]
+ms.prod: w10
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: jdeckerMS
+---
+
+# Create mandatory user profiles
+
+
+**Applies to**
+
+-   Windows 10
+
+> [!NOTE]
+> When a mandatory profile is applied to a PC running Windows 10, version 1511, some features such as Universal Windows Platform (UWP) apps, the Start menu, Cortana, and Search, will not work correctly. This will be fixed in a future update. 
+
+A mandatory user profile is a roaming user profile that has been pre-configured by an administrators to specify settings for users. Settings commonly defined in a mandatory profile include (but are not limited to): icons that appear on the desktop, desktop backgrounds, user preferences in Control Panel, printer selections, and more. Configuration changes made during a user's session that are normally saved to a roaming user profile are not saved when a mandatory user profile is assigned. 
+
+Mandatory user profiles are useful when standardization is important, such as on a kiosk device or in educational settings. Only system administrators can make changes to mandatory user profiles. 
+
+When the server that stores the mandatory profile is unavailable, such as when the user is not connected to the corporate network, users with mandatory profiles can sign in with the locally cached copy of the mandatory profile, if one exists. Otherwise, the user will be signed in with a temporary profile. 
+
+User profiles become mandatory profiles when the administrator renames the NTuser.dat file (the registry hive) of each user's profile in the file system of the profile server from `NTuser.dat` to `NTuser.man`. The `.man` extension causes the user profile to be a read-only profile.
+
+<span id="extension"/>
+## Profile extension for each Windows version
+
+The name of the folder in which you store the mandatory profile must use the correct extension for the operating system it will be applied to. The following table lists the correct extension for each operating system version.
+
+| Client operating system version | Server operating system version | Profile extension |
+| --- | --- | --- |
+| Windows XP | Windows Server 2003 </br>Windows Server 2003 R2 | none |
+| Windows Vista</br>Windows 7 | Windows Server 2008</br>Windows Server 2008 R2 | v2 |
+| Windows 8 | Windows Server 2012 | v3 |
+| Windows 8.1 | Windows Server 2012 R2 | v4 |
+| Windows 10, versions 1507 and 1511 | N/A | v5 |
+| Windows 10, version 1607 (also known as the Anniversary Update) |  Windows Server 2016 | v6 |
+
+For more information, see [Deploy Roaming User Profiles, Appendix B](https://technet.microsoft.com/library/jj649079.aspx) and [Roaming user profiles versioning in Windows 10 and Windows Server Technical Preview](https://support.microsoft.com/kb/3056198).
+
+## How to create a mandatory user profile
+
+First, you create a default user profile with the customizations that you want, run Sysprep with CopyProfile set to **True** in the answer file, copy the customized default user profile to a network share, and then you rename the profile to make it mandatory.
+
+**To create a default user profile**
+
+1. Sign in to a computer running Windows 10 as a member of the local Administrator group. Do not use a domain account.
+
+   > [!NOTE] 
+   > Use a lab or extra computer running a clean installation of Windows 10 to create a default user profile. Do not use a computer that is required for business (that is, a production computer). This process removes all domain accounts from the computer, including user profile folders. 
+ 
+2. Configure the computer settings that you want to include in the user profile. For example, you can configure settings for the desktop background, uninstall default apps, install line-of-business apps, and so on. 
+
+   >[!NOTE]
+   >Unlike previous versions of Windows, you cannot apply a Start and taskbar layout using a mandatory profile. For alternative methods for customizing the Start menu and taskbar, see [Related topics](#related-topics).
+
+3. [Create an answer file (Unattend.xml)](https://msdn.microsoft.com/library/windows/hardware/dn915085.aspx) that sets the [CopyProfile](https://msdn.microsoft.com/library/windows/hardware/dn922656.aspx) parameter to **True**. The CopyProfile parameter causes Sysprep to copy the currently signed-on user’s profile folder to the default user profile. You can use [Windows System Image Manager](https://msdn.microsoft.com/library/windows/hardware/dn922445.aspx), which is part of the Windows Assessment and Deployment Kit (ADK) to create the Unattend.xml file. 
+ 
+3. Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the following applications: 
+ 
+     - Microsoft.windowscommunicationsapps_8wekyb3d8bbwe
+     - Microsoft.BingWeather_8wekyb3d8bbwe
+     - Microsoft.DesktopAppInstaller_8wekyb3d8bbwe
+     - Microsoft.Getstarted_8wekyb3d8bbwe
+     - Microsoft.Windows.Photos_8wekyb3d8bbwe
+     - Microsoft.WindowsCamera_8wekyb3d8bbwe
+     - Microsoft.WindowsFeedbackHub_8wekyb3d8bbwe
+     - Microsoft.WindowsStore_8wekyb3d8bbwe
+     - Microsoft.XboxApp_8wekyb3d8bbwe
+     - Microsoft.XboxIdentityProvider_8wekyb3d8bbwe
+     - Microsoft.ZuneMusic_8wekyb3d8bbwe 
+     
+     >[!NOTE]
+     >Uninstalling these apps will decrease sign-in time. If your deployment needs any of these apps, you can leave them installed.
+
+3. At a command prompt, type the following command and press **ENTER**.
+
+    `sysprep /oobe /reboot /generalize /unattend:unattend.xml` 
+
+    (Sysprep.exe is located at: C:\Windows\System32\sysprep. By default, Sysprep looks for unattend.xml in this same folder.)
+    
+    >[!TIP]
+    >If you receive an error message that says "Sysprep was not able to validate your Windows installation", open %WINDIR%\System32\Sysprep\Panther\setupact.log and look for an entry like the following:
+    
+    >![Microsoft Bing Translator package](images/sysprep-error.png)
+    
+    >Use the [Remove-AppxProvisionedPackage](https://technet.microsoft.com/library/dn376476%28v=wps.620%29.aspx) cmdlet in Windows PowerShell to uninstall the app that is listed in the log.
+  
+5. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges.
+
+6. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section.
+    
+7. In **User Profiles**, click **Default Profile**, and then click **Copy To**.
+
+   ![Example of UI](images/copy-to.png)
+
+8. In **Copy To**, under **Permitted to use**, click **Change**.
+
+   ![Example of UI](images/copy-to-change.png)
+   
+9. In **Select User or Group**, in the **Enter the object name to select** field, type `everyone`, click **Check Names**, and then click **OK**.
+
+10. In **Copy To**, in the **Copy profile to** field, enter the path and folder name where you want to store the mandatory profile. The folder name must use the correct [extension](#extension) for the operating system version. For example, the folder name must end with “.v6” to identify it as a user profile folder for Windows 10, version 1607.
+
+   - If the device is joined to the domain and you are signed in with an account that has permissions to write to a shared folder on the network, you can enter the shared folder path.
+   - If the device is not joined to the domain, you can save the profile locally and then copy it to the shared folder location.  
+   
+   ![Example of UI](images/copy-to-path.png) 
+
+9. Click **OK** to copy the default user profile.
+
+
+**To make the user profile mandatory**
+
+ 
+3. In File Explorer, open the folder where you stored the copy of the profile.
+
+    >[!NOTE]
+    >If the folder is not displayed, click **View** > **Options** > **Change folder and search options**. On the **View** tab, select **Show hidden files and folders**, clear **Hide protected operating system files**, click **Yes** to confirm that you want to show operating system files, and then click **OK** to save your changes.
+
+1. Rename `Ntuser.dat` to `Ntuser.man`. 
+
+## How to apply a mandatory user profile to users
+
+In a domain, you modify properties for the user account to point to the mandatory profile in a shared folder residing on the server.
+
+**To apply a mandatory user profile to users**
+
+1. Open **Active Directory Users and Computers** (dsa.msc).
+
+2. Navigate to the user account that you will assign the mandatory profile to.
+
+3. Right-click the user name and open **Properties**.
+
+4. On the **Profile** tab, in the **Profile path** field, enter the path to the shared folder without the extension. For example, if the folder name is \\\\*server*\profile.v6, you would enter \\\\*server*\profile.
+
+5. Click **OK**.
+
+It may take some time for this change to replicate to all domain controllers.
+
+
+
+## Apply policies to improve sign-in time
+
+When a user is configured with a mandatory profile, Windows 10 starts as though it was the first sign-in each time the user signs in. To improve sign-in performance for users with mandatory user profiles, apply the following Group Policy settings.
+
+- Computer Configuration > Administrative Templates > System > Logon > **Show first sign-in animation** = Disabled
+- Computer Configuration > Administrative Templates > Windows Components > Search > **Allow Cortana** = Disabled
+- Computer Configuration > Administrative Templates > Windows Components > Cloud Content > **Turn off Microsoft consumer experience** = Enabled
+
+
+
+
+
+
+
+
+
+## Related topics
+
+- [Manage Windows 10 Start layout and taskbar options](windows-10-start-layout-options-and-policies.md)
+- [Lock down Windows 10 to specific apps](lock-down-windows-10-to-specific-apps.md)
+- [Windows Spotlight on the lock screen](windows-spotlight.md)
+- [Configure devices without MDM](configure-devices-without-mdm.md)
+
+
+
diff --git a/windows/manage/new-policies-for-windows-10.md b/windows/manage/new-policies-for-windows-10.md
index 2da6a7e615..873c393efd 100644
--- a/windows/manage/new-policies-for-windows-10.md
+++ b/windows/manage/new-policies-for-windows-10.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # New policies for Windows 10
@@ -17,9 +18,9 @@ author: jdeckerMS
 -   Windows 10
 -   Windows 10 Mobile
 
-Windows 10 includes the following new policies for management, in addition to policies that were available for Windows 8.1 and Windows Phone 8.1. [Download the complete set of Administrative Template (.admx) files for Windows 10](http://go.microsoft.com/fwlink/p/?LinkID=625081).
+Windows 10 includes the following new policies for management, in addition to policies that were available for Windows 8.1 and Windows Phone 8.1. [Download the complete set of Administrative Template (.admx) files for Windows 10](https://go.microsoft.com/fwlink/p/?LinkID=625081).
 
-## New GPOs in Windows 10
+## New Group Policy settings in Windows 10
 
 
 There are some new policy settings in Group Policy for devices running Windows 10 , such as:
@@ -40,11 +41,11 @@ There are some new policy settings in Group Policy for devices running Windows 
 
 -   Consumer experiences, such as suggested apps in Start and app tiles from Microsoft dynamically inserted in the default Start menu
 
--   [Microsoft Passport](http://go.microsoft.com/fwlink/p/?LinkId=623294)
+-   [Microsoft Passport](https://go.microsoft.com/fwlink/p/?LinkId=623294)
 
 -   Windows Updates for Business
 
-For a spreadsheet of Group Policy settings included in Windows, see [Group Policy Settings Reference for Windows and Windows Server](http://go.microsoft.com/fwlink/p/?LinkId=613627).
+For a spreadsheet of Group Policy settings included in Windows, see [Group Policy Settings Reference for Windows and Windows Server](https://go.microsoft.com/fwlink/p/?LinkId=613627).
 
 ## New MDM policies
 
@@ -65,7 +66,7 @@ Mobile device management (MDM) for Windows 10 Pro, Windows 10 Enterprise, Wind
 
 -   Security
 
--   [VPN](http://go.microsoft.com/fwlink/p/?LinkId=623295) and enterprise Wi-Fi management
+-   [VPN](https://go.microsoft.com/fwlink/p/?LinkId=623295) and enterprise Wi-Fi management
 
 -   Certificate management
 
@@ -73,9 +74,9 @@ Mobile device management (MDM) for Windows 10 Pro, Windows 10 Enterprise, Wind
 
 -   Consumer experiences, such as suggested apps in Start and app tiles from Microsoft dynamically inserted in the default Start menu
 
-If you use Microsoft Intune for MDM, you can [configure custom policies](http://go.microsoft.com/fwlink/p/?LinkId=616316) to deploy Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings that can be used to control features on Windows 10. For a list of OMA-URI settings, see [Custom URI settings for Windows 10 devices](http://go.microsoft.com/fwlink/p/?LinkId=616317).
+If you use Microsoft Intune for MDM, you can [configure custom policies](https://go.microsoft.com/fwlink/p/?LinkId=616316) to deploy Open Mobile Alliance Uniform Resource Identifier (OMA-URI) settings that can be used to control features on Windows 10. For a list of OMA-URI settings, see [Custom URI settings for Windows 10 devices](https://go.microsoft.com/fwlink/p/?LinkId=616317).
 
-No new [Exchange ActiveSync policies](http://go.microsoft.com/fwlink/p/?LinkId=613264). For more information, see the [ActiveSync configuration service provider](http://go.microsoft.com/fwlink/p/?LinkId=618944) technical reference.
+No new [Exchange ActiveSync policies](https://go.microsoft.com/fwlink/p/?LinkId=613264). For more information, see the [ActiveSync configuration service provider](https://go.microsoft.com/fwlink/p/?LinkId=618944) technical reference.
 
 ## Related topics
 
diff --git a/windows/manage/prerequisites-windows-store-for-business.md b/windows/manage/prerequisites-windows-store-for-business.md
index 85f411ba17..0ca1be50d5 100644
--- a/windows/manage/prerequisites-windows-store-for-business.md
+++ b/windows/manage/prerequisites-windows-store-for-business.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Prerequisites for Windows Store for Business
@@ -27,25 +28,20 @@ You'll need this software to work with Store for Business.
 ### Required
 
 -   IT Pros that are administering Store for Business need a browser compatible with Store for Business running on a PC or mobile device. Supported browsers include: Internet Explorer 10 or later, Microsoft Edge, or current versions of Chrome or Firefox.
-
--   Employees using apps from Store for Business need Windows 10, version 1511 running on a PC or mobile device.
+-   Employees using apps from Store for Business need at least Windows 10, version 1511 running on a PC or mobile device.
 
 Microsoft Azure Active Directory (AD) accounts for your employees:
-
 -   IT Pros need Azure AD accounts to sign up for Store for Business, and then to sign in, get apps, distribute apps, and manage app licenses.
-
 -   Employees need Azure AD accounts when they access Store for Business content from Windows-based devices.
-
 -   If you use a management tool to distribute and manage online-licensed apps, all employees will need an Azure AD account.
 
-For more information on Azure AD, see [About Office 365 and Azure Active Directory](http://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](http://go.microsoft.com/fwlink/p/?LinkId=708611).
+For more information on Azure AD, see [About Office 365 and Azure Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](https://go.microsoft.com/fwlink/p/?LinkId=708611).
 
 ### Optional
 
 While not required, you can use a management tool to distribute and manage apps. Using a management tool allows you to distribute content, scope app availability, and control when app updates are installed. This might make sense for larger organizations that already use a management tool. If you're considering using management tools, check with the management tool vendor to see if they support Store for Business. The management tool will need to:
 
 -   Integrate with the Windows 10 management framework and Azure AD.
-
 -   Sync with the Store for Business inventory to distribute apps.
 
 ### Proxy configuration
@@ -53,21 +49,15 @@ While not required, you can use a management tool to distribute and manage apps.
 If your organization restricts computers on your network from connecting to the Internet, there is a set of URLs that need to be available for devices to use Store for Business. Some of the Store for Business features use Windows Store app and Windows Store services. Devices using Store for Business – either to acquire, install, or update apps – will need access to these URLs. If you use a proxy server to block traffic, your configuration needs to allow these URLs:
 
 -   login.live.com
-
 -   login.windows.net
-
 -   account.live.com
-
 -   clientconfig.passport.net
-
 -   windowsphone.com
-
 -   \*.wns.windows.com
-
 -   \*.microsoft.com
-
--   \*.msftncsi.com/ncsi.txt
-
+-   www.msftncsi.com (prior to Windows 10, version 1607)
+-   www.msftconnecttest.com/connecttest.txt (replaces www.msftncsi.com
+starting with Windows 10, version 1607)
  
 
  
diff --git a/windows/manage/product-ids-in-windows-10-mobile.md b/windows/manage/product-ids-in-windows-10-mobile.md
index f1e1f9a3e3..6fd085952b 100644
--- a/windows/manage/product-ids-in-windows-10-mobile.md
+++ b/windows/manage/product-ids-in-windows-10-mobile.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: mobile
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Product IDs in Windows 10 Mobile
@@ -232,7 +233,7 @@ The following table lists the product ID and AUMID for each app that is included
 ## Get product ID and AUMID for other apps
 
 
-To get the product ID and AUMID for apps that are installed from Windows Store or installed locally ([side-loaded](http://go.microsoft.com/fwlink/p/?LinkID=623433)), use the following steps.
+To get the product ID and AUMID for apps that are installed from Windows Store or installed locally ([side-loaded](https://go.microsoft.com/fwlink/p/?LinkID=623433)), use the following steps.
 
 **Prerequisites**: a device with an SD card inserted and all apps installed that you want to get IDs for
 
diff --git a/windows/manage/reset-a-windows-10-mobile-device.md b/windows/manage/reset-a-windows-10-mobile-device.md
index f9b0a026b4..7a18801dd0 100644
--- a/windows/manage/reset-a-windows-10-mobile-device.md
+++ b/windows/manage/reset-a-windows-10-mobile-device.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: mobile
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Reset a Windows 10 Mobile device
@@ -18,15 +19,15 @@ author: jdeckerMS
 
 There are two methods for resetting a Windows 10 Mobile device: factory reset and "wipe and persist" reset.
 
--   **Factory reset** restores the state of the device back to its first-boot state plus any update packages. The reset will not return device to the original factory state. To return the device to the original factory state, you must flash it with the original factory image.All the provisioning applied to the device by the enterprise will be lost and will need to be re-applied if needed. For details on what is removed or persists, see [Resetting a mobile device](http://go.microsoft.com/fwlink/p/?LinkID=703715).
--   **"Wipe and persist" reset** preserves all the provisioning applied to the device before the reset. After the "wipe and persist" reset, all the preserved provisioning packages are automatically applied on the device and the data in the enterprise shared storage folder \\Data\\SharedData\\Enterprise\\Persistent is restored in that folder. For more information on the enterprise shared storage folder, see [EnterpriseExtFileSystem CSP](http://go.microsoft.com/fwlink/p/?LinkId=703716).
+-   **Factory reset** restores the state of the device back to its first-boot state plus any update packages. The reset will not return device to the original factory state. To return the device to the original factory state, you must flash it with the original factory image by using the [Windows Device Recovery Tool](https://support.microsoft.com/help/12379/windows-10-mobile-device-recovery-tool-faq). All the provisioning applied to the device by the enterprise will be lost and will need to be re-applied if needed. For details on what is removed or persists, see [Resetting a mobile device](https://go.microsoft.com/fwlink/p/?LinkID=703715).
+-   **"Wipe and persist" reset** preserves all the provisioning applied to the device before the reset. After the "wipe and persist" reset, all the preserved provisioning packages are automatically applied on the device and the data in the enterprise shared storage folder \\Data\\SharedData\\Enterprise\\Persistent is restored in that folder. For more information on the enterprise shared storage folder, see [EnterpriseExtFileSystem CSP](https://go.microsoft.com/fwlink/p/?LinkId=703716).
 
 You can trigger a reset using your mobile device management (MDM) service, or a user can trigger a reset in the user interface (UI) or by using hardware buttons.
 
 ## Reset using MDM
 
 
-The remote wipe command is sent as an XML provisioning file to the device. Since the [RemoteWipe configuration service provider (CSP)](http://go.microsoft.com/fwlink/p/?LinkId=703714) uses OMA DM and WAP, authentication between client and server and delivery of the XML provisioning file is handled by provisioning. The remote wipe command is implemented on the device by using the **ResetPhone** function. For more information about the data that is removed as a result of the remote wipe command, see [Resetting a mobile device](http://go.microsoft.com/fwlink/p/?LinkId=703715).
+The remote wipe command is sent as an XML provisioning file to the device. Since the [RemoteWipe configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkId=703714) uses OMA DM and WAP, authentication between client and server and delivery of the XML provisioning file is handled by provisioning. The remote wipe command is implemented on the device by using the **ResetPhone** function. For more information about the data that is removed as a result of the remote wipe command, see [Resetting a mobile device](https://go.microsoft.com/fwlink/p/?LinkId=703715).
 
 To perform a factory reset, restoring the device back to its out-of-box state, use the following syncML.
 
diff --git a/windows/manage/roles-and-permissions-windows-store-for-business.md b/windows/manage/roles-and-permissions-windows-store-for-business.md
index 92d9f7e5e8..9542529fbe 100644
--- a/windows/manage/roles-and-permissions-windows-store-for-business.md
+++ b/windows/manage/roles-and-permissions-windows-store-for-business.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Roles and permissions in Windows Store for Business
@@ -96,7 +97,7 @@ This table lists the global user accounts and the permissions they have in the S
 
 ### Store for Business roles and permissions
 
-Store for Businesshas a set of roles that help IT admins and employees manage access to apps and tasks for the Store for Business. Employees with these roles will need to use their Azure AD account to access the Store for Business.
+Store for Business has a set of roles that help IT admins and employees manage access to apps and tasks for the Store for Business. Employees with these roles will need to use their Azure AD account to access the Store for Business.
 
 This table lists the roles and their permissions.
 
diff --git a/windows/manage/set-up-a-device-for-anyone-to-use.md b/windows/manage/set-up-a-device-for-anyone-to-use.md
index 156c44901a..f274498ed1 100644
--- a/windows/manage/set-up-a-device-for-anyone-to-use.md
+++ b/windows/manage/set-up-a-device-for-anyone-to-use.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Set up a device for anyone to use (kiosk mode)
@@ -19,7 +20,7 @@ author: jdeckerMS
 
 **Looking for Windows Embedded 8.1 Industry information?**
 
--   [Assigned Access]( http://go.microsoft.com/fwlink/p/?LinkId=613653)
+-   [Assigned Access]( https://go.microsoft.com/fwlink/p/?LinkId=613653)
 
 You can configure a device running Windows 10 Pro, Windows 10 Enterprise, Windows 10 Education, Windows 10 Mobile, or Windows 10 Mobile Enterprise as a kiosk device, so that users can only interact with a single application that you select.
 
@@ -33,8 +34,8 @@ Do you need a computer that can only do one thing? For example:
 
 The following table identifies the type of application that can be used on each Windows 10 edition to create a kiosk device.
 
-**Note**  
-A Universal Windows app is built on the Universal Windows Platform (UWP), which was first introduced in Windows 8 as the Windows Runtime. A Classic Windows application uses the Classic Windows Platform (CWP) (e.g., COM, Win32, WPF, WinForms, etc.) and is typically launched using an .EXE or .DLL file.
+> [!NOTE]  
+> A Universal Windows app is built on the Universal Windows Platform (UWP), which was first introduced in Windows 8 as the Windows Runtime. A Classic Windows application uses the Classic Windows Platform (CWP) (e.g., COM, Win32, WPF, WinForms, etc.) and is typically launched using an .EXE or .DLL file.
 
  
 
diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
index ff53ab6757..211f47f9c2 100644
--- a/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
+++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Set up a kiosk on Windows 10 Pro, Enterprise, or Education
@@ -16,7 +17,7 @@ author: jdeckerMS
 
 -   Windows 10
 
->  **Looking for Windows Embedded 8.1 Industry information?** See [Assigned Access]( http://go.microsoft.com/fwlink/p/?LinkId=613653)
+>  **Looking for Windows Embedded 8.1 Industry information?** See [Assigned Access]( https://go.microsoft.com/fwlink/p/?LinkId=613653)
 
 A single-use or *kiosk* device is easy to set up in Windows 10 for desktop editions (Pro, Enterprise, and Education). For a kiosk device to run a Universal Windows app, use the **assigned access** feature. For a kiosk device (Windows 10 Enterprise or Education) to run a Classic Windows application, use **Shell Launcher** to set a custom user interface as the shell. To return the device to the regular shell, see [Sign out of assigned access](#sign-out-of-assigned-access).
 
@@ -81,9 +82,9 @@ Using assigned access, Windows 10 runs the designated Universal Windows app abo
 
 -   A domain or local user account. 
     
--   A Universal Windows app that is installed or provisioned for that account and is an above lock screen app. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md). For details on building an above lock screen app, see [Kiosk apps for assigned access: Best practices](http://go.microsoft.com/fwlink/p/?LinkId=708386).
+-   A Universal Windows app that is installed or provisioned for that account and is an above lock screen app. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md). For details on building an above lock screen app, see [Kiosk apps for assigned access: Best practices](https://go.microsoft.com/fwlink/p/?LinkId=708386).
 
-    The app can be your own company app that you have made available in your own app Store. To set up assigned access using MDM or PowerShell, you also need the Application User Model ID (AUMID) for the app. [Learn how to get the AUMID](http://go.microsoft.com/fwlink/p/?LinkId=614867).
+    The app can be your own company app that you have made available in your own app Store. To set up assigned access using MDM or PowerShell, you also need the Application User Model ID (AUMID) for the app. [Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867).
 
     The Universal Windows app must be able to handle multiple views and cannot launch other apps or dialogs.
 
@@ -110,13 +111,13 @@ To remove assigned access, in step 3, choose **Don't use assigned access**.
 
 Assigned Access has one setting, KioskModeApp. In the KioskModeApp setting, you enter the user account name and AUMID for the app to run in kiosk mode.
 
-[Learn how to get the AUMID](http://go.microsoft.com/fwlink/p/?LinkId=614867).
+[Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867).
 
-[See the technical reference for the Assigned Access configuration service provider.](http://go.microsoft.com/fwlink/p/?LinkId=626608)
+[See the technical reference for the Assigned Access configuration service provider.](https://go.microsoft.com/fwlink/p/?LinkId=626608)
 
 ### <a href="" id="icd"></a>Set up assigned access using Windows Imaging and Configuration Designer (ICD)
 
-Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that configures a device as a kiosk. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+Use the Windows Imaging and Configuration Designer (ICD) tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that configures a device as a kiosk. [Install the ADK.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
 
 > **Important**
 When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
@@ -176,7 +177,7 @@ When you build a provisioning package, you may include sensitive information in
 
     After you allow the package to be installed, the settings will be applied to the device
 
-[Learn how to apply a provisioning package in audit mode or OOBE.](http://go.microsoft.com/fwlink/p/?LinkID=692012)
+[Learn how to apply a provisioning package in audit mode or OOBE.](https://go.microsoft.com/fwlink/p/?LinkID=692012)
 
 ### Set up assigned access using Windows PowerShell
 
@@ -201,11 +202,11 @@ Set-AssignedAccess -AppName <CustomApp> -UserSID <usersid>
 ```
 
 > **Note:** To set up assigned access using `-AppName`, the user account that you specify for assigned access must have logged on at least once. 
-[Learn how to get the AUMID](http://go.microsoft.com/fwlink/p/?LinkId=614867).
+[Learn how to get the AUMID](https://go.microsoft.com/fwlink/p/?LinkId=614867).
 
-[Learn how to get the AppName](https://msdn.microsoft.com/en-us/library/windows/hardware/mt620046%28v=vs.85%29.aspx) (see **Parameters**).
+[Learn how to get the AppName](https://msdn.microsoft.com/library/windows/hardware/mt620046%28v=vs.85%29.aspx) (see **Parameters**).
 
-[Learn how to get the SID](http://go.microsoft.com/fwlink/p/?LinkId=615517).
+[Learn how to get the SID](https://go.microsoft.com/fwlink/p/?LinkId=615517).
 
 To remove assigned access, using PowerShell, run the following cmdlet.
 
@@ -223,7 +224,7 @@ Edit the registry to have an account automatically logged on.
 1.  Open Registry Editor (regedit.exe).
 
     **Note**  
-    If you are not familiar with Registry Editor, [learn how to modify the Windows registry](http://go.microsoft.com/fwlink/p/?LinkId=615002).
+    If you are not familiar with Registry Editor, [learn how to modify the Windows registry](https://go.microsoft.com/fwlink/p/?LinkId=615002).
   
 
 2.  Go to
@@ -246,7 +247,7 @@ Edit the registry to have an account automatically logged on.
 
 ### Sign out of assigned access
 
-To sign out of an assigned access account, press **Ctrl + Alt + Del**, and then sign in using another account. When you press **Ctrl + Alt + Del** to sign out of assigned access, the kiosk app will exit automatically. If you sign in again as the assigned access account or wait for the login screen timeout, the kiosk app will be re-launched.
+To exit the assigned access (kiosk) app, press **Ctrl + Alt + Del**, and then sign in using another account. When you press **Ctrl + Alt + Del** to sign out of assigned access, the kiosk app will exit automatically. If you sign in again as the assigned access account or wait for the login screen timeout, the kiosk app will be re-launched. The assigned access user will remain signed in until an admin account opens **Task Manager** > **Users** and signs out the user account.
 
 If you press **Ctrl + Alt + Del** and do not sign in to another account, after a set time, assigned access will resume. The default time is 30 seconds, but you can change that in the following registry key:
 
@@ -265,7 +266,7 @@ Using Shell Launcher, you can configure a kiosk device that runs a Classic Windo
 
 -   A Classic Windows application that is installed for that account. The app can be your own company application or a common app like Internet Explorer.
 
-[See the technical reference for the shell launcher component.](http://go.microsoft.com/fwlink/p/?LinkId=618603)
+[See the technical reference for the shell launcher component.](https://go.microsoft.com/fwlink/p/?LinkId=618603)
 
 ### Configure Shell Launcher
 
@@ -282,28 +283,73 @@ Alternatively, you can turn on Shell Launcher using the Deployment Image Servici
 
 1.  Open a command prompt as an administrator.
 2.  Enter the following command.
-    <span codelanguage=""></span>
-    <table>
-    <colgroup>
-    <col width="100%" />
-    </colgroup>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><pre><code>Dism /online /Enable-Feature /FeatureName:Client-EmbeddedShellLauncher</code></pre></td>
-    </tr>
-    </tbody>
-    </table>
+
+    ```
+    Dism /online /Enable-Feature /all /FeatureName:Client-EmbeddedShellLauncher
+    ```
 
 **To set your custom shell**
 
 Modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
 
 ```
+# Check if shell launcher license is enabled
+function Check-ShellLauncherLicenseEnabled
+{
+    [string]$source = @"
+using System;
+using System.Runtime.InteropServices;
+
+static class CheckShellLauncherLicense
+{
+    const int S_OK = 0;
+
+    public static bool IsShellLauncherLicenseEnabled()
+    {
+        int enabled = 0;
+
+        if (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) {
+            enabled = 0;
+        }
+        
+        return (enabled != 0);
+    }
+
+    static class NativeMethods
+    {
+        [DllImport("Slc.dll")]
+        internal static extern int SLGetWindowsInformationDWORD([MarshalAs(UnmanagedType.LPWStr)]string valueName, out int value);
+    }
+
+}
+"@
+
+    $type = Add-Type -TypeDefinition $source -PassThru
+
+    return $type[0]::IsShellLauncherLicenseEnabled()
+}
+
+[bool]$result = $false
+
+$result = Check-ShellLauncherLicenseEnabled
+"`nShell Launcher license enabled is set to " + $result
+if (-not($result))
+{
+    "`nThis device doesn't have required license to use Shell Launcher"
+    exit
+}
+
 $COMPUTER = "localhost"
 $NAMESPACE = "root\standardcimv2\embedded"
 
 # Create a handle to the class instance so we can call the static methods.
-$ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting"
+try {
+    $ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting"
+    } catch [Exception] {
+    write-host $_.Exception.Message; 
+    write-host "Make sure Shell Launcher feature is enabled"
+    exit
+    }
 
 
 # This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group.
@@ -318,7 +364,7 @@ function Get-UsernameSID($AccountName) {
     $NTUserSID = $NTUserObject.Translate([System.Security.Principal.SecurityIdentifier])
 
     return $NTUserSID.Value
-
+    
 }
 
 # Get the SID for a user account named "Cashier". Rename "Cashier" to an existing account on your system to test this script.
diff --git a/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md b/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
index e0859c769c..1a11ff9c20 100644
--- a/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
+++ b/windows/manage/set-up-a-kiosk-for-windows-10-for-mobile-edition.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: mobile
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Set up a kiosk on Windows 10 Mobile or Windows 10 Mobile Enterprise
@@ -20,7 +21,7 @@ author: jdeckerMS
 A device in kiosk mode runs a specified app with no access to other device functions, menus, or settings. You configure a device running Windows 10 Mobile or Windows 10 Mobile Enterprise for kiosk mode by using the Apps Corner feature. You can also use the Enterprise Assigned Access configuration service provider (CSP) to configure a kiosk experience.
 
 **Note**  
-The specified app must be an above lock screen app. For details on building an above lock screen app, see [Kiosk apps for assigned access: Best practices](http://go.microsoft.com/fwlink/p/?LinkId=708386).
+The specified app must be an above lock screen app. For details on building an above lock screen app, see [Kiosk apps for assigned access: Best practices](https://go.microsoft.com/fwlink/p/?LinkId=708386).
 
  
 
@@ -69,7 +70,7 @@ Enterprise Assigned Access allows you to lock down your Windows 10 Mobile or Wi
 
 In AssignedAccessXml, for Application, you enter the product ID for the app to run in kiosk mode. Find product IDs at [Product IDs in Windows 10 Mobile](product-ids-in-windows-10-mobile.md).
 
-[See the technical reference for the Enterprise Assigned Access configuration service provider (CSP).](http://go.microsoft.com/fwlink/p/?LinkID=618601)
+[See the technical reference for the Enterprise Assigned Access configuration service provider (CSP).](https://go.microsoft.com/fwlink/p/?LinkID=618601)
 
 ### Set up assigned access using Windows Imaging and Configuration Designer (ICD)
 
@@ -78,14 +79,14 @@ When you build a provisioning package, you may include sensitive information in
 
 **To create and apply a provisioning package for a kiosk device**
 
-1.  Create an *AssignedAccess*.xml file that specifies the app the device will run. (You can name use any file name.) For instructions on AssignedAccessXml, see [EnterpriseAssignedAccess CSP](http://go.microsoft.com/fwlink/p/?LinkID=618601).
+1.  Create an *AssignedAccess*.xml file that specifies the app the device will run. (You can name use any file name.) For instructions on AssignedAccessXml, see [EnterpriseAssignedAccess CSP](https://go.microsoft.com/fwlink/p/?LinkID=618601).
 
     **Note**  
     Do not escape the xml in *AssignedAccess*.xml file as Windows Imaging and Configuration Designer (ICD) will do that when building the package. Providing escaped xml in Windows ICD will cause building the package fail.
 
      
 
-2.  Open Windows ICD (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
+2.  Open Windows ICD (by default, `%windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe`).
 3. Choose **Advanced provisioning**.
 
 
@@ -177,7 +178,7 @@ When you build a provisioning package, you may include sensitive information in
 
         5.  Restart the device and verify that the runtime settings that were configured in the provisioning package were applied to the device.
 
-        [Learn how to apply a provisioning package in audit mode or OOBE.](http://go.microsoft.com/fwlink/p/?LinkID=692012)
+        [Learn how to apply a provisioning package in audit mode or OOBE.](https://go.microsoft.com/fwlink/p/?LinkID=692012)
 
 ## Related topics
 
diff --git a/windows/manage/set-up-shared-or-guest-pc.md b/windows/manage/set-up-shared-or-guest-pc.md
index 04d5016d22..f641f80569 100644
--- a/windows/manage/set-up-shared-or-guest-pc.md
+++ b/windows/manage/set-up-shared-or-guest-pc.md
@@ -1,11 +1,12 @@
 ---
 title: Set up a shared or guest PC with Windows 10 (Windows 10)
-description: tbd
+description: Windows 10, version 1607, introduces *shared PC mode*, which optimizes Windows 10 for shared use scenarios.
 keywords: ["shared pc mode"]
 ms.prod: W10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Set up a shared or guest PC with Windows 10
@@ -15,9 +16,10 @@ author: jdeckerMS
 
 -   Windows 10
 
-Windows 10, version 1607, introduces *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise  and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Education, and Enterprise.
+Windows 10, version 1607, introduces *shared PC mode*, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise  and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Pro Education, Education, and Enterprise.
 
-> **Note:** If you're interested in using Windows 10 for shared PCs in a school, see [Use Set up School PCs app](https://technet.microsoft.com/en-us/edu/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education.
+> [!NOTE]
+> If you're interested in using Windows 10 for shared PCs in a school, see [Use Set up School PCs app](https://technet.microsoft.com/edu/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education.
 
 ##Shared PC mode concepts
 A Windows 10 PC in shared PC mode is designed to be management- and maintenance-free with high reliability. In shared PC mode, only one user can be signed in at a time. When the PC is locked, the currently signed in user can always be signed out at the lock screen. Users who sign-in are signed in as standard users, not admin users.
@@ -37,7 +39,11 @@ While shared PC mode does not configure Windows Update itself, it is strongly re
 - MDM: Set **Update/AllowAutoUpdate** to `4`. 
 - Provisioning: In Windows Imaging and Configuration Designer (ICD), set **Policies/Update/AllowAutoUpdate** to `4`. 
 
-[Learn more about the AllowAutoUpdate settings](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_AllowAutoUpdate)
+[Learn more about the AllowAutoUpdate settings](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx#Update_AllowAutoUpdate)
+
+###App behavior
+
+Apps can take advantage of shared PC mode by changing their app behavior to align with temporary use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences. For information on how an app can query for shared PC mode, see [SharedModeSettings class](https://msdn.microsoft.com/en-us/library/windows/apps/windows.system.profile.sharedmodesettings.aspx).
 
 ###Customization
 Shared PC mode exposes a set of customizations to tailor the behavior to your requirements. These customizations are the options that you'll set either using MDM or a provisioning package as explained in [Configuring shared PC mode on Windows](#configuring-shared-pc-mode-on-windows). The options are listed in the following table.
@@ -59,16 +65,18 @@ Shared PC mode exposes a set of customizations to tailor the behavior to your re
 
 ##Configuring shared PC mode on Windows
 You can configure Windows to be in shared PC mode in a couple different ways:
-- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723294.aspx). Your MDM policy can contain any of the options listed in the [Customization](#customization) section. The following image shows a Microsoft Intune policy with the shared PC options added as OMA-URI settings. [Learn more about Windows 10 policy settings in Microsoft Intune.](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune)
+- Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx). Your MDM policy can contain any of the options listed in the [Customization](#customization) section. The following image shows a Microsoft Intune policy with the shared PC options added as OMA-URI settings. [Learn more about Windows 10 policy settings in Microsoft Intune.](https://docs.microsoft.com/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune)
+
 ![custom OMA-URI policy in Intune](images/oma-uri-shared-pc.png) 
-- A provisioning package created with the Windows Imaging and Configuration Designer (ICD): You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Imaging and Configuration Designer (ICD). Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/en-us/library/windows/hardware/mt723294.aspx), exposed in ICD as SharedPC.
+
+- A provisioning package created with the Windows Imaging and Configuration Designer (ICD): You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows 10 PC that is already in use. The provisioning package is created in Windows Imaging and Configuration Designer (ICD). Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](https://msdn.microsoft.com/library/windows/hardware/mt723294.aspx), exposed in ICD as SharedPC.
 
 ![Shared PC settings in ICD](images/icd-adv-shared-pc.png)
 
 
 ### Create a provisioning package for shared use
 
-Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that configures a device for shared PC mode. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (ADK) for Windows 10 to create a provisioning package that configures a device for shared PC mode. [Install the ADK and select **Configuration Designer**.](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit)
 
 1.  Open Windows ICD (by default, %windir%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe). 
 
@@ -86,14 +94,15 @@ Use the Windows ICD tool included in the Windows Assessment and Deployment Kit (
 8.  On the **Export** menu, select **Provisioning package**.
 9.  Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
 10. Set a value for **Package Version**.
-    > **Tip**  
-    You can make changes to existing packages and change the version number to update previously applied packages.
+    > [!TIP]
+    > You can make changes to existing packages and change the version number to update previously applied packages.
   
-11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
+11. (*Optional*) In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
     -   **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
     -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
-       > **Important**  
-        We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently.
+    
+       > [!IMPORTANT]  
+       > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently.
         
 12. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows ICD uses the project folder as the output location.
     Optionally, you can click **Browse** to change the default output location.
@@ -165,7 +174,8 @@ On a desktop computer, navigate to **Settings** &gt; **Accounts** &gt; **Work ac
 
 ![add a package option](images/package.png)
 
-> **Note:** If you apply the setup file to a computer that has already been set up, existing accounts and data might be lost.
+> [!NOTE]
+> If you apply the setup file to a computer that has already been set up, existing accounts and data might be lost.
 
 ## Guidance for accounts on shared PCs
 
@@ -198,7 +208,8 @@ On a desktop computer, navigate to **Settings** &gt; **Accounts** &gt; **Work ac
 ## Policies set by shared PC mode
 Shared PC mode sets local group policies to configure the device. Some of these are configurable using the shared pc mode options.
 
-> **Important**: It is not recommended to set additional policies on PCs configured for **Shared PC Mode**.	The shared PC mode has been optimized to be fast and reliable over time with minimal to no manual maintenance required.
+> [!IMPORTANT]
+> It is not recommended to set additional policies on PCs configured for **Shared PC Mode**.	The shared PC mode has been optimized to be fast and reliable over time with minimal to no manual maintenance required.
 
 <table border="1"> 
 
@@ -241,8 +252,8 @@ Shared PC mode sets local group policies to configure the device. Some of these
 <tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>System</strong>><strong>User Profiles</strong></p></td></tr> 
 <tr> <td> <p>Turn off the advertising ID</p></td> <td> <p>Enabled</p></td><td><p>SetEduPolicies=True</p></td></tr> 
 <tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>Windows Components </strong></p></td></tr> 
-<tr> <td> <p>Do not show Windows Tips </p>*Only on Pro, Enterprise, and Education* </td> <td> <p>Enabled</p></td><td><p>SetEduPolicies=True</p></td></tr> 
-<tr> <td> <p>Turn off Microsoft consumer experiences </p>*Only on Pro, Enterprise, and Education* </td> <td> <p>Enabled</p></td><td><p>SetEduPolicies=True</p></td></tr> 
+<tr> <td> <p>Do not show Windows Tips </p>*Only on Pro, Enterprise, Pro Education, and Education* </td> <td> <p>Enabled</p></td><td><p>SetEduPolicies=True</p></td></tr> 
+<tr> <td> <p>Turn off Microsoft consumer experiences </p>*Only on Pro, Enterprise, Pro Education, and Education* </td> <td> <p>Enabled</p></td><td><p>SetEduPolicies=True</p></td></tr> 
 <tr> <td> <p>Microsoft Passport for Work</p></td> <td> <p>Disabled</p></td><td><p>Always</p></td></tr> 
 <tr> <td> <p>Prevent the usage of OneDrive for file storage</p></td> <td> <p>Enabled</p></td><td><p>Always</p></td></tr> 
 <tr> <td colspan="3"> <p><strong>Admin Templates</strong>><strong>Windows Components</strong>><strong>Biometrics</strong></p></td></tr> 
diff --git a/windows/manage/settings-reference-windows-store-for-business.md b/windows/manage/settings-reference-windows-store-for-business.md
index 283e512bd4..8b88eba8e5 100644
--- a/windows/manage/settings-reference-windows-store-for-business.md
+++ b/windows/manage/settings-reference-windows-store-for-business.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Settings reference: Windows Store for Business
diff --git a/windows/manage/settings-that-can-be-locked-down.md b/windows/manage/settings-that-can-be-locked-down.md
index adf2de0b5e..c0348677ba 100644
--- a/windows/manage/settings-that-can-be-locked-down.md
+++ b/windows/manage/settings-that-can-be-locked-down.md
@@ -8,6 +8,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: mobile
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Settings and quick actions that can be locked down in Windows 10 Mobile
@@ -265,27 +266,27 @@ The following table lists the settings pages and page groups. Use the page name
 <tr class="even">
 <td align="left"></td>
 <td align="left">Narrator</td>
-<td align="left">SettingsPageEaseoOfAccessNarrator</td>
+<td align="left">SettingsPageEaseOfAccessNarrator</td>
 </tr>
 <tr class="odd">
 <td align="left"></td>
 <td align="left">Magnifier</td>
-<td align="left">SettingsPageEaseoOfAccessMagnifier</td>
+<td align="left">SettingsPageEaseOfAccessMagnifier</td>
 </tr>
 <tr class="even">
 <td align="left"></td>
 <td align="left">High contrast</td>
-<td align="left">SettingsPageEaseoOfAccessHighContrast</td>
+<td align="left">SettingsPageEaseOfAccessHighContrast</td>
 </tr>
 <tr class="odd">
 <td align="left"></td>
 <td align="left">Closed captions</td>
-<td align="left">SettingsPageEaseoOfAccessClosedCaptioning</td>
+<td align="left">SettingsPageEaseOfAccessClosedCaptioning</td>
 </tr>
 <tr class="even">
 <td align="left"></td>
 <td align="left">More options</td>
-<td align="left">SettingsPageEaseoOfAccessMoreOptions</td>
+<td align="left">SettingsPageEaseOfAccessMoreOptions</td>
 </tr>
 <tr class="odd">
 <td align="left">Privacy</td>
diff --git a/windows/manage/sign-code-integrity-policy-with-device-guard-signing.md b/windows/manage/sign-code-integrity-policy-with-device-guard-signing.md
index 71deb2dedb..96a6b5344b 100644
--- a/windows/manage/sign-code-integrity-policy-with-device-guard-signing.md
+++ b/windows/manage/sign-code-integrity-policy-with-device-guard-signing.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store, security
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Sign code integrity policy with Device Guard signing
diff --git a/windows/manage/sign-up-windows-store-for-business-overview.md b/windows/manage/sign-up-windows-store-for-business-overview.md
index 93c2e85ad1..5a85ddec8a 100644
--- a/windows/manage/sign-up-windows-store-for-business-overview.md
+++ b/windows/manage/sign-up-windows-store-for-business-overview.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Sign up and get started
@@ -35,18 +36,22 @@ IT admins can sign up for the Windows Store for Business, and get started workin
 </thead>
 <tbody>
 <tr class="odd">
+<td align="left"><p>[Windows Store for Business overview](windows-store-for-business-overview.md)</p></td>
+<td align="left"><p>Learn about Windows Store for Business.</p></td>
+</tr>
+<tr class="even">
 <td align="left"><p>[Prerequisites for Windows Store for Business](prerequisites-windows-store-for-business.md)</p></td>
 <td align="left"><p>There are a few prerequisites for using Store for Business.</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td align="left"><p>[Sign up for Windows Store for Business](sign-up-windows-store-for-business.md)</p></td>
 <td align="left"><p>Before you sign up for Store for Business, at a minimum, you'll need an Azure Active Directory (AD) account for your organization, and you'll need to be the global administrator for your organization. If your organization is already using Azure AD, you can go ahead and sign up for Store for Business. If not, we'll help you create an Azure AD account and directory as part of the sign up process.</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td align="left"><p>[Roles and permissions in the Windows Store for Business](roles-and-permissions-windows-store-for-business.md)</p></td>
 <td align="left"><p>The first person to sign in to Store for Business must be a Global Admin of the Azure Active Directory (AD) tenant. Once the Global Admin has signed in, they can give permissions to others employees.</p></td>
 </tr>
-<tr class="even">
+<tr class="odd">
 <td align="left"><p>[Settings reference: Windows Store for Business](settings-reference-windows-store-for-business.md)</p></td>
 <td align="left"><p>The Store for Business has a group of settings that admins use to manage the store.</p></td>
 </tr>
diff --git a/windows/manage/sign-up-windows-store-for-business.md b/windows/manage/sign-up-windows-store-for-business.md
index 643d42eddf..69d44f17e8 100644
--- a/windows/manage/sign-up-windows-store-for-business.md
+++ b/windows/manage/sign-up-windows-store-for-business.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Sign up for Windows Store for Business
@@ -26,7 +27,7 @@ Before signing up for the Store for Business, make sure you're the global admini
 
 **To sign up for the Store for Business**
 
-1.  Go to [https://www.microsoft.com/business-store](http://go.microsoft.com/fwlink/p/?LinkId=691845), and click **Sign up**.
+1.  Go to [https://www.microsoft.com/business-store](https://go.microsoft.com/fwlink/p/?LinkId=691845), and click **Sign up**.
 
     -   If you start the Store for Business sign up process, and don't have an Azure AD directory for your organization, we'll help you create one. For more info, see [Sign up for Azure AD accounts](#o365-welcome).
 
diff --git a/windows/manage/stop-employees-from-using-the-windows-store.md b/windows/manage/stop-employees-from-using-the-windows-store.md
index dabf676bf5..c95b8cddad 100644
--- a/windows/manage/stop-employees-from-using-the-windows-store.md
+++ b/windows/manage/stop-employees-from-using-the-windows-store.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store, mobile
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Configure access to Windows Store
@@ -79,13 +80,30 @@ If you have mobile devices in your organization that you upgraded from earlier v
 
 When your MDM tool supports Windows Store for Business, the MDM can use these CSPs to block Windows Store app:
 
--   [Policy](http://go.microsoft.com/fwlink/p/?LinkId=717030)
+-   [Policy](https://go.microsoft.com/fwlink/p/?LinkId=717030)
 
 -   [EnterpriseAssignedAccess](https://msdn.microsoft.com/library/windows/hardware/mt157024.aspx) (Windows 10 Mobile, only)
 
 For more information, see [Configure an MDM provider](configure-mdm-provider-windows-store-for-business.md).
-## Related topics
 
+## Show private store only using Group Policy 
+Applies to Windows 10 Enterprise, version 1607.
+
+If you're using Windows Store for Business and you want employees to only see apps you're managing in your private store, you can use Group Policy to show only the private store. Windows Store app will still be available, but employees can't view or purchase apps. Employees can view and install apps that the admin has added to your organization's private store. 
+
+**To show private store only in Windows Store app**
+
+1. Type **gpedit** in the search bar, and then select **Edit group policy (Control panel)** to find and start Group Policy Editor.
+
+2. In the console tree of the snap-in, go to **User Configuration** or **Computer Configuration** > **Administrative Templates** > **Windows Components**, and then click **Store**.
+
+3. Right-click **Only display the private store within the Windows Store app** in the right pane, and click **Edit**.
+
+    This opens the **Only display the private store within the Windows Store app** policy settings.
+
+4. On the **Only display the private store within the Windows Store app** setting page, click **Enabled**, and then click **OK**.
+
+## Related topics
 
 [Distribute apps using your private store](distribute-apps-from-your-private-store.md)
 
diff --git a/windows/manage/troubleshoot-windows-store-for-business.md b/windows/manage/troubleshoot-windows-store-for-business.md
index e2653436b7..55a31b14ec 100644
--- a/windows/manage/troubleshoot-windows-store-for-business.md
+++ b/windows/manage/troubleshoot-windows-store-for-business.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Troubleshoot Windows Store for Business
@@ -52,7 +53,7 @@ The private store for your organization is a page in the Windows Store app that
 
 ## Still having trouble?
 
-If you are still having trouble using WSfB or installing the app, you can get more help on our [Support page](http://go.microsoft.com/fwlink/?LinkID=799757).
+If you are still having trouble using WSfB or installing the app, you can get more help on our [Support page](https://go.microsoft.com/fwlink/?LinkID=799757).
                                 
  
 
diff --git a/windows/manage/uev-accessibility.md b/windows/manage/uev-accessibility.md
new file mode 100644
index 0000000000..08416f8349
--- /dev/null
+++ b/windows/manage/uev-accessibility.md
@@ -0,0 +1,4 @@
+---
+title: Accessibility for UE-V
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/uev-for-windows
+---
\ No newline at end of file
diff --git a/windows/manage/uev-administering-uev-with-windows-powershell-and-wmi.md b/windows/manage/uev-administering-uev-with-windows-powershell-and-wmi.md
new file mode 100644
index 0000000000..3b0c73a34d
--- /dev/null
+++ b/windows/manage/uev-administering-uev-with-windows-powershell-and-wmi.md
@@ -0,0 +1,42 @@
+---
+title: Administering UE-V with Windows PowerShell and WMI
+description: Administering UE-V with Windows PowerShell and WMI
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Administering UE-V with Windows PowerShell and WMI
+
+**Applies to**
+-   Windows 10, version 1607
+
+User Experience Virtualization (UE-V) provides Windows PowerShell cmdlets to help administrators perform various UE-V tasks. The following sections provide more information about using Windows PowerShell in UE-V.
+
+> **Note**&nbsp;&nbsp;Administering UE-V with Windows PowerShell requires PowerShell 3.0 or higher. For a complete list of UE-V cmdlets, see [User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx).
+
+## Managing the UE-V service and packages by using Windows PowerShell and WMI
+
+You can use Windows PowerShell and Windows Management Instrumentation (WMI) to manage UE-V service configuration and synchronization behavior. The following topic describes how to manage configuration and synchronization.
+
+[Managing the UE-V Service and Packages with Windows PowerShell and WMI](uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md)
+
+## Managing UE-V settings location templates by using Windows PowerShell and WMI
+
+
+After you create and deploy UE-V settings location templates, you can manage those templates by using Windows PowerShell or WMI. The following topic describes how to manage the settings location templates by using Windows PowerShell and WMI.
+
+[Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md)
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+- [Administering UE-V](uev-administering-uev.md)
+
+- [User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx)
\ No newline at end of file
diff --git a/windows/manage/uev-administering-uev.md b/windows/manage/uev-administering-uev.md
new file mode 100644
index 0000000000..2c1455ebe3
--- /dev/null
+++ b/windows/manage/uev-administering-uev.md
@@ -0,0 +1,76 @@
+---
+title: Administering UE-V
+description: Administering UE-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Administering UE-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+After you finish deploying User Experience Virtualization (UE-V), you'll perform ongoing administrative tasks, such as managing the configuration of the UE-V service and recovering lost settings. These tasks are explained in the following sections.
+
+## Managing UE-V configurations
+
+
+In the course of the UE-V lifecycle, you'll manage the configuration of the UE-V service and also manage storage locations for resources such as settings package files.
+
+[Manage Configurations for UE-V](uev-manage-configurations.md)
+
+## Working with custom UE-V templates and the UE-V template generator
+
+
+This topic explains how to use the UE-V template generator and manage custom settings location templates.
+
+[Working with Custom UE-V Templates and the UE-V Template Generator](uev-working-with-custom-templates-and-the-uev-generator.md)
+
+## Back up and restore application and Windows settings that are synchronized with UE-V
+
+
+Windows Management Instrumentation (WMI) and Windows PowerShell features of UE-V allow you to restore settings packages. By using WMI and Windows PowerShell commands, you can restore application and Windows settings to their original state and restore additional settings when a user adopts a new device.
+
+[Manage Administrative Backup and Restore in UE-V](uev-manage-administrative-backup-and-restore.md)
+
+## Changing the frequency of UE-V scheduled tasks
+
+
+You can configure the scheduled tasks that manage when UE-V checks for new or updated settings or for updated custom settings location templates in the settings template catalog.
+
+[Changing the Frequency of UE-V Scheduled Tasks](uev-changing-the-frequency-of-scheduled-tasks.md)
+
+## Migrating UE-V settings packages
+
+
+You can relocate the user settings packages either when they migrate to a new server or for backup purposes.
+
+[Migrating UE-V Settings Packages](uev-migrating-settings-packages.md)
+
+## Using UE-V with Application Virtualization applications
+
+
+You can use UE-V with Microsoft Application Virtualization (App-V) to share settings between virtual applications and installed applications across multiple computers.
+
+[Using UE-V with Application Virtualization Applications](uev-using-uev-with-application-virtualization-applications.md)
+
+## Other resources for this feature
+
+
+-   [User Experience Virtualization for Windows overview](uev-for-windows.md)
+
+-   [Get Started with UE-V](uev-getting-started.md)
+
+-   [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+
+-   [Troubleshooting UE-V](uev-troubleshooting.md)
+
+-   [Technical Reference for UE-V](uev-technical-reference.md)
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
diff --git a/windows/manage/uev-application-template-schema-reference.md b/windows/manage/uev-application-template-schema-reference.md
new file mode 100644
index 0000000000..94bdd8dd75
--- /dev/null
+++ b/windows/manage/uev-application-template-schema-reference.md
@@ -0,0 +1,966 @@
+---
+title: Application Template Schema Reference for UE-V
+description: Application Template Schema Reference for UE-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Application Template Schema Reference for UE-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+User Experience Virtualization (UE-V) uses XML settings location templates to define the desktop application settings and Windows settings that are captured and applied by UE-V. UE-V includes a set of default settings location templates. You can also create custom settings location templates with the UE-V template generator.
+
+An advanced user can customize the XML file for a settings location template. This topic details the XML structure of the UE-V settings location templates and provides guidance for editing these files.
+
+## UE-V Application Template Schema Reference
+
+
+This section details the XML structure of the UE-V settings location template and provides guidance for editing this file.
+
+### In This Section
+
+-   [XML Declaration and Encoding Attribute](#xml21)
+
+-   [Namespace and Root Element](#namespace21)
+
+-   [Data types](#data21)
+
+-   [Name Element](#name21)
+
+-   [ID Element](#id21)
+
+-   [Version Element](#version21)
+
+-   [Author Element](#author21)
+
+-   [Processes and Process Element](#processes21)
+
+-   [Application Element](#application21)
+
+-   [Common Element](#common21)
+
+-   [SettingsLocationTemplate Element](#settingslocationtemplate21)
+
+-   [Appendix: SettingsLocationTemplate.xsd](#appendix21)
+
+### <a href="" id="xml21"></a>XML Declaration and Encoding Attribute
+
+**Mandatory: True**
+
+**Type: String**
+
+The XML declaration must specify the XML version 1.0 attribute (&lt;?xml version="1.0"&gt;). Settings location templates created by the UE-V template generator are saved in UTF-8 encoding, although the encoding is not explicitly specified. We recommend that you include the encoding="UTF-8" attribute in this element as a best practice. All templates included with the product specify this tag as well (see the documents in %ProgramFiles%\\Microsoft User Experience Virtualization\\Templates for reference). For example:
+
+`<?xml version="1.0" encoding="UTF-8"?>`
+
+### <a href="" id="namespace21"></a>Namespace and Root Element
+
+**Mandatory: True**
+
+**Type: String**
+
+UE-V uses the http://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate namespace for all applications. SettingsLocationTemplate is the root element and contains all other elements. Reference SettingsLocationTemplate in all templates using this tag:
+
+`<SettingsLocationTemplate xmlns='http://schemas.microsoft.com/UserExperienceVirtualization/2012/SettingsLocationTemplate'>`
+
+### <a href="" id="data21"></a>Data types
+
+These are the data types for the UE-V application template schema.
+
+<a href="" id="guid"></a>**GUID**  
+GUID describes a standard globally unique identifier regular expression in the form "\\{\[a-fA-F0-9\]{8}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{4}-\[a-fA-F0-9\]{12}\\}". This is used in the Filesetting\\Root\\KnownFolder element to verify the formatting of well-known folders.
+
+<a href="" id="filenamestring"></a>**FilenameString**  
+FilenameString refers to the file name of a process to be monitored. Its values are restricted by the regex \[^\\\\\\?\\\*\\|&lt;&gt;/:\]+, (that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon characters).
+
+<a href="" id="idstring"></a>**IDString**  
+IDString refers to the ID value of Application elements, SettingsLocationTemplate, and Common elements (used to describe application suites that share common settings). It is restricted by the same regex as FilenameString (\[^\\\\\\?\\\*\\|&lt;&gt;/:\]+).
+
+<a href="" id="templateversion"></a>**TemplateVersion**  
+TemplateVersion is an integer value used to describe the revision of the settings location template. Its value may range from 0 to 2147483647.
+
+<a href="" id="empty"></a>**Empty**  
+Empty refers to a null value. This is used in Process\\ShellProcess to indicate that there is no process to monitor. This value should not be used in any application templates.
+
+<a href="" id="author"></a>**Author**  
+The Author data type is a complex type that identifies the author of a template. It contains two child elements: **Name** and **Email**. Within the Author data type, the Name element is mandatory while the Email element is optional. This type is described in more detail under the SettingsLocationTemplate element.
+
+<a href="" id="range"></a>**Range**  
+Range defines an integer class consisting of two child elements: **Minimum** and **Maximum**. This data type is implemented in the ProcessVersion data type. If specified, both Minimum and Maximum values must be included.
+
+<a href="" id="processversion"></a>**ProcessVersion**  
+ProcessVersion defines a type with four child elements: **Major**, **Minor**, **Build**, and **Patch**. This data type is used by the Process element to populate its ProductVersion and FileVersion values. The data for this type is a Range value. The Major child element is mandatory and the others are optional.
+
+<a href="" id="architecture"></a>**Architecture**  
+Architecture enumerates two possible values: **Win32** and **Win64**. These values are used to specify process architecture.
+
+<a href="" id="process"></a>**Process**  
+The Process data type is a container used to describe processes to be monitored by UE-V. It contains six child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. This table details each element’s respective data type:
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Element</strong></p></td>
+<td align="left"><p><strong>Data Type</strong></p></td>
+<td align="left"><p><strong>Mandatory</strong></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Filename</p></td>
+<td align="left"><p>FilenameString</p></td>
+<td align="left"><p>True</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Architecture</p></td>
+<td align="left"><p>Architecture</p></td>
+<td align="left"><p>False</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>ProductName</p></td>
+<td align="left"><p>String</p></td>
+<td align="left"><p>False</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>FileDescription</p></td>
+<td align="left"><p>String</p></td>
+<td align="left"><p>False</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>ProductVersion</p></td>
+<td align="left"><p>ProcessVersion</p></td>
+<td align="left"><p>False</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>FileVersion</p></td>
+<td align="left"><p>ProcessVersion</p></td>
+<td align="left"><p>False</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+<a href="" id="processes"></a>**Processes**  
+The Processes data type represents a container for a collection of one or more Process elements. Two child elements are supported in the Processes sequence type: **Process** and **ShellProcess**. Process is an element of type Process and ShellProcess is of data type Empty. At least one item must be identified in the sequence.
+
+<a href="" id="path"></a>**Path**  
+Path is consumed by RegistrySetting and FileSetting to refer to registry and file paths. This element supports two optional attributes: **Recursive** and **DeleteIfNotFound**. Both values are set to default=”False”.
+
+Recursive indicates that the path and all subfolders are included for file settings or that all child registry keys are included for registry settings. In both cases, all items at the current level are included in the data captured. For a FileSettings object, all files within the specified folder are included in the data captured by UE-V but folders are not included. For registry paths, all values in the current path are captured but child registry keys are not captured. In both cases, care should be taken to avoid capturing large data sets or large numbers of items.
+
+The DeleteIfNotFound attribute removes the setting from the user’s settings storage path data. This may be desirable in cases where removing these settings from the package will save a large amount of disk space on the settings storage path file server.
+
+<a href="" id="filemask"></a>**FileMask**  
+FileMask specifies only certain file types for the folder that is defined by Path. For example, Path might be `C:\users\username\files` and FileMask could be `*.txt` to include only text files.
+
+<a href="" id="registrysetting"></a>**RegistrySetting**  
+RegistrySetting represents a container for registry keys and values and the associated desired behavior on the part of the UE-V service. Four child elements are defined within this type: **Path**, **Name**, **Exclude**, and a sequence of the values **Path** and **Name**.
+
+<a href="" id="filesetting"></a>**FileSetting**  
+FileSetting contains parameters associated with files and files paths. Four child elements are defined: **Root**, **Path**, **FileMask**, and **Exclude**. Root is mandatory and the others are optional.
+
+<a href="" id="settings"></a>**Settings**  
+Settings is a container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings described earlier. In addition, it can also contain the following child elements with behaviors described:
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Element</strong></p></td>
+<td align="left"><p><strong>Description</strong></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Asynchronous</p></td>
+<td align="left"><p>Asynchronous settings packages are applied without blocking the application startup so that the application start proceeds while the settings are still being applied. This is useful for settings that can be applied asynchronously, such as those <code>get/set</code> through an API, like SystemParameterSetting.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>PreventOverlappingSynchronization</p></td>
+<td align="left"><p>By default, UE-V only saves settings for an application when the last instance of an application using the template is closed. When this element is set to ‘false’, UE-V exports the settings even if other instances of an application are running. Suited templates – those that include a Common element section– that are shipped with UE-V use this flag to enable shared settings to always export on application close, while preventing application-specific settings from exporting until the last instance is closed.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>AlwaysApplySettings</p></td>
+<td align="left"><p>This parameter forces an imported settings package to be applied even if there are no differences between the package and the current state of the application. This parameter should be used only in special cases since it can slow down settings import.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### <a href="" id="name21"></a>Name Element
+
+**Mandatory: True**
+
+**Type: String**
+
+Name specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. In general, avoid referencing version information, as this can be objected from the ProductVersion element. For example, specify `<Name>My Application</Name>` rather than `<Name>My Application 1.1</Name>`.
+
+**Note**  
+UE-V does not reference external DTDs, so it is not possible to use named entities in a settings location template. For example, do not use &reg; to refer to the registered trade mark sign ®. Instead, use canonical numbered references to include these types of special characters, for example, &\#174 for the ® character. This rule applies to all string values in this document.
+
+See <http://www.w3.org/TR/xhtml1/dtds.html> for a complete list of character entities. UTF-8-encoded documents may include the Unicode characters directly. Saving templates through the UE-V template generator converts character entities to their Unicode representations automatically.
+
+ 
+
+### <a href="" id="id21"></a>ID Element
+
+**Mandatory: True**
+
+**Type: String**
+
+ID populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime (for example, see the output of the Get-UevTemplate and Get-UevTemplateProgram PowerShell cmdlets). By convention, this tag should not contain any spaces, which simplifies scripting. Version numbers of applications should be specified in this element to allow for easy identification of the template, such as `<ID>MicrosoftOffice2016Win64</ID>`.
+
+### <a href="" id="version21"></a>Version Element
+
+**Mandatory: True**
+
+**Type: Integer**
+
+**Minimum Value: 0**
+
+**Maximum Value: 2147483647**
+
+Version identifies the version of the settings location template for administrative tracking of changes. The UE-V template generator automatically increments this number by one each time the template is saved. Notice that this field must be a whole number integer; fractional values, such as `<Version>2.5</Version>` are not allowed.
+
+**Hint:** You can save notes about version changes using XML comment tags `<!-- -->`, for example:
+
+``` syntax
+  <!--
+     Version History
+
+     Version 1 Jul 05, 2012 Initial template created by Generator - Denise@Contoso.com
+     Version 2 Jul 31, 2012 Added support for app.exe v2.1.3 - Mark@Contoso.com
+     Version 3 Jan 01, 2013 Added font settings support - Mark@Contoso.com
+     Version 4 Jan 31, 2013 Added support for plugin settings - Tony@Contoso.com
+   -->
+  <Version>4</Version>
+```
+
+**Important**  
+This value is queried to determine if a new version of a template should be applied to an existing template in these instances:
+
+-   When the scheduled Template Auto Update task executes
+
+-   When the Update-UevTemplate PowerShell cmdlet is executed
+
+-   When the microsoft\\uev:SettingsLocationTemplate Update method is called through WMI
+
+ 
+
+### <a href="" id="author21"></a>Author Element
+
+**Mandatory: False**
+
+**Type: String**
+
+Author identifies the creator of the settings location template. Two optional child elements are supported: **Name** and **Email**. Both attributes are optional, but, if the Email child element is specified, it must be accompanied by the Name element. Author refers to the full name of the contact for the settings location template, and email should refer to an email address for the author. We recommend that you include this information in templates published publicly, for example, on the [UE-V Template Gallery](http://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V).
+
+### <a href="" id="processes21"></a>Processes and Process Element
+
+**Mandatory: True**
+
+**Type: Element**
+
+Processes contains at least one `<Process>` element, which in turn contains the following child elements: **Filename**, **Architecture**, **ProductName**, **FileDescription**, **ProductVersion**, and **FileVersion**. The Filename child element is mandatory and the others are optional. A fully populated element contains tags similar to this example:
+
+``` syntax
+    <Process>
+      <Filename>MyApplication.exe</Filename>
+      <Architecture>Win64</Architecture>
+      <ProductName> MyApplication </ProductName>
+      <FileDescription>MyApplication.exe</FileDescription>
+      <ProductVersion>
+        <Major Minimum="2" Maximum="2" />
+        <Minor Minimum="0" Maximum="0" />
+        <Build Minimum="0" Maximum="0" />
+        <Patch Minimum="5" Maximum="5" />
+      </ProductVersion>
+      <FileVersion>
+        <Major Minimum="2" Maximum="2" />
+        <Minor Minimum="0" Maximum="0" />
+        <Build Minimum="0" Maximum="0" />
+        <Patch Minimum="5" Maximum="5" />
+      </FileVersion>
+    </Process>
+```
+
+### Filename
+
+**Mandatory: True**
+
+**Type: String**
+
+Filename refers to the actual file name of the executable as it appears in the file system. This element specifies the primary criterion that UE-V uses to evaluate whether a template applies to a process or not. This element must be specified in the settings location template XML.
+
+Valid filenames must not match the regular expression \[^\\\\\\?\\\*\\|&lt;&gt;/:\]+, that is, they may not contain backslash characters, asterisk or question mark wild-card characters, the pipe character, the greater than or less than sign, forward slash, or colon (the \\ ? \* | &lt; &gt; / or : characters.).
+
+**Hint:** To test a string against this regex, use a PowerShell command window and substitute your executable’s name for **YourFileName**:
+
+`"YourFileName.exe" -match  "[\\\?\*\|<>/:]+"`
+
+A value of **True** indicates that the string contains illegal characters. Here are some examples of illegal values:
+
+-   \\\\server\\share\\program.exe
+
+-   Program\*.exe
+
+-   Pro?ram.exe
+
+-   Program&lt;1&gt;.exe
+
+**Note**  
+The UE-V template generator encodes the greater than and less than characters as &gt; and &lt; respectively.
+
+ 
+
+In rare circumstances, the FileName value will not necessarily include the .exe extension, but it should be specified as part of the value. For example, `<Filename>MyApplication.exe</Filename>` should be specified instead of `<Filename>MyApplication</Filename>`. The second example will not apply the template to the process if the actual name of the executable file is “MyApplication.exe”.
+
+### Architecture
+
+**Mandatory: False**
+
+**Type: Architecture (String)**
+
+Architecture refers to the processor architecture for which the target executable was compiled. Valid values are Win32 for 32-bit applications or Win64 for 64-bit applications. If present, this tag limits the applicability of the settings location template to a particular application architecture. For an example of this, compare the %ProgramFiles%\\Microsoft User Experience Virtualization\\templates\\ MicrosoftOffice2016Win32.xml and MicrosoftOffice2016Win64.xml files included with UE-V. This is useful when relative paths change between different versions of an executable or if settings have been added or removed when moving from one processor architecture to another.
+
+If this element is absent, the settings location template ignores the process’ architecture and applies to both 32 and 64-bit processes if the file name and other attributes apply.
+
+**Note**  
+UE-V does not support ARM processors in this version.
+
+ 
+
+### ProductName
+
+**Mandatory: False**
+
+**Type: String**
+
+ProductName is an optional element used to identify a product for administrative purposes or reporting. ProductName differs from Filename in that there are no regular expression restrictions on its value. This allows for more easily understood descriptions of a process where the executable name may not be obvious. For example:
+
+``` syntax
+    <Process>
+      <Filename>MyApplication.exe</Filename>
+      <ProductName>My Application 6.x by Contoso.com</ProductName>
+      <ProductVersion>
+        <Major Minimum="6" Maximum="6" />
+      </ProductVersion>
+    </Process>
+```
+
+### FileDescription
+
+**Mandatory: False**
+
+**Type: String**
+
+FileDescription is an optional tag that allows for an administrative description of the executable file. This is a free text field and can be useful in distinguishing multiple executables within a software package where there is a need to identify the function of the executable.
+
+For example, in a suited application, it might be useful to provide reminders about the function of two executables (MyApplication.exe and MyApplicationHelper.exe), as shown here:
+
+``` syntax
+<Processes>
+ 
+   <Process>
+      <Filename>MyApplication.exe</Filename>
+      <FileDescription>My Application Main Engine</ FileDescription>
+      <ProductVersion>
+        <Major Minimum="6" Maximum="6" />
+      </ProductVersion>
+    </Process>
+    <Process>
+      <Filename>MyApplicationHelper.exe</Filename>
+      <FileDescription>My Application Background Process Executable</FileDescription>
+      <ProductVersion>
+        <Major Minimum="6" Maximum="6" />
+      </ProductVersion>
+    </Process>
+</Processes>
+```
+
+### ProductVersion
+
+**Mandatory: False**
+
+**Type: String**
+
+ProductVersion refers to the major and minor product versions of a file, as well as a build and patch level. ProductVersion is an optional element, but if specified, it must contain at least the Major child element. The value must express a range in the form Minimum="X" Maximum="Y" where X and Y are integers. The Minimum and Maximum values can be identical.
+
+The product and file version elements may be left unspecified. Doing so makes the template “version agnostic”, meaning that the template will apply to all versions of the specified executable.
+
+**Example 1:**
+
+Product version: 1.0 specified in the UE-V template generator produces the following XML:
+
+``` syntax
+      <ProductVersion>
+        <Major Minimum="1" Maximum="1" />
+        <Minor Minimum="0" Maximum="0" />
+      </ProductVersion>
+```
+
+**Example 2:**
+
+File version: 5.0.2.1000 specified in the UE-V template generator produces the following XML:
+
+``` syntax
+      <FileVersion>
+        <Major Minimum="5" Maximum="5" />
+        <Minor Minimum="0" Maximum="0" />
+        <Build Minimum="2" Maximum="2" />
+        <Patch Minimum="1000" Maximum="1000" />
+      </FileVersion>
+```
+
+**Incorrect Example 1 – incomplete range:**
+
+Only the Minimum attribute is present. Maximum must be included in a range as well.
+
+``` syntax
+      <ProductVersion>
+        <Major Minimum="2" />
+      </ProductVersion>
+```
+
+**Incorrect Example 2 – Minor specified without Major element:**
+
+Only the Minor element is present. Major must be included as well.
+
+``` syntax
+      <ProductVersion>
+        <Minor Minimum="0" Maximum="0" />
+      </ProductVersion>
+```
+
+### FileVersion
+
+**Mandatory: False**
+
+**Type: String**
+
+FileVersion differentiates between the release version of a published application and the internal build details of a component executable. For the majority of commercial applications, these numbers are identical. Where they vary, the product version of a file indicates a generic version identification of a file, while file version indicates a specific build of a file (as in the case of a hotfix or update). This uniquely identifies files without breaking detection logic.
+
+To determine the product version and file version of a particular executable, right-click on the file in Windows Explorer, select Properties, then click on the Details tab.
+
+Including a FileVersion element for an application allows for more granular fine-tuning detection logic, but is not necessary for most applications. The ProductVersion element settings are checked first, and then FileVersion is checked. The more restrictive setting will apply.
+
+The child elements and syntax rules for FileVersion are identical to those of ProductVersion.
+
+``` syntax
+      <Process>
+        <Filename>MSACCESS.EXE</Filename>
+        <Architecture>Win32</Architecture>
+        <ProductVersion>
+          <Major Minimum="14" Maximum="14" />
+          <Minor Minimum="0" Maximum="0" />
+        </ProductVersion>
+        <FileVersion>
+          <Major Minimum="14" Maximum="14" />
+          <Minor Minimum="0" Maximum="0" />
+        </FileVersion>
+      </Process>
+```
+
+### <a href="" id="application21"></a>Application Element
+
+Application is a container for settings that apply to a particular application. It is a collection of the following fields/types.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Field/Type</strong></p></td>
+<td align="left"><p><strong>Description</strong></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Name</p></td>
+<td align="left"><p>Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>ID</p></td>
+<td align="left"><p>Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Description</p></td>
+<td align="left"><p>An optional description of the template.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>LocalizedNames</p></td>
+<td align="left"><p>An optional name displayed in the UI, localized by a language locale.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>LocalizedDescriptions</p></td>
+<td align="left"><p>An optional template description localized by a language locale.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Version</p></td>
+<td align="left"><p>Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>DeferToMSAccount</p></td>
+<td align="left"><p>Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>DeferToOffice365</p></td>
+<td align="left"><p>Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>FixedProfile</p></td>
+<td align="left"><p>Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Processes</p></td>
+<td align="left"><p>A container for a collection of one or more Process elements. For more information, see [Processes](#processes21).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Settings</p></td>
+<td align="left"><p>A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see <strong>Settings</strong> in [Data types](#data21).</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### <a href="" id="common21"></a>Common Element
+
+Common is similar to an Application element, but it is always associated with two or more Application elements. The Common section represents the set of settings that are shared between those Application instances. It is a collection of the following fields/types.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Field/Type</strong></p></td>
+<td align="left"><p><strong>Description</strong></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Name</p></td>
+<td align="left"><p>Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>ID</p></td>
+<td align="left"><p>Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Description</p></td>
+<td align="left"><p>An optional description of the template.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>LocalizedNames</p></td>
+<td align="left"><p>An optional name displayed in the UI, localized by a language locale.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>LocalizedDescriptions</p></td>
+<td align="left"><p>An optional template description localized by a language locale.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Version</p></td>
+<td align="left"><p>Identifies the version of the settings location template for administrative tracking of changes. For more information, see [Version](#version21).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>DeferToMSAccount</p></td>
+<td align="left"><p>Controls whether this template is enabled in conjunction with a Microsoft account or not. If MSA syncing is enabled for a user on a machine, then this template will automatically be disabled.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>DeferToOffice365</p></td>
+<td align="left"><p>Similar to MSA, this controls whether this template is enabled in conjunction with Office365. If Office 365 is being used to sync settings, this template will automatically be disabled.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>FixedProfile</p></td>
+<td align="left"><p>Specifies that this template can only be associated with the profile specified within this element, and cannot be changed via WMI or PowerShell.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Settings</p></td>
+<td align="left"><p>A container for all the settings that apply to a particular template. It contains instances of the Registry, File, SystemParameter, and CustomAction settings. For more information, see <strong>Settings</strong> in [Data types](#data21).</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### <a href="" id="settingslocationtemplate21"></a>SettingsLocationTemplate Element
+
+This element defines the settings for a single application or a suite of applications.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Field/Type</strong></p></td>
+<td align="left"><p><strong>Description</strong></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Name</p></td>
+<td align="left"><p>Specifies a unique name for the settings location template. This is used for display purposes when referencing the template in WMI, PowerShell, Event Viewer and debug logs. For more information, see [Name](#name21).</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>ID</p></td>
+<td align="left"><p>Populates a unique identifier for a particular template. This tag becomes the primary identifier that the UE-V service uses to reference the template at runtime. For more information, see [ID](#id21).</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Description</p></td>
+<td align="left"><p>An optional description of the template.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>LocalizedNames</p></td>
+<td align="left"><p>An optional name displayed in the UI, localized by a language locale.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>LocalizedDescriptions</p></td>
+<td align="left"><p>An optional template description localized by a language locale.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### <a href="" id="appendix21"></a>Appendix: SettingsLocationTemplate.xsd
+
+Here is the SettingsLocationTemplate.xsd file showing its elements, child elements, attributes, and parameters:
+
+``` syntax
+<?xml version="1.0" encoding="utf-8"?>
+<xs:schema id="UevSettingsLocationTemplate"
+  targetNamespace="http://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate"
+  elementFormDefault="qualified"
+  xmlns="http://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate"
+  xmlns:mstns="http://schemas.microsoft.com/UserExperienceVirtualization/2013A/SettingsLocationTemplate"
+  xmlns:xs="http://www.w3.org/2001/XMLSchema">
+
+    <xs:simpleType name="Guid">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="\{[a-fA-F0-9]{8}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{4}-[a-fA-F0-9]{12}\}" />
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="FilenameString">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="[^\\\?\*\|&lt;&gt;/:]+" />
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="IDString">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="[^\\\?\*\|&lt;&gt;/:.]+" />
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:simpleType name="CompositeIDString">
+        <xs:restriction base="xs:string">
+            <xs:pattern value="[^\\\?\*\|&lt;&gt;/:.]+([.][^\\\?\*\|&lt;&gt;/:.]+)?" />
+        </xs:restriction>
+    </xs:simpleType>
+  
+    <xs:simpleType name="TemplateVersion">
+        <xs:restriction base="xs:integer">
+            <xs:minInclusive value="0" />
+            <xs:maxInclusive value="2147483647" />
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="Empty">
+        <xs:sequence/>
+    </xs:complexType>
+
+    <xs:complexType name="LocalizedString">
+        <xs:simpleContent>
+            <xs:extension base="xs:string">
+                <xs:attribute name="Locale" type="xs:string" use="required"/>
+            </xs:extension>
+        </xs:simpleContent>
+    </xs:complexType>
+
+    <xs:complexType name="LocalizedName">
+        <xs:sequence>
+            <xs:element name="Name" type="LocalizedString" minOccurs="1" maxOccurs="unbounded" />
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="LocalizedDescription">
+        <xs:sequence>
+            <xs:element name="Description" type="LocalizedString" minOccurs="1" maxOccurs="unbounded" />
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="ReplacedTemplates">
+      <xs:sequence>
+        <xs:element name="ID" type="CompositeIDString" minOccurs="1" maxOccurs="unbounded" />
+    </xs:sequence>
+    </xs:complexType>
+  
+    <xs:complexType name="Author">
+        <xs:all>
+            <xs:element name="Name" type="xs:string" minOccurs="1" />
+            <xs:element name="Email" type="xs:string" minOccurs="0" />
+        </xs:all>
+    </xs:complexType>
+
+    <xs:complexType name="Range">
+        <xs:attribute name="Minimum" type="xs:integer" use="required"/>
+        <xs:attribute name="Maximum" type="xs:integer" use="required"/>
+    </xs:complexType>
+
+    <xs:complexType name="ProcessVersion">
+        <xs:sequence>
+            <xs:element name="Major" type="Range" minOccurs="1" />
+            <xs:element name="Minor" type="Range" minOccurs="0" />
+            <xs:element name="Build" type="Range" minOccurs="0" />
+            <xs:element name="Patch" type="Range" minOccurs="0" />
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:simpleType name="Architecture">
+        <xs:restriction base="xs:string">
+            <xs:enumeration value="Win32"/>
+            <xs:enumeration value="Win64"/>
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="Process">
+        <xs:sequence>
+            <xs:element name="Filename" type="FilenameString" minOccurs="1" />
+            <xs:element name="Architecture" type="Architecture" minOccurs="0" />
+            <xs:element name="ProductName" type="xs:string" minOccurs="0" />
+            <xs:element name="FileDescription" type="xs:string" minOccurs="0" />
+            <xs:element name="ProductVersion" type="ProcessVersion" minOccurs="0" maxOccurs="unbounded"/>
+            <xs:element name="FileVersion" type="ProcessVersion" minOccurs="0" maxOccurs="unbounded"/>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="Processes">
+        <xs:sequence>
+            <xs:choice minOccurs="1">
+                <xs:element name="Process" type="Process" />
+                <xs:element name="ShellProcess" type="Empty" />
+            </xs:choice>
+            <xs:element name="Process" type="Process" minOccurs="0" maxOccurs="unbounded" />
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="Path">
+        <xs:simpleContent>
+            <xs:extension base="xs:string">
+                <xs:attribute name="Recursive" type="xs:boolean" default="false"/>
+                <xs:attribute name="DeleteIfNotFound" type="xs:boolean" default="false"/>
+            </xs:extension>
+        </xs:simpleContent>
+    </xs:complexType>
+
+    <xs:complexType name="RegistrySetting">
+        <xs:sequence>
+            <xs:element name="Path" type="Path" />
+            <xs:element name="Name" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
+            <xs:element name="Exclude" minOccurs="0" maxOccurs="unbounded">
+                <xs:complexType>
+                    <xs:sequence>
+                        <xs:element name="Path" type="Path" minOccurs="0" />
+                        <xs:element name="Name" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
+                    </xs:sequence>
+                </xs:complexType>
+            </xs:element>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="FileSetting">
+        <xs:sequence>
+
+            <xs:element name="Root">
+                <xs:complexType>
+                    <xs:choice>
+                        <xs:element name="KnownFolder" type="Guid" />
+                        <xs:element name="RegistryEntry" type="xs:string" />
+                        <xs:element name="EnvironmentVariable" type="xs:string" />
+                    </xs:choice>
+                </xs:complexType>
+            </xs:element>
+
+            <xs:element name="Path" minOccurs="0" type="Path" />
+            <xs:element name="FileMask" type="xs:string" minOccurs="0" maxOccurs="unbounded"/>
+
+            <xs:element name="Exclude" minOccurs="0" maxOccurs="unbounded">
+                <xs:complexType>
+                    <xs:sequence>
+                        <xs:element name="Path" type="Path" minOccurs="0" />
+                        <xs:element name="FileMask" type="xs:string" minOccurs="0" maxOccurs="unbounded" />
+                    </xs:sequence>
+                </xs:complexType>
+            </xs:element>
+
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:simpleType name="CustomActionSetting">
+        <xs:restriction base="xs:anyURI"/>
+    </xs:simpleType>
+
+    <xs:simpleType name="SystemParameterSetting">
+        <xs:restriction base="xs:string">
+
+            <!-- Accessibility parameters -->
+            <xs:enumeration value="AccessTimeout"/>
+            <xs:enumeration value="AudioDescription"/>
+            <xs:enumeration value="ClientAreaAnimation"/>
+            <xs:enumeration value="DisableOverlappedContent"/>
+            <xs:enumeration value="FilterKeys"/>
+            <xs:enumeration value="FocusBorderHeight"/>
+            <xs:enumeration value="FocusBorderWidth"/>
+            <xs:enumeration value="HighContrast"/>
+            <xs:enumeration value="MessageDuration"/>
+            <xs:enumeration value="MouseClickLock"/>
+            <xs:enumeration value="MouseClickLockTime"/>
+            <xs:enumeration value="MouseKeys"/>
+            <xs:enumeration value="MouseSonar"/>
+            <xs:enumeration value="MouseVanish"/>
+            <xs:enumeration value="ScreenReader"/>
+            <xs:enumeration value="ShowSounds"/>
+            <xs:enumeration value="SoundSentry"/>
+            <xs:enumeration value="StickyKeys"/>
+            <xs:enumeration value="ToggleKeys"/>
+
+            <!-- Input parameters -->
+            <xs:enumeration value="Beep"/>
+            <xs:enumeration value="BlockSendInputResets"/>
+            <xs:enumeration value="DefaultInputLang"/>
+            <xs:enumeration value="DoubleClickTime"/>
+            <xs:enumeration value="DoubleClkHeight"/>
+            <xs:enumeration value="DoubleClkWidth"/>
+            <xs:enumeration value="KeyboardCues"/>
+            <xs:enumeration value="KeyboardDelay"/>
+            <xs:enumeration value="KeyboardPref"/>
+            <xs:enumeration value="KeyboardSpeed"/>
+            <xs:enumeration value="Mouse"/>
+            <xs:enumeration value="MouseButtonSwap"/>
+            <xs:enumeration value="MouseHoverHeight"/>
+            <xs:enumeration value="MouseHoverTime"/>
+            <xs:enumeration value="MouseHoverWidth"/>
+            <xs:enumeration value="MouseSpeed"/>
+            <xs:enumeration value="MouseTrails"/>
+            <xs:enumeration value="SnapToDefButton"/>
+            <xs:enumeration value="WheelScrollChars"/>
+            <xs:enumeration value="WheelScrollLines"/>
+
+            <!-- Desktop parameters (limited subset) -->
+            <xs:enumeration value="DeskWallpaper"/>
+            <xs:enumeration value="DesktopColor"/>
+
+        </xs:restriction>
+    </xs:simpleType>
+
+    <xs:complexType name="Settings">
+        <xs:sequence>
+            <xs:element name="Asynchronous" type="xs:boolean" minOccurs="0" />
+            <xs:element name="PreventOverlappingSynchronization" type="xs:boolean" minOccurs="0" />
+            <xs:element name="AlwaysApplySettings" type="xs:boolean" minOccurs="0" />
+            <xs:choice minOccurs="0" maxOccurs="unbounded">
+                <xs:element name="Registry" type="RegistrySetting" />
+                <xs:element name="File" type="FileSetting" />
+                <xs:element name="SystemParameter" type="SystemParameterSetting" />
+                <xs:element name="CustomAction" type="CustomActionSetting" />
+            </xs:choice>
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="Common">
+        <xs:sequence>
+            <xs:element name="Name" type="xs:string" />
+            <xs:element name="ID" type="IDString" />
+            <xs:element name="ReplacedTemplates" type="ReplacedTemplates" minOccurs="0" />
+            <xs:element name="Description" type="xs:string" minOccurs="0" />
+            <xs:element name="LocalizedNames" type="LocalizedName" minOccurs="0" />
+            <xs:element name="LocalizedDescriptions" type="LocalizedDescription" minOccurs="0" />
+            <xs:element name="Version" type="xs:integer" />
+            <xs:element name="DeferToMSAccount" type="Empty"  minOccurs="0" />
+            <xs:element name="DeferToOffice365" type="Empty" minOccurs="0" />
+            <xs:element name="Settings" type="Settings" />
+        </xs:sequence>
+    </xs:complexType>
+
+    <xs:complexType name="Application">
+        <xs:sequence>
+            <xs:element name="Name" type="xs:string" />
+            <xs:element name="ID" type="IDString" />
+            <xs:element name="ReplacedTemplates" type="ReplacedTemplates" minOccurs="0" />
+            <xs:element name="Description" type="xs:string" minOccurs="0" />
+            <xs:element name="LocalizedNames" type="LocalizedName" minOccurs="0" />
+            <xs:element name="LocalizedDescriptions" type="LocalizedDescription" minOccurs="0" />
+            <xs:element name="Version" type="xs:integer" />
+            <xs:element name="DeferToMSAccount" type="Empty"  minOccurs="0" />
+            <xs:element name="DeferToOffice365" type="Empty" minOccurs="0" />
+            <xs:element name="Processes" type="Processes" />
+            <xs:element name="Settings" type="Settings" />
+        </xs:sequence>
+    </xs:complexType>
+
+
+    <xs:element name="SettingsLocationTemplate">
+        <xs:complexType>
+            <xs:sequence>
+
+                <xs:element name="Name" type="xs:string" />
+                <xs:element name="ID" type="IDString" />
+                <xs:element name="Description" type="xs:string" minOccurs="0" />
+                <xs:element name="LocalizedNames" type="LocalizedName" minOccurs="0" />
+                <xs:element name="LocalizedDescriptions" type="LocalizedDescription" minOccurs="0" />
+
+                <xs:choice>
+
+                    <!-- Single application -->
+                    <xs:sequence>
+                        <xs:element name="ReplacedTemplates" type="ReplacedTemplates" minOccurs="0" />
+                        <xs:element name="Version" type="TemplateVersion" />
+                        <xs:element name="Author" type="Author" minOccurs="0" />
+                        <xs:element name="FixedProfile" type="xs:string"  minOccurs="0" />
+                        <xs:element name="DeferToMSAccount" type="Empty"  minOccurs="0" />
+                        <xs:element name="DeferToOffice365" type="Empty" minOccurs="0" />
+                        <xs:element name="Processes" type="Processes" />
+                        <xs:element name="Settings" type="Settings" />
+                    </xs:sequence>
+
+                    <!-- Suite of applications -->
+                    <xs:sequence>
+                        <xs:element name="ManageSuiteOnly" type="xs:boolean" minOccurs="0" />
+                        <xs:element name="Author" type="Author" minOccurs="0" />
+                        <xs:element name="FixedProfile" type="xs:string"  minOccurs="0" />
+                        <xs:element name="Common" type="Common" />
+                        <xs:element name="Application" type="Application" minOccurs="2" maxOccurs="unbounded" />
+                    </xs:sequence>
+
+                </xs:choice>
+
+            </xs:sequence>
+        </xs:complexType>
+    </xs:element>
+    <!-- SettingsLocationTemplate -->
+
+</xs:schema>
+```
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+[Working with Custom UE-V Templates and the UE-V Template Generator](uev-working-with-custom-templates-and-the-uev-generator.md)
+
+[Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/manage/uev-changing-the-frequency-of-scheduled-tasks.md b/windows/manage/uev-changing-the-frequency-of-scheduled-tasks.md
new file mode 100644
index 0000000000..888c3b7ee1
--- /dev/null
+++ b/windows/manage/uev-changing-the-frequency-of-scheduled-tasks.md
@@ -0,0 +1,249 @@
+---
+title: Changing the Frequency of UE-V Scheduled Tasks
+description: Changing the Frequency of UE-V Scheduled Tasks
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Changing the Frequency of UE-V Scheduled Tasks
+
+**Applies to**
+-   Windows 10, version 1607
+
+When the User Experience Virtualization (UE-V) service is enabled, it creates the following scheduled tasks:
+
+-   [Monitor Application Settings](#monitor-application-settings)
+
+-   [Sync Controller Application](#sync-controller-application)
+
+-   [Synchronize Settings at Logoff](#synchronize-settings-at-logoff)
+
+-   [Template Auto Update](#template-auto-update)
+
+**Note**<br>
+These tasks must remain enabled, because UE-V cannot function without them.
+
+These scheduled tasks are not configurable with the UE-V tools. Administrators who want to change the scheduled task for these items can create a script that uses the Schtasks.exe command-line options.
+
+For more information about Schtasks.exe, see [Schtasks](https://technet.microsoft.com/library/cc725744(v=ws.11).aspx).
+
+## UE-V Scheduled Tasks
+
+The following scheduled tasks are included in UE-V with sample scheduled task configuration commands.
+
+### Monitor Application Settings
+
+The **Monitor Application Settings** task is used to synchronize settings for Windows apps. It is runs at logon but is delayed by 30 seconds to not affect the logon detrimentally. The Monitor Application Status task runs the UevAppMonitor.exe file, which is located in the UE-V Agent installation directory.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task name</th>
+<th align="left">Default event</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>\Microsoft\UE-V\Monitor Application Status</p></td>
+<td align="left"><p>Logon</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Sync Controller Application
+
+The **Sync Controller Application** task is used to start the Sync Controller to synchronize settings from the computer to the settings storage location. By default, the task runs every 30 minutes. At that time, local settings are synchronized to the settings storage location, and updated settings on the settings storage location are synchronized to the computer. The Sync Controller application runs the Microsoft.Uev.SyncController.exe, which is located in the UE-V Agent installation directory.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task name</th>
+<th align="left">Default event</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>\Microsoft\UE-V\Sync Controller Application</p></td>
+<td align="left"><p>Logon, and every 30 minutes thereafter</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+For example, the following command configures the agent to synchronize settings every 15 minutes instead of the default 30 minutes.
+
+``` syntax
+Schtasks /change /tn “Microsoft\UE-V\Sync Controller Application” /ri 15
+```
+
+### Synchronize Settings at Logoff
+
+The **Synchronize Settings at Logoff** task is used to start an application at logon that controls the synchronization of applications at logoff for UE-V. The Synchronize Settings at Logoff task runs the Microsoft.Uev.SyncController.exe file, which is located in the UE-V Agent installation directory.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task name</th>
+<th align="left">Default event</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>\Microsoft\UE-V\Synchronize Settings at Logoff</p></td>
+<td align="left"><p>Logon</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Template Auto Update
+
+The **Template Auto Update** task checks the settings template catalog for new, updated, or removed templates. This task only runs if the SettingsTemplateCatalog is configured. The **Template Auto Update** task runs the ApplySettingsCatalog.exe file, which is located in the UE-V Agent installation directory.
+
+<table>
+<colgroup>
+<col width="50%" />
+<col width="50%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Task name</th>
+<th align="left">Default event</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>\Microsoft\UE-V\Template Auto Update</p></td>
+<td align="left"><p>System startup and at 3:30 AM every day, at a random time within a 1-hour window</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Example:** The following command configures the UE-V service to check the settings template catalog store every hour.
+
+``` syntax
+schtasks /change /tn "Microsoft\UE-V\Template Auto Update" /ri 60
+```
+
+
+## UE-V Scheduled Task Details
+
+
+The following chart provides additional information about scheduled tasks for UE-V 2:
+
+<table style="width:100%;">
+<colgroup>
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+<col width="16%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>Task Name</strong> (file name)</p></td>
+<td align="left"><p><strong>Default Frequency</strong></p></td>
+<td align="left"><p><strong>Power Toggle</strong></p></td>
+<td align="left"><p><strong>Idle Only</strong></p></td>
+<td align="left"><p><strong>Network Connection</strong></p></td>
+<td align="left"><p><strong>Description</strong></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Monitor Application Settings</strong> (UevAppMonitor.exe)</p></td>
+<td align="left"><p>Starts 30 seconds after logon and continues until logoff.</p></td>
+<td align="left"><p>No</p></td>
+<td align="left"><p>Yes</p></td>
+<td align="left"><p>N/A</p></td>
+<td align="left"><p>Synchronizes settings for Windows (AppX) apps.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Sync Controller Application</strong> (Microsoft.Uev.SyncController.exe)</p></td>
+<td align="left"><p>At logon and every 30 min thereafter.</p></td>
+<td align="left"><p>Yes</p></td>
+<td align="left"><p>Yes</p></td>
+<td align="left"><p>Only if Network is connected</p></td>
+<td align="left"><p>Starts the Sync Controller which synchronizes local settings with the settings storage location.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Synchronize Settings at Logoff</strong> (Microsoft.Uev.SyncController.exe)</p></td>
+<td align="left"><p>Runs at logon and then waits for Logoff to Synchronize settings.</p></td>
+<td align="left"><p>No</p></td>
+<td align="left"><p>Yes</p></td>
+<td align="left"><p>N/A</p></td>
+<td align="left"><p>Start an application at logon that controls the synchronization of applications at logoff.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Template Auto Update</strong> (ApplySettingsCatalog.exe)</p></td>
+<td align="left"><p>Runs at initial logon and at 3:30 AM every day thereafter.</p></td>
+<td align="left"><p>Yes</p></td>
+<td align="left"><p>No</p></td>
+<td align="left"><p>N/A</p></td>
+<td align="left"><p>Checks the settings template catalog for new, updated, or removed templates. This task only runs if SettingsTemplateCatalog is configured.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Legend**
+
+-   **Power Toggle** – Task Scheduler will optimize power consumption when not connected to AC power. The task might stop running if the computer switches to battery power.
+
+-   **Idle Only** – The task will stop running if the computer ceases to be idle. By default the task will not restart when the computer is idle again. Instead the task will begin again on the next task trigger.
+
+-   **Network Connection** – Tasks marked “Yes” only run if the computer has a network connection available. Tasks marked “N/A” run regardless of network connectivity.
+
+### How to Manage Scheduled Tasks
+
+To find Scheduled Tasks, perform the following:
+
+1.  Open “Schedule Tasks” on the user computer.
+
+2.  Navigate to: Task Scheduler -&gt; Task Scheduler Library -&gt; Microsoft -&gt; UE-V
+
+3.  Select the scheduled task you wish to manage and configure in the details pane.
+
+### Additional information
+
+The following additional information applies to UE-V scheduled tasks:
+
+-   All task sequence programs are located in the UE-V Agent installation folder, `%programFiles%\Microsoft User Experience Virtualization\Agent\[architecture]\`, by default.
+
+-   The Sync Controller Application Scheduled task is the crucial component when the UE-V SyncMethod is set to “SyncProvider” (UE-V default configuration). This scheduled task keeps the SettingsSToragePath synchronized with the locally cached versions of the settings package files. If users complain that settings do not synchronize often enough, then you can reduce the scheduled task setting to as little as 1 minute.  You can also increase the 30 min default to a higher amount if necessary.
+
+-   You do not need to disable the Template Auto Update scheduled task if you use another method to keep the clients’ templates in sync (i.e. Group Policy or Configuration Manager Baselines). Leaving the SettingsTemplateCatalog property value blank prevents UE-V from checking the settings catalog for custom templates. This scheduled task runs ApplySettingsCatalog.exe and will essentially return immediately.
+
+-   The Monitor Application Settings scheduled task will update Windows app (AppX) settings in real time, based on Windows app program setting triggers built into each app.
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+[Administering UE-V](uev-administering-uev.md)
+
+[Deploy UE-V for Custom Applications](uev-deploy-uev-for-custom-applications.md#deploycatalogue)
diff --git a/windows/manage/uev-configuring-uev-with-group-policy-objects.md b/windows/manage/uev-configuring-uev-with-group-policy-objects.md
new file mode 100644
index 0000000000..4476ea26b3
--- /dev/null
+++ b/windows/manage/uev-configuring-uev-with-group-policy-objects.md
@@ -0,0 +1,201 @@
+---
+title: Configuring UE-V with Group Policy Objects
+description: Configuring UE-V with Group Policy Objects
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Configuring UE-V with Group Policy Objects
+
+**Applies to**
+-   Windows 10, version 1607
+
+Some User Experience Virtualization (UE-V) Group Policy settings can be defined for computers, and other Group Policy settings can be defined for users. The Group Policy administrative templates for these settings are included in Windows 10, version 1607. 
+
+
+The following policy settings can be configured for UE-V.
+
+**Group Policy settings**
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Group Policy setting name</th>
+<th align="left">Target</th>
+<th align="left">Group Policy setting description</th>
+<th align="left">Configuration options</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Do not use the sync provider</p></td>
+<td align="left"><p>Computers and Users</p></td>
+<td align="left"><p>By using this Group Policy setting, you can configure whether UE-V uses the sync provider feature. This policy setting also lets you enable notification to appear when the import of user settings is delayed.</p></td>
+<td align="left"><p>Enable this setting to configure the UE-V service not to use the sync provider.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>First Use Notification</p></td>
+<td align="left"><p>Computers Only</p></td>
+<td align="left"><p>This Group Policy setting enables a notification in the notification area that appears when the UE-V service runs for the first time.</p></td>
+<td align="left"><p>The default is enabled.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Roam Windows settings</p></td>
+<td align="left"><p>Computers and Users</p></td>
+<td align="left"><p>This Group Policy setting configures the synchronization of Windows settings.</p></td>
+<td align="left"><p>Select which Windows settings synchronize between computers.</p>
+<p>By default, Windows themes, desktop settings, and Ease of Access settings synchronize settings between computers of the same operating system version.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Settings package size warning threshold</p></td>
+<td align="left"><p>Computers and Users</p></td>
+<td align="left"><p>This Group Policy setting lets you configure the UE-V service to report when a settings package file size reaches a defined threshold.</p></td>
+<td align="left"><p>Specify the preferred threshold for settings package sizes in kilobytes (KB).</p>
+<p>By default, the UE-V service does not have a package file size threshold.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Settings storage path</p></td>
+<td align="left"><p>Computers and Users</p></td>
+<td align="left"><p>This Group Policy setting configures where the user settings are to be stored.</p></td>
+<td align="left"><p>Enter a Universal Naming Convention (UNC) path and variables such as \\Server\SettingsShare\%username%.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Settings template catalog path</p></td>
+<td align="left"><p>Computers Only</p></td>
+<td align="left"><p>This Group Policy setting configures where custom settings location templates are stored. This policy setting also configures whether the catalog is to be used to replace the default Microsoft templates that are installed with the UE-V service.</p></td>
+<td align="left"><p>Enter a Universal Naming Convention (UNC) path such as \\Server\TemplateShare or a folder location on the computer.</p>
+<p>Select the check box to replace the default Microsoft templates.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Sync settings over metered connections</p></td>
+<td align="left"><p>Computers and Users</p></td>
+<td align="left"><p>This Group Policy setting defines whether UE-V synchronizes settings over metered connections.</p></td>
+<td align="left"><p>By default, the UE-V service does not synchronize settings over a metered connection.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Sync settings over metered connections even when roaming</p></td>
+<td align="left"><p>Computers and Users</p></td>
+<td align="left"><p>This Group Policy setting defines whether UE-V synchronizes settings over metered connections outside of the home provider network, for example, when the data connection is in roaming mode.</p></td>
+<td align="left"><p>By default, UE-V does not synchronize settings over a metered connection when it is in roaming mode.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Synchronization timeout</p></td>
+<td align="left"><p>Computers and Users</p></td>
+<td align="left"><p>This Group Policy setting configures the number of milliseconds that the computer waits before a time-out when it retrieves user settings from the remote settings location. If the remote storage location is unavailable, and the user does not use the sync provider, the application start is delayed by this many milliseconds.</p></td>
+<td align="left"><p>Specify the preferred synchronization time-out in milliseconds. The default value is 2000 milliseconds.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Tray Icon</p></td>
+<td align="left"><p>Computers Only</p></td>
+<td align="left"><p>This Group Policy setting enables the User Experience Virtualization (UE-V) tray icon.</p></td>
+<td align="left"><p>This setting only has an effect for UE-V 2.x and earlier. It has no effect for UE-V in Windows 10, version 1607.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Use User Experience Virtualization (UE-V)</p></td>
+<td align="left"><p>Computers and Users</p></td>
+<td align="left"><p>This Group Policy setting lets you enable or disable User Experience Virtualization (UE-V).</p></td>
+<td align="left"><p>This setting only has an effect for UE-V 2.x and earlier. For UE-V in Windows 10, version 1607, use the **Enable UE-V** setting.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Enable UE-V</p></td>
+<td align="left"><p>Computers and Users</p></td>
+<td align="left"><p>This policy setting allows you to enable or disable User Experience Virtualization (UE-V) feature. Reboot is needed for enable to take effect.</p></td>
+<td align="left"><p>This setting only has an effect for UE-V in Windows 10, version 1607. For UE-V 2.x and earlier, choose the **Use User Experience Virtualization (UE-V)** setting.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+**Note**  
+In addition, Group Policy settings are available for many desktop applications and Windows apps. You can use these settings to enable or disable settings synchronization for specific applications.
+
+ 
+
+**Windows App Group Policy settings**
+
+<table>
+<colgroup>
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+<col width="25%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Group Policy setting name</th>
+<th align="left">Target</th>
+<th align="left">Group Policy setting description</th>
+<th align="left">Configuration options</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Do not synchronize Windows Apps</p></td>
+<td align="left"><p>Computers and Users</p></td>
+<td align="left"><p>This Group Policy setting defines whether the UE-V service synchronizes settings for Windows apps.</p></td>
+<td align="left"><p>The default is to synchronize Windows apps.</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Windows App List</p></td>
+<td align="left"><p>Computer and User</p></td>
+<td align="left"><p>This setting lists the family package names of the Windows apps and states expressly whether UE-V synchronizes that app’s settings.</p></td>
+<td align="left"><p>You can use this setting to specify that settings of an app are never synchronized by UE-V, even if the settings of all other Windows apps are synchronized.</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Sync Unlisted Windows Apps</p></td>
+<td align="left"><p>Computer and User</p></td>
+<td align="left"><p>This Group Policy setting defines the default settings sync behavior of the UE-V service for Windows apps that are not explicitly listed in the Windows app list.</p></td>
+<td align="left"><p>By default, the UE-V service only synchronizes settings of those Windows apps that are included in the Windows app list.</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+For more information about synchronizing Windows apps, see [Windows App List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist).
+
+**To configure computer-targeted Group Policy settings**
+
+1.  Use the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) on the computer that acts as a domain controller to manage Group Policy settings for UE-V computers. Navigate to **Computer configuration**, select **Policies**, select **Administrative Templates**, click **Windows Components**, and then select **Microsoft User Experience Virtualization**.
+
+2.  Select the Group Policy setting to be edited.
+
+**To configure user-targeted Group Policy settings**
+
+1.  Use the Group Policy Management Console (GPMC) or the Advanced Group Policy Management (AGPM) tool in Microsoft Desktop Optimization Pack (MDOP) on the domain controller computer to manage Group Policy settings for UE-V. Navigate to **User configuration**, select **Policies**, select **Administrative Templates**, click **Windows Components**, and then select **Microsoft User Experience Virtualization**.
+
+2.  Select the edited Group Policy setting.
+
+The UE-V service uses the following order of precedence to determine synchronization.
+
+**Order of precedence for UE-V settings**
+
+1.  User-targeted settings that are managed by Group Policy settings - These configuration settings are stored in the registry key by Group Policy under `HKEY_CURRENT_USER\Software\Policies\Microsoft\Uev\Agent\Configuration`.
+
+2.  Computer-targeted settings that are managed by Group Policy settings - These configuration settings are stored in the registry key by Group Policy under `HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Uev\Agent\Configuration`.
+
+3.  Configuration settings that are defined by the current user by using Windows PowerShell or Windows management Instrumentation (WMI) - These configuration settings are stored by the UE-V service under this registry location: `HKEY_CURRENT_USER\Software\Microsoft\Uev\Agent\Configuration`.
+
+4.  Configuration settings that are defined for the computer by using Windows PowerShell or WMI. These configuration settings are stored by the UE-V service under this registry location: `HKEY_LOCAL_MACHINE\Software\Microsoft\Uev\Agent\Configuration`.
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+
+[Administering UE-V](uev-administering-uev.md)
+
+[Manage Configurations for UE-V](uev-manage-configurations.md)
diff --git a/windows/manage/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/manage/uev-configuring-uev-with-system-center-configuration-manager.md
new file mode 100644
index 0000000000..e18bff1e74
--- /dev/null
+++ b/windows/manage/uev-configuring-uev-with-system-center-configuration-manager.md
@@ -0,0 +1,248 @@
+---
+title: Configuring UE-V with System Center Configuration Manager
+description: Configuring UE-V with System Center Configuration Manager 
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Configuring UE-V with System Center Configuration Manager 
+
+**Applies to**
+-   Windows 10, version 1607
+
+After you deploy User Experience Virtualization (UE-V) and its required features, you can start to configure it to meet your organization's need. The UE-V Configuration Pack provides a way for administrators to use the Compliance Settings feature of System Center Configuration Manager (2012 SP1 or later) to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
+
+## UE-V Configuration Pack supported features
+
+
+The UE-V Configuration Pack includes tools to:
+
+-   Create or update UE-V settings location template distribution baselines
+
+    -   Define UE-V templates to be registered or unregistered
+
+    -   Update UE-V template configuration items and baselines as templates are added or updated
+
+    -   Distribute and register UE-V templates using standard Configuration Item remediation
+
+-   Create or update a UE-V Agent policy configuration item to set or clear these settings
+
+    <table>
+    <colgroup>
+    <col width="33%" />
+    <col width="33%" />
+    <col width="33%" />
+    </colgroup>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>Max package size</p></td>
+    <td align="left"><p>Enable/disable Windows app sync</p></td>
+    <td align="left"><p>Wait for sync on application start</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Setting import delay</p></td>
+    <td align="left"><p>Sync unlisted Windows apps</p></td>
+    <td align="left"><p>Wait for sync on logon</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>Settings import notification</p></td>
+    <td align="left"><p>IT contact URL</p></td>
+    <td align="left"><p>Wait for sync timeout</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Settings storage path</p></td>
+    <td align="left"><p>IT contact descriptive text</p></td>
+    <td align="left"><p>Settings template catalog path</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>Sync enablement</p></td>
+    <td align="left"><p>Tray icon enabled</p></td>
+    <td align="left"><p>Start/Stop UE-V agent service</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Sync method</p></td>
+    <td align="left"><p>First use notification</p></td>
+    <td align="left"><p>Define which Windows apps will roam settings</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>Sync timeout</p></td>
+    <td align="left"><p></p></td>
+    <td align="left"><p></p></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+-   Verify compliance by confirming that UE-V is running.
+
+## Generate a UE-V service policy configuration item
+
+
+All UE-V service policy and configuration is distributed through a single configuration item that is generated using the UevAgentPolicyGenerator.exe tool. This tool reads the desired configuration from an XML configuration file and creates a CI containing the discovery and remediation settings needed to bring the machine into compliance.
+
+The UE-V service policy configuration item CAB file is created using the UevTemplateBaselineGenerator.exe command line tool, which has these parameters:
+
+-   Site &lt;site code&gt;
+
+-   PolicyName &lt;name&gt; Optional: Defaults to “UE-V Agent Policy” if not present
+
+-   PolicyDescription &lt;description&gt; Optional: A description is provided if not present
+
+-   CabFilePath &lt;full path to configuration item .CAB file&gt;
+
+-   ConfigurationFile &lt;full path to agent configuration XML file&gt;
+
+**Note**  
+It might be necessary to change the PowerShell execution policy to allow these scripts to run in your environment. Perform these steps in the Configuration Manager console:
+
+1.  Select **Administration &gt; Client Settings &gt; Properties**
+
+2.  In the **User Agent** tab, set the **PowerShell Execution Policy** to **Bypass**
+
+ 
+
+**Create the first UE-V policy configuration item**
+
+1.  Copy the default settings configuration file from the UE-V Config Pack installation directory to a location visible to your ConfigMgr Admin Console:
+
+    ``` syntax
+    C:\Program Files (x86)\Windows Kits\10\Microsoft User Experience Virtualization\Management\AgentConfiguration.xml 
+    ```
+
+    The default configuration file contains five sections:
+
+    <a href="" id="computer-policy"></a>**Computer Policy**  
+    All UE-V machine level settings. The DesiredState attribute can be
+
+    -   **Set** to have the value assigned in the registry
+
+    -   **Clear** to remove the setting
+
+    -   **Unmanaged** to have the configuration item left at its current state
+
+    Do not remove lines from this section. Instead, set the DesiredState to ‘Unmanaged’ if you do not want Configuration Manager to alter current or default values.
+
+    <a href="" id="currentcomputeruserpolicy"></a>**CurrentComputerUserPolicy**  
+    All UE-V user level settings. These entries override the machine settings for a user. The DesiredState attribute can be
+
+    -   **Set** to have the value assigned in the registry
+
+    -   **Clear** to remove the setting
+
+    -   **Unmanaged** to have the configuration item left at its current state
+
+    Do not remove lines from this section. Instead, set the DesiredState to ‘Unmanaged’ if you do not want Configuration Manager to alter current or default values.
+
+    <a href="" id="services"></a>**Services**  
+    Entries in this section control service operation. The default configuration file contains a single entry for the UevAgentService. The DesiredState attribute can be set to **Running** or **Stopped**.
+
+    <a href="" id="windows8appscomputerpolicy"></a>**Windows8AppsComputerPolicy**  
+    All machine level Windows app synchronization settings. Each PackageFamilyName listed in this section can be assigned a DesiredState of
+
+    -   **Enabled** to have settings roam
+
+    -   **Disabled** to prevent settings from roaming
+
+    -   **Cleared** to have the entry removed from UE-V control
+
+    Additional lines can be added to this section based on the list of installed Windows apps that can be viewed using the PowerShell cmdlet GetAppxPackage.
+
+    <a href="" id="windows8appscurrentcomputeruserpolicy"></a>**Windows8AppsCurrentComputerUserPolicy**  
+    Identical to the Windows8AppsComputerPolicy with settings that override machine settings for an individual user.
+
+2.  Edit the configuration file by changing the desired state and value fields.
+
+3.  Run this command on a machine running the ConfigMgr Admin Console:
+
+    ``` syntax
+    C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevAgentPolicyGenerator.exe -Site ABC -CabFilePath "C:\MyCabFiles\UevPolicyItem.cab" -ConfigurationFile "c:\AgentConfiguration.xml"
+    ```
+
+4.  Import the CAB file using ConfigMgr console or PowerShell Import-CMConfigurationItem
+
+**Update a UE-V Policy Configuration Item**
+
+1.  Edit the configuration file by changing the desired state and value fields.
+
+2.  Run the command from Step 3 in [Create the First UE-V Policy Configuration Item](#create). If you changed the name with the PolicyName parameter, make sure you enter the same name.
+
+3.  Reimport the CAB file. The version in ConfigMgr will be updated.
+
+## Generate a UE-V Template Baseline
+
+
+UE-V templates are distributed using a baseline containing multiple configuration items. Each configuration item contains the discovery and remediation scripts needed to install one UE-V template. The actual UE-V template is embedded within the remediation script for distribution using standard Configuration Item functionality.
+
+The UE-V template baseline is created using the UevTemplateBaselineGenerator.exe command line tool, which has these parameters:
+
+-   Site &lt;site code&gt;
+
+-   BaselineName &lt;name&gt; (Optional: defaults to “UE-V Template Distribution Baseline” if not present)
+
+-   BaselineDescription &lt;description&gt; (Optional: a description is provided if not present)
+
+-   TemplateFolder &lt;UE-V template folder&gt;
+
+-   Register &lt;comma separated template file list&gt;
+
+-   Unregister &lt;comma separated template list&gt;
+
+-   CabFilePath &lt;Full path to baseline CAB file to generate&gt;
+
+The result is a baseline CAB file that is ready for import into Configuration Manager. If at a future date, you update or add a template, you can rerun the command using the same baseline name. Importing the CAB results in CI version updates on the changed templates.
+
+### <a href="" id="create2"></a>Create the First UE-V Template Baseline
+
+1.  Create a “master” set of UE-V templates in a stable folder location visible to the machine running your ConfigMgr Admin Console. As templates are added or updated, this folder is where they are pulled for distribution. The initial list of templates can be copied from a machine with UE-V installed. The default template location is C:\\Program Files\\Microsoft User Experience Virtualization\\Templates.
+
+2.  Create a text.bat file where you can add the template generator command. This is optional, but will make regeneration simpler if you save the command parameters.
+
+3.  Add the command and parameters to the .bat file that will generate the baseline. The following example creates a baseline that distributes Notepad and Calculator:
+
+    ``` syntax
+    C:\Program Files (x86)\Microsoft User Experience Virtualization\ConfigPack\UevTemplateBaselineGenerator.exe -Site "ABC" -TemplateFolder "C:\ProductionUevTemplates" -Register "MicrosoftNotepad.xml, MicrosoftCalculator.xml" -CabFilePath "C:\MyCabFiles\UevTemplateBaseline.cab"
+    ```
+
+4.  Run the .bat file to create UevTemplateBaseline.cab ready for import into Configuration Manager.
+
+### Update a UE-V Template Baseline
+
+The template generator uses the template version to determine if a template should be updated. If you make a template change and update the version, the baseline generator compares the template in your master folder with the template contained in the CI on the ConfigMgr server. If a difference is found, the generated baseline and modified CI versions are updated.
+
+To distribute a new Notepad template, you would perform these steps:
+
+1.  Update the template and template version located in the &lt;Version&gt; element of the template.
+
+2.  Copy the template to your master template directory.
+
+3.  Run the command in the .bat file that you created in Step 3 in [Create the First UE-V Template Baseline](#create2).
+
+4.  Import the generated CAB file into ConfigMgr using the console or PowerShell Import-CMBaseline.
+
+## Get the UE-V Configuration Pack
+
+You can download the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2.0](https://www.microsoft.com/en-us/download/details.aspx?id=40913) from the Microsoft Download Center.
+
+## Have a suggestion for UE-V?
+
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+
+[Manage Configurations for UE-V](uev-manage-configurations.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/uev-deploy-required-features.md b/windows/manage/uev-deploy-required-features.md
new file mode 100644
index 0000000000..286fc22b1e
--- /dev/null
+++ b/windows/manage/uev-deploy-required-features.md
@@ -0,0 +1,162 @@
+---
+title: Deploy required UE-V features
+description: Deploy required UE-V features
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Deploy required UE-V features
+
+**Applies to**
+-   Windows 10, version 1607
+
+To get up and running with User Experience Virtualization (UE-V), install and configure the following features.
+
+-   [Deploy a settings storage location](#deploy-a-ue-v-settings-storage-location) that is accessible to end users.
+
+    This is a standard network share that stores and retrieves user settings.
+
+-   [Choose the configuration method for UE-V](#choose-the-configuration-method-for-ue-v)
+
+    You can deploy and configure UE-V with common management tools including group policy, Configuration Manager, or Windows Management Infrastructure and PowerShell.
+
+-   [Enable the UE-V service](#enable-the-ue-v-service) on user devices.
+
+    With Windows 10, version 1607, UE-V is installed automatically. You need to enable the UE-V service on each user device you want to include in your UE-V environment.
+
+The topics in this section describe how to deploy these features.
+
+## Deploy a UE-V Settings Storage Location
+
+UE-V requires a location in which to store user settings in settings package files. You can configure this settings storage location in one of these ways:
+
+-   Create your own settings storage location
+
+-   Use existing Active Directory for your settings storage location
+
+> **Note**&nbsp;&nbsp; As a matter of [performance and capacity planning](uev-prepare-for-deployment.md#performance-and-capacity-planning) and to reduce problems with network latency, create settings storage locations on the same local networks where the users’ devices reside. We recommend 20 MB of disk space per user for the settings storage location.
+
+### Create a UE-V Settings Storage Location
+
+Before you define the settings storage location, you must create a root directory with read/write permissions for users who store settings on the share. The UE-V service creates user-specific folders under this root directory.
+
+The settings storage location is defined by setting the SettingsStoragePath configuration option, which you can configure by using one of these methods:
+
+-   Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
+
+-   With the [System Center Configuration Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
+
+-   With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
+
+    The path must be in a universal naming convention (UNC) path of the server and share. For example, **\\\\Server\\Settingsshare\\**. This configuration option supports the use of variables to enable specific synchronization scenarios. For example, you can use the %username%\\%computername% variables to preserve the end user settings experience in these scenarios:
+
+-   End users that use multiple physical devices in your enterprise
+
+-   Enterprise computers that are used by multiple end users
+
+The UE-V service dynamically creates a user-specific settings storage path, with a hidden system folder named **SettingsPackages**, based on the configuration setting of **SettingsStoragePath**. The service reads and writes settings to this location as defined by the registered UE-V settings location templates.
+
+**UE-V settings are determined by a "Last write wins" rule:** If the settings storage location is the same for a user with multiple managed computers, one UE-V service reads and writes to the settings location independently of services running on other computers. The last written settings and values are the ones applied when the service next reads from the settings storage location.
+
+**Deploy the settings storage location:** Follow these steps to define the settings storage location rather than using your existing Active Directory agent. You should limit access to the settings storage share to those users that require it, as shown in the tables below.
+
+**To deploy the UE-V network share**
+
+1.  Create a new security group for UE-V users.
+
+2.  Create a new folder on the centrally located computer that stores the UE-V settings packages, and then grant UE-V users access with group permissions to the folder. The administrator who supports UE-V must have permissions to this shared folder.
+
+3.  Set the following share-level Server Message Block (SMB) permissions for the settings storage location folder.
+
+    | **User account**             | **Recommended permissions** |
+    |------------------------------|-----------------------------|
+    | Everyone                     | No permissions              |
+    | Security group of UE-V users | Full control                |
+
+4.  Set the following NTFS file system permissions for the settings storage location folder.
+
+    | **User account**             | **Recommended permissions**                       | **Folder**                |
+    |------------------------------|---------------------------------------------------|---------------------------|
+    | Creator/owner                | Full control                                      | Subfolders and files only |
+    | Security group of UE-V users | List folder/read data, create folders/append data | This folder only          |
+
+With this configuration, the UE-V service creates and secures a Settingspackage folder while it runs in the context of the user, and grants each user permission to create folders for settings storage. Users receive full control to their Settingspackage folder while other users cannot access it.
+
+**Note**
+If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor:
+
+1.  Add a **REG\_DWORD** registry key named **"RepositoryOwnerCheckEnabled"** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\UEV\\Agent\\Configuration**.
+
+2.  Set the registry key value to *1*.
+
+### Use Active Directory with UE-V
+
+The UE-V service uses Active Directory (AD) by default if you don’t define a settings storage location. In these cases, the UE-V service dynamically creates the settings storage folder under the root of the AD home directory of each user. However, if a custom directory setting is configured in AD, then that directory is used instead.
+
+## Choose the Configuration Method for UE-V
+
+You’ll need to decide which configuration method you'll use to manage UE-V after deployment since this will be the configuration method you use to deploy the UE-V Agent. Typically, this is the configuration method that you already use in your environment, such as Windows PowerShell or Configuration Manager.
+
+You can configure UE-V before, during, or after you enable the UE-V service on user devices, depending on the configuration method that you use.
+
+-   [**Group Policy**](uev-configuring-uev-with-group-policy-objects.md) You can use your existing Group Policy infrastructure to configure UE-V before or after you enable the UE-V service. The UE-V Group Policy ADMX template enables the central management of common UE-V service configuration options and includes settings to configure UE-V synchronization.
+
+    >**Note**  Starting with Windows 10, version 1607, UE-V ADMX templates are installed automatically.
+
+    Group Policy ADMX templates configure the synchronization settings for the UE-V service and enable the central management of common UE-V service configuration settings by using an existing Group Policy infrastructure.
+
+    Supported operating systems for the domain controller that deploys the Group Policy Objects include:
+
+    Windows Server 2012 and Windows Server 2012 R2
+
+-   [**Configuration Manager**](uev-configuring-uev-with-system-center-configuration-manager.md) The UE-V Configuration Pack lets you use the Compliance Settings feature of System Center Configuration Manager to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
+
+-   [**Windows PowerShell and WMI**](uev-administering-uev-with-windows-powershell-and-wmi.md) You can use scripted commands for Windows PowerShell and Windows Management Instrumentation (WMI) to modify the configuration of the UE-V service.
+
+>**Note**
+Registry modification can result in data loss, or the computer becomes unresponsive. We recommend that you use other configuration methods.
+
+## Enable the UE-V service
+
+The UE-V service is the client-side component that captures user-personalized application and Windows settings and saves them in settings packages. Settings packages are built, locally stored, and copied to the settings storage location.
+
+Before enabling the UE-V service, you need to register the UE-V templates for first time use. In a PowerShell window, type **register-&lt;TemplateName&gt;** where **TemplateName** is the name of the UE-V template you want to register, and press ENTER.
+
+>**Note**
+With Windows 10, version 1607, you must register UE-V templates for all inbox and custom templates. This provides flexibility for only deploying the required templates.
+
+With Windows 10, version 1607 and later, the UE-V service is installed on user devices. Enable the service to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell.
+
+**To enable the UE-V service with Group Policy**
+
+1.  Open the device’s **Group Policy Editor**.
+
+2.  Navigate to **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft** **User Experience Virtualization**.
+
+3.  Run **Enable UEV**.
+
+4.  Restart the device.
+
+**To enable the UE-V service with Windows PowerShell**
+
+1.  In a PowerShell window, type **Enable-UEV** and press ENTER.
+
+2.  Restart the device.
+
+3.  In a PowerShell window, type **Get-UEVStatus** and press ENTER to verify that the UE-V service was successfully enabled.
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+[Prepare a UE-V deployment](uev-prepare-for-deployment.md)
+
+[Deploy UE-V for use with custom applications](uev-deploy-uev-for-custom-applications.md)
+
+[Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
+
diff --git a/windows/manage/uev-deploy-uev-for-custom-applications.md b/windows/manage/uev-deploy-uev-for-custom-applications.md
new file mode 100644
index 0000000000..6a44f5decc
--- /dev/null
+++ b/windows/manage/uev-deploy-uev-for-custom-applications.md
@@ -0,0 +1,251 @@
+---
+title: Use UE-V with custom applications
+description: Use UE-V with custom applications
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Use UE-V with custom applications 
+
+**Applies to**
+-   Windows 10, version 1607
+
+User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those included in the default templates, you can create your own custom settings location templates with the UE-V template generator.
+
+After you’ve reviewed [Prepare a UE-V Deployment](uev-prepare-for-deployment.md) and decided that you want to synchronize settings for custom applications (third-party, line-of-business, e.g.), you’ll need to deploy the features of UE-V described in this topic.
+
+To start, here are the main steps required to synchronize settings for custom applications:
+
+-   [Install the UE-V template generator](#install-the-uev-template-generator)
+
+    Use the UEV template generator to create custom XML settings location templates.
+
+-   [Configure a UE-V settings template catalog](#deploy-a-settings-template-catalog)
+
+    You can define this path where custom settings location templates are stored.
+
+-   [Create custom settings location templates](#create-custom-settings-location-templates)
+
+    These custom templates let users sync settings for custom applications.
+
+-   [Deploy the custom settings location templates](#deploy-the-custom-settings-location-templates)
+
+    After you test the custom template to ensure that settings are synced correctly, you can deploy these templates in one of these ways:
+
+    -   With your existing electronic software distribution solution, such as Configuration Manager
+
+    -   With Group Policy preferences
+
+    -   With a UE-V settings template catalog
+
+>**Note**
+Templates that are deployed with electronic software distribution methods or Group Policy must be registered with UE-V Windows Management Instrumentation (WMI) or Windows PowerShell.
+
+## Prepare to deploy UE-V for custom applications
+
+Before you start deploying the UE-V features that handle custom applications, review the following important information.
+
+### The UE-V template generator
+
+Use the UE-V template generator to monitor, discover, and capture the locations where Win32 applications store settings. The template generator does not create settings location templates for the following types of applications:
+
+-   Virtualized applications
+
+-   Applications that are offered through Terminal Services
+
+-   Java applications
+
+-   Windows applications
+
+>**Note**
+UE-V settings location templates cannot be created from virtualized applications or Terminal Services applications. However, settings that are synchronized by using the templates can be applied to those applications. To create templates that support Virtual Desktop Infrastructure (VDI) and Terminal Services applications, open a version of the Windows Installer (.msi) package of the application by using the UE-V template generator. For more information about synchronizing settings for virtual applications, see [Using UE-V with virtual applications](uev-using-uev-with-application-virtualization-applications.md).
+
+**Excluded Locations:** The discovery process excludes locations that commonly store application software files that do not synchronize settings well between user computers or computing environments. By default, these are excluded:
+
+-   HKEY\_CURRENT\_USER registry keys and files to which the logged-on user cannot write values
+
+-   HKEY\_CURRENT\_USER registry keys and files that are associated with the core functionality of the Windows operating system
+
+-   All registry keys that are located in the HKEY\_LOCAL\_MACHINE hive
+
+-   Files that are located in Program Files directories
+
+-   Files that are located in Users \\ \[User name\] \\ AppData \\ LocalLow
+
+-   Windows operating system files that are located in %Systemroot%
+
+If registry keys and files that are stored in excluded locations are required to synchronize application settings, you can manually add the locations to the settings location template during the template creation process.
+
+### Replace the default Microsoft templates
+
+A default group of settings location templates for common Microsoft applications and Windows settings is included with Windows 10, version 1607. If you customize these templates, or create settings location templates to synchronize settings for custom applications, the UE-V service can be configured to use a settings template catalog to store the templates. In this case, you will need to include the default templates with the custom templates in the settings template catalog.
+
+>**Important**
+After you enable the UE-V service, you’ll need to register the settings location templates using the `Register-UevTemplate` cmdlet in Windows PowerShell.
+
+When you use Group Policy to configure the settings template catalog path, you can choose to replace the default Microsoft templates. If you configure the policy settings to replace the default Microsoft templates, all of the default Microsoft templates that are installed with Windows 10, version 1607 are deleted and only the templates that are located in the settings template catalog are used.
+
+**Note**
+If there are customized templates in the settings template catalog that use the same ID as the default Microsoft templates, the Microsoft templates are ignored.
+
+You can replace the default templates by using the UE-V Windows PowerShell features. To replace the default Microsoft template with Windows PowerShell, unregister all of the default Microsoft templates, and then register the customized templates.
+
+Old settings packages remain in the settings storage location even if you deploy new settings location templates for an application. These packages are not read by the UE-V service, but neither are they automatically deleted.
+
+### Install the UEV template generator
+
+Use the UE-V template generator to create custom settings location templates that you can then distribute to user devices. You can also use the template generator to edit an existing template or validate a template that was created with another XML editor.
+
+The UE-V template generator is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10.
+
+Install the UE-V template generator on a computer that you can use to create a custom settings location template. This computer should have the applications installed for which custom settings location templates need to be generated.
+
+>**Important**
+UE-V for Windows 10, version 1607 includes a new template generator. If you are upgrading from an existing UE-V installation, you’ll need to use the new generator to create settings location templates. Templates created with previous versions of the UE-V template generator will continue to work.
+
+**To install the UE-V template generator**
+
+1.  Go to [Download the Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) to access the ADK.
+
+2.  Select the **Get Windows ADK for Windows 10** button on this page to start the ADK installer. On the window pictured below, select **Microsoft User Experience Virtualization (UE-V) Template Generator** and then select Install.
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image1.png" width="537" height="394" />
+-->
+
+![Selecting UE-V features in ADK](images/uev-adk-select-uev-feature.png)
+
+3.  To open the generator, select **Microsoft Application Virtualization Generator** from the **Start** menu. 
+
+4. See [Working with Custom UE-V Templates and the UE-V Template Generator](uev-working-with-custom-templates-and-the-uev-generator.md) for information about how to use the template generator.
+
+### Deploy a settings template catalog
+
+The UE-V settings template catalog is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores all the custom settings location templates. The UE-V service checks this location one time each day and updates its synchronization behavior, based on the templates in this folder.
+
+The UE-V service checks this folder for templates that were added, updated, or removed. It registers new and changed templates and unregisters removed templates. By default, templates are registered and unregistered one time per day at 3:30 A.M. local time by the Task Scheduler and at system startup. To customize the frequency of this scheduled task, see [Changing the frequency of UE-V scheduled tasks](uev-changing-the-frequency-of-scheduled-tasks.md).
+
+You can configure the settings template catalog path with command-line options, Group Policy, WMI, or Windows PowerShell. Templates stored at the settings template catalog path are automatically registered and unregistered by a scheduled task.
+
+**To configure the settings template catalog for UE-V**
+
+1.  Create a new folder on the computer that stores the UE-V settings template catalog.
+
+2.  Set the following share-level (SMB) permissions for the settings template catalog folder.
+
+    | **User account** | **Recommended permissions**  |
+    |------------------|------------------------------|
+    | Everyone         | No Permissions               |
+    | Domain Computers | Read Permission Levels       |
+    | Administrators   | Read/Write Permission Levels |
+
+3.  Set the following NTFS file system permissions for the settings template catalog folder.
+
+    | **User account** | **Recommended permissions**   | **Apply to**                      |
+    |------------------|-------------------------------|-----------------------------------|
+    | Creator/Owner    | Full Control                  | This Folder, Subfolders and Files |
+    | Domain Computers | List Folder Contents and Read | This Folder, Subfolders and Files |
+    | Everyone         | No Permissions                | No Permissions                    |
+    | Administrators   | Full Control                  | This Folder, Subfolders and Files |
+
+4.  Click **OK** to close the dialog boxes.
+
+At a minimum, the network share must grant permissions for the Domain Computers group. In addition, grant access permissions for the network share folder to administrators who are to manage the stored templates.
+
+### Create custom settings location templates
+
+Use the UE-V template generator to create settings location templates for line-of-business applications or other custom applications. After you create the template for an application, deploy it to computers to synchronize settings for that application.
+
+**To create a UE-V settings location template with the UE-V template generator**
+
+1.  Click **Start** &gt; **All Programs** &gt; **Microsoft User Experience Virtualization** &gt; **Microsoft User Experience Virtualization template generator**.
+
+2.  Click **Create a settings location template**.
+
+3.  Specify the application. Browse to the file path of the application (.exe) or the application shortcut (.lnk) for which you want to create a settings location template. Specify the command-line arguments, if any, and working directory, if any.
+
+4.  Click **Next** to continue.
+
+    >**Note** Before the application is started, the system displays a prompt for **User Account Control**. Permission is required to monitor the registry and file locations that the application uses to store settings.
+
+5.  After the application starts, close the application. The UE-V template generator records the locations where the application stores its settings.
+
+6.  After the process is completed, click **Next** to continue.
+
+7.  Review and select the appropriate registry settings locations and settings file locations to synchronize for this application. The list includes the following two categories for settings locations:
+
+    -   **Standard**: Application settings that are stored in the registry under the HKEY\_CURRENT\_USER keys or in the file folders under \\ **Users** \\ \[User name\] \\ **AppData** \\ **Roaming**. The UE-V template generator includes these settings by default.
+
+    -   **Nonstandard**: Application settings that are stored outside the locations are specified in the best practices for settings data storage (optional). These include files and folders under **Users** \\ \[User name\] \\ **AppData** \\ **Local**. Review these locations to determine whether to include them in the settings location template. Select the locations check boxes to include them.
+
+8.  Click **Next** to continue.
+
+9.  Review and edit any **Properties**, **Registry** locations, and **Files** locations for the settings location template.
+
+    -   Edit the following properties on the **Properties** tab:
+
+        -   **Application Name**: The application name that is written in the description of the program files properties.
+
+        -   **Program name**: The name of the program that is taken from the program file properties. This name usually has the .exe file name extension.
+
+        -   **Product version**: The product version number of the .exe file of the application. This property, in conjunction with the **File version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template applies to all versions of the product.
+
+        -   **File version**: The file version number of the .exe file of the application. This property, in conjunction with the **Product version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template applies to all versions of the program.
+
+        -   **template author name** (optional): The name of the settings location template author.
+
+        -   **template author email** (optional): The email address of the settings location template author.
+
+    -   The **Registry** tab lists the **Key** and **Scope** of the registry locations that are included in the settings location template. Edit the registry locations by using the **Tasks** drop-down menu. Tasks enable you to add new keys, edit the name or scope of existing keys, delete keys, and browse the registry where the keys are located. Use the **All Settings** scope to include all the registry settings under the specified key. Use the **All Settings and Subkeys** to include all the registry settings under the specified key, subkeys, and subkey settings.
+
+    -   The **Files** tab lists the file path and file mask of the file locations that are included in the settings location template. Edit the file locations by use of the **Tasks** drop-down menu. Tasks for file locations enable you to add new files or folder locations, edit the scope of existing files or folders, delete files or folders, and open the selected location in Windows Explorer. Leave the file mask empty to include all files in the specified folder.
+
+10.  Click **Create**, and then click **Save** to save the settings location template on the computer.
+
+11.  Click **Close** to close the settings template wizard. Exit the UE-V template generator application.
+
+12.  After you have created the settings location template for an application, test the template. Deploy the template in a lab environment before you put it into production in the enterprise.
+
+See [Application template schema reference for UE-V](uev-application-template-schema-reference.md) for details about the XML structure of the UE-V settings location template and for guidance about editing these files.
+
+### Deploy the Custom Settings Location templates
+
+After you create a settings location template with the UE-V template generator, you should test it to ensure that the application settings are synchronized correctly. You can then safely deploy the settings location template to user devices in the enterprise.
+
+You can deploy settings location templates using of these methods:
+
+-   An electronic software distribution (ESD) system such as System Center Configuration Manager
+
+-   Group Policy preferences
+
+-   A UE-V settings template catalog
+
+Templates that are deployed by using an ESD system or Group Policy objects must be registered using UE-V Windows Management Instrumentation (WMI) or Windows PowerShell. Templates that are stored in the settings template catalog location are automatically registered by the UE-V service.
+
+**To deploy UE-V settings location templates with a settings template catalog path**
+
+1.  Browse to the network share folder that you defined as the settings template catalog.
+
+2.  Add, remove, or update settings location templates in the settings template catalog to reflect the UE-V service template configuration that you want for UE-V computers.
+
+    >**Note**
+    Templates on computers are updated daily. The update is based on changes to the settings template catalog.
+
+3.  To manually update templates on a computer that runs the UE-V service, open an elevated command prompt, and browse to **Program Files\\Microsoft User Experience Virtualization \\ Agent \\ &lt;x86 or x64 &gt;**, and then run **ApplySettingstemplateCatalog.exe**.
+
+    >**Note**
+    This program runs automatically during computer startup and daily at 3:30 A. M. to gather any new templates that were recently added to the catalog.
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+
+- [Deploy Required UE-V Features](uev-deploy-required-features.md)
+
diff --git a/windows/manage/uev-for-windows.md b/windows/manage/uev-for-windows.md
new file mode 100644
index 0000000000..1f4eaab35c
--- /dev/null
+++ b/windows/manage/uev-for-windows.md
@@ -0,0 +1,98 @@
+---
+title: User Experience Virtualization for Windows 10, version 1607
+description: Overview of User Experience Virtualization for Windows 10, version 1607
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# User Experience Virtualization (UE-V) for Windows 10 overview
+
+**Applies to**
+-   Windows 10, version 1607
+
+Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Windows Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options. 
+
+With User Experience Virtualization (UE-V), you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.
+
+**With UE-V you can…**
+
+-   Specify which application and Windows settings synchronize across user devices
+
+-   Deliver the settings anytime and anywhere users work throughout the enterprise
+
+-   Create custom templates for your third-party or line-of-business applications
+
+-   Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state
+
+With the release of Windows 10, version 1607, UE-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and UE-V or upgrading from a previous version of UE-V, you’ll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices.
+
+## Components of UE-V
+
+The diagram below illustrates how UE-V components work together to synchronize user settings.
+
+<img src="images/uev-archdiagram.png" alt="UE-V architecture, with server share, desktop, and UE-V service" width="625" height="351" />
+
+<!--  SIMPLER METHOD FOR CODING IMAGE
+![UE-V architecture, with server share, desktop, and UE-V service](images/uev-archdiagram.png)
+-->
+
+| **Component**            | **Function**     |
+|--------------------------|------------------|
+| **UE-V service**    | Enabled on every device that needs to synchronize settings, the **UE-V service** monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices. |
+| **Settings packages**                   | Application settings and Windows settings are stored in **settings packages** created by the UE-V service. Settings packages are built, locally stored, and copied to the settings storage location.<br>The setting values for **desktop applications** are stored when the user closes the application.<br>Values for **Windows settings** are stored when the user logs off, when the computer is locked, or when the user disconnects remotely from a computer.<br>The sync provider determines when the application or operating system settings are read from the **Settings Packages** and synchronized. |
+| **Settings storage location**           | This is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings.    |
+| **Settings location templates**         | UE-V uses XML files as settings location templates to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by [managing settings synchronization for custom applications](#manage-settings-synchronization-for-custom-applications).<br>**Note**&nbsp;&nbsp;Settings location templates are not required for Windows applications.   |
+| **Universal Windows applications list** | Settings for Windows applications are captured and applied dynamically. The app developer specifies the settings that are synchronized for each app. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications.<br>You can add or remove applications in the Windows app list by following the procedures in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).  |
+
+## Manage settings synchronization for custom applications
+
+Use these UE-V components to create and manage custom templates for your third-party or line-of-business applications.
+
+| Component                     | Description   |
+|-------------------------------|---------------|
+| **UE-V template generator**            | Use the **UE-V template generator** to create custom settings location templates that you can then distribute to user computers. The UE-V template generator also lets you edit an existing template or validate a template that was created with a different XML editor. <br>With the Windows 10, version 1607 release, the UE-V template generator is installed with the [Windows Assessment and Deployment kit for Windows 10, version 1607](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK). <br>If you are upgrading from an existing UE-V installation, you’ll need to use the new generator to create new settings location templates. Application templates created with previous versions of the UE-V template generator are still supported, however. |
+| **Settings template catalog** | The **settings template catalog** is a folder path on UE-V computers or a Server Message Block (SMB) network share that stores the custom settings location templates. The UE-V service checks this location once a day, retrieves new or updated templates, and updates its synchronization behavior.<br>If you use only the UE-V default settings location templates, then a settings template catalog is unnecessary. For more information about settings deployment catalogs, see [Deploy a UE-V settings template catalog](uev-deploy-uev-for-custom-applications.md#deploycatalogue).  |
+
+<!-- PRESERVING ORIGINAL IMAGE CODING JUST IN CASE - NOTE THAT UPDATED IMAGE IS A PNG FILE
+<img src="media/image2.gif" width="595" height="330" />
+-->
+
+![UE-V template generator process](images/uev-generator-process.png)
+
+## Settings synchronized by default
+
+UE-V synchronizes settings for these applications by default. For a complete list and more detailed information, see [Settings that are automatically synchronized in a UE-V deployment](uev-prepare-for-deployment.md#autosyncsettings).
+
+-   Microsoft Office 2016, 2013, and 2010
+
+-   Internet Explorer 11 and 10
+
+-   Many Windows applications, such as Xbox
+
+-   Many Windows desktop applications, such as Notepad
+
+-   Many Windows settings, such as desktop background or wallpaper
+
+>**Note**
+You can also [customize UE-V to synchronize settings](uev-deploy-uev-for-custom-applications.md) for applications other than those synchronized by default.
+
+## Other resources for this feature
+
+-   [Get Started with UE-V for Windows 10](uev-getting-started.md)
+
+-   [UE-V for Windows 10 Release Notes](uev-release-notes-1607.md)
+
+-   [Prepare to deploy UE-V for Windows 10](uev-prepare-for-deployment.md)
+
+-   [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
+
+-   [Administer UE-V for Windows 10](uev-administering-uev.md)
+
+-   [Technical Reference for UE-V for Windows 10](uev-technical-reference.md)
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
diff --git a/windows/manage/uev-getting-started.md b/windows/manage/uev-getting-started.md
new file mode 100644
index 0000000000..f2497cb4f5
--- /dev/null
+++ b/windows/manage/uev-getting-started.md
@@ -0,0 +1,143 @@
+---
+title: Get Started with UE-V
+description: Get Started with UE-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Get Started with UE-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+Follow the steps in this topic to deploy User Experience Virtualization (UE-V) for the first time in a test environment. Evaluate UE-V to determine whether it’s the right solution to manage user settings across multiple devices within your enterprise.
+
+>**Note**
+The information in this section is explained in greater detail throughout the rest of the documentation. If you’ve already determined that UE-V is the right solution and you don’t need to further evaluate it, see [Prepare a UE-V deployment](uev-prepare-for-deployment.md).
+
+The standard installation of UE-V synchronizes the default Microsoft Windows and Office settings and many Windows applications settings. For best results, ensure that your test environment includes two or more user computers that share network access.
+
+-   [Step 1: Confirm prerequisites](#step-1-confirm-prerequisites). Review the supported configurations in this section to verify that your environment is able to run UE-V.
+
+-   [Step 2: Deploy the settings storage location](#step-2-deploy-the-settings-storage-location). Explains how to deploy a settings storage location. All UE-V deployments require a location to store settings packages that contain the synchronized setting values.
+
+-   [Step 3: Enable the UE-V service](#step-3-enable-the-ue-v-service-on-user-devices). Explains how to enable to UE-V service on user devices. To synchronize settings using UE-V, devices must have the UE-V service enabled and running.
+
+-   [Step 4: Test Your UE-V evaluation deployment](#step-4-test-your-ue-v-evaluation-deployment). Run a few tests on two computers with the UE-V service enabled to see how UE-V works and if it meets your organization’s needs.
+
+-   Step 5: Deploy UE-V for custom applications (optional). If you want to evaluate how your third-party and line-of-business applications work with UE-V, follow the steps in [Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md). Following this link takes you to another topic. Use your browser’s **Back** button to return to this topic.
+
+## Step 1: Confirm prerequisites
+
+Before you proceed, ensure that your environment meets the following requirements for running UE-V.
+
+| **Operating system**   | **Edition**  | **Service pack** | **System architecture** | **Windows PowerShell**           | **Microsoft .NET Framework** |
+|-------------------------|-------------|------------------|-------------------------|----------------------------------|------------------------------|
+| Windows 10, version 1607 | Windows 10 Enterprise         | NA                      | 32-bit or 64-bit        | Windows PowerShell 3.0 or higher | .NET Framework 4 or higher   |
+| Windows 8 and Windows 8.1 | Enterprise or Pro              | None                  | 32-bit or 64-bit        | Windows PowerShell 3.0 or higher | .NET Framework 4.5  |
+| Windows Server 2012 or Windows Server 2012 R2 | Standard or Datacenter    | None   | 64-bit                  | Windows PowerShell 3.0 or higher | .NET Framework 4.5 |
+
+## Step 2: Deploy the settings storage location
+
+You’ll need to deploy a settings storage location, a standard network share where user settings are stored in a settings package file. When you create the settings storage share, you should limit access to users that require it. For more information, see [Deploy a UE-V Settings Storage Location](uev-deploy-required-features.md#deploy-a-ue-v-settings-storage-location).
+
+**Create a network share**
+
+1.  Create a new security group and add UE-V users to it.
+
+2.  Create a new folder on the centrally located computer that stores the UE-V settings packages, and then grant the UE-V users access with group permissions to the folder. The administrator who supports UE-V must have permissions to this shared folder.
+
+3.  Assign UE-V users permission to create a directory when they connect. Grant full permission to all subdirectories of that directory, but block access to anything above.
+
+4.  Set the following share-level Server Message Block (SMB) permissions for the settings storage location folder.
+
+    | **User account**             | **Recommended permissions** |
+    |------------------------------|-----------------------------|
+    | Everyone                     | No permissions              |
+    | Security group of UE-V users | Full control                |
+
+5.  Set the following NTFS file system permissions for the settings storage location folder.
+
+    | **User account**             | **Recommended permissions**                       | **Folder**                |
+    |------------------------------|---------------------------------------------------|---------------------------|
+    | Creator/owner                | Full control                                      | Subfolders and files only |
+    | Security group of UE-V users | List folder/read data, create folders/append data | This folder only          |
+
+**Security Note**&nbsp;&nbsp;If you create the settings storage share on a computer running a Windows Server operating system, configure UE-V to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable this additional security, specify this setting in the Windows Server Registry Editor:
+
+1.  Add a **REG\_DWORD** registry key named **"RepositoryOwnerCheckEnabled"** to **HKEY\_LOCAL\_MACHINE\\Software\\Microsoft\\UEV\\Agent\\Configuration**.
+
+2.  Set the registry key value to *1*.
+
+## Step 3: Enable the UE-V service on user devices
+
+For evaluation purposes, enable the service on at least two devices that belong to the same user in your test environment.
+
+The UE-V service is the client-side component that captures user-personalized application and Windows settings and saves them in settings packages. Settings packages are built, locally stored, and copied to the settings storage location.
+
+Before enabling the UE-V service, you'll need to register the UE-V templates for first use. In a PowerShell window, type `register-TemplateName` where **TemplateName** is the name of the UE-V template you want to register, and press ENTER.
+
+With Windows 10, version 1607 and later, the UE-V service is installed on user devices when the operating system is installed. Enable the service to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell.
+
+**To enable the UE-V service with Group Policy**
+
+1.  Open the device’s **Group Policy Editor**.
+
+2.  Navigate to **Computer Configuration** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Microsoft** **User Experience Virtualization**.
+
+3.  Run **Enable UEV**.
+
+4.  Restart the device.
+
+**To enable the UE-V service with Windows PowerShell**
+
+1.  In a PowerShell window, type **Enable-UEV** and press ENTER.
+
+2.  Restart the device.
+
+3.  In a PowerShell window, type **Get-UEVStatus** and press ENTER to verify that the UE-V service was successfully enabled.
+
+## Step 4: Test your UE-V evaluation deployment
+
+You’re ready to run a few tests on your UE-V evaluation deployment to see how UE-V works.
+
+1.  On the first device (Computer A), make one or more of these changes:
+
+    -   Open Windows Desktop and move the taskbar to a different location in the window.
+
+    -   Change the default fonts.
+
+    -   Open Notepad and set format -&gt; word wrap **on**.
+
+    -   Change the behavior of any Windows application, as detailed in [Managing UE-V settings location templates using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).
+
+    -   Disable Microsoft Account settings synchronization and roaming profiles.
+
+2.  Log off Computer A. Settings are saved in a UE-V settings package when users lock, logoff, exit an application, or when the sync provider runs (every 30 minutes by default).
+
+3.  Log in to the second device (Computer B) as the same user as Computer A.
+
+4.  Open Windows Desktop and verify that the taskbar location matches that of Computer A. Verify that the default fonts match and that NotePad is set to **word wrap on**. Also verify the change you made to any Windows applications.
+
+5.  You can change the settings in Computer B back to the original Computer A settings. Then log off Computer B and log in to Computer A to verify the changes.
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Other resources for this feature
+
+-   [User Experience Virtualization overview](uev-for-windows.md)
+
+-   [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+
+-   [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
+
+-   [Administering UE-V ](uev-administering-uev.md)
+
+-   [Troubleshooting UE-V ](uev-troubleshooting.md)
+
+-   [Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/manage/uev-manage-administrative-backup-and-restore.md b/windows/manage/uev-manage-administrative-backup-and-restore.md
new file mode 100644
index 0000000000..4b70595e59
--- /dev/null
+++ b/windows/manage/uev-manage-administrative-backup-and-restore.md
@@ -0,0 +1,171 @@
+---
+title: Manage Administrative Backup and Restore in UE-V
+description: Manage Administrative Backup and Restore in UE-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Manage Administrative Backup and Restore in UE-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+As an administrator of User Experience Virtualization (UE-V), you can restore application and Windows settings to their original state. You can also restore additional settings when a user adopts a new device.
+
+## Restore Settings in UE-V when a User Adopts a New Device
+
+
+To restore settings when a user adopts a new device, you can put a settings location template in **backup** or **roam (default)** profile using the Set-UevTemplateProfile PowerShell cmdlet. This lets computer settings sync to the new computer, in addition to user settings. Templates assigned to the backup profile are backed up for that device and configured on a per-device basis. To backup settings for a template, use the following cmdlet in Windows PowerShell:
+
+``` syntax
+Set-UevTemplateProfile -ID <TemplateID> -Profile <backup>
+```
+
+-   &lt;TemplateID&gt; is the UE-V Template ID
+
+-   &lt;backup&gt; can either be Backup or Roaming
+
+When replacing a user’s device, UE-V automatically restores settings if the user’s domain, username, and device name all match. All synchronized and any backup data is restored on the device automatically.
+
+You can also use the Windows PowerShell cmdlet, Restore-UevBackup, to restore settings from a different device. To clone the settings packages for the new device, use the following cmdlet in Windows PowerShell:
+
+``` syntax
+Restore-UevBackup -Machine <MachineName>
+```
+
+where &lt;MachineName&gt; is the computer name of the device.
+
+Templates such as the Office 2013 template that include many applications can either all be included in the roamed (default) or backed up profile. Individual apps in a template suite follow the group. Office 2013 in-box templates include both roaming and backup-only settings. Backup-only settings cannot be included in a roaming profile.
+
+As part of the Backup/Restore feature, UE-V added **last known good (LKG)** to the options for rolling back to settings. In this release, you can roll back to either the original settings or LKG settings. The LKG settings let users roll back to an intermediate and stable point ahead of the pre-UE-V state of the settings.
+
+### How to Backup/Restore Templates with UE-V
+
+These are the key backup and restore components of UE-V:
+
+-   Template profiles
+
+-   Settings packages location within the Settings Storage Location template
+
+-   Backup trigger
+
+-   How settings are restored
+
+**Template Profiles**
+
+A UE-V template profile is defined when the template is registered on the device or post registration through the PowerShell/WMI configuration utility. The profile types include:
+
+-   Roaming (default)
+
+-   Backup
+
+-   BackupOnly
+
+All templates are included in the roaming profile when registered unless otherwise specified. These templates synchronize settings to all UE-V enabled devices with the corresponding template enabled.
+
+Templates can be added to the Backup Profile with PowerShell or WMI using the Set-UevTemplateProfile cmdlet. Templates in the Backup Profile back up these settings to the Settings Storage Location in a special Device name directory. Specified settings are backed up to this location.
+
+Templates designated BackupOnly include settings specific to that device that should not be synchronized unless explicitly restored. These settings are stored in the same device-specific settings package location on the settings storage location as the Backedup Settings. These templates have a special identifier embedded in the template that specifies they should be part of this profile.
+
+**Settings packages location within the Settings Storage Location template**
+
+Roaming Profile settings are stored on the settings storage location. Templates assigned to the Backup or the BackupOnly profile store their settings to the Settings Storage Location in a special Device name directory. Each device with templates in these profiles has its own device name. UE-V does not clean up these directories.
+
+**Backup trigger**
+
+Backup is triggered by the same events that trigger a UE-V synchronization.
+
+**How settings are restored**
+
+Restoring a user’s device restores the currently registered Template’s settings from another device’s backup folder and all synchronized settings to the current machine. Settings are restored in these two ways:
+
+-   **Automatic restore**
+
+    If the user’s UE-V settings storage path, domain, and Computer name match the current user then all of the settings for that user are synchronized, with only the latest settings applied. If a user logs on to a new device for the first time and these criteria are met, the settings data is applied to that device.
+
+    **Note**  
+    Accessibility and Windows Desktop settings require the user to re-logon to Windows to be applied.
+
+     
+
+-   **Manual Restore**
+
+    If you want to assist users by restoring a device during a refresh, you can choose to use the Restore-UevBackup cmdlet. This command ensures that the user’s current settings become the current state on the Settings Storage Location.
+
+## Restore Application and Windows Settings to Original State
+
+
+WMI and Windows PowerShell commands let you restore application and Windows settings to the settings values that were on the computer the first time that the application started after the UE-V service was enabled. This restoring action is performed on a per-application or Windows settings basis. The settings are restored the next time that the application runs, or the settings are restored when the user logs on to the operating system.
+
+**To restore application settings and Windows settings with Windows PowerShell for UE-V**
+
+1.  Open the Windows PowerShell window.
+
+2.  Enter the following Windows PowerShell cmdlet to restore the application settings and Windows settings.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left"><strong>Windows PowerShell cmdlet</strong></th>
+    <th align="left"><strong>Description</strong></th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p><code>Restore-UevUserSetting -&lt;TemplateID&gt;</code></p></td>
+    <td align="left"><p>Restores the user settings for an application or restores a group of Windows settings.</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+**To restore application settings and Windows settings with WMI**
+
+1.  Open a Windows PowerShell window.
+
+2.  Enter the following WMI command to restore application settings and Windows settings.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left"><strong>WMI command</strong></th>
+    <th align="left"><strong>Description</strong></th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name RestoreByTemplateId -ArgumentList &lt;template_ID&gt;</code></p></td>
+    <td align="left"><p>Restores the user settings for an application or restores a group of Windows settings.</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+    **Note**  
+    UE-V does not provide a settings rollback for Windows apps.
+
+     
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+[Administering UE-V with Windows PowerShell and WMI](uev-administering-uev-with-windows-powershell-and-wmi.md)
+
+[Administering UE-V](uev-administering-uev.md)
diff --git a/windows/manage/uev-manage-configurations.md b/windows/manage/uev-manage-configurations.md
new file mode 100644
index 0000000000..81dbad3d82
--- /dev/null
+++ b/windows/manage/uev-manage-configurations.md
@@ -0,0 +1,69 @@
+---
+title: Manage Configurations for UE-V
+description: Manage Configurations for UE-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Manage Configurations for UE-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+In the course of the User Experience Virtualization (UE-V) lifecycle, you have to manage the configuration of the UE-V service and also manage storage locations for resources such as settings package files. The following topics provide guidance for managing these UE-V resources.
+
+## Configuring UE-V by using Group Policy Objects
+
+You can use Group Policy Objects to modify the settings that define how UE-V synchronizes settings on computers.
+
+[Configuring UE-V with Group Policy Objects](uev-configuring-uev-with-group-policy-objects.md)
+
+## Configuring UE-V with System Center Configuration Manager
+
+You can use System Center Configuration Manager to manage the UE-V service by using the UE-V Configuration Pack.
+
+[Configuring UE-V with System Center Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md)
+
+## Administering UE-V with PowerShell and WMI
+
+UE-V provides Windows PowerShell cmdlets, which can help administrators perform various UE-V tasks.
+
+[Administering UE-V with Windows PowerShell and WMI](uev-administering-uev-with-windows-powershell-and-wmi.md)
+
+## Examples of configuration settings for UE-V
+
+Here are some examples of UE-V configuration settings:
+
+-   **Settings Storage Path:** Specifies the location of the file share that stores the UE-V settings.
+
+-   **Settings Template Catalog Path:** Specifies the Universal Naming Convention (UNC) path that defines the location that was checked for new settings location templates.
+
+-   **Register Microsoft Templates:** Specifies whether the default Microsoft templates should be registered during installation.
+
+-   **Synchronization Method:** Specifies whether UE-V uses the sync provider or "none". The "SyncProvider" supports computers that are disconnected from the network. "None" applies when the computer is always connected to the network. For more information about the Sync Method, see [Sync Methods for UE-V](uev-sync-methods.md).
+
+-   **Synchronization Timeout:** Specifies the number of milliseconds that the computer waits before time-out when it retrieves the user settings from the settings storage location.
+
+-   **Synchronization Enable:** Specifies whether the UE-V settings synchronization is enabled or disabled.
+
+-   **Maximum Package Size:** Specifies a settings package file threshold size in bytes at which the UE-V service reports a warning.
+
+-   **Don’t Sync Windows App Settings:** Specifies that UE-V should not synchronize Windows apps.
+
+-   **Enable/Disable First Use Notification:** Specifies whether UE-V displays a dialog box the first time that the UE-V service runs on a user’s computer.
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+[Administering UE-V](uev-administering-uev.md)
+
+[Deploy Required UE-V Features](uev-deploy-required-features.md)
+
+[Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md)
diff --git a/windows/manage/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md b/windows/manage/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
new file mode 100644
index 0000000000..590e4d58c3
--- /dev/null
+++ b/windows/manage/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
@@ -0,0 +1,342 @@
+---
+title: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
+description: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
+
+**Applies to**
+-   Windows 10, version 1607
+
+User Experience Virtualization (UE-V) uses XML settings location templates to define the settings that User Experience Virtualization captures and applies. UE-V includes a set of standard settings location templates. It also includes the UE-V template generator tool that enables you to create custom settings location templates. After you create and deploy settings location templates, you can manage those templates by using Windows PowerShell and the Windows Management Instrumentation (WMI). 
+
+> **Note**&nbsp;&nbsp;For a complete list of UE-V cmdlets, see [User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx).
+
+## Manage UE-V settings location templates by using Windows PowerShell
+
+The WMI and Windows PowerShell features of UE-V include the ability to enable, disable, register, update, and unregister settings location templates. By using these features, you can automate the process of registering, updating, or unregistering templates with the UE-V service. You can also manually register templates by using WMI and Windows PowerShell commands. By using these features in conjunction with an electronic software distribution solution, Group Policy, or another automated deployment method such as a script, you can further automate that process.
+
+You must have administrator permissions to update, register, or unregister a settings location template. Administrator permissions are not required to enable, disable, or list templates.
+
+****To manage settings location templates by using Windows PowerShell****
+
+1.  Use an account with administrator rights to open a Windows PowerShell command prompt.
+
+2.  Use the following Windows PowerShell cmdlets to register and manage the UE-V settings location templates.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">Windows PowerShell command</th>
+    <th align="left">Description</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p><code>Get-UevTemplate</code></p></td>
+    <td align="left"><p>Lists all the settings location templates that are registered on the computer.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Get-UevTemplate -Application &lt;string&gt;</code></p></td>
+    <td align="left"><p>Lists all the settings location templates that are registered on the computer where the application name or template name contains &lt;string&gt;.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Get-UevTemplate -TemplateID &lt;string&gt;</code></p></td>
+    <td align="left"><p>Lists all the settings location templates that are registered on the computer where the template ID contains &lt;string&gt;.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Get-UevTemplate [-ApplicationOrTemplateID] &lt;string&gt;</code></p></td>
+    <td align="left"><p>Lists all the settings location templates that are registered on the computer where the application or template name, or template ID contains &lt;string&gt;.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Get-UevTemplateProgram [-ID] &lt;template ID&gt;</code></p></td>
+    <td align="left"><p>Gets the name of the program and version information, which depend on the template ID.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Get-UevAppXPackage</code></p></td>
+    <td align="left"><p>Gets the effective list of Windows apps.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Get-UevAppXPackage -Computer</code></p></td>
+    <td align="left"><p>Gets the list of Windows apps that are configured for the computer.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Get-UevAppXPackage -CurrentComputerUser</code></p></td>
+    <td align="left"><p>Gets the list of Windows apps that are configured for the current user.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Register-UevTemplate [-Path] &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
+    <td align="left"><p>Registers one or more settings location template with UE-V by using relative paths and/or wildcard characters in file paths. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Register-UevTemplate -LiteralPath &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
+    <td align="left"><p>Registers one or more settings location template with UE-V by using literal paths, where no characters can be interpreted as wildcard characters. After a template is registered, UE-V synchronizes the settings that are defined in the template between computers that have the template registered.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Unregister-UevTemplate [-ID] &lt;template ID&gt;</code></p></td>
+    <td align="left"><p>Unregisters a settings location template with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Unregister-UevTemplate -All</code></p></td>
+    <td align="left"><p>Unregisters all settings location templates with UE-V. When a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Update-UevTemplate [-Path] &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
+    <td align="left"><p>Updates one or more settings location templates with a more recent version of the template. Use relative paths and/or wildcard characters in the file paths. The new template should be a newer version than the existing template.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Update-UevTemplate -LiteralPath &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
+    <td align="left"><p>Updates one or more settings location templates with a more recent version of the template. Use full paths to template files, where no characters can be interpreted as wildcard characters. The new template should be a newer version than the existing template.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Clear-UevAppXPackage -Computer [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
+    <td align="left"><p>Removes one or more Windows apps from the computer Windows app list.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Clear-UevAppXPackage -CurrentComputerUser</code></p></td>
+    <td align="left"><p>Removes Windows app from the current user Windows app list.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Clear-UevAppXPackage -Computer -All</code></p></td>
+    <td align="left"><p>Removes all Windows apps from the computer Windows app list.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Clear-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
+    <td align="left"><p>Removes one or more Windows apps from the current user Windows app list.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Clear-UevAppXPackage [-CurrentComputerUser] -All</code></p></td>
+    <td align="left"><p>Removes all Windows apps from the current user Windows app list.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Disable-UevTemplate [-ID] &lt;template ID&gt;</code></p></td>
+    <td align="left"><p>Disables a settings location template for the current user of the computer.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Disable-UevAppXPackage -Computer [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
+    <td align="left"><p>Disables one or more Windows apps in the computer Windows app list.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Disable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
+    <td align="left"><p>Disables one or more Windows apps in the current user Windows app list.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Enable-UevTemplate [-ID] &lt;template ID&gt;</code></p></td>
+    <td align="left"><p>Enables a settings location template for the current user of the computer.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Enable-UevAppXPackage -Computer [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
+    <td align="left"><p>Enables one or more Windows apps in the computer Windows app list.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Enable-UevAppXPackage [-CurrentComputerUser] [-PackageFamilyName] &lt;package family name&gt;[,&lt;package family name&gt;]</code></p></td>
+    <td align="left"><p>Enables one or more Windows apps in the current user Windows app list.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Test-UevTemplate [-Path] &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
+    <td align="left"><p>Determines whether one or more settings location templates comply with its XML schema. Can use relative paths and wildcard characters.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Test-UevTemplate -LiteralPath &lt;template file path&gt;[,&lt;template file path&gt;]</code></p></td>
+    <td align="left"><p>Determines whether one or more settings location templates comply with its XML schema. The path must be a full path to the template file, but does not include wildcard characters.</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+The UE-V Windows PowerShell features enable you to manage a group of settings templates that are deployed in your enterprise. Use the following procedure to manage a group of templates by using Windows PowerShell.
+
+**To manage a group of settings location templates by using Windows PowerShell**
+
+1.  Modify or update the desired settings location templates.
+
+2.  If you want to modify or update the settings location templates, deploy those settings location templates to a folder that is accessible to the local computer.
+
+3.  On the local computer, open a Windows PowerShell window with administrator rights.
+
+4.  Unregister all the previously registered versions of the templates by typing the following command.
+
+    ``` syntax
+    Unregister-UevTemplate -All
+    ```
+
+    This command unregisters all active templates on the computer.
+
+5.  Register the updated templates by typing the following command.
+
+    ``` syntax
+    Register-UevTemplate <path to template folder>\*.xml
+    ```
+
+    This command registers all of the settings location templates that are located in the specified template folder.
+
+### <a href="" id="win8applist"></a>Windows app list
+
+By listing a Windows app in the Windows app list, you specify whether that app is enabled or disabled for settings synchronization. Apps are identified in the list by their Package Family name and whether settings synchronization should be enabled or disabled for that app. When you use these settings along with the Unlisted Default Sync Behavior setting, you can control whether Windows apps are synchronized.
+
+To display the Package Family Name of installed Windows apps, at a Windows PowerShell command prompt, enter:
+
+``` syntax
+Get-AppxPackage | Sort-Object PackageFamilyName | Format-Table PackageFamilyName
+```
+
+To display a list of Windows apps that can synchronize settings on a computer with their package family name, enabled status, and enabled source, at a Windows PowerShell command prompt, enter: `Get-UevAppxPackage`
+
+**Definitions of Get-UevAppxPackage properties**
+
+<a href="" id="packagefamilyname"></a>**PackageFamilyName**  
+The name of the package that is installed for the current user.
+
+<a href="" id="enabled"></a>**Enabled**  
+Defines whether the settings for the app are configured to synchronize.
+
+<a href="" id="enabledsource"></a>**EnabledSource**  
+The location where the configuration that enables or disables the app is set. Possible values are: *NotSet*, *LocalMachine*, *LocalUser*, *PolicyMachine*, and *PolicyUser*.
+
+<a href="" id="notset"></a>**NotSet**  
+The policy is not configured to synchronize this app.
+
+<a href="" id="localmachine"></a>**LocalMachine**  
+The enabled state is set in the local computer section of the registry.
+
+<a href="" id="localuser"></a>**LocalUser**  
+The enabled state is set in the current user section of the registry.
+
+<a href="" id="policymachine"></a>**PolicyMachine**  
+The enabled state is set in the policy section of the local computer section of the registry.
+
+To get the user-configured list of Windows apps, at the Windows PowerShell command prompt, enter: `Get-UevAppxPackage -CurrentComputerUser`
+
+To get the computer-configured list of Windows apps, at the Windows PowerShell command prompt, enter: `Get-UevAppxPackage -Computer`
+
+For either parameter, CurrentComputerUser or Computer, the cmdlet returns a list of the Windows apps that are configured at the user or at the computer level.
+
+**Definitions of properties**
+
+<a href="" id="packagefamilyname"></a>**PackageFamilyName**  
+The name of the package that is installed for the current user.
+
+<a href="" id="enabled"></a>**Enabled**  
+Defines whether the settings for the app are configured to synchronize for the specified switch, that is, **user** or **computer**.
+
+<a href="" id="installed"></a>**Installed**  
+True if the app, that is, the PackageFamilyName is installed for the current user.
+
+### Manage UE-V settings location templates by using WMI
+
+User Experience Virtualization provides the following set of WMI commands. Administrators can use these interfaces to manage settings location templates from Windows PowerShell and automate template administrative tasks.
+
+**To manage settings location templates by using WMI**
+
+1.  Use an account with administrator rights to open a Windows PowerShell window.
+
+2.  Use the following WMI commands to register and manage the UE-V settings location templates.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left"><code>                         Windows PowerShell command</code></th>
+    <th align="left">Description</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\UEV SettingsLocationTemplate | Select-Object TemplateId,TemplateName, TemplateVersion,Enabled | Format-Table -Autosize</code></p></td>
+    <td align="left"><p>Lists all the settings location templates that are registered for the computer.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name GetProcessInfoByTemplateId &lt;template Id&gt;</code></p></td>
+    <td align="left"><p>Gets the name of the program and version information, which depends on the template name.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\UEV EffectiveWindows8App</code></p></td>
+    <td align="left"><p>Gets the effective list of Windows apps.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Get-WmiObject -Namespace root\Microsoft\UEV MachineConfiguredWindows8App</p></td>
+    <td align="left"><p>Gets the list of Windows apps that are configured for the computer.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguredWindows8App</code></p></td>
+    <td align="left"><p>Gets the list of Windows apps that are configured for the current user.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Register -ArgumentList &lt;template path &gt;</code></p></td>
+    <td align="left"><p>Registers a settings location template with UE-V.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name UnregisterByTemplateId -ArgumentList &lt;template ID&gt;</code></p></td>
+    <td align="left"><p>Unregisters a settings location template with UE-V. As soon as a template is unregistered, UE-V no longer synchronizes the settings that are defined in the template between computers.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Update -ArgumentList &lt;template path&gt;</code></p></td>
+    <td align="left"><p>Updates a settings location template with UE-V. The new template should be a newer version than the existing one.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name RemoveApp -ArgumentList &lt;package family name | package family name&gt;</code></p></td>
+    <td align="left"><p>Removes one or more Windows apps from the computer Windows app list.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name RemoveApp -ArgumentList &lt;package family name | package family name&gt;</code></p></td>
+    <td align="left"><p>Removes one or more Windows apps from the current user Windows app list.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name DisableByTemplateId -ArgumentList &lt;template ID&gt;</code></p></td>
+    <td align="left"><p>Disables one or more settings location templates with UE-V.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name DisableApp -ArgumentList &lt;package family name | package family name&gt;</code></p></td>
+    <td align="left"><p>Disables one or more Windows apps in the computer Windows app list.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name DisableApp -ArgumentList &lt;package family name | package family name&gt;</code></p></td>
+    <td align="left"><p>Disables one or more Windows apps in the current user Windows app list.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name EnableByTemplateId -ArgumentList &lt;template ID&gt;</code></p></td>
+    <td align="left"><p>Enables a settings location template with UE-V.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class MachineConfiguredWindows8App -Name EnableApp -ArgumentList &lt;package family name | package family name&gt;</code></p></td>
+    <td align="left"><p>Enables Windows apps in the computer Windows app list.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserConfiguredWindows8App -Name EnableApp -ArgumentList &lt;package family name | package family name&gt;</code></p></td>
+    <td align="left"><p>Enables Windows apps in the current user Windows app list.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name Validate -ArgumentList &lt;template path&gt;</code></p></td>
+    <td align="left"><p>Determines whether a given settings location template complies with its XML schema.</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+**Note**  
+Where a list of Package Family Names is called by the WMI command, the list must be in quotes and separated by a pipe symbol, for example, `"<package family name | package family name>"`.
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+[Administering UE-V with Windows PowerShell and WMI](uev-administering-uev-with-windows-powershell-and-wmi.md)
+
+[Administering UE-V](uev-administering-uev.md)
+
+[User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx)
diff --git a/windows/manage/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md b/windows/manage/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
new file mode 100644
index 0000000000..eeb54e2454
--- /dev/null
+++ b/windows/manage/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
@@ -0,0 +1,355 @@
+---
+title: Managing the UE-V Service and Packages with Windows PowerShell and WMI
+description: Managing the UE-V service and packages with Windows PowerShell and WMI
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Managing the UE-V service and packages with Windows PowerShell and WMI
+
+**Applies to**
+-   Windows 10, version 1607
+
+You can use Windows Management Instrumentation (WMI) and Windows PowerShell to manage User Experience Virtualization (UE-V) service configuration and synchronization behavior. 
+
+>**Note**&nbsp;&nbsp;For a complete list of UE-V cmdlets, see [User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx).
+
+
+## To configure the UE-V service with Windows PowerShell
+
+1.  Open a Windows PowerShell window. To manage computer settings that affect all users of the computer by using the *Computer* parameter, open the window with an account that has administrator rights.
+
+2.  Use the following Windows PowerShell commands to configure the service.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">Windows PowerShell command</th>
+    <th align="left">Description</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p><code>Enable-UEV</code></p>
+    <p></p></td>
+    <td align="left"><p>Turns on the UE-V service. Requires reboot.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Disable-UEV</code></p></td>
+    <td align="left"><p>Turns off the UE-V service. Requires reboot.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Get-UevStatus</code></p></td>
+    <td align="left"><p>Displays whether UE-V service is enabled or disabled, using a Boolean value.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Get-UevConfiguration</code></p>
+    <p></p></td>
+    <td align="left"><p>Gets the effective UE-V service settings. User-specific settings have precedence over the computer settings.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Get-UevConfiguration -CurrentComputerUser</code></p>
+    <p></p></td>
+    <td align="left"><p>Gets the UE-V service settings values for the current user only.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Get-UevConfiguration -Computer</code></p></td>
+    <td align="left"><p>Gets the UE-V service configuration settings values for all users on the computer.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Get-UevConfiguration -Details</code></p></td>
+    <td align="left"><p>Gets the details for each configuration setting. Displays where the setting is configured or if it uses the default value. Is displayed if the current setting is valid.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Set-UevConfiguration -Computer -EnableDontSyncWindows8AppSettings</code></p></td>
+    <td align="left"><p>Configures the UE-V service to not synchronize any Windows apps for all users on the computer.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -EnableDontSyncWindows8AppSettings</code></p></td>
+    <td align="left"><p>Configures the UE-V service to not synchronize any Windows apps for the current computer user.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Set-UevConfiguration -Computer -EnableFirstUseNotification</code></p></td>
+    <td align="left"><p>Configures the UE-V service to display notification the first time the service runs for all users on the computer.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Set-UevConfiguration -Computer -DisableFirstUseNotification</code></p></td>
+    <td align="left"><p>Configures the UE-V service to not display notification the first time that the service runs for all users on the computer.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Set-UevConfiguration -Computer -EnableSettingsImportNotify</code></p></td>
+    <td align="left"><p>Configures the UE-V service to notify all users on the computer when settings synchronization is delayed.</p>
+    <p>Use the <em>DisableSettingsImportNotify</em> parameter to disable notification.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -EnableSettingsImportNotify</code></p></td>
+    <td align="left"><p>Configures the UE-V service to notify the current user when settings synchronization is delayed.</p>
+    <p>Use the <em>DisableSettingsImportNotify</em> parameter to disable notification.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Set-UevConfiguration -Computer -EnableSyncUnlistedWindows8Apps</code></p></td>
+    <td align="left"><p>Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for all users of the computer. For more information, see &quot;Get-UevAppxPackage&quot; in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).</p>
+    <p>Use the <em>DisableSyncUnlistedWindows8Apps</em> parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser - EnableSyncUnlistedWindows8Apps</code></p></td>
+    <td align="left"><p>Configures the UE-V service to synchronize all Windows apps that are not explicitly disabled by the Windows app list for the current user on the computer. For more information, see &quot;Get-UevAppxPackage&quot; in [Managing UE-V Settings Location Templates Using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).</p>
+    <p>Use the <em>DisableSyncUnlistedWindows8Apps</em> parameter to configure the UE-V service to synchronize only Windows apps that are explicitly enabled by the Windows App List.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Set-UevConfiguration -Computer -DisableSync</code></p></td>
+    <td align="left"><p>Disables UE-V for all the users on the computer.</p>
+    <p>Use the <em>EnableSync</em> parameter to enable or re-enable.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -DisableSync</code></p></td>
+    <td align="left"><p>Disables UE-V for the current user on the computer.</p>
+    <p>Use the <em>EnableSync</em> parameter to enable or re-enable.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Set-UevConfiguration -Computer -EnableTrayIcon</code></p></td>
+    <td align="left"><p>Enables the UE-V icon in the notification area for all users of the computer.</p>
+    <p>Use the <em>DisableTrayIcon</em> parameter to disable the icon.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Set-UevConfiguration -Computer -MaxPackageSizeInBytes &lt;size in bytes&gt;</code></p></td>
+    <td align="left"><p>Configures the UE-V service to report when a settings package file size reaches the defined threshold for all users on the computer. Sets the threshold package size in bytes.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -MaxPackageSizeInBytes &lt;size in bytes&gt;</code></p></td>
+    <td align="left"><p>Configures the UE-V service to report when a settings package file size reaches the defined threshold. Sets the package size warning threshold for the current user.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Set-UevConfiguration -Computer -SettingsImportNotifyDelayInSeconds</code></p></td>
+    <td align="left"><p>Specifies the time in seconds before the user is notified for all users of the computer</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -SettingsImportNotifyDelayInSeconds</code></p></td>
+    <td align="left"><p>Specifies the time in seconds before notification for the current user is sent.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Set-UevConfiguration -Computer -SettingsStoragePath &lt;path to _settings_storage_location&gt;</code></p></td>
+    <td align="left"><p>Defines a per-computer settings storage location for all users of the computer.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -SettingsStoragePath &lt;path to _settings_storage_location&gt;</code></p></td>
+    <td align="left"><p>Defines a per-user settings storage location.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Set-UevConfiguration -Computer -SettingsTemplateCatalogPath &lt;path to catalog&gt;</code></p></td>
+    <td align="left"><p>Sets the settings template catalog path for all users of the computer.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Set-UevConfiguration -Computer -SyncMethod &lt;sync method&gt;</code></p></td>
+    <td align="left"><p>Sets the synchronization method for all users of the computer: SyncProvider or None.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser  -SyncMethod &lt;sync method&gt;</code></p></td>
+    <td align="left"><p>Sets the synchronization method for the current user: SyncProvider or None.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Set-UevConfiguration -Computer -SyncTimeoutInMilliseconds &lt;timeout in milliseconds&gt;</code></p></td>
+    <td align="left"><p>Sets the synchronization time-out in milliseconds for all users of the computer</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Set-UevConfiguration -CurrentComputerUser -SyncTimeoutInMilliseconds &lt;timeout in milliseconds&gt;</code></p></td>
+    <td align="left"><p>Set the synchronization time-out for the current user.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Clear-UevConfiguration -Computer -&lt;setting name&gt;</code></p></td>
+    <td align="left"><p>Clears the specified setting for all users on the computer.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Clear-UevConfiguration -CurrentComputerUser -&lt;setting name&gt;</code></p></td>
+    <td align="left"><p>Clears the specified setting for the current user only.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Export-UevConfiguration &lt;settings migration file&gt;</code></p></td>
+    <td align="left"><p>Exports the UE-V computer configuration to a settings migration file. The file name extension must be .uev.</p>
+    <p>The <code>Export</code> cmdlet exports all UE-V service settings that are configurable with the <em>Computer</em> parameter.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Import-UevConfiguration &lt;settings migration file&gt;</code></p></td>
+    <td align="left"><p>Imports the UE-V computer configuration from a settings migration file. The file name extension must be .uev.</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+     
+
+## To export UE-V package settings and repair UE-V templates with Windows PowerShell
+
+1.  Open a Windows PowerShell window as an administrator.
+
+2.  Use the following Windows PowerShell commands to configure the service.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p><strong>Windows PowerShell command</strong></p></td>
+    <td align="left"><p><strong>Description</strong></p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Export-UevPackage MicrosoftNotepad.pkgx</code></p></td>
+    <td align="left"><p>Extracts the settings from a Microsoft Notepad package file and converts them into a human-readable format in XML.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Repair-UevTemplateIndex</code></p></td>
+    <td align="left"><p>Repairs the index of the UE-V settings location templates.</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+## To configure the UE-V service with WMI
+
+1.  User Experience Virtualization provides the following set of WMI commands. Administrators can use this interface to configure the UE-V service at the command line and automate typical configuration tasks.
+
+    Use an account with administrator rights to open a Windows PowerShell window.
+
+2.  Use the following WMI commands to configure the service.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left"><code>Windows PowerShell command</code></th>
+    <th align="left">Description</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\UEV Configuration</code></p>
+    <p></p></td>
+    <td align="left"><p>Displays the active UE-V service settings. User-specific settings have precedence over the computer settings.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration</code></p></td>
+    <td align="left"><p>Displays the UE-V service configuration that is defined for a user.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p></td>
+    <td align="left"><p>Displays the UE-V service configuration that is defined for a computer.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Get-WmiObject -Namespace root\Microsoft\Uev ConfigurationItem</code></p></td>
+    <td align="left"><p>Displays the details for each configuration item.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
+    <p><code>$config.SettingsStoragePath = &lt;path_to_settings_storage_location&gt;</code></p>
+    <p>$config.Put()</p></td>
+    <td align="left"><p>Defines a per-computer settings storage location.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV UserConfiguration</code></p>
+    <p><code>$config.SettingsStoragePath = &lt;path_to_settings_storage_location&gt;</code></p>
+    <p><code>$config.Put()</code></p></td>
+    <td align="left"><p>Defines a per-user settings storage location.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
+    <p><code>$config.SyncTimeoutInMilliseconds = &lt;timeout_in_milliseconds&gt;</code></p>
+    <p><code>$config.Put()</code></p></td>
+    <td align="left"><p>Sets the synchronization time-out in milliseconds for all users of the computer.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
+    <p><code>$config.MaxPackageSizeInBytes = &lt;size_in_bytes&gt;</code></p>
+    <p><code>$config.Put()</code></p></td>
+    <td align="left"><p>Configures the UE-V service to report when a settings package file size reaches a defined threshold. Set the threshold package file size in bytes for all users of the computer.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
+    <p><code>$config.SyncMethod = &lt;sync_method&gt;</code></p>
+    <p><code>$config.Put()</code></p></td>
+    <td align="left"><p>Sets the synchronization method for all users of the computer: SyncProvider or None.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
+    <p><code>$config.&lt;setting name&gt; = $true</code></p>
+    <p><code>$config.Put()</code></p></td>
+    <td align="left"><p>To enable a specific per-computer setting, clear the setting, and use <em>$null</em> as the setting value. Use UserConfiguration for per-user settings.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
+    <p><code>$config.&lt;setting name&gt; = $false</code></p>
+    <p><code>$config.Put()</code></p></td>
+    <td align="left"><p>To disable a specific per-computer setting, clear the setting, and use <em>$null</em> as the setting value. Use User Configuration for per-user settings.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
+    <p><code>$config.&lt;setting name&gt; = &lt;setting value&gt;</code></p>
+    <p><code>$config.Put()</code></p></td>
+    <td align="left"><p>Updates a specific per-computer setting. To clear the setting, use <em>$null</em> as the setting value.</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p><code>$config = Get-WmiObject -Namespace root\Microsoft\UEV ComputerConfiguration</code></p>
+    <p><code></code>$config.&lt;setting name&gt; = &lt;setting value&gt;</p>
+    <p><code>$config.Put()</code></p></td>
+    <td align="left"><p>Updates a specific per-user setting for all users of the computer. To clear the setting, use <em>$null</em> as the setting value.</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+When you are finished configuring the UE-V service with WMI and Windows PowerShell, the defined configuration is stored in the registry in the following locations.
+
+`\HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\UEV\Agent\Configuration`
+
+`\HKEY_CURRENT_USER\SOFTWARE\Microsoft\UEV\Agent\Configuration`
+
+## To export UE-V package settings and repair UE-V templates by using WMI
+
+1.  UE-V provides the following set of WMI commands. Administrators can use this interface to export a package or repair UE-V templates.
+
+2.  Use the following WMI commands.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">WMI command</th>
+    <th align="left">Description</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class UserSettings -Name ExportPackage -ArgumentList &lt;package name&gt;</code></p></td>
+    <td align="left"><p>Extracts the settings from a package file and converts them into a human-readable format in XML.</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p><code>Invoke-WmiMethod -Namespace root\Microsoft\UEV -Class SettingsLocationTemplate -Name RebuildIndex</code></p></td>
+    <td align="left"><p>Repairs the index of the UE-V settings location templates. Must be run as administrator.</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+   
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+[Administering UE-V with Windows PowerShell and WMI](uev-administering-uev-with-windows-powershell-and-wmi.md)
+
+[Administering UE-V](uev-administering-uev.md)
+
+[User Experience Virtualization in Windows PowerShell](https://technet.microsoft.com/library/mt772286.aspx)
diff --git a/windows/manage/uev-migrating-settings-packages.md b/windows/manage/uev-migrating-settings-packages.md
new file mode 100644
index 0000000000..85bb7a71b0
--- /dev/null
+++ b/windows/manage/uev-migrating-settings-packages.md
@@ -0,0 +1,53 @@
+---
+title: Migrating UE-V settings packages
+description: Migrating UE-V settings packages
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Migrating UE-V settings packages
+
+**Applies to**
+-   Windows 10, version 1607
+
+In the lifecycle of a User Experience Virtualization (UE-V) deployment, you might have to relocate the user settings packages either when you migrate to a new server or when you perform backups. Settings packages might have to be migrated in the following scenarios:
+
+-   Upgrade of existing server hardware to a more modern server
+
+-   Migration of a settings storage location share from a test server to a production server
+
+Simply copying the files and folders does not preserve the security settings and permissions. The following steps describe how to correctly copy the settings package along with their NTFS file system permissions to a new share.
+
+**To preserve UE-V settings packages when you migrate to a new server**
+
+1.  In a new location on a different server, create a new folder, for example, MySettings.
+
+2.  Disable sharing for the old folder share on the old server.
+
+3.  To copy the existing settings packages to the new server with Robocopy
+
+    ``` syntax
+    C:\start robocopy "\\servername\E$\MySettings" "\\servername\E$\MySettings" /b /sec /secfix /e /LOG:D:\Robocopylogs\MySettings.txt
+    ```
+
+    **Note**  
+    To monitor the copy progress, open MySettings.txt with a log viewer such as Trace32.
+
+     
+
+4.  Grant share-level permissions to the new share. Leave the NTFS file system permissions as they were set by Robocopy.
+
+    On computers on which the UE-V service is enabled, update the **SettingsStoragePath** configuration setting to the Universal Naming Convention (UNC) path of the new share.
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+[Administering UE-V](uev-administering-uev.md)
+
diff --git a/windows/manage/uev-prepare-for-deployment.md b/windows/manage/uev-prepare-for-deployment.md
new file mode 100644
index 0000000000..0fa6f10ff2
--- /dev/null
+++ b/windows/manage/uev-prepare-for-deployment.md
@@ -0,0 +1,406 @@
+---
+title: Prepare a UE-V Deployment
+description: Prepare a UE-V Deployment
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Prepare a UE-V Deployment
+
+**Applies to**
+-   Windows 10, version 1607
+
+Before you deploy User Experience Virtualization (UE-V), review this topic for important information about the type of deployment you’re planning and for preparations you can make beforehand so that your deployment is successful. If you leave this page, be sure to come back and read through the planning information in this topic.
+
+## Plan your UE-V deployment
+
+With UE-V, you can synchronize user-defined application and operating system settings across all the devices that a user works from. Use UE-V to synchronize settings for Windows applications and custom applications, such as third-party and line of business applications. 
+
+Whether you want to synchronize settings for only default Windows applications or for both Windows and custom applications, you’ll need to first deploy the features required to use UE-V.  
+
+[Deploy required UE-V features](uev-deploy-required-features.md)
+
+-   [Define a settings storage location](uev-deploy-required-features.md#ssl)
+
+-   [Decide how to manage UE-V configurations](#config)
+
+-   [Enable the UE-V service](uev-deploy-required-features.md#enable-the-ue-v-service) on user computers
+
+If you want to use UE-V to synchronize user-defined settings for custom applications (third-party or line-of-business), you’ll need to install and configure these optional additional UE-V features:
+
+[Deploy UE-V for custom applications](uev-deploy-uev-for-custom-applications.md)
+
+- [Install the UE-V template generator](uev-deploy-uev-for-custom-applications.md#install-the-uev-template-generator) so you can create, edit, and validate the custom settings location templates required to synchronize custom application settings
+
+- [Create custom settings location templates](uev-deploy-uev-for-custom-applications.md#createcustomtemplates) with the UE-V template generator
+
+- [Deploy a UE-V settings template catalog](uev-deploy-uev-for-custom-applications.md#deploycatalogue) to store your custom settings location templates
+
+The workflow diagram below illustrates a typical UE-V deployment and the decisions you need to be prepared to make.
+
+![UE-V deployment preparation](images/uev-deployment-preparation.png)
+
+<!-- PRESERVING ^ORIGINAL IMAGE CODING JUST IN CASE
+<img src="media/image1.png" width="446" height="362" />
+-->
+
+### Planning a UE-V deployment 
+
+Review the following topics to determine which UE-V components you’ll be deploying.
+
+-   [Decide whether to synchronize settings for custom applications](#decide-whether-to-synchronize-settings-for-custom-applications)
+
+    If you want to synchronize settings for custom applications, you’ll need to install the UE-V template generator. Use the generator to create custom settings location templates, which involves the following tasks:
+
+    -   Review the [settings that are synchronized automatically in a UE-V deployment](#settings-automatically-synchronized-in-a-ue-v-deployment).
+
+    -   [Determine whether you need settings synchronized for other applications](#determine-whether-you-need-settings-synchronized-for-other-applications).
+
+-   Review [other considerations for deploying UE-V](#other-considerations-when-preparing-a-ue-v-deployment), including high availability and capacity planning.
+
+-   [Confirm prerequisites and supported configurations for UE-V](#confirm-prerequisites-and-supported-configurations-for-ue-v)
+
+## Decide whether to synchronize settings for custom applications
+
+In a UE-V deployment, many settings are automatically synchronized. You can also customize UE-V to synchronize settings for other applications, such as line-of-business and third-party apps.
+
+Deciding if you want UE-V to synchronize settings for custom applications is an essential part of planning your UE-V deployment. The topics in this section will help you make that decision.
+
+### Settings automatically synchronized in a UE-V deployment
+
+This section explains which settings are synchronized by default in UE-V, including:
+
+-   Desktop applications that are synchronized by default
+
+-   Windows desktop settings that are synchronized by default
+
+-   A statement of support for Windows applications setting synchronization
+
+For downloadable UE-V templates, see:
+
+- [Microsoft Authored Office 2016 UE-V Templates](https://gallery.technet.microsoft.com/Authored-Office-2016-32-0dc05cd8)
+
+- [User Experience Virtualization (UE-V) settings templates for Microsoft Office](https://www.microsoft.com/download/details.aspx?id=46367) (for Office 2013 and Office 2010) 
+
+### Desktop applications synchronized by default in UE-V
+
+When you enable the UE-V service on user devices, it registers a default group of settings location templates that capture settings values for these common Microsoft applications.
+
+| **Application category**    | **Description**   |
+|-----------------------------|-------------------|
+| Microsoft Office 2016 applications<br>[Download a list of all settings synced](https://gallery.technet.microsoft.com/Authored-Office-2016-32-0dc05cd8) | Microsoft Access 2016<br>Microsoft Lync 2016<br>Microsoft Excel 2016<br>Microsoft OneNote 2016<br>Microsoft Outlook 2016<br>Microsoft PowerPoint 2016<br>Microsoft Project 2016<br>Microsoft Publisher 2016<br>Microsoft SharePoint Designer 2013 (not updated for 2016)<br>Microsoft Visio 2016<br>Microsoft Word 2016<br>Microsoft Office Upload Manager<br>Microsoft Infopath has been removed (deprecated) from the Office 2016 suite |
+| Microsoft Office 2013 applications<br>[Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2013<br>Microsoft Excel 2013<br>Microsoft Outlook 2013<br>Microsoft Access 2013<br>Microsoft Project 2013<br>Microsoft PowerPoint 2013<br>Microsoft Publisher 2013<br>Microsoft Visio 2013<br>Microsoft InfoPath 2013<br>Microsoft Lync 2013<br>Microsoft OneNote 2013<br>Microsoft SharePoint Designer 2013<br>Microsoft Office 2013 Upload Center<br>Microsoft OneDrive for Business 2013
+| Microsoft Office 2010 applications<br>[Download a list of all settings synced](https://www.microsoft.com/download/details.aspx?id=46367) | Microsoft Word 2010<br>Microsoft Excel 2010<br>Microsoft Outlook 2010<br>Microsoft Access 2010<br>Microsoft Project 2010<br>Microsoft PowerPoint 2010<br>Microsoft Publisher 2010<br>Microsoft Visio 2010<br>Microsoft SharePoint Workspace 2010<br>Microsoft InfoPath 2010<br>Microsoft Lync 2010<br>Microsoft OneNote 2010<br>Microsoft SharePoint Designer 2010  |
+| Browser options: Internet Explorer 11 and 10 | Synchronize favorites, home page, tabs, and toolbars.<br>**Note**<br>UE-V does not roam settings for Internet Explorer cookies. |
+| Windows accessories | Microsoft NotePad, WordPad |
+
+**Notes**
+An Outlook profile must be created for any device on which a user wants to sync their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
+
+UE-V does not synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous operating systems.
+
+### Windows settings synchronized by default
+
+UE-V includes settings location templates that capture settings values for these Windows settings.
+
+| **Windows settings** | **Description** | **Apply on** | **Export on** | **Default state** |
+|----------------------|-----------------|--------------|---------------|-------------------|
+| Desktop background   | Currently active desktop background or wallpaper | Log on, unlock, remote connect, Scheduled Task events | Log off, lock, remote disconnect, or scheduled task interval | Enabled           |
+| Ease of Access       | Accessibility and input settings, Microsoft Magnifier, Narrator, and on-Screen Keyboard | Log on only | Log off or scheduled task interval | Enabled           |
+| Desktop settings     | Start menu and Taskbar settings, folder options, default desktop icons, additional clocks, and region and language settings | Log on only  | Log off or scheduled task | Enabled           |
+
+>**Important**
+UE-V roams taskbar settings between Windows 10 devices. However, UE-V does not synchronize taskbar settings between Windows 10 devices and devices running previous operating systems versions.
+
+| **Settings group**       | **Category**   | **Capture**    | **Apply**    |
+|--------------------------|----------------|----------------|--------------|
+| **Application Settings** | Windows applications   | Close appllication<br>Windows application settings change event | Start the UE-V App Monitor at startup<br>Open app<br>Windows application settings change event<br>Arrival of a settings package     |
+|           | Desktop applications   | Application closes | Application opens and closes        |
+| **Desktop settings**     | Desktop background     | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs |
+|           | Ease of Access (Common – Accessibility, Narrator, Magnifier, On-Screen-Keyboard) | Lock or Log off | Log on        |
+|           | Ease of Access (Shell - Audio, Accessibility, Keyboard, Mouse)    | Lock or log off | Log on, unlock, remote connect, notification of new package arrival, or scheduled task runs  |
+|           | Desktop settings       | Lock or log off | Log on        |
+
+### UE-V-support for Windows applications
+
+For Windows applications, the application developer specifies which user settings are synchronized. You can specify which Windows apps are enabled for settings synchronization.
+
+To display a list of Windows applications that can synchronize settings with their package family name, enabled status, and enabled source, open a Windows PowerShell window, type Get-UevAppxPackage, and press ENTER.
+
+>**Note** 
+Starting in Windows 10, version 1607, you can configure UE-V to not synchronize Windows applications settings if the device is configured to use Enterprise State Roaming.
+
+### UE-V-support for roaming printers
+
+Users can print to their saved network printers, including their default network printer, from any network device.
+
+Printer roaming in UE-V requires one of these scenarios:
+
+-   The print server can download the required driver when it roams to a new device.
+
+-   The driver for the roaming network printer is pre-installed on any device that needs to access that network printer.
+
+-   The printer driver can be imported from Windows Update.
+
+>**Note**
+The UE-V printer roaming feature does not roam printer settings or preferences, such as printing double-sided.
+
+### Determine whether you need settings synchronized for other applications
+
+After you have reviewed the settings that are synchronized automatically in a UE-V deployment, you’ll need to decide whether to synchronize settings for other applications as your decision will determine how you deploy UE-V throughout your enterprise.
+
+As an administrator, when you consider which desktop applications to include in your UE-V solution, consider which settings can be customized by users, and how and where the application stores its settings. Not all desktop applications have settings that can be customized or that are routinely customized by users. In addition, not all desktop applications settings can be synchronized safely across multiple devices or environments.
+
+In general, you can synchronize settings that meet the following criteria:
+
+-   Settings that are stored in user-accessible locations. For example, do not synchronize settings that are stored in System32 or outside the HKEY\_CURRENT\_USER (HKCU) section of the registry.
+
+-   Settings that are not specific to the particular device. For example, exclude network shortcuts or hardware configurations.
+
+-   Settings that can be synchronized between computers without risk of corrupted data. For example, do not use settings that are stored in a database file.
+
+### Checklist for evaluating custom applications
+
+If you’ve decided that you need to synchronize settings for custom applications, use this checklist to determine which applications you’ll include.
+
+|       | **Description**          |
+|-------|--------------------------|
+| ![Checklist box](images/uev-checklist-box.gif) | Does this application contain settings that the user can customize? |
+| ![Checklist box](images/uev-checklist-box.gif) | Is it important for the user that these settings are synchronized?  |
+| ![Checklist box](images/uev-checklist-box.gif) | Are these user settings already managed by an application management or settings policy solution? UE-V applies application settings at application startup and Windows settings at logon, unlock, or remote connect events. If you use UE-V with other settings sharing solutions, users might experience inconsistency across synchronized settings.  |
+| ![Checklist box](images/uev-checklist-box.gif) | Are the application settings specific to the computer? Application preferences and customizations that are associated with hardware or specific computer configurations do not consistently synchronize across sessions and can cause a poor application experience. |
+| ![Checklist box](images/uev-checklist-box.gif) | Does the application store settings in the Program Files directory or in the file directory that is located in the **Users**\\ \[User name\] \\**AppData**\\**LocalLow** directory? Application data that is stored in either of these locations usually should not synchronize with the user, because this data is specific to the computer or because the data is too large to synchronize. |
+| ![Checklist box](images/uev-checklist-box.gif) | Does the application store any settings in a file that contains other application data that should not synchronize? UE-V synchronizes files as a single unit. If settings are stored in files that include application data other than settings, then synchronizing this additional data can cause a poor application experience. |
+| ![Checklist box](images/uev-checklist-box.gif) | How large are the files that contain the settings? The performance of the settings synchronization can be affected by large files. Including large files can affect the performance of settings synchronization. |
+
+## Other considerations when preparing a UE-V deployment
+
+You should also consider these things when you are preparing to deploy UE-V:
+
+-   [Managing credentials synchronization](#managing-credentials-synchronization-in-ue-v)
+
+-   [Windows applications settings synchronization](#windows-applications-settings-synchronization)
+
+-   [Custom UE-V settings location templates](#custom-ue-v-settings-location-templates)
+
+-   [Unintentional user settings configurations](#prevent-unintentional-user-settings-configuration)
+
+-   [Performance and capacity](#performance-and-capacity-planning)
+
+-   [High availability](#high-availability-for-ue-v)
+
+-   [Computer clock synchronization](#synchronize-computer-clocks-for-ue-v-settings-synchronization)
+
+### Managing credentials synchronization in UE-V 
+
+Many enterprise applications, including Microsoft Outlook, Lync, and Skype for Business prompt users for their domain credentials when they log in. Users have the option of saving their credentials to disk to prevent having to enter them every time they open these applications. Enabling roaming credentials synchronization lets users save their credentials on one computer and avoid re-entering them on every computer they use in their environment. Users can synchronize some domain credentials with UE-V.
+
+**Important**
+Credentials synchronization is disabled by default. You must explicitly enable credentials synchronization after you enable the UE-V service to implement this feature.
+
+UE-V can synchronize enterprise credentials, but does not roam credentials intended only for use on the local device.
+
+Credentials are synchronous settings, meaning that they are applied to users' profiles the first time they log on to their devices after UE-V synchronizes.
+
+Credentials synchronization is managed by its own settings location template, which is disabled by default. You can enable or disable this template through the same methods used for other templates. The template identifier for this feature is RoamingCredentialSettings.
+
+>**Important**
+If you are using Active Directory Credential Roaming in your environment, we recommend that you do not enable the UE-V credential roaming template. Instead, use PowerShell or Group Policy to enable credentials synchronization. Note that credentials are encrypted during synchronization.
+
+[PowerShell](uev-administering-uev-with-windows-powershell-and-wmi.md)**:** Enter this PowerShell cmdlet to enable credential synchronization:
+
+`Enable-UevTemplate RoamingCredentialSettings`
+
+`Copy`
+
+Use this PowerShell cmdlet to disable credential synchronization:
+
+`Disable-UevTemplate RoamingCredentialSettings`
+
+`Copy`
+
+<!-- WATCH THE MDOP ADMX templates LINK IN THE NEXT PARAGRAPH. IS IT CURRENT? -->
+
+[Group Policy](uev-configuring-uev-with-group-policy-objects.md)**:** You must edit the Group Policy administrative template for UE-V, which is included in Windows 10, version 1607, to enable credential synchronization through group policy. Credentials synchronization is managed in Windows settings. To manage this feature with Group Policy, enable the **Synchronize Windows** settings policy.
+
+1.  Open Group Policy Editor and navigate to **User Configuration > Administrative Templates > Windows Components > Microsoft User Experience Virtualization**.
+
+2.  Double-click **Synchronize Windows settings**.
+
+3.  If this policy is enabled, you can enable credentials synchronization by checking the **Roaming Credentials** check box, or disable credentials synchronization by unchecking it.
+
+4.  Click **OK**.
+
+### Credential locations synchronized by UE-V
+
+Credential files saved by applications into the following locations are synchronized:
+
+-   %UserProfile%\\AppData\\Roaming\\Microsoft\\Credentials\\
+
+-   %UserProfile%\\AppData\\Roaming\\Microsoft\\Crypto\\
+
+-   %UserProfile%\\AppData\\Roaming\\Microsoft\\Protect\\
+
+-   %UserProfile%\\AppData\\Roaming\\Microsoft\\SystemCertificates\\
+
+Credentials saved to other locations are not synchronized by UE-V.
+
+### Windows applications settings synchronization
+
+UE-V manages Windows application settings synchronization in three ways:
+
+-   **Sync Windows applications:** Allow or deny any Windows application synchronization
+
+-   **Windows applications list:** Synchronize a list of Windows applications
+
+-   **Unlisted default sync behavior:** Determine the synchronization behavior of Windows applications that are not in the Windows applications list.
+
+For more information, see the [Windows Application List](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md#win8applist).
+
+### Custom UE-V settings location templates
+
+If you are deploying UE-V to synchronize settings for custom applications, you’ll use the UE-V template generator to create custom settings location templates for those desktop applications. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to user devices.
+
+Custom settings location templates must be deployed with an existing deployment infrastructure, such as an enterprise software distribution method, including System Center Configuration Manager, with preferences, or by configuring a UE-V settings template catalog. Templates that are deployed with Configuration Manager or Group Policy must be registered using UE-V WMI or Windows PowerShell.
+
+For more information about custom settings location templates, see [Deploy UE-V with custom applications](uev-deploy-uev-for-custom-applications.md). For more information about using UE-V with Configuration Manager, see [Configuring UE-V with System Center Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md).
+
+### Prevent unintentional user settings configuration
+
+UE-V downloads new user settings information from a settings storage location and applies the settings to the local device in these instances:
+
+-   Each time an application is started that has a registered UE-V template
+
+-   When a user logs on to a device
+
+-   When a user unlocks a device
+
+-   When a connection is made to a remote desktop device running UE-V
+
+-   When the Sync Controller Application scheduled task is run
+
+If UE-V is installed on computer A and computer B, and the settings that you want for the application are on computer A, then computer A should open and close the application first. If the application is opened and closed on computer B first, then the application settings on computer A are configured to the application settings on computer B. Settings are synchronized between computers on per-application basis. Over time, settings become consistent between computers as they are opened and closed with preferred settings.
+
+This scenario also applies to Windows settings. If the Windows settings on computer B should be the same as the Windows settings on computer A, then the user should log on and log off computer A first.
+
+If the user settings that the user wants are applied in the wrong order, they can be recovered by performing a restore operation for the specific application or Windows configuration on the computer on which the settings were overwritten. For more information, see [Manage Administrative Backup and Restore in UE-V](uev-manage-administrative-backup-and-restore.md).
+
+### Performance and capacity planning
+
+Specify your requirements for UE-V with standard disk capacity and network health monitoring.
+
+UE-V uses a Server Message Block (SMB) share for the storage of settings packages. The size of settings packages varies depending on the settings information for each application. While most settings packages are small, the synchronization of potentially large files, such as desktop images, can result in poor performance, particularly on slower networks.
+
+To reduce problems with network latency, create settings storage locations on the same local networks where the users’ computers reside. We recommend 20 MB of disk space per user for the settings storage location.
+
+By default, UE-V synchronization times out after 2 seconds to prevent excessive lag due to a large settings package. You can configure the SyncMethod=SyncProvider setting by using [Group Policy objects](uev-configuring-uev-with-group-policy-objects.md).
+
+### High availability for UE-V
+
+The UE-V settings storage location and settings template catalog support storing user data on any writable share. To ensure high availability, follow these criteria:
+
+-   Format the storage volume with an NTFS file system.
+
+-   The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is specifically not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see:
+
+    - [Information about roaming profiles from the Directory Services team](https://blogs.technet.microsoft.com/askds/tag/roaming-profiles/)
+    
+    - [Information about Microsoft support policy for a DFS-R and DFS-N deployment scenario](https://support.microsoft.com/kb/2533009)
+
+    In addition, because SYSVOL uses DFSR for replication, SYSVOL cannot be used for UE-V data file replication.
+
+-   Configure the share permissions and NTFS access control lists (ACLs) as specified in [Deploying the settings storage location for UE-V](uev-deploy-required-features.md#ssl).
+
+-   Use file server clustering along with the UE-V service to provide access to copies of user state data in the event of communications failures.
+
+-   You can store the settings storage path data (user data) and settings template catalog templates on clustered shares, on DFSN shares, or on both.
+
+### Synchronize computer clocks for UE-V settings synchronization
+
+Computers that run the UE-V service must use a time server to maintain a consistent settings experience. UE-V uses time stamps to determine if settings must be synchronized from the settings storage location. If the computer clock is inaccurate, older settings can overwrite newer settings, or the new settings might not be saved to the settings storage location.
+
+## Confirm prerequisites and supported configurations for UE-V
+
+Before you proceed, ensure that your environment meets these requirements for using UE-V.
+
+| **Operating system**     | **Edition**   | **Service pack** | **System architecture** | **Windows PowerShell**   | **Microsoft .NET Framework**   |
+|--------------------------|---------------|------------------|-------------------------|--------------------------|--------------------------------|
+| Windows 10, version 1607 | Windows 10 for Enterprise  | NA  | 32-bit or 64-bit        | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher |
+| Windows 8 and Windows 8.1         | Enterprise or Pro | None | 32-bit or 64-bit        | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher   |
+| Windows Server 2012 and Windows Server 2012 R2       | Standard or Datacenter           | None | 64-bit   | Windows PowerShell 3.0 or higher | .NET Framework 4.5 or higher   |
+
+**Note**
+-  Windows Server 2012 operating systems come with .NET Framework 4.5 installed. The Windows 10 operating system comes with .NET Framework 4.6 installed.
+
+-   The “Delete Roaming Cache” policy for mandatory profiles is not supported with UE-V and should not be used.
+
+There are no special random access memory (RAM) requirements specific to UE-V.
+
+### Synchronization of settings through the Sync Provider
+
+Sync Provider is the default setting for users and synchronizes a local cache with the settings storage location in these instances:
+
+-   Log on/log off
+
+-   Lock/unlock
+
+-   Remote desktop connect/disconnect
+
+-   Application open/close
+
+A scheduled task manages this synchronization of settings every 30 minutes or through trigger events for certain applications. For more information, see [Changing the frequency of UE-V scheduled tasks](uev-changing-the-frequency-of-scheduled-tasks.md).
+
+The UE-V service synchronizes user settings for devices that are not always connected to the enterprise network (remote devices and laptops) and devices that are always connected to the network (devices that run Windows Server and host virtual desktop interface (VDI) sessions).
+
+**Synchronization for computers with always-available connections** When you use UE-V on devices that are always connected to the network, you must configure the UE-V service to synchronize settings by using the *SyncMethod=None* parameter, which treats the settings storage server as a standard network share. In this configuration, the UE-V service can be configured to notify if the import of the application settings is delayed.
+
+Enable this configuration using one of these methods:
+
+- After you enable the UE-V service, use the Settings Management feature in System Center Configuration Manager or the UE-V ADMX templates (installed with Windows 10, version 1607) to push the SyncMethod = None configuration.
+
+- Use Windows PowerShell or Windows Management Instrumentation (WMI) to set the SyncMethod = None configuration.
+
+Restart the device to allow the settings to synchronize.
+
+- >**Note**
+These methods do not work for pooled virtual desktop infrastructure (VDI) environments.
+
+
+>**Note**
+If you set *SyncMethod = None*, any settings changes are saved directly to the server. If the network connection to the settings storage path is not found, then the settings changes are cached on the device and are synchronized the next time that the sync provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on log off, settings changes are lost and the user must reapply the change when the computer is reconnected to the settings storage path.
+
+**Synchronization for external sync engines** The *SyncMethod=External* parameter specifies that if UE-V settings are written to a local folder on the user device, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different devices that users access.
+
+**Support for shared VDI sessions** UE-V supports VDI sessions that are shared among end users. You can register and configure a special VDI template, which ensures that UE-V keeps all of its functionality intact for non-persistent VDI sessions.
+
+>**Note**
+If you do not enable VDI mode for non-persistent VDI sessions, certain features do not work, such as [back-up/restore and last known good (LKG)](uev-manage-administrative-backup-and-restore.md).
+
+The VDI template is provided with UE-V and is typically available here after installation: C:\ProgramData\Microsoft\UEV\InboxTemplates
+
+### Prerequisites for UE-V template generator support
+
+Install the UE-V template generator on the device that is used to create custom settings location templates. This device should be able to run the applications that you want to synchronize settings for. You must be a member of the Administrators group on the device that runs the UE-V template generator software.
+
+The UE-V template generator must be installed on a device that uses an NTFS file system. The UE-V template generator software requires .NET Framework 4. For more information, see [Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md).
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Other resources for this feature
+
+-   [User Experience Virtualization overview](uev-for-windows.md)
+
+-   [Get started with UE-V](uev-getting-started.md)
+
+-   [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
+
+-   [Administering UE-V ](uev-administering-uev.md)
+
+-   [Troubleshooting UE-V ](uev-troubleshooting.md)
+
+-   [Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/manage/uev-privacy-statement.md b/windows/manage/uev-privacy-statement.md
new file mode 100644
index 0000000000..eb9e64f8a1
--- /dev/null
+++ b/windows/manage/uev-privacy-statement.md
@@ -0,0 +1,4 @@
+---
+title: User Experience Virtualization Privacy Statement
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/uev-security-considerations
+---
\ No newline at end of file
diff --git a/windows/manage/uev-release-notes-1607.md b/windows/manage/uev-release-notes-1607.md
new file mode 100644
index 0000000000..416b8f4508
--- /dev/null
+++ b/windows/manage/uev-release-notes-1607.md
@@ -0,0 +1,133 @@
+---
+title: User Experience Virtualization (UE-V) Release Notes
+description: User Experience Virtualization (UE-V) Release Notes
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# User Experience Virtualization (UE-V) Release Notes
+
+**Applies to**
+-   Windows 10, version 1607
+
+This topic includes information required to successfully install and use UE-V that is not included in the User Experience Virtualization (UE-V) documentation. If there are differences between the information in this topic and other UE-V topics, the latest change should be considered authoritative.
+
+### Company Settings Center removed in UE-V for Windows 10, version 1607
+
+In previous versions of UE-V, users could select which of their customized application settings to synchronize with the Company Settings Center, a user interface that was available on user devices. Additionally, administrators could configure the Company Settings Center to include a link to support resources so that users could easily get support on virtualized settings-related issues.
+
+With the release of Windows 10, version 1607, the Company Settings Center was removed and users can no longer manage their synchronized settings. 
+
+Administrators can still define which user-customized application settings can synchronize (roam) with Group Policy or Windows PowerShell.  
+
+**Note**  With the removal of the Company Settings Center, the following group policies are no longer applicable:
+
+-   Contact IT Link Text
+-   Contact IT URL
+-   Tray Icon
+
+
+### Upgrading from UE-V 1.0 to the in-box version of UE-V is blocked
+
+Version 1.0 of UE-V used Offline Files (Client Side Caching) for settings synchronization and pinned the UE-V sync folder to be available when the network was offline, however, this technology was removed in UE-V 2.x. As a result, UE-V 1.0 users are blocked from upgrading to UE-V for Windows 10, version 1607.
+
+WORKAROUND: Remove the UE-V 1.0 sync folder from the Offline Files configuration and then upgrade to the in-box version of UE-V for Windows, version 1607 release.
+
+### UE-V settings location templates for Skype cause Skype to crash
+
+When a user generates a valid settings location template for the Skype desktop application, registers it, and then launches the Skype desktop application, Skype crashes. An ACCESS\_VIOLATION is recorded in the Application Event Log.
+
+WORKAROUND: Remove or unregister the Skype template to allow Skype to work again.
+
+### Registry settings do not synchronize between App-V and native applications on the same device
+
+When a device has an application that is installed through both Application Virtualization (App-V) and locally with a Windows Installer (.msi) file, the registry-based settings do not synchronize between the technologies.
+
+WORKAROUND: To resolve this problem, run the application by selecting one of the two technologies, but not both.
+
+### Unpredictable results when both Office 2010 and Office 2013 are installed on the same device
+
+When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be quite large or result in unpredictable conflicts with 2013, particularly if Office 365 is used.
+
+WORKAROUND: Install only one version of Office or limit which settings are synchronized by UE-V.
+
+### Uninstall and re-install of Windows 8 applications reverts settings to initial state
+
+While using UE-V settings synchronization for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This happens because the uninstall removes the local (cached) copy of the application’s settings but does not remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gather the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
+
+WORKAROUND: None.
+
+### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
+
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click [here](<http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx>). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+
+WORKAROUND: None
+
+### Favicons that are associated with Internet Explorer 9 favorites do not roam
+
+The favicons that are associated with Internet Explorer 9 favorites are not roamed by User Experience Virtualization and do not appear when the favorites first appear on a new computer.
+
+WORKAROUND: Favicons will appear with their associated favorites once the bookmark is used and cached in the Internet Explorer 9 browser.
+
+### File settings paths are stored in registry
+
+Some application settings store the paths of their configuration and settings files as values in the registry. The files that are referenced as paths in the registry must be synchronized when settings are roamed between computers.
+
+WORKAROUND: Use folder redirection or some other technology to ensure that any files that are referenced as file settings paths are present and placed in the same location on all computers where settings roam.
+
+### Long Settings Storage Paths could cause an error
+
+Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + “settingspackages” + package dir (template ID) + package name (template ID) + .pkgx. If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log:
+
+\[boost::filesystem::copy\_file: The system cannot find the path specified\]
+
+To check the operational log events, open the Event Viewer and navigate to Applications and Services Logs / Microsoft / User Experience Virtualization / Logging / Operational.
+
+WORKAROUND: None.
+
+### Some operating system settings only roam between like operating system versions
+
+Operating system settings for Narrator and currency characters specific to the locale (i.e. language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8.
+
+WORKAROUND: None
+
+## Hotfixes and Knowledge Base articles for UE-V 
+
+This section contains hotfixes and KB articles for UE-V.
+
+| KB Article | Title   | Link   |
+|------------|---------|--------|
+| 3018608    | UE-V - TemplateConsole.exe crashes when UE-V WMI classes are missing           | [support.microsoft.com/kb/3018608](http://support.microsoft.com/kb/3018608) |
+| 2903501    | UE-V: User Experience Virtualization (UE-V) compatibility with user profiles   | [support.microsoft.com/kb/2903501](http://support.microsoft.com/kb/2903501) |
+| 2770042    | UE-V Registry Settings                                                         | [support.microsoft.com/kb/2770042](http://support.microsoft.com/kb/2770042) |
+| 2847017    | Internet Explorer settings replicated by UE-V                                  | [support.microsoft.com/kb/2847017](http://support.microsoft.com/kb/2847017) |
+| 2769631    | How to repair a corrupted UE-V install                                         | [support.microsoft.com/kb/2769631](http://support.microsoft.com/kb/2769631) |
+| 2850989    | Migrating MAPI profiles with Microsoft UE-V is not supported                   | [support.microsoft.com/kb/2850989](http://support.microsoft.com/kb/2850989) |
+| 2769586    | UE-V roams empty folders and registry keys                                     | [support.microsoft.com/kb/2769586](http://support.microsoft.com/kb/2769586) |
+| 2782997    | How To Enable Debug Logging in Microsoft User Experience Virtualization (UE-V) | [support.microsoft.com/kb/2782997](http://support.microsoft.com/kb/2782997) |
+| 2769570    | UE-V does not update the theme on RDS or VDI sessions                          | [support.microsoft.com/kb/2769570](http://support.microsoft.com/kb/2769570) |
+| 2850582    | How To Use Microsoft User Experience Virtualization With App-V Applications    | [support.microsoft.com/kb/2850582](http://support.microsoft.com/kb/2850582) |
+| 3041879    | Current file versions for Microsoft User Experience Virtualization             | [support.microsoft.com/kb/3041879](http://support.microsoft.com/kb/3041879) |
+| 2843592    | Information on User Experience Virtualization and High Availability            | [support.microsoft.com/kb/2843592](http://support.microsoft.com/kb/2843592) |
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+**Additional resources for this feature**
+
+
+-   [User Experience Virtualization](uev-for-windows.md)
+
+-   [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+
+-   [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md)
+
+-   [Administering UE-V ](uev-administering-uev.md)
+
+-   [Troubleshooting UE-V ](uev-troubleshooting.md)
+
+-   [Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/manage/uev-security-considerations.md b/windows/manage/uev-security-considerations.md
new file mode 100644
index 0000000000..11f3d82582
--- /dev/null
+++ b/windows/manage/uev-security-considerations.md
@@ -0,0 +1,239 @@
+---
+title: Security Considerations for UE-V
+description: Security Considerations for UE-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Security Considerations for UE-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+This topic contains a brief overview of accounts and groups, log files, and other security-related considerations for User Experience Virtualization (UE-V). For more information, follow the links that are provided here.
+
+## Security considerations for UE-V configuration
+
+
+**Important**
+When you create the settings storage share, limit the share access to users who require access.
+
+Because settings packages might contain personal information, you should take care to protect them as well as possible. In general, do the following:
+
+-   Restrict the share to only those users who require access. Create a security group for users who have redirected folders on a particular share and limit access to only those users.
+
+-   When you create the share, hide the share by putting a $ after the share name. This addition hides the share from casual browsers, and the share is not visible in My Network Places.
+
+-   Only give users the minimum amount of permissions that they must have. The following tables show the required permissions.
+
+1.  Set the following share-level SMB permissions for the setting storage location folder.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">User account</th>
+    <th align="left">Recommended permissions</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>Everyone</p></td>
+    <td align="left"><p>No permissions</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Security group of UE-V</p></td>
+    <td align="left"><p>Full control</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+
+2.  Set the following NTFS file system permissions for the settings storage location folder.
+
+    <table>
+    <colgroup>
+    <col width="33%" />
+    <col width="33%" />
+    <col width="33%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">User account</th>
+    <th align="left">Recommended permissions</th>
+    <th align="left">Folder</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>Creator/Owner</p></td>
+    <td align="left"><p>No permissions</p></td>
+    <td align="left"><p>No permissions</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Domain Admins</p></td>
+    <td align="left"><p>Full control</p></td>
+    <td align="left"><p>This folder, subfolders, and files</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>Security group of UE-V users</p></td>
+    <td align="left"><p>List folder/read data, create folders/append data</p></td>
+    <td align="left"><p>This folder only</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Everyone</p></td>
+    <td align="left"><p>Remove all permissions</p></td>
+    <td align="left"><p>No permissions</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+3.  Set the following share-level SMB permissions for the settings template catalog folder.
+
+    <table>
+    <colgroup>
+    <col width="50%" />
+    <col width="50%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">User account</th>
+    <th align="left">Recommend permissions</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>Everyone</p></td>
+    <td align="left"><p>No permissions</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Domain computers</p></td>
+    <td align="left"><p>Read permission Levels</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>Administrators</p></td>
+    <td align="left"><p>Read/write permission levels</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+
+4.  Set the following NTFS permissions for the settings template catalog folder.
+
+    <table>
+    <colgroup>
+    <col width="33%" />
+    <col width="33%" />
+    <col width="33%" />
+    </colgroup>
+    <thead>
+    <tr class="header">
+    <th align="left">User account</th>
+    <th align="left">Recommended permissions</th>
+    <th align="left">Apply to</th>
+    </tr>
+    </thead>
+    <tbody>
+    <tr class="odd">
+    <td align="left"><p>Creator/Owner</p></td>
+    <td align="left"><p>Full control</p></td>
+    <td align="left"><p>This folder, subfolders, and files</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Domain Computers</p></td>
+    <td align="left"><p>List folder contents and Read permissions</p></td>
+    <td align="left"><p>This folder, subfolders, and files</p></td>
+    </tr>
+    <tr class="odd">
+    <td align="left"><p>Everyone</p></td>
+    <td align="left"><p>No permissions</p></td>
+    <td align="left"><p>No permissions</p></td>
+    </tr>
+    <tr class="even">
+    <td align="left"><p>Administrators</p></td>
+    <td align="left"><p>Full Control</p></td>
+    <td align="left"><p>This folder, subfolders, and files</p></td>
+    </tr>
+    </tbody>
+    </table>
+
+### Use Windows Server as of Windows Server 2003 to host redirected file shares
+
+User settings package files contain personal information that is transferred between the client computer and the server that stores the settings packages. Because of this process, you should ensure that the data is protected while it travels over the network.
+
+User settings data is vulnerable to these potential threats: interception of the data as it passes over the network, tampering with the data as it passes over the network, and spoofing of the server that hosts the data.
+
+As of Windows Server 2003, several features of the Windows Server operating system can help secure user data:
+
+-   **Kerberos** - Kerberos is standard on all versions of Microsoft Windows 2000 Server and Windows Server beginning with Windows Server 2003. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client does not know whether the server is valid. This difference is particularly important if the client exchanges personal files with the server, as is the case with Roaming User Profiles. Kerberos provides better security than NTLM. Kerberos is not available on the Microsoft Windows NT Server 4.0 or earlier operating systems.
+
+-   **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures the following:
+
+    -   Roamed data is safe from data modification while data is en route.
+
+    -   Roamed data is safe from interception, viewing, or copying.
+
+    -   Roamed data is safe from access by unauthenticated parties.
+
+-   **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication, which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it, or you must require it on both the SMB client and the SMB server. Note that the SMB signing imposes a performance penalty. It does not consume any more network bandwidth, but it uses more CPU cycles on the client and server side.
+
+### Always use the NTFS file system for volumes that hold user data
+
+For the most secure configuration, configure servers that host the UE-V settings files to use the NTFS file system. Unlike the FAT file system, NTFS supports Discretionary access control lists (DACLs) and system access control lists (SACLs). DACLs and SACLs control who can perform operations on a file and what events trigger the logging of actions that is performed on a file.
+
+### Do not rely on EFS to encrypt user files when they are transmitted over the network
+
+When you use the Encrypting File System (EFS) to encrypt files on a remote server, the encrypted data is not encrypted during transit over the network; it only becomes encrypted when it is stored on disk.
+
+This encryption process does not apply when your system includes Internet Protocol security (IPsec) or Web Distributed Authoring and Versioning (WebDAV). IPsec encrypts data while it is transported over a TCP/IP network. If the file is encrypted before it is copied or moved to a WebDAV folder on a server, it remains encrypted during the transmission and while it is stored on the server.
+
+### Let the UE-V service create folders for each user
+
+To ensure that UE-V works optimally, create only the root share on the server, and let the UE-V service create the folders for each user. UE-V creates these user folders with the appropriate security.
+
+This permission configuration enables users to create folders for settings storage. The UE-V service creates and secures a settings package folder while it runs in the context of the user. Users receive full control to their settings package folder. Other users do not inherit access to this folder. You do not have to create and secure individual user directories. The UE-V service that runs in the context of the user does it automatically.
+
+> **Note**&nbsp;&nbsp;Additional security can be configured when a Windows Server is used for the settings storage share. UE-V can be configured to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable additional security, use the following command:
+
+1.  Add the REG\_DWORD registry key RepositoryOwnerCheckEnabled to `HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration`.
+
+2.  Set the registry key value to *1*.
+
+When this configuration setting is in place, the UE-V service verifies that the local Administrators group or current user is the owner of the settings package folder. If not, then the UE-V service does not grant access to the folder.
+
+
+If you must create folders for the users, ensure that you have the correct permissions set.
+
+We strongly recommend that you do not pre-create folders. Instead, let the UE-V service create the folder for the user.
+
+### Ensure correct permissions to store UE-V 2 settings in a home directory or custom directory
+
+If you redirect UE-V settings to a user’s home directory or a custom Active Directory (AD) directory, ensure that the permissions on the directory are set appropriately for your organization.
+
+### Review the contents of settings location templates and control access to them as needed
+
+When creating a settings location template, the UE-V generator uses a Lightweight Directory Access Protocol (LDAP) query to get username and email address of the current logged in user. This information is stored in the template as the template author name and template author email. (None of this information is sent to Microsoft.)
+
+If you plan to share settings location templates with anyone outside your organization you should review all the settings locations and ensure the settings location templates do not contain any personal or company information. You can view the contents by opening the settings location template files using any XML viewer. The following are ways you can view and remove any personal or company information from the settings location template files before sharing with anyone outside your company:
+
+-   **Template Author Name** – Specify a general, non-identifying name for the template author name or exclude this data from the template.
+
+-   **Template Author Email** – Specify a general, non-identifying template author email or exclude this data from the template.
+
+To remove the template author name or template author email, you can use the UE-V generator application. From the generator, select **Edit a Settings Location Template**. Select the settings location template to edit from the recently used templates or Browse to the settings template file. Select **Next** to continue. On the Properties page, remove the data from the Template author name or Template author email text fields. Save the settings location template.
+
+## Have a suggestion for UE-V?
+
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+[Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/manage/uev-sync-methods.md b/windows/manage/uev-sync-methods.md
new file mode 100644
index 0000000000..f6f490523d
--- /dev/null
+++ b/windows/manage/uev-sync-methods.md
@@ -0,0 +1,44 @@
+---
+title: Sync Methods for UE-V
+description: Sync Methods for UE-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Sync Methods for UE-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+The User Experience Virtualization (UE-V) service lets you synchronize users’ application and Windows settings with the settings storage location. The *Sync Method* configuration defines how the UE-V service uploads and downloads those settings to the settings storage location. UE-V includes a SyncMethod called the *SyncProvider*. For more information about trigger events that start the synchronization of application and Windows settings, see [Sync Trigger Events for UE-V](uev-sync-trigger-events.md).
+
+## SyncMethod Configuration
+
+This table provides a description of each SyncMethod configuration:
+
+| **SyncMethod Configuration** | **Description**     |
+|------------------------------|---------------------|
+| SyncProvider (Default)       | Settings changes for a specific application or for global Windows desktop settings are saved locally to a cache folder. These changes are then synchronized with the settings storage location when a synchronization trigger event takes place. Pushing out changes will save the local changes to the settings storage path.<br>This default setting is the gold standard for computers. This option attempts to synchronize the setting and times out after a short delay to ensure that the application or operating system startup isn’t delayed for a long period of time.<br>This functionality is also tied to the Scheduled task – Sync Controller Application. The administrator controls the frequency of the Scheduled task. By default, computers synchronize their settings every 30 min after logging on.     |
+| External                     | This configuration method specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access.    |
+| None                         | This configuration setting is designed for the Virtual Desktop Infrastructure (VDI) and Streamed Application experience primarily. This setting should be used on computers running the Windows Server operating system in a datacenter, where the connection will always be available.<br>Any settings changes are saved directly to the server. If the network connection to the settings storage path is not available, then the settings changes are cached on the device and are synchronized the next time that the Sync Provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on logoff, then these settings changes are lost, and the user must reapply the change when the computer can again reach the settings storage path.<br>Apps and OS will wait indefinitely for the location to be present. This could cause App load or OS logon time to dramatically increase if the location is not found. |
+
+You can configure the sync method in these ways:
+
+-   Through [Group Policy](uev-configuring-uev-with-group-policy-objects.md) settings
+
+-   With the [System Center Configuration Pack](uev-configuring-uev-with-system-center-configuration-manager.md) for UE-V
+
+-   With [Windows PowerShell or Windows Management Instrumentation (WMI)](uev-administering-uev-with-windows-powershell-and-wmi.md)
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+[Deploy Required UE-V Features](uev-deploy-required-features.md)
+
+[Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/manage/uev-sync-trigger-events.md b/windows/manage/uev-sync-trigger-events.md
new file mode 100644
index 0000000000..46add6efc1
--- /dev/null
+++ b/windows/manage/uev-sync-trigger-events.md
@@ -0,0 +1,128 @@
+---
+title: Sync Trigger Events for UE-V
+description: Sync Trigger Events for UE-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Sync Trigger Events for UE-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+User Experience Virtualization (UE-V) lets you synchronize your application and Windows settings across all your domain-joined devices. *Sync trigger events* define when the UE-V service synchronizes those settings with the settings storage location. For more information about Sync Method configuration, see [Sync Methods for UE-V](uev-sync-methods.md).
+
+## UE-V Sync Trigger Events
+
+
+The following table explains the trigger events for classic applications and Windows settings.
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p><strong>UE-V Trigger Event</strong></p></td>
+<td align="left"><p><strong>SyncMethod=SyncProvider</strong></p></td>
+<td align="left"><p><strong>SyncMethod=None</strong></p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Windows Logon</strong></p></td>
+<td align="left"><ul>
+<li><p>Application and Windows settings are imported to the local cache from the settings storage location.</p></li>
+<li><p>[Asynchronous Windows settings](uev-prepare-for-deployment.md#windows-settings-synchronized-by-default) are applied.</p></li>
+<li><p>Synchronous Windows settings will be applied during the next Windows logon.</p></li>
+<li><p>Application settings will be applied when the application starts.</p></li>
+</ul></td>
+<td align="left"><ul>
+<li><p>Application and Windows settings are read directly from the settings storage location.</p></li>
+<li><p>Asynchronous and synchronous Windows settings are applied.</p></li>
+<li><p>Application settings will be applied when the application starts.</p></li>
+</ul></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Windows Logoff</strong></p></td>
+<td align="left"><p>Store changes locally and cache and copy asynchronous and synchronous Windows settings to the settings storage location server, if available</p></td>
+<td align="left"><p>Store changes to asynchronous and synchronous Windows settings storage location</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Windows Connect (RDP) / Unlock</strong></p></td>
+<td align="left"><p>Synchronize any asynchronous Windows settings from settings storage location to local cache, if available.</p>
+<p>Apply cached Windows settings</p></td>
+<td align="left"><p>Download and apply asynchronous windows settings from settings storage location</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Windows Disconnect (RDP) / Lock</strong></p></td>
+<td align="left"><p>Store asynchronous Windows settings changes to the local cache.</p>
+<p>Synchronize any asynchronous Windows settings from the local cache to settings storage location, if available</p></td>
+<td align="left"><p>Store asynchronous Windows settings changes to the settings storage location</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Application start</strong></p></td>
+<td align="left"><p>Apply application settings from local cache as the application starts</p></td>
+<td align="left"><p>Apply application settings from settings storage location as the application starts</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Application closes</strong></p></td>
+<td align="left"><p>Store any application settings changes to the local cache and copy settings to settings storage location, if available</p></td>
+<td align="left"><p>Store any application settings changes to settings storage location</p></td>
+</tr>
+<tr class="even">
+<td align="left"><p><strong>Sync Controller Scheduled Task</strong></p>
+<p></p></td>
+<td align="left"><p>Application and Windows settings are synchronized between the settings storage location and the local cache.</p>
+<div class="alert">
+<strong>Note</strong>  
+<p>Settings changes are not cached locally until an application closes. This trigger will not export changes made to a currently running application.</p>
+<p>For Windows settings, this means that any changes will not be cached locally and exported until the next Lock (Asynchronous) or Logoff (Asynchronous and Synchronous).</p>
+</div>
+<div>
+ 
+</div>
+<p>Settings are applied in these cases:</p>
+<ul>
+<li><p>Asynchronous Windows settings are applied directly.</p></li>
+<li><p>Application settings are applied when the application starts.</p></li>
+<li><p>Both asynchronous and synchronous Windows settings are applied during the next Windows logon.</p></li>
+<li><p>Windows app (AppX) settings are applied during the next refresh. See [Monitor Application Settings](uev-changing-the-frequency-of-scheduled-tasks.md#monitor-application-settings) for more information.</p></li>
+</ul></td>
+<td align="left"><p>NA</p></td>
+</tr>
+<tr class="odd">
+<td align="left"><p><strong>Asynchronous Settings updated on remote store*</strong></p></td>
+<td align="left"><p>Load and apply new asynchronous settings from the cache.</p></td>
+<td align="left"><p>Load and apply settings from central server</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Have a suggestion for UE-V?
+
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+
+[Technical Reference for UE-V](uev-technical-reference.md)
+
+[Changing the Frequency of UE-V Scheduled Tasks](uev-changing-the-frequency-of-scheduled-tasks.md)
+
+[Choose the Configuration Method for UE-V](uev-deploy-required-features.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/uev-synchronizing-microsoft-office-with-uev.md b/windows/manage/uev-synchronizing-microsoft-office-with-uev.md
new file mode 100644
index 0000000000..784667ed37
--- /dev/null
+++ b/windows/manage/uev-synchronizing-microsoft-office-with-uev.md
@@ -0,0 +1,142 @@
+---
+title: Synchronizing Microsoft Office with UE-V
+description: Synchronizing Office with UE-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Synchronizing Office with UE-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+Microsoft User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings. The combination of UE-V and App-V  support for Office enables the same experience on virtualized instances of Office from any UE-V-enabled device or virtualized desktop.
+
+To synchronize Office applications settings, you can download Office templates from the [User Experience Virtualization (UE-V) Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V). This resource provides Microsoft-authored UE-V settings location templates as well as community-developed settings location templates.
+
+
+## Microsoft Office support in UE-V
+
+UE-V includes settings location templates for Microsoft Office 2016, 2013, and 2010. In previous versions of UE-V, settings location templates for Office 2013 and Office 2010 were distributed and registered when you installed the UE-V agent. Now that UE-V is a feature in Windows 10, version 1607, settings location templates are installed when you install or upgrade to the new operating system.  
+
+These templates help synchronize users’ Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience are not included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](https://technet.microsoft.com/library/jj733593.aspx).
+
+## Synchronized Office Settings
+
+
+Review the following tables for details about Office support in UE-V:
+
+### Supported UE-V templates for Microsoft Office
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Office 2016 templates (UE-V for Windows 10 and Windows 10, version 1607, available in UE-V gallery)</th>
+<th align="left">Office 2013 templates (UE-V for Windows 10 and UE-V 2.x, available on UE-V gallery)</th>
+<th align="left">Office 2010 templates (UE-V 1.0 and 1.0 SP1)</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>MicrosoftOffice2016Win32.xml</p>
+<p>MicrosoftOffice2016Win64.xml</p>
+<p>MicrosoftSkypeForBusiness2016Win32.xml</p>
+<p>MicrosoftSkypeForBusiness2016Win64.xml</p></td>
+<td align="left"><p>MicrosoftOffice2013Win32.xml</p>
+<p>MicrosoftOffice2013Win64.xml</p>
+<p>MicrosoftLync2013Win32.xml</p>
+<p>MicrosoftLync2013Win64.xml</p></td>
+<td align="left"><p>MicrosoftOffice2010Win32.xml</p>
+<p>MicrosoftOffice2010Win64.xml</p>
+<p>MicrosoftLync2010.xml</p>
+<p></p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+### Microsoft Office Applications supported by the UE-V templates
+
+<table>
+<colgroup>
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
+</colgroup>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Microsoft Access 2016</p>
+<p>Microsoft Lync 2016</p>
+<p>Microsoft Excel 2016</p>
+<p>Microsoft OneNote 2016</p>
+<p>Microsoft Outlook 2016</p>
+<p>Microsoft PowerPoint 2016</p>
+<p>Microsoft Project 2016</p>
+<p>Microsoft Publisher 2016</p>
+<p>Microsoft SharePoint Designer 2013 (not udpated for 2016)</p>
+<p>Microsoft Visio 2016</p>
+<p>Microsoft Word 2016</p>
+<p>Microsoft Office Upload Manager</p></td>
+<td align="left"><p>Microsoft Access 2013</p>
+<p>Microsoft Lync 2013</p>
+<p>Microsoft Excel 2013</p>
+<p>Microsoft InfoPath 2013</p>
+<p>Microsoft OneNote 2013</p>
+<p>Microsoft Outlook 2013</p>
+<p>Microsoft PowerPoint 2013</p>
+<p>Microsoft Project 2013</p>
+<p>Microsoft Publisher 2013</p>
+<p>Microsoft SharePoint Designer 2013</p>
+<p>Microsoft Visio 2013</p>
+<p>Microsoft Word 2013</p>
+<p>Microsoft Office Upload Manager</p></td>
+<td align="left"><p>Microsoft Access 2010</p>
+<p>Microsoft Lync 2010</p>
+<p>Microsoft Excel 2010</p>
+<p>Microsoft InfoPath 2010</p>
+<p>Microsoft OneNote 2010</p>
+<p>Microsoft Outlook 2010</p>
+<p>Microsoft PowerPoint 2010</p>
+<p>Microsoft Project 2010</p>
+<p>Microsoft Publisher 2010</p>
+<p>Microsoft SharePoint Designer 2010</p>
+<p>Microsoft Visio 2010</p>
+<p>Microsoft Word 2010</p>
+<p></p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+## Deploying Office templates
+
+
+You can deploy UE-V settings location template with the following methods:
+
+-   **Registering template with PowerShell**. If you use Windows PowerShell to manage computers, run the following Windows PowerShell command as Administrator to register this settings location template:
+
+    ``` syntax
+    Register-UevTemplate -Path <Path_to_Template>
+    ```
+
+    For more information about using UE-V and Windows PowerShell, see [Managing UE-V settings location templates using Windows PowerShell and WMI](uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md).
+
+-   **Registering template with Template Catalog Path**. If you use the Settings Template Catalog Path to manage templates on users’ computers, copy the Office template into the folder defined in the UE-V service. The next time the Template Auto Update (ApplySettingsCatalog.exe) scheduled task runs, the settings location template will be registered on the device. For more information, see [Deploy a settings template catalog](uev-deploy-uev-for-custom-applications.md#deployasettingstemplatecatalog).
+
+-   **Registering template with Configuration Manager**. If you use Configuration Manager to manage your UE-V settings storage templates, recreate the Template Baseline CAB, import it into Configuration Manager, and then deploy the baseline to user devices. For more information, see the guidance provided in the documentation for the [System Center 2012 Configuration Pack for Microsoft User Experience Virtualization 2.0](https://www.microsoft.com/en-us/download/details.aspx?id=40913).
+
+## Have a suggestion for UE-V?
+
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
diff --git a/windows/manage/uev-technical-reference.md b/windows/manage/uev-technical-reference.md
new file mode 100644
index 0000000000..20adefafdf
--- /dev/null
+++ b/windows/manage/uev-technical-reference.md
@@ -0,0 +1,67 @@
+---
+title: Technical Reference for UE-V
+description: Technical Reference for UE-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Technical Reference for UE-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+This technical reference section includes additional technical documentation about the various features of User Experience Virtualization (UE-V). This information is provided to help the administrator better understand UE-V.
+
+## Technical reference topics for UE-V
+
+
+-   [Sync Methods for UE-V](uev-sync-methods.md)
+
+    Defines how UE-V synchronizes settings between computers and the settings storage location. Sync Provider is the default sync method for UE-V. This topic includes technical reference information for sync methods, including the Sync Provider.
+
+-   [Sync Trigger Events for UE-V](uev-sync-trigger-events.md)
+
+    Defines when the UE-V service synchronizes those settings with the settings storage location. This topic provides technical reference information about when synchronization takes place based upon the sync method deployed.
+
+-   [Synchronizing Microsoft Office with UE-V](uev-synchronizing-microsoft-office-with-uev.md)
+
+    Provides guidance for downloading and enabling the Microsoft-authored UE-V settings location templates that support Microsoft Office settings synchronization.
+
+-   [Application Template Schema Reference for UE-V](uev-application-template-schema-reference.md)
+
+    Details the XML structure of UE-V settings location templates and provides guidance for editing these files.
+
+-   [Security Considerations for UE-V](uev-security-considerations.md)
+
+    Provides a brief overview of accounts, groups, and other security-related considerations for UE-V.
+
+## Other resources for this feature
+
+
+-   [User Experience Virtualization overview](uev-for-windows.md)
+
+-   [Get Started with UE-V](uev-getting-started.md)
+
+-   [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+
+-   [Administering UE-V](uev-administering-uev.md)
+
+-   [Troubleshooting UE-V](uev-troubleshooting.md)
+
+## Have a suggestion for UE-V?
+
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/uev-troubleshooting.md b/windows/manage/uev-troubleshooting.md
new file mode 100644
index 0000000000..4060f14739
--- /dev/null
+++ b/windows/manage/uev-troubleshooting.md
@@ -0,0 +1,39 @@
+---
+title: Troubleshooting UE-V
+description: Troubleshooting UE-V
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Troubleshooting UE-V
+
+**Applies to**
+-   Windows 10, version 1607
+
+For information that can help with troubleshooting UE-V for Windows 10, see:
+
+- [UE-V: List of Microsoft Support Knowledge Base Articles](http://social.technet.microsoft.com/wiki/contents/articles/14271.ue-v-list-of-microsoft-support-knowledge-base-articles.aspx)
+
+- [User Experience Virtualization Release Notes](uev-release-notes-1607.md)
+
+- [Technical Reference for UE-V](uev-technical-reference.md)
+
+- [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc)
+
+## Other resources
+
+-   [User Experience Virtualization overview](uev-for-windows.md)
+
+-   [Get Started with UE-V](uev-getting-started.md)
+
+-   [Prepare a UE-V deployment](uev-prepare-for-deployment.md)
+
+-   [Administering UE-V](uev-administering-uev.md)
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
diff --git a/windows/manage/uev-upgrade-uev-from-previous-releases.md b/windows/manage/uev-upgrade-uev-from-previous-releases.md
new file mode 100644
index 0000000000..aa12c04977
--- /dev/null
+++ b/windows/manage/uev-upgrade-uev-from-previous-releases.md
@@ -0,0 +1,108 @@
+---
+title: Upgrade to UE-V for Windows 10
+description: Explains how to upgrade to the latest version of UE-V.
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# Upgrade to UE-V for Windows 10
+
+**Applies to**
+-   Windows 10, version 1607
+
+If you’re already using UE-V 2.x and you’re planning to upgrade user devices to Windows 10, version 1607 or later releases, you need to make only a few adjustments to your existing environment. These steps are explained in more detail below.
+
+1.	Upgrade user devices to Windows 10, version 1607 or later release. 
+
+2.	Verify that UE-V settings were migrated correctly.
+
+3.	Enable the UE-V service on user devices.
+
+4.	Install the UE-V template generator if you want to synchronize application settings for custom applications.
+
+> **Important**&nbsp;&nbsp;You can upgrade your existing UE-V installation to Windows 10, version 1607 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you’ll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10, version 1607..   
+
+## Upgrade user devices to Windows 10, version 1607
+
+Performing an in-place upgrade on user devices automatically installs the UE-V service, updates the settings location path, and migrates users' UE-V settings. See the [Windows 10 documentation for IT Pros](https://technet.microsoft.com/itpro/windows/deploy/index) for information about upgrading user devices to Windows 10. 
+
+## Verify that UE-V settings were migrated correctly 
+
+After upgrading a user device to Windows 10, version 1607, it’s important to verify that UE-V settings and template registrations were migrated correctly during the upgrade. You can verify UE-V settings using Windows Powershell or the device’s registry.
+
+**To verify UE-V settings using Windows PowerShell**
+
+1.	Run PowerShell as Administrator, type **Get-UEVConfiguration**, and press ENTER to view current configurations.
+
+2.	Check that the settings were successfully updated.
+
+3.	Type **Get-UEVTemplate** and press ENTER to check that your templates are still registered.
+
+    > **Note** You’ll need to register the NotePad template again after you upgrade the device to Windows 10. 
+
+**To verify UE-V settings using the device’s registry**
+
+1.	In a command prompt, run **Regedit** as Administrator.
+
+2.	Navigate to **HKEY_LOCAL_MACHINE\Software\Microsoft\UEV\Agent\Configuration.**
+
+3.	Verify that the settings storage path and the settings template catalog path are pointing to the same locations as before you upgraded the device to Windows 10. 
+
+## Enable the UE-V service on user devices
+
+The UE-V service is the client-side component that captures user-personalized application and Windows settings and saves them in settings packages. Settings packages are built, locally stored, and copied to the settings storage location. 
+
+With Windows 10, version 1607 and later, the UE-V service replaces the UE-V Agent and no longer requires a separate download and installation. Enable the service on user devices to start using UE-V. You can enable the service with the Group Policy editor or with Windows PowerShell. 
+
+> **Important**&nbsp;&nbsp;The UE-V Agent used in prior releases of UE-V is replaced with the UE service. The UE-V service included with Windows 10, version 1607 and later releases, does not include the agent user interface and is configurable through cmdlets or registry settings only.
+
+**To enable the UE-V service with Group Policy**
+
+1.	Open the device’s **Group Policy Editor**.
+
+2.	Navigate to **Computer Configuration > Administrative Templates > Windows Components > Microsoft User Experience Virtualization**. 
+
+3.	Run **Enable UEV**
+
+4.	Restart the device.
+
+**To enable the UE-V service with Windows PowerShell**
+
+1.	Run PowerShell as Administrator, type **Enable-UEV**, and press ENTER.
+
+2.	Restart the device.
+
+3.	Type **Get-UEVStatus** and press ENTER to verify that the service was successfully enabled.
+
+## Install the UE-V template generator
+
+The UE-V template generator is included in the Windows Assessment and Deployment Kit (ADK) for Windows 10. 
+
+**To install the UE-V template generator**
+
+1.	Go to [Download the Windows ADK](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) to access the ADK. 
+
+2. Select the **Get Windows ADK for Windows 10** button on this page to start the ADK installer. On the screen pictured below, select **Microsoft User Experience Virtualization (UE-V) Template Generator** and then select **Install**.
+
+    ![Selecting UE-V features in ADK](images/uev-adk-select-uev-feature.png)
+ 
+3.	To open the generator, open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator**. 
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Other resources for this feature
+
+-   [UE-V Release Notes](uev-release-notes-1607.md)
+
+-   [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+
+-   [Administer UE-V](uev-administering-uev.md)
+
+-   [Migrating settings packages](uev-migrating-settings-packages.md)
+
+-   [Technical Reference for UE-V](uev-technical-reference.md)
diff --git a/windows/manage/uev-using-uev-with-application-virtualization-applications.md b/windows/manage/uev-using-uev-with-application-virtualization-applications.md
new file mode 100644
index 0000000000..7d75a528a0
--- /dev/null
+++ b/windows/manage/uev-using-uev-with-application-virtualization-applications.md
@@ -0,0 +1,56 @@
+---
+title: Using UE-V with Application Virtualization applications
+description: Using UE-V with Application Virtualization applications
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Using UE-V with Application Virtualization applications
+
+**Applies to**
+-   Windows 10, version 1607
+
+User Experience Virtualization (UE-V) supports Microsoft Application Virtualization (App-V) applications without any required modifications to either the App-V package or the UE-V template. However, an additional step is required because you cannot run the UE-V template generator directly on a virtualized App-V application. Instead, you must install the application locally, generate the template, and then apply the template to the virtualized application. UE-V supports App-V for Windows 10 packages and App-V 5.0 packages.
+
+## UE-V settings synchronization for App-V applications
+
+
+UE-V monitors when an application opens by the program name and, optionally, by file version numbers and product version numbers, whether the application is installed locally or virtually by using App-V. When the application starts, UE-V monitors the App-V process, applies any settings that are stored in the user's settings storage path, and then enables the application to start normally. UE-V monitors App-V applications and automatically translates the relevant file and registry paths to the virtualized location as opposed to the physical location outside the App-V computing environment.
+
+ **To implement settings synchronization for a virtualized application**
+
+1.  Run the UE-V template generator to collect the settings of the locally installed application whose settings you want to synchronize between computers. This process creates a settings location template. If you use a built-in template such as a Microsoft Office template, skip this step. For more information about using the UE-V template generator, see [Deploy UE-V for custom applications](uev-deploy-uev-for-custom-applications.md#createcustomtemplates).
+
+2.  Install the App-V application package if you have not already done so.
+
+3.  Publish the template to the location of your settings template catalog or manually install the template by using the `Register-UEVTemplate` Windows PowerShell cmdlet.
+
+    **Note**  
+    If you publish the newly created template to the settings template catalog, the client does not receive the template until the sync provider updates the settings. To manually start this process, open **Task Scheduler**, expand **Task Scheduler Library**, expand **Microsoft**, and expand **UE-V**. In the results pane, right-click **Template Auto Update**, and then click **Run**.
+
+     
+
+4.  Start the App-V package.
+
+## Have a suggestion for UE-V?
+
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+
+[Administering UE-V](uev-administering-uev.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/uev-whats-new-in-uev-for-windows.md b/windows/manage/uev-whats-new-in-uev-for-windows.md
new file mode 100644
index 0000000000..a7759f623e
--- /dev/null
+++ b/windows/manage/uev-whats-new-in-uev-for-windows.md
@@ -0,0 +1,125 @@
+---
+title: What's New in UE-V for Windows 10, version 1607
+description: What's New in UE-V for Windows 10, version 1607
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+# What's New in UE-V 
+
+**Applies to**
+-   Windows 10, version 1607
+
+User Experience Virtualization (UE-V) for Windows 10, version 1607, includes these new features and capabilities compared to UE-V 2.1. See [UE-V Release notes](uev-release-notes-1607.md) for more information about the UE-V for Windows 10, version 1607 release.
+
+## UE-V is now a feature in Windows 10
+
+With Windows 10, version 1607 and later releases, UE-V is included with [Windows 10 for Enterprise](https://www.microsoft.com/en-us/WindowsForBusiness/windows-for-enterprise) and is no longer part of the Microsoft Desktop Optimization Pack. 
+
+The changes in UE-V for Windows 10, version 1607 impact already existing implementations of UE-V in the following ways:
+
+- The UE-V Agent is replaced by the UE-V service. The UE-V service is installed with Windows 10, version 1607 and no longer has to be deployed separately. Performing an in-place upgrade to Windows 10, version 1607, on user devices automatically installs the UE-V service, migrates users’ UE-V configurations, and updates the settings storage path.
+
+- The UE-V template generator is available from the Windows 10 ADK. In previous releases of UE-V, the template generator was included in the Microsoft Desktop Optimization Pack. Although you’ll need to use the new template generator to create new settings location templates, existing settings location templates will continue to work. 
+
+- The Company Settings Center was removed and is no longer available on user devices. Users can no longer manage their synchronized settings. 
+
+- The inbox templates such as Office 2016 and IE 10 are included as a part of Windows 10 and need to be manually registered with Powershell or Group policy before use.
+
+For more information about how to configure an existing UE-V installation after upgrading user devices to Windows 10, see [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md).
+
+> **Important**&nbsp;&nbsp;You can upgrade your existing UE-V installation to Windows 10 from UE-V versions 2.1 or 2.0 only. If you are using a previous version of UE-V, you’ll need to upgrade from that version to UE-V 2.x before you upgrade to Windows 10.
+
+## New UE-V template generator is available from the Windows 10 ADK
+
+UE-V for Windows 10 includes a new template generator, available from a new location. If you are upgrading from an existing UE-V installation, you’ll need to use the new generator to create settings location templates. The UE-V for Windows 10 template generator is now available in the [Windows 10 Assessment and Deployment Kit](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK).
+
+## Company Settings Center removed in UE-V for Windows 10, version 1607
+
+In previous versions of UE-V, users could select which of their customized application settings to synchronize with the Company Settings Center, a user interface that was available on user devices. Additionally, administrators could configure the Company Settings Center to include a link to support resources so that users could easily get support on virtualized settings-related issues.
+
+With the release of Windows 10, version 1607, the Company Settings Center was removed and users can no longer manage their synchronized settings. 
+
+Administrators can still define which user-customized application settings can synchronize (roam) with Group Policy or Windows PowerShell.  
+
+**Note** With the removal of the Company Settings Center, the following group policies are no longer applicable:
+
+-   Contact IT Link Text
+-   Contact IT URL
+-   Tray Icon
+
+## Compatibility with Microsoft Enterprise State Roaming
+
+With Windows 10, version 1607, users can synchronize Windows application settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V on on-premises domain-joined devices only.
+
+In hybrid cloud environments, UE-V can roam Win32 applications on-premises while [Enterprise State Roaming](https://azure.microsoft.com/documentation/articles/active-directory-windows-enterprise-state-roaming-overview/) (ESR) can roam the rest, e.g., Windows and desktop settings, themes, colors, etc., to an Azure cloud installation.
+
+To configure UE-V to roam Windows desktop and application data only, change the following group policies:
+
+-   Disable “Roam Windows settings” group policy
+
+-   Enable “Do not synchronize Windows Apps” group policy
+
+For more information about using UE-V with Enterprise State Roaming, see [Settings and data roaming FAQ](https://azure.microsoft.com/documentation/articles/active-directory-windows-enterprise-state-roaming-faqs/#what-are-the-options-for-roaming-settings-for-existing-windows-desktop-applications).
+
+Additionally, to enable Windows 10 and UE-V to work together, configure these policy settings in the Microsoft User Experience Virtualization node:
+
+-   Enable “Do Not Synchronize Windows Apps”
+
+-   Disable “Sync Windows Settings”
+
+
+## Settings Synchronization Behavior Changed in UE-V for Windows 10
+
+While earlier versions of UE-V roamed taskbar settings between Windows 10 devices, UE-V for Windows 10, version 1607 does not synchronize taskbar settings between devices running Windows 10 and devices running previous versions of Windows.
+
+In addition, UE-for Windows does not synchronize settings between the Microsoft Calculator in Windows 10 and the Microsoft Calculator in previous versions of Windows.
+
+## Support Added for Roaming Network Printers
+
+Users can now print to their saved network printers from any network device, including their default network printer.
+
+Printer roaming in UE-V requires one of these scenarios:
+
+-   The print server can download the required driver when it roams to a new device.
+
+-   The driver for the roaming network printer is pre-installed on any device that needs to access that network printer.
+
+-   The printer driver can be imported from Windows Update.
+
+> **Note**&nbsp;&nbsp;The UE-V printer roaming feature does not roam printer settings or preferences, such as printing double-sided.
+
+## Office 2016 Settings Location Template
+
+UE-V for Windows 10, version 1607 includes the Microsoft Office 2016 settings location template with improved Outlook signature support. We’ve added synchronization of default signature settings for new, reply, and forwarded emails. Users no longer have to choose the default signature settings.
+
+> **Note**&nbsp;&nbsp;An Outlook profile must be created on any device on which a user wants to synchronize their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
+
+UE-V works with Office 365 to determine whether Office 2016 settings are roamed by Office 365. If settings are roamed by Office 365, they are not roamed by UE-V. See [Overview of user and roaming settings for Microsoft Office](https://technet.microsoft.com/library/jj733593.aspx) for more information.
+
+To enable settings synchronization using UE-V, do one of the following:
+
+-   Use Group Policy to disable Office 365 synchronization
+
+-   Do not enable the Office 365 synchronization experience during Office 2013 installation
+
+UE-V includes Office 2016, Office 2013, and Office 2010 templates. Office 2007 templates are no longer supported. Users can still use Office 2007 templates from UE-V 2.0 or earlier and can still get templates from the [User Experience Virtualization Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V).
+
+## Have a suggestion for UE-V?
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+- [Microsoft User Experience Virtualization](uev-for-windows.md)
+
+- [Get Started with UE-V](uev-getting-started.md)
+
+- [Prepare a UE-V Deployment](uev-prepare-for-deployment.md)
+
+- [User Experience Virtualization (UE-V) Release Notes](uev-release-notes-1607.md) for Windows 10, version 1607
+
+- [Upgrade to UE-V for Windows 10](uev-upgrade-uev-from-previous-releases.md) 
diff --git a/windows/manage/uev-working-with-custom-templates-and-the-uev-generator.md b/windows/manage/uev-working-with-custom-templates-and-the-uev-generator.md
new file mode 100644
index 0000000000..056526037b
--- /dev/null
+++ b/windows/manage/uev-working-with-custom-templates-and-the-uev-generator.md
@@ -0,0 +1,162 @@
+---
+title: Working with Custom UE-V Templates and the UE-V Template Generator
+description: Working with Custom UE-V Templates and the UE-V Template Generator
+author: MaggiePucciEvans
+ms.pagetype: mdop, virtualization
+ms.mktglfcycl: deploy
+ms.sitesec: library
+ms.prod: w10
+---
+
+
+# Working with custom UE-V templates and the UE-V template generator
+
+**Applies to**
+-   Windows 10, version 1607
+
+User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those included in the default templates, you can create your own custom settings location templates with the UE-V template generator. You can also edit or validate custom settings location templates with the UE-V template generator.
+
+Use the UE-V template generator to monitor, discover, and capture the locations where Win32 applications store settings. The template generator does not create settings location templates for the following types of applications:
+
+-   Virtualized applications
+-   Applications that are offered through Terminal Services
+-   Java applications
+-   Windows applications
+
+## Standard and non-standard settings locations
+
+The UE-V template generator helps you identify where applications search for settings files and registry settings that applications use to store settings information. The generator discovers settings only in locations that are accessible to a standard user. Settings that are stored in other locations are excluded. 
+
+Discovered settings are grouped into two categories: **Standard** and **Non-standard**. Standard settings are recommended for synchronization, and UE-V can readily capture and apply them. Non-standard settings can potentially synchronize settings but, because of the rules that UE-V uses, these settings might not consistently or dependably synchronize settings. These settings might depend on temporary files, result in unreliable synchronization, or might not be useful. These settings locations are presented in the UE-V template generator. You can choose to include or exclude them on a case-by-case basis.
+
+The UE-V template generator opens the application as part of the discovery process. The generator can capture settings in the following locations:
+
+-   **Registry Settings** – Registry locations under **HKEY\_CURRENT\_USER**
+
+-   **Application Settings Files** – Files that are stored under \\ **Users** \\ \[User name\] \\ **AppData** \\ **Roaming**
+
+The UE-V template generator excludes locations, which commonly store application software files, but do not synchronize well between user computers or environments. The UE-V template generator excludes these locations. Excluded locations are as follows:
+
+-   HKEY\_CURRENT\_USER registry keys and files to which the logged-on user cannot write values
+
+-   HKEY\_CURRENT\_USER registry keys and files that are associated with the core functionality of the Windows operating system
+
+-   All registry keys that are located in the HKEY\_LOCAL\_MACHINE hive, which requires administrator rights and might require to set a User Account Control (UAC) agreement
+
+-   Files that are located in Program Files directories, which requires administrator rights and might require to set a UAC agreement
+
+-   Files that are located under Users \\ \[User name\] \\ AppData \\ LocalLow
+
+-   Windows operating system files that are located in %Systemroot%, which requires administrator rights and might require to set a UAC agreement
+
+If registry keys and files that are stored in these locations are required to synchronize application settings, you can manually add the excluded locations to the settings location template during the template creation process.
+
+## <a href="" id="edit"></a>Edit settings location templates with the UE-V template generator
+
+Use the UE-V template generator to edit settings location templates. When the revised settings are added to the templates with the UE-V template generator, the version information within the template is automatically updated to ensure that any existing templates that are deployed in the enterprise are updated correctly.
+
+**To edit a UE-V settings location template with the UE-V template generator**
+
+1.  Open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator** to open the template generator.
+
+2.  Click **Edit a settings location template**.
+
+3.  In the list of recently used templates, select the template to be edited. Alternatively, click **Browse** to search for the settings template file. Click **Next** to continue.
+
+4.  Review the **Properties**, **Registry** locations, and **Files** locations for the settings template. Edit as required.
+
+    -   On the **Properties** tab, you can view and edit the following properties:
+
+        -   **Application name** The application name that is written in the description of the program file properties.
+
+        -   **Program name** The name of the program that is taken from the program file properties. This name usually has the .exe file name extension.
+
+        -   **Product version** The product version number of the .exe file of the application. This property, together with the **File version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, then the settings location template applies to all versions of the product.
+
+        -   **File version** The file version number of the .exe file of the application. This property, along with the **Product version**, helps determine which applications are targeted by the settings location template. This property accepts a major version number. If this property is empty, the settings location template applies to all versions of the program.
+
+        -   **Template author name** (optional) The name of the settings template author.
+
+        -   **Template author email** (optional) The email address of the settings location template author.
+
+    -   The **Registry** tab lists the **Key** and **Scope** of the registry locations that are included in the settings location template. You can edit the registry locations by using the **Tasks** drop-down menu. In the Tasks menu, you can add new keys, edit the name or scope of existing keys, delete keys, and browse the registry in which the keys are located. When you define the scope for the registry, you can use the **All Settings** scope to include all the registry settings under the specified key. Use **All Settings** and **Subkeys** to include all the registry settings under the specified key, subkeys, and subkey settings.
+
+    -   The **Files** tab lists the file path and file mask of the file locations that are included in the settings location template. You can edit the file locations by using the **Tasks** drop-down menu. In the **Tasks** menu for file locations, you can add new files or folder locations, edit the scope of existing files or folders, delete files or folders, and open the selected location in Windows Explorer. To include all files in the specified folder, leave the file mask empty.
+
+5.  Click **Save** to save the changes to the settings location template.
+
+6.  Click **Close** to close the Settings Template Wizard. Exit the UE-V template generator application.
+
+    After you edit the settings location template for an application, you should test the template. Deploy the revised settings location template in a lab environment before you put it into production in the enterprise.
+
+**How to manually edit a settings location template**
+
+1.  Create a local copy of the settings location template .xml file. UE-V settings location templates are .xml files that identify the locations where application store settings values.
+
+    >**Note**  
+    A settings location template is unique because of the template **ID**. If you copy the template and rename the .xml file, template registration fails because UE-V reads the template **ID** tag in the .xml file to determine the name, not the file name of the .xml file. UE-V also reads the **Version** number to know if anything has changed. If the version number is higher, UE-V updates the template.
+
+     
+2.  Open the settings location template file with an XML editor.
+
+3.  Edit the settings location template file. All changes must conform to the UE-V schema file that is defined in [SettingsLocationTempate.xsd](uev-application-template-schema-reference.md). By default, a copy of the .xsd file is located in \\ProgramData\\Microsoft\\UEV\\Templates.
+
+4.  Increment the **Version** number for the settings location template.
+
+5.  Save the settings location template file, and then close the XML editor.
+
+6.  Validate the modified settings location template file by using the UE-V template generator.
+
+7.  You must register the edited UE-V settings location template before it can synchronize settings between client computers. To register a template, open Windows PowerShell, and then run the following cmdlet: `update-uevtemplate [templatefilename]`. You can then copy the file to the settings storage catalog. The UE-V Agent on users’ computers should then update as scheduled in the scheduled task.
+
+## <a href="" id="validate"></a>Validate settings location templates with the UE-V template generator
+
+
+It is possible to create or edit settings location templates in an XML editor without using the UE-V template generator. If you do, you can use the UE-V template generator to validate that the new or revised XML matches the schema that has been defined for the template.
+
+**To validate a UE-V settings location template with the UE-V template generator**
+
+1.  Open the **Start** menu and navigate to **Windows Kits** > **Microsoft User Experience Virtualization (UE-V) Template Generator** to open the template generator.
+
+2.  Click **Validate a settings location template**.
+
+3.  In the list of recently used templates, select the template to be edited. Alternatively, you can **Browse** to the settings template file. Click **Next** to continue.
+
+4.  Click **Validate** to continue.
+
+5.  Click **Close** to close the Settings Template Wizard. Exit the UE-V template generator application.
+
+    After you validate the settings location template for an application, you should test the template. Deploy the template in a lab environment before you put it into a production environment in enterprise.
+
+## <a href="" id="share"></a>Share settings location templates with the Template Gallery
+
+The [User Experience Virtualization Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V) enables administrators to share their UE-V settings location templates. Upload your settings location templates to the gallery for other users to use, and download templates that other users have created.
+
+Before you share a settings location template on the UE-V template gallery, ensure it does not contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share a template with anyone outside your company.
+
+-   Template Author Name – Specify a general, non-identifying name for the template author name or exclude this data from the template.
+
+-   Template Author Email – Specify a general, non-identifying template author email or exclude this data from the template.
+
+Before you deploy any settings location template that you have downloaded from the UE-V gallery, you should first test the template to ensure that the application settings synchronize settings correctly in a test environment.
+
+## Have a suggestion for UE-V?
+
+
+Add or vote on suggestions on the [User Experience Virtualization feedback site](http://uev.uservoice.com/forums/280428-microsoft-user-experience-virtualization).<br>For UE-V issues, use the [UE-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-us/home?forum=mdopuev&filter=alltypes&sort=lastpostdesc).
+
+## Related topics
+
+
+[Administering UE-V](uev-administering-uev.md)
+
+[Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md)
+
+ 
+
+ 
+
+
+
+
+
diff --git a/windows/manage/update-windows-store-for-business-account-settings.md b/windows/manage/update-windows-store-for-business-account-settings.md
index 2870bbda8a..90469e91a6 100644
--- a/windows/manage/update-windows-store-for-business-account-settings.md
+++ b/windows/manage/update-windows-store-for-business-account-settings.md
@@ -6,6 +6,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Update Windows Store for Business account settings
@@ -109,7 +110,7 @@ Not all cards available in all countries. When you add a payment option, Store f
 **To add a new payment option** 
 
 1.	Sign in to [Store for Business](http://businessstore.microsoft.com). 
-2.	Click **Settings**, and then click **Account information**. 
+2.	Click **Manage**, and then click **Account information**. 
 3.  Under **My payment options**, tap or click **Show my payment options**, and then select the type of credit card that you want to add. 
 4.	Add information to any required fields, and then click **Next**. 
 
@@ -117,13 +118,13 @@ Once you click Next, the information you provided will be validated with a tes
 
 **Note**: <br>When adding credit or debit cards, you may be prompted to enter a CVV . The CVV is only used for verification purposes and is not stored in our systems after validation. 
 
-**To update a payment option**: 
+**To update a payment option** 
 
 1.	Sign in to [Store for Business](http://businessstore.microsoft.com). 
-2.	Click **Settings**, and then click **Account information**. 
-3.	Under My payment options > Credit Cards, select the payment option that you want to update, and then click Update. 
-4.	Enter any updated information in the appropriate fields, and then click Next. 
-Once you click Next, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems. 
+2.	Click **Manage**, and then click **Account information**. 
+3.	Under **My payment options** > **Credit Cards**, select the payment option that you want to update, and then click **Update**. 
+4.	Enter any updated information in the appropriate fields, and then click **Next**. 
+Once you click **Next**, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems. 
  
 **Note**:<br> Certain actions, like updating or adding a payment option, require temporary “test authorization” transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time or have a low balance.
 
@@ -131,6 +132,14 @@ Once you click Next, the information you provided will be validated with a tes
 
 Offline licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Store for Business. This model means organizations can deploy apps when users or devices do not have connectivity to the Store. 
 
+Admins can decide whether or not offline licenses are shown for apps in Windows Store for Business. 
+
+**To set offline license visibility**
+
+1.	Sign in to [Store for Business](http://businessstore.microsoft.com). 
+2.	Click **Manage**, and then click **Account information**. 
+3.	Under **Offline licensing**, click **Show offline licensed apps to people shopping in the store** to show availability for both online and offline licenses.
+
 You have the following distribution options for offline-licensed apps:
 - Include the app in a provisioning package, and then use it as part of imaging a device.
 - Distribute the app through a management tool. 
diff --git a/windows/manage/windows-10-mobile-and-mdm.md b/windows/manage/windows-10-mobile-and-mdm.md
index 3053aedc09..6e1b32d24a 100644
--- a/windows/manage/windows-10-mobile-and-mdm.md
+++ b/windows/manage/windows-10-mobile-and-mdm.md
@@ -1,74 +1,59 @@
 ---
-title: Windows 10 Mobile and mobile device management (Windows 10)
-description: This guide provides an overview of the mobile device and app management technologies in the Windows 10 Mobile operating system.
+title: Windows 10 Mobile deployment and management guide (Windows 10)
+description: This guide helps IT professionals plan for and deploy Windows 10 Mobile devices.
 ms.assetid: 6CAA1004-CB65-4FEC-9B84-61AAD2125E5E
-keywords: telemetry, BYOD, MDM
+keywords: Mobile, telemetry, BYOD, MDM
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: mobile, devices, security
+localizationpriority: high
 author: AMeeus
 ---
 
-# Windows 10 Mobile and mobile device management
+# Windows 10 Mobile deployment and management guide
 
-**Applies to**
--   Windows 10 Mobile
+*Applies to:  Windows 10 Mobile, version 1511 and Windows 10 Mobile, version 1607*
 
-This guide provides an overview of the mobile device and app management technologies in the Windows 10 Mobile operating system. It describes how mobile device management (MDM) systems use the built-in device management client to deploy, configure, maintain, and support phones and small tablets running Windows 10 Mobile.
+This guide helps IT professionals plan for and deploy Windows 10 Mobile devices.
 
-Bring Your Own Device (BYOD—that is, personal devices) and corporate devices are key scenarios that Windows 10 Mobile MDM capabilities support. The operating system offers a flexible approach to registering devices with directory services and MDM systems, and IT organizations can provision comprehensive device-configuration profiles based on their company’s need to control and secure mobile business data.
-Windows 10 Mobile not only delivers more comprehensive, restrictive configuration settings than Windows Phone 8.1 did but also provides capabilities to deploy and manage apps built on the Universal Windows Platform (UWP). Companies can distribute apps directly from Windows Store or by using their MDM system. They can control and distribute custom line-of-business (LOB) apps the same way.
+Employees increasingly depend on smartphones to complete daily work tasks, but these devices introduce unique management and security challenges. Whether providing corporate devices or allowing people to use their personal devices, IT needs to deploy and manage mobile devices and apps quickly to meet business goals. However, they also need to ensure that the apps and data on those mobile devices are protected against cybercrime or loss. Windows 10 Mobile helps organizations directly address these challenges with robust, flexible, built-in mobile device and app management technologies.
+Windows 10 supports end-to-end device lifecycle management to give companies control over their devices, data, and apps. Devices can easily be incorporated into standard lifecycle practices, from device enrollment, configuration, and application management to maintenance, monitoring, and retirement using a comprehensive mobile device management solution.
 
-## Overview
+**In this article**
+-	Deploy
+-	Configure
+-	Apps
+-	Manage
+-	Retire
 
-Organizations’ users increasingly depend on their mobile devices, but phones and tablets bring new and unfamiliar challenges for IT departments. IT must be able to deploy and manage mobile devices and apps quickly to support the business while balancing the growing need to protect corporate data because of evolving laws, regulations, and cybercrime. IT must ensure that the apps and data on those mobile devices are safe, especially on personal devices. Windows 10 Mobile helps organizations address these challenges by providing a robust, flexible, built-in MDM client. IT departments can use the MDM system of their choice to manage this client.
 
-### <a href="" id="built-in-mdm-client--"></a>Built-in MDM client
+## Deploy
+
+Windows 10 Mobile has a built-in device management client to deploy, configure, maintain, and support smartphones. Common to all editions of the Windows 10 operating system, including desktop, mobile, and Internet of Things (IoT), this client provides a single interface through which Mobile Device Management (MDM) solutions can manage any device that runs Windows 10. Because the MDM client integrates with identity management, the effort required to manage devices throughout the lifecycle is greatly reduced.
+Windows 10 includes comprehensive MDM capabilities that can be managed by Microsoft management solutions, such as Microsoft Intune or System Center Configuration Manager, as well as many third-party MDM solutions. There is no need to install an additional, custom MDM app to enroll devices and bring them under MDM control. All MDM system vendors have equal access to Windows 10 Mobile device management application programming interfaces (APIs), giving IT organizations the freedom to select whichever system best fits their management requirements, whether Microsoft Intune or a third-party MDM product. For more information about Windows 10 Mobile device management APIs, see [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=734050).
+
+### <a href="" id="deployment-scenarios"></a>Deployment scenarios
+
+*Applies to: Corporate and personal devices*
 
 The built-in MDM client is common to all editions of the Windows 10 operating system, including desktop, mobile, and Internet of Things (IoT). The client provides a single interface through which you can manage any device that runs Windows 10. The client has two important roles: device enrollment in an MDM system and device management.
 
--   **Device enrollment.** Users can enroll in the MDM system. On Windows 10, a user can register a device with Microsoft Azure Active Directory (Azure AD) and enroll in an MDM system at the same time so that the system can manage the device, the apps running on it, and the confidential data it holds. Enrollment establishes the management authority for the device. Only one management authority (or MDM enrollment) is possible at a time, which helps prevent unauthorized access to devices and ensures their stability and reliability.
--   **Device management.** The MDM client allows the MDM system to configure policy settings; deploy apps and updates; and perform other management tasks, such as remotely wiping the device. The MDM system sends configuration requests and collects inventory through the MDM client. The client uses [configuration service providers (CSPs)](http://go.microsoft.com/fwlink/p/?LinkId=734049) to configure and inventory settings. A CSP is an interface to read, set, modify, or delete configuration settings on the device. These settings map to registry keys or files. (The security architecture of Windows 10 Mobile prevents direct access to registry settings and operating system files. For more information, see the [Windows 10 Mobile security guide](../keep-secure/windows-10-mobile-security-guide.md).)
+Organizations typically have two scenarios to consider when it comes to device deployment: Bring Your Own (BYO) personal devices and Choose Your Own (CYO) company-owned devices. In both cases, the device must be enrolled in an MDM system, which would configure it with settings appropriate for the organization and the employee. 
+Windows 10 Mobile device management capabilities support both personal devices used in the BYO scenario and corporate devices used in the CYO scenario. The operating system offers a flexible approach to registering devices with directory services and MDM systems. IT organizations can provision comprehensive device-configuration profiles based on their business needs to control and protect mobile business data. Apps can be provisioned easily to personal or corporate devices through the Windows Store for Business, or by using their MDM system, which can also work with the Windows Store for Business for public store apps. 
+Knowing who owns the device and what the employee will use it for are the major factors in determining your management strategy and which controls your organization should put in place. Whether personal devices, corporate devices, or a mixture of the two, deployment processes and configuration policies may differ. 
 
-The MDM client is an integral part of Windows 10 Mobile. As a result, there is no need for an additional, custom MDM app to enroll the device or to allow an MDM system to manage it. All MDM systems have equal access to Windows 10 Mobile MDM application programming interfaces (APIs), so you can choose Microsoft Intune or a third-party MDM product to manage Windows 10 Mobile devices. For more information about Windows 10 Mobile device management APIs, see [Mobile device management](http://go.microsoft.com/fwlink/p/?LinkId=734050).
+For **personal devices**, companies need to be able to manage corporate apps and data on the device without impeding the employee’s ability to personalize it to meet their individual needs. The employee owns the device and corporate policy allows them to use it for both business and personal purposes, with the ability to add personal apps at their discretion. The main concern with personal devices is how organizations can prevent corporate data from being compromised, while still keeping personal data private and under the sole control of the employee. This requires that the device be able to support separation of apps and data with strict control of business and personal data traffic.
 
-### <a href="" id="mobile-edition"></a>Windows 10 Mobile editions
+For **corporate devices**, organizations have a lot more control. IT can provide a selected list of supported device models to employees, or they can directly purchase and preconfigure them. Because devices are owned by the company, employees can be limited as to how much they can personalize these devices. Security and privacy concerns may be easier to navigate, because the device falls entirely under existing company policy. 
 
-Every device that runs Windows 10 Mobile includes all the enterprise mobile device security and management capabilities the MDM client provides. Microsoft also offers an Enterprise edition of Windows 10 Mobile, which includes three additional capabilities. To enable these capabilities, you can provision a license file without reinstalling the operating system:
+### <a href="" id="device-enrollment"></a>Device enrollment
 
--   **Ability to postpone software updates.**Windows 10 Mobile gets software updates directly from Windows Update, and you cannot curate updates prior to deployment. Windows 10 Mobile Enterprise, however, allows you to curate and validate updates prior to deploying them.
--   **No limit on the number of self-signed LOB apps that you can deploy to a single device.** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organization’s certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device, more than 20 if your organization’s devices run Windows 10 Mobile Enterprise.
--   **Set telemetry to security level.** The telemetry security level configures the operating system to gather only the telemetry information required to keep devices secured.
+*Applies to: Corporate and personal devices*
 
->**Note:**  Your organization can opt to purchase a code signing certificate from Verisign to sign LOB apps or use [Windows Store for Business](windows-store-for-business.md) to obtain apps. With either method, you can distribute more than 20 apps to a single device without activating Windows 10 Mobile Enterprise on that device by using your MDM system.
- 
-To activate Windows 10 Mobile Enterprise on any Windows 10 Mobile device, use your company’s MDM system or a provisioning package to inject a license onto the device. You can download a Windows 10 Mobile Enterprise license from the Business Support Portal.
+The way in which personal and corporate devices are enrolled into an MDM system differs. Your operations team should consider these differences when determining which approach is best for mobile workers in your organization. 
 
-### <a href="" id="lifecycle-management--"></a>Lifecycle management
-
-Windows 10 Mobile supports end-to-end lifecycle device management to give companies control of their devices, data, and apps. Comprehensive MDM systems use the built-in MDM client to manage devices throughout their lifecycle, as Figure 1 illustrates. The remainder of this guide describes the operating system’s mobile device and app management capabilities through each phase of the lifecycle, showing how MDM systems use specific features.
-
-![figure 1](images/win10-mobile-mdm-fig1.png)
-
-Figure 1. Device management lifecycle
-
-## <a href="" id="device-deployment--"></a>Device deployment
-
-Device deployment includes the initial registration and configuration of the device, including its enrollment with an MDM system. Sometimes, companies preinstall apps. The major factors in how you deploy devices and which controls you put in place are device ownership and how the user will use the device. This guide covers two scenarios:
-
-1.  Companies allow users to personalize their devices because the users own the devices or because company policy doesn’t require tight controls (defined as *personal devices* in this guide).
-2.  Companies don’t allow users to personalize their devices or they limit personalization, usually because the organization owns the devices and security considerations are high (defined as *corporate devices* in this guide).
-
-Often, employees can choose devices from a list of supported models, or companies provide devices that they preconfigure, or bootstrap, with a baseline configuration.
-
-Microsoft recommends Azure AD Join and MDM enrollment and management for corporate devices and Azure AD Registration and MDM enrollment and management for personal devices.
-
-### <a href="" id="deployment-scenarios--"></a>Deployment scenarios
-
-Most organizations support both personal and corporate device scenarios. The infrastructure for these scenarios is similar, but the deployment process and configuration policies differ. Table 1 describes characteristics of the personal and corporate device scenarios. Activation of a device with an organizational identity is unique to Windows 10 Mobile.
-
-Table 1. Characteristics of personal and corporate device scenarios
+**Device initialization and enrollment considerations**
 
 <table>
 <colgroup>
@@ -79,35 +64,49 @@ Table 1. Characteristics of personal and corporate device scenarios
 <tbody>
 <tr class="odd">
 <td align="left"></td>
-<td align="left">Personal devices</td>
-<td align="left">Corporate devices</td>
+<td align="left"><strong>Personal devices</strong></td>
+<td align="left">Corporate devices</strong></td>
 </tr>
 <tr class="even">
-<td align="left">Ownership</td>
-<td align="left">User</td>
+<td align="left"><strong>Ownership</strong></td>
+<td align="left">Employee</td>
 <td align="left">Organization</td>
 </tr>
 <tr class="odd">
-<td align="left">Primary use</td>
-<td align="left">Personal</td>
-<td align="left">Work</td>
+<td align="left"><strong>Device Innitialization</strong>
+
+In the Out-of-the-Box Experience (OOBE), the first time the employee starts the device, they are requested to add a cloud identity to the device.</td>
+<td align="left">The primary identity on the device is a personal identity. Personal devices are initiated with a Microsoft Account (MSA), which uses a personal email address. </td>
+<td align="left">The primary identity on the device is an organizational identity. Corporate devices are initialized with an organizational account (account@corporatedomain.ext).
+Initialization of a device with a corporate account is unique to Windows 10. No other mobile platform currently offers this capability. The default option is to use an Azure Active Directory organizational identity. 
+Skipping the account setup in OOBE will result in the creation of a local account. The only option to add a cloud account later is to add an MSA, putting this device into a personal device deployment scenario. To start over, the device will have to be reset.
+</td>
 </tr>
 <tr class="even">
-<td align="left">Deployment</td>
-<td align="left">The primary identity on the device is a personal identity. A Microsoft account is the default option for Windows 10 Mobile.</td>
-<td align="left">The primary identity on the device is an organizational identity. An Azure AD account is the default option for Windows 10 Mobile.</td>
+<td align="left"><strong>Device Enrollment</strong> 
+
+Enrolling devices in an MDM system helps control and protect corporate data while keeping workers productive. </td>
+<td align="left">Device enrollment can be initiated by employees. They can add an Azure account as a secondary account to the Windows 10 Mobile device. Provided the MDM system is registered with your Azure AD, the device is automatically enrolled in the MDM system when the user adds an Azure AD account as a secondary account (MSA+AAD+MDM). If your organization does not have Azure AD, the employee’s device will automatically be enrolled into your organization’s MDM system (MSA+MDM).
+MDM enrollment can also be initiated with a provisioning package. This option enables IT to offer easy-to-use self-service enrollment of personal devices. Provisioning is currently only supported for MDM-only enrollment (MSA+MDM). 
+</td>
+<td align="left">The user initiates MDM enrollment by joining the device to the Azure AD instance of their organization. The device is automatically enrolled in the MDM system when the device registers in Azure AD. This requires your MDM system to be registered with your Azure AD (AAD+MDM).</td>
 </tr>
 </tbody>
 </table>
- 
-### <a href="" id="identity-management--"></a>Identity management
 
-People can use only one account to activate a device, so it’s imperative that your organization control which account you enable first. The account you choose will determine who controls the device and influence your management capabilities. The following list describes the impact that users’ identities have on management (Table 2 summarizes these considerations):
+**Recommendation:** Microsoft recommends Azure AD registration and automatic MDM enrollment for corporate devices (AAD+MDM) and personal devices (MSA+AAD+MDM). This requires Azure AD Premium.
 
--   **Personal identity.** In this scenario, employees use their Microsoft account to activate the device. Then, they use their Azure AD account (organizational identity) to register the device in Azure AD and enroll it with the company’s MDM solution. You can apply policies to help protect and contain corporate apps and data on the devices, designed to prevent intellectual property leaks, but users keep full control over personal activities, such as downloading and installing apps and games.
--   **Organizational identity.** In this scenario, employees use their Azure AD account to register the device to Azure AD and automatically enroll it with the organization’s MDM solution. In this case, companies can block personal use of devices. Using organizational Identities to initialize devices gives organizations complete control over devices and allows them to prevent personalization.
+### <a href="" id="identity-management"></a>Identity management 
 
-Table 2. Personal vs. organizational identity
+*Applies to: Corporate and personal devices*
+
+Employees can use only one account to initialize a device so it’s imperative that your organization controls which account is enabled first. The account chosen will determine who controls the device and influence your management capabilities. 
+
+>**Note:** Why must the user add an account to the device in OOBE? Windows 10 Mobile are single user devices and the user accounts give access to a number of default cloud services that enhance the productivity and entertainment value of the phone for the user. Such services are: Store for downloading apps, Groove for music and entertainment, Xbox for gaming, etc. Both an [MSA](https://www.microsoft.com/en-us/account/) and an [Azure AD account](https://www.microsoft.com/en-us/server-cloud/products/azure-active-directory/?WT.srch=1&WT.mc_id=SEM_%5B_uniqid%5D&utm_source=Bing&utm_medium=CPC&utm_term=azure%20ad&utm_campaign=Enterprise_Mobility_Suite) give access to these services. 
+
+The following table describes the impact of identity choice on device management characteristics of the personal and corporate device scenarios. 
+
+**Identity choice considerations for device management**
 
 <table>
 <colgroup>
@@ -118,1187 +117,959 @@ Table 2. Personal vs. organizational identity
 <tbody>
 <tr class="odd">
 <td align="left"></td>
-<td align="left">Personal identity</td>
-<td align="left">Corporate identity</td>
+<td align="left"><strong>Personal identity</strong></td>
+<td align="left"><strong>Work identity</td>
 </tr>
 <tr class="even">
-<td align="left">First account on the device</td>
-<td align="left">Microsoft account</td>
+<td align="left"><strong>First account on the device</strong></td>
+<td align="left">Microsoft Account</td>
 <td align="left">Azure AD account</td>
 </tr>
 <tr class="odd">
-<td align="left">Device sign-in</td>
-<td align="left">Users cannot sign in to devices with Azure AD credentials, even if they add the credentials after initial activation with a Microsoft account.</td>
-<td align="left">Users can unlock devices with an Azure AD account. Organizations can block the addition of a personal identity.</td>
+<td align="left"><strong>Ease of enrollment</td>
+<td align="left">Employees use their Microsoft Account to activate the device. Then, they use their Azure AD account (organizational identity) to register the device in Azure AD and enroll it with the company’s MDM solution (MSA+AAD+MDM).</td>
+<td align="left">Employees use their Azure AD account to register the device in Azure AD and automatically enroll it with the organization’s MDM solution (AAD+MDM – requires Azure AD Premium).</td>
 </tr>
 <tr class="even">
-<td align="left">User settings and data roaming across devices</td>
-<td align="left">User and app settings roam across devices activated with the same personal identity over personal OneDrive.</td>
-<td align="left">Windows 10 Mobile currently does not support users and app settings roaming over the enterprise cloud. It can block the roaming of personal cloud settings.</td>
+<td align="left"><strong>Credential management</strong></td>
+<td align="left">Employees sign in to the device with Microsoft Account credentials.
+Users cannot sign in to devices with Azure AD credentials, even if they add the credentials after initial activation with a Microsoft account. 
+</td>
+<td align="left">Employees sign in to the device with Azure AD credentials. 
+IT can block the addition of a personal identity, such as an MSA or Google Account. IT controls all devices access policies, without limitations. 
+</td>
 </tr>
-<tr class="odd">
-<td align="left">Ability to block the use of a personal identity on the device</td>
+<tr class="even">
+<td align="left"><strong>Ability to block the use of a personal identity on the device</strong></td>
 <td align="left">No</td>
 <td align="left">Yes</td>
 </tr>
 <tr class="even">
-<td align="left">Level of control</td>
-<td align="left"><p>Organization can apply most* restrictive policies to devices, but they cannot remove the Microsoft account from them. Device users can reclaim full control over their devices by un-enrolling them from the organization’s MDM solution.</p>
-<div class="alert">
-<strong>Note</strong>  
-<p>* MDM functionality on personal devices might be limited in the future.</p>
-</div>
-<div>
- 
-</div></td>
-<td align="left">Organizations are free to apply the restrictive policies to devices that policy standards and compliance regulations require and prevent the user from un-enrolling the device from the enterprise.</td>
+<td align="left"><strong>User settings and data roaming across multiple Windows devices</td>
+<td align="left">User and app settings roam across all devices activated with the same personal identity through OneDrive.</td>
+<td align="left">If the device is activated with an MSA, then adds an Azure AD account, user an app settings roam. If you add your MSA to an Azure AD- joined device, this will not be the case. Microsoft is investigating Enterprise roaming for a future release.</td>
+</tr>
+<tr class="even">
+<td align="left"><strong>Level of control</strong></td>
+<td align="left">Organizations can apply most of the available restrictive policies to devices and disable the Microsoft account. You can prevent users from reclaiming full control over their devices by unenrolling them from the organization’s MDM solution or resetting the device. Legal limitations may apply. For more information, contact your legal department.</td>
+<td align="left">Organizations are free to apply any restrictive policies to devices to bring them in line with corporate standards and compliance regulations. They can also prevent the user from unenrolling the device from the enterprise.</td>
+</tr>
+<tr class="even">
+<td align="left"><strong>Information Protection</strong></td>
+<td align="left">You can apply policies to help protect and contain corporate apps and data on the devices and prevent intellectual property leaks, but still provide employees with full control over personal activities like downloading and installing apps and games.</td>
+<td align="left">Companies can block personal use of devices. Using organizational identities to initialize devices gives organizations complete control over devices and allows them to prevent personalization.</td>
+</tr>
+<tr class="even">
+<td align="left"><strong>App purchases</strong></td>
+<td align="left">Employees can purchase and install apps from the Store using a personal credit card.</td>
+<td align="left">Employees can install apps from your Store for Business. Employees cannot install or purchase app from the Store without the addition of an MSA.</td>
 </tr>
 </tbody>
 </table>
- 
-### <a href="" id="infrastructure-requirements--"></a>Infrastructure requirements
 
-For both device scenarios, the essential infrastructure and tools required to deploy and manage Windows 10 Mobile devices include an Azure AD subscription and an MDM system.
 
-Azure AD is a cloud-based directory service that provides identity and access management. You can integrate it with existing on-premises directories to create a hybrid solution. Azure AD has three editions: Free, Basic, and Premium (see [Azure Active Directory editions](http://go.microsoft.com/fwlink/p/?LinkId=723980)). All editions support Azure AD device registration, but the Premium edition is required to enable MDM auto-enrollment and conditional access based on device state. Organizations that use Microsoft Office 365 or Intune are already using Azure AD.
+>**Note:** In the context of [Windows-as-a-Service](https://technet.microsoft.com/itpro/windows/manage/introduction-to-windows-10-servicing), differentiation of MDM capabilities will change in the future.
 
->**Note:**  Most industry-leading MDM vendors already support integration with Azure AD or are working on integration. You can find the MDM vendors that support Azure AD in [Azure Marketplace](http://go.microsoft.com/fwlink/p/?LinkId=723981).
- 
-Users can enroll Windows 10 Mobile devices in third-party MDM systems without using an Azure AD organizational account. (By default, Intune uses Azure AD and includes a license). If your organization doesn’t use Azure AD, you must use a personal identity to activate devices and enable common scenarios, such as downloading apps from Windows Store.
+### <a href="" id="Infrastructure choices"></a>Infrastructure choices
 
-Multiple MDM systems that support Windows 10 Mobile are available. Most support personal and corporate device deployment scenarios. Microsoft offers [Intune](http://go.microsoft.com/fwlink/p/?LinkId=723983), which is part of the [Enterprise Mobility Suite](http://go.microsoft.com/fwlink/p/?LinkId=723984) and a cloud-based MDM system that manages devices off premises. Like Office 365, Intune uses Azure AD for identity management, so employees use the same credentials to enroll devices in Intune or sign in to Office 365. Intune supports devices that run other operating systems, as well, such as iOS and Android, to provide a complete MDM solution.
+*Applies to: Corporate and personal devices*
 
-You can also integrate Intune with System Center Configuration Manager to gain a single console in which to manage all devices—in the cloud and on premises. For more information, see [Manage Mobile Devices with Configuration Manager and Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=734051). For guidance on choosing between a stand-alone Intune installation and Intune integrated with Configuration Manager, see [Choose between Intune by itself or integrating Intune with System Center Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=723985).
-In addition to Intune, other MDM providers support Windows 10 Mobile. Currently, the following MDM systems claim to support Windows 10 and Windows 10 Mobile: [AirWatch](http://go.microsoft.com/fwlink/p/?LinkId=723986), [Citrix](http://go.microsoft.com/fwlink/p/?LinkId=723987), [Lightspeed Systems](http://go.microsoft.com/fwlink/p/?LinkId=723988), [Matrix42](http://go.microsoft.com/fwlink/p/?LinkId=723989), [MobileIron](http://go.microsoft.com/fwlink/p/?LinkId=723990), [SAP](http://go.microsoft.com/fwlink/p/?LinkId=723991), [SOTI](http://go.microsoft.com/fwlink/p/?LinkId=723992), and [Symantec](http://go.microsoft.com/fwlink/p/?LinkId=723993).
+For both personal and corporate deployment scenarios, an MDM system is the essential infrastructure required to deploy and manage Windows 10 Mobile devices. An Azure AD premium subscription is recommended as an identity provider and required to support certain capabilities. Windows 10 Mobile allows you to have a pure cloud-based infrastructure or a hybrid infrastructure that combines Azure AD identity management with an on-premises management system to manage devices. Microsoft now also supports a pure on-premises solution to manage Windows 10 Mobile devices with [Configuration Manager](https://technet.microsoft.com/en-us/library/mt627908.aspx).
 
-All MDM vendors have equal access to the [Windows 10 MDM APIs](http://go.microsoft.com/fwlink/p/?LinkId=734050). The extent to which they implement these APIs depends on the vendor. Contact your preferred MDM vendor to determine its level of support.
+**Azure Active Directory** 
+Azure AD is a cloud-based directory service that provides identity and access management. You can integrate it with existing on-premises directories to create a hybrid identity solution. Organizations that use Microsoft Office 365 or Intune are already using Azure AD, which has three editions: Free Basic, and Premium (see [Azure Active Directory editions](http://azure.microsoft.com/en-us/documentation/articles/active-directory-editions/)). All editions support Azure AD device registration, but the Premium edition is required to enable MDM auto-enrollment and conditional access based on device state. 
 
->**Note:**  Although not covered in this guide, you can use Exchange ActiveSync (EAS) to manage mobile devices instead of using a full-featured MDM system. EAS is available in Microsoft Exchange Server 2010 or later and Office 365.
-In addition, Microsoft recently added MDM capabilities powered by Intune to Office 365. MDM for Office 365 supports mobile devices only, such as those running Windows 10 Mobile, iOS, and Android. MDM for Office 365 offers a subset of the management capabilities found in Intune, including the ability to remotely wipe a device, block a device from accessing Exchange Server email, and configure device policies (for example, passcode requirements). For more information about MDM for Office 365 capabilities, see [Overview of Mobile Device Management for Office 365](http://go.microsoft.com/fwlink/p/?LinkId=734052).
- 
-### <a href="" id="provisioning--"></a>Provisioning
+**Mobile Device Management**
+Microsoft [Intune](http://www.microsoft.com/en-us/server-cloud/products/microsoft-intune/overview.aspx), part of the Enterprise Mobility + Security, is a cloud-based MDM system that manages devices off premises. Like Office 365, Intune uses Azure AD for identity management so employees use the same credentials to enroll devices in Intune that they use to sign into Office 365. Intune supports devices that run other operating systems, such as iOS and Android, to provide a complete MDM solution.
+You can also integrate Intune with Configuration Manager to gain a single console for managing all devices in the cloud and on premises, mobile or PC. For more information, see [Manage Mobile Devices with Configuration Manager and Microsoft Intune](http://technet.microsoft.com/en-us/library/jj884158.aspx). For guidance on choosing between a stand-alone Intune installation and Intune integrated with System Center Configuration Manager, see Choose between Intune by itself or integrating Intune with System Center Configuration Manager.
+Multiple MDM systems support Windows 10 and most support personal and corporate device deployment scenarios. MDM providers that support Windows 10 Mobile currently include: AirWatch, Citrix, MobileIron, SOTI, Blackberry and others. Most industry-leading MDM vendors already support integration with Azure AD. You can find the MDM vendors that support Azure AD in [Azure Marketplace](http://azure.microsoft.com/en-us/marketplace/). If your organization doesn’t use Azure AD, the user must use an MSA during OOBE before enrolling the device in your MDM using a corporate account.
 
-Provisioning is new to Windows 10 and uses the MDM client in Windows 10 Mobile. You can create a runtime provisioning package to apply settings, profiles, and file assets to a device running Windows 10.
-To assist users with MDM system enrollment, use a provisioning package. To do so, use the [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911) to create a provisioning package, and then install that package on the device.
-Users can perform self-service MDM enrollment based on the following deployment scenarios:
+>**Note:** Although not covered in this guide, you can use Exchange ActiveSync (EAS) to manage mobile devices instead of using a full-featured MDM system. EAS is available in Microsoft Exchange Server 2010 or later and Office 365.
+In addition, Microsoft recently added MDM capabilities powered by Intune to Office 365. MDM for Office 365 supports mobile devices only, such as those running Windows 10 Mobile, iOS, and Android. MDM for Office 365 offers a subset of the management capabilities found in Intune, including the ability to remotely wipe a device, block a device from accessing Exchange Server email, and configure device policies (e.g., passcode requirements). For more information about MDM for Office 365 capabilities, see [Overview of Mobile Device Management for Office 365](http://technet.microsoft.com/en-us/library/ms.o365.cc.devicepolicy.aspx). 
 
--   **Corporate device.** During the out-of-the-box experience (OOBE), you can instruct the user to select **This device is owned by my organization** and join the device to Azure AD and the MDM system.
--   **Personal device.** The user activates the device with a Microsoft account, but you can instruct him or her to register the device with Azure AD and enroll in Intune. To do so in Windows 10 Mobile, the user clicks, **Settings**, clicks **Accounts**, and then clicks **Work access**.
-To automate MDM enrollment, use provisioning packages as follows:
--   **Corporate device.** You can create a provisioning package and apply it to a corporate device before delivery to the user, or instruct the user to apply the package during OOBE. After application of the provisioning package, the OOBE process automatically chooses the enterprise path and requires the user to register the device with Azure AD and enroll it in the MDM system.
--   **Personal device.** You can create a provisioning package and make it available to users who want to enroll their personal device in the enterprise. The user enrolls the device in the corporate MDM for further configuration by applying the provisioning package. To do so in Windows 10 Mobile, the user clicks **Settings**, clicks **Accounts**, and then clicks **Provisioning**).
+**Cloud services**
+On mobile devices that run Windows 10 Mobile, users can easily connect to cloud services that provide user notifications and collect telemetry (usage data). Windows 10 Mobile enables organizations to manage how devices consume these cloud services.
 
-Distribute provisioning packages to devices by publishing them in an easily accessible location (e.g., an email attachment or a web page). You can cryptographically sign or encrypt provisioning packages and require that the user enter a password to apply them.
+**Windows Push Notification Services**
+The Windows Push Notification Services enable software developers to send toast, tile, badge, and raw updates from their cloud services. It provides a mechanism to deliver updates to users in a power-efficient and dependable way.
+However, push notifications can affect battery life so the battery saver in Windows 10 Mobile limits background activity on the devices to extend battery life. Users can configure battery saver to turn on automatically when the battery drops below a set threshold. Windows 10 Mobile disables the receipt of push notifications to save energy when battery saver is on.
+However, there is an exception to this behavior. In Windows 10 Mobile, the Always allowed battery saver setting (found in the Settings app) allows apps to receive push notifications even when battery saver is on. Users can manually configure this list, or IT can use the MDM system to configure the battery saver settings URI scheme in Windows 10 Mobile (ms-settings:batterysaver-settings).
 
-See [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=734054) for more information on creating provisioning packages.
+For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](../keep-secure/windows-10-mobile-security-guide.md).
 
-## Device configuration
+**Windows Update for Business**
+Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing updates.  
 
-The following sections describe the device configuration capabilities of the built-in Windows 10 Mobile MDM client. This client exposes the capabilities to any MDM system compatible with Windows 10. Configurable settings include:
+**Windows Store for Business**
+The Windows Store for Business is the place where IT administrators can find, acquire, manage, and distribute apps to Windows 10 devices. This includes both internal line-of-business (LOB) apps, as well as commercially available third-party apps. 
 
--   [Email accounts](#email)
--   [Account restrictions](#restrictions)
--   [Device lock restrictions](#device-lock)
--   [Hardware restrictions](#hardware)
--   [Certificate management](#certificate)
--   [Wi-Fi](#wifi)
--   [Proxy](#proxy)
--   [Virtual private network (VPN)](#vpn)
--   [Access point name (APN) profiles](#apn)
--   [Data leak prevention](#data)
--   [Storage management](#storage)
+## Configure
 
->**Note:**  Although all the MDM settings this section describes are available in Windows 10 Mobile, not all MDM systems may show them in their user interface. In addition, naming may vary among MDM systems. Consult your MDM system’s documentation for more information.
- 
-### <a href="" id="email"></a>Email accounts
+MDM administrators can define and implement policy settings on any personal or corporate device enrolled in an MDM system. What configuration settings you use will differ based on the deployment scenario, and corporate devices will offer IT the broadest range of control.
 
-You can use your corporate MDM system to manage corporate email accounts. Define email account profiles in the MDM system, and then deploy them to devices. You would usually deploy these settings immediately after enrollment, regardless of scenario.
+>**Note:** This guide helps IT professionals understand management options available for the Windows 10 Mobile OS. Please consult your MDM system documentation to understand how these policies are enabled by your MDM vendor. 
+Not all MDM systems support every setting described in this guide. Some support custom policies through OMA-URI XML files. See [Microsoft Intune support for Custom Policies](https://docs.microsoft.com/en-us/intune/deploy-use/windows-10-policy-settings-in-microsoft-intune#custom-uri-settings-for-windows-10-devices). Naming conventions may also vary among MDM vendors. 
 
-This capability extends to email systems that use EAS. Table 3 lists settings that you can configure in EAS email profiles.
+### <a href="" id="account-profile"></a>Account profile
 
-Table 3. Windows 10 Mobile settings for EAS email profiles
+*Applies to: Corporate devices*
 
-| Setting                    | Description                                                                                                                                                                                |
-|----------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Email Address              | The email address associated with the EAS account                                                                                                                                          |
-| Domain                     | The domain name of the Exchange Server instance                                                                                                                                            |
-| Account Name               | A user-friendly name for the email account on the device                                                                                                                                   |
-| Password                   | The password for the email account                                                                                                                                                         |
-| Server Name                | The server name that the email account uses                                                                                                                                                |
-| User Name                  | The user name for the email account                                                                                                                                                        |
-| Calendar Age Filter        | The age of calendar items to be synchronized with the device (for example, synchronizing calendar items within the past 7 days)                                                            |
-| Logging                    | The level of diagnostic logging                                                                                                                                                            |
-| Mail Body Type             | The email body format type: text, HTML, RTF, or Multipurpose Internet Mail Extensions                                                                                                      |
-| Mail HTML Truncation       | The maximum size of an HTML-formatted email message before the message is synchronized to the device (Any HTML-formatted email message that exceeds this size is automatically truncated.) |
-| Mail Plain Text Truncation | The maximum size of a text-formatted email message before the message is synchronized to the device (Any text-formatted email message that exceeds this size is automatically truncated.)  |
-| Schedule                   | The schedule for synchronizing email between the Exchange Server instance and the device                                                                                                   |
-| Use SSL                    | Establishes whether Secure Sockets Layer (SSL) is required when syncing                                                                                                                    |
-| Mail Age Filter            | The age of messages to be synchronized with the device (for example, synchronizing messages within the past 7 days)                                                                        |
-| Content Types              | The content type that is synchronized (e.g., email, contacts, calendar, task items)                                                                                                        |
- 
-Table 4 lists settings that you can configure in other email profiles.
+Enforcing what accounts employees can use on a corporate device is important for avoiding data leaks and protecting privacy. Limiting the device to just one account controlled by the organization will reduce the risk of a data breach. However, you can choose to allow employees to add a personal Microsoft Account or other consumer email accounts. 
 
-Table 4. Windows 10 Mobile settings for other email profiles
+-   **Allow Microsoft Account** Specifies whether users are allowed to add a Microsoft Account to the device and use this account to authenticate to cloud services, such as purchasing apps in Windows Store, Xbox, or Groove.
+-   **Allow Adding Non-Microsoft Accounts** Specifies whether users are allowed to add email accounts other than Microsoft accounts.
 
-| Setting                                   | Description                                                                                                                                          |
-|-------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|
-| User logon name                           | The user logon name for the email account                                                                                                            |
-| Outgoing authentication required          | Whether the outgoing server requires authentication                                                                                                  |
-| Password                                  | The password for the account in the **User logon name** field                                                                                        |
-| Domain                                    | The domain name for the account in the **User logon name** field                                                                                     |
-| Days to download                          | How much email (measured in days) should be downloaded from the server                                                                               |
-| Incoming server                           | The incoming server name and port number, where the value format is *server\_name:port\_number* (The port number is optional.)                       |
-| Send and receive schedule                 | The length of time (in minutes) between email send-and-receive updates                                                                               |
-| IMAP4 maximum attachment size             | The maximum size for message attachments for Internet Message Access Protocol version 4 (IMAP4) accounts                                             |
-| Send mail display name                    | The name of the sender displayed on a sent email                                                                                                     |
-| Outgoing server                           | The outgoing server name and port number, where the value format is *server\_name:port\_number* (The port number is optional.)                       |
-| Reply address                             | The user’s reply email address                                                                                                                       |
-| Email service name                        | The name of the email service                                                                                                                        |
-| Email service type                        | The email service type (for example, POP3, IMAP4).                                                                                                   |
-| Maximum receive message size              | The maximum size (in bytes) of messages retrieved from the incoming email server (Messages that exceed this size are truncated to the maximum size.) |
-| Delete message action                     | How messages are deleted on the server (Messages can either be permanently deleted or sent to the Trash folder.)                                     |
-| Use cellular only                         | Whether the account should be used only with cellular connections and not Wi-Fi connections                                                          |
-| Content types to synchronize              | The content types supported for synchronization (in other words, mail messages, contacts, calendar items)                                            |
-| Content synchronization server            | The name of the content synchronization server, if it’s different from the email server                                                              |
-| Calendar synchronization server           | The name of the calendar synchronization server, if it’s different from the email server                                                             |
-| Contact server requires SSL               | Whether the contact server requires an SSL connection                                                                                                |
-| Calendar server requires SSL              | Whether the calendar server requires an SSL connection                                                                                               |
-| Contact items synchronization schedule    | The schedule for syncing contact items                                                                                                               |
-| Calendar items synchronization schedule   | The schedule for syncing calendar items                                                                                                              |
-| Alternative SMTP email account            | The display name associated with a user’s alternative Simple Mail Transfer Protocol (SMTP) email account                                             |
-| Alternate SMTP domain name                | The domain name for the user’s alternative SMTP email account                                                                                        |
-| Alternate SMTP account enabled            | Whether the user’s alternative SMTP account is enabled                                                                                               |
-| Alternate SMTP password                   | The password for the user’s alternative SMTP account                                                                                                 |
-| Incoming and outgoing servers require SSL | A group of properties that specify whether the incoming and outgoing email servers use SSL                                                           |
- 
-### <a href="" id="restrictions"></a>Account restrictions
+### <a href="" id="email-account"></a>Email accounts
 
-On a corporate device registered with Azure AD and enrolled in the MDM system, you can control whether users can use a Microsoft account or add other consumer email accounts. Table 5 lists the settings that you can use to manage accounts on Windows 10 Mobile devices.
+*Applies to: Corporate and personal devices*
 
-Table 5. Windows 10 Mobile account management settings
-| Setting | Description |
-| - | -|
-| Allow Microsoft Account | Specifies whether users are allowed to add a Microsoft account to the device after MDM enrollment and use this account for connection authentication and services, such as purchasing apps in Windows Store, or cloud-based consumer services, such as Xbox or Groove. If a device was activated with a Microsoft account, the MDM system would not be able to block that account from being used. |
-| Allow Adding Non Microsoft Accounts | Specifies whether users are allowed to add email accounts other than Microsoft accounts after MDM enrollment. If **Allow Microsoft Account** is applied, user can also not use a Microsoft account. |
-| Allow “Your Account” | Specifies whether users are able to change account configuration in the **Your Email and Accounts** panel in Settings.|
- 
-### <a href="" id="device-lock"></a>Device lock restrictions
+Email and associated calendar and contacts are the primary apps that users access on their smartphones. Configuring them properly is key to the success of any mobility program. In both corporate and personal device deployment scenarios, these email account settings get deployed immediately after enrollment. Using your corporate MDM system, you can define corporate email account profiles, deploy them to devices, and manage inbox policies. 
 
-It’s common sense to lock a device when it is not in use. Microsoft recommends that you secure Windows 10 Mobile devices and implement a device lock policy. A device password or PIN lock is a best practice for securing apps and data on devices. [Windows Hello](http://go.microsoft.com/fwlink/p/?LinkId=723994) is the name given to the new biometric sign-in option that allows users to use their face, iris, or fingerprints to unlock their compatible device, all of which Windows 10 supports.
+-   Most corporate email systems leverage **Exchange ActiveSync (EAS)**. For more details on configuring EAS email profiles, see the [ActiveSync CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn920017(v=vs.85).aspx).
+-   **Simple Mail Transfer Protocol (SMTP)** email accounts can also be configured with your MDM system. For more detailed information on SMTP email profile configuration, see the [Email CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904953(v=vs.85).aspx). Microsoft Intune does not currently support the creation of an SMTP email profile. 
 
->**Note:**  In addition to the device lock restrictions discussed in this section, Windows 10 supports Microsoft Passport for Work, which lets you access apps and services without a password.
- 
-Table 6 lists the MDM settings in Windows 10 Mobile that you can use to configure device lock restrictions.
+### <a href="" id="device-lock-restrictions"></a>Device Lock restrictions
 
-Table 6. Windows 10 Mobile device lock restrictions
+*Applies to: Corporate and personal devices*
+
+It’s common practice to protect a device that contains corporate information with a passcode when it is not in use. As a best practice, Microsoft recommends that you implement a device lock policy for Windows 10 Mobile devices for securing apps and data. You can use a complex password or numeric PIN to lock devices. Introduced with Windows 10, [Windows Hello](http://windows.microsoft.com/en-us/windows-10/getstarted-what-is-hello) allows you to use a PIN, a companion device (like Microsoft band), or biometrics to validate your identity to unlock Windows 10 Mobile devices. 
+
+>**Note:** When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multifactor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
+To use Windows Hello with biometrics, specialized hardware, including fingerprint reader, illuminated IR sensor, or other biometric sensors is required. Hardware based protection of the Windows Hello credentials requires TPM 1.2 or greater; if no TPM exists or is configured, credentials/keys protection will be software-based.
+Companion devices must be paired with Windows 10 PC’s via Bluetooth. To use a Windows Hello companion device that enables the user to roam with their Windows Hello credentials requires Pro or Enterprise edition on the Windows 10 PC being signed into.
+
+Most of the device lock restriction policies have been available via ActiveSync and MDM since Windows Phone 7 and are still available today for Windows 10 Mobile. If you are deploying Windows 10 devices in a personal device deployment scenario, these settings would apply. 
+
+-   **Device Password Enabled** Specifies whether users are required to use a device lock password.
+-   **Allow Simple Device Password** Whether users can use a simple password (e.g., 1111 or 1234).
+-   **Alphanumeric Device Password Required** Whether users need to use an alphanumeric password. When configured, Windows prompts the user with a full device keyboard to enter a complex password. When not configured, the user will be able to enter a numeric PIN on the keyboard.
+-   **Min Device Password Complex Characters** The number of password element types (i.e., uppercase letters, lowercase letters, numbers, or punctuation) required to create strong passwords.
+-   **Device Password History** The number of passwords Windows 10 Mobile remembers in the password history (Users cannot reuse passwords in the history to create new passwords.)
+-   **Min Device Password Length** The minimum number of characters required to create new passwords.
+-   **Max Inactivity Time Device Lock** The number of minutes of inactivity before devices are locked and require a password to unlock.
+-   **Allow Idle Return Without Password** Whether users are required to re-authenticate when their devices return from a sleep state before the inactivity time was reached.
+-   **Max Device Password Failed Attempts** The number of authentication failures allowed before a device is wiped (A value of zero disables device wipe functionality.)
+-   **Screen Timeout While Locked** The number of minutes before the lock screen times out (this policy influences device power management).
+-   **Allow Screen Timeout While Locked User Configuration** Whether users can manually configure screen timeout while the device is on the lock screen (Windows 10 Mobile ignores the **Screen Timeout While Locked** setting if you disable this setting).
+
+Settings related to Windows Hello would be important device lock settings to configure if you are deploying devices using the corporate deployment scenario.
+Microsoft made it a requirement for all users to create a numeric passcode as part of Azure AD Join. This policy default requires users to select a four-digit passcode, but this can be configured with an AAD-registered MDM system to whatever passcode complexity your organization desires. If you are using Azure AD with an automatic MDM enrollment mechanism, these policy settings are automatically applied during device enrollment.
+
+You will notice that some of the settings are very similar, specifically those related to passcode length, history, expiration, and complexity. If you set the policy in multiple places, both policies will be applied, with the strongest policy retained. Read [PassportForWork CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn987099(v=vs.85).aspx), [DeviceLock CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904945(v=vs.85).aspx) (Windows Phone 8.1), and [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#DeviceLock_AllowIdleReturnWithoutPassword) for more detailed information. 
+
+### <a href="" id="prevent-of-settings"></a>Prevent changing of settings 
+
+*Applies to: Corporate devices*
+
+Employees are usually allowed to change certain personal device settings that you may want to lock down on corporate devices. Employees can interactively adjust certain settings of the phone through the settings applets. Using MDM, you can limit what users are allowed to change.
+
+-   **Allow Your Account** Specifies whether users are able to change account configuration in the Your Email and Accounts panel in Settings
+-   **Allow VPN** Allows the user to change VPN settings</td>
+-   **Allow Data Sense** Allows the user to change Data Sense settings</td>
+-   **Allow Date Time** Allows the user to change data and time setting
+-   **Allow Edit Device Name** Allows users to change the device name
+-   **Allow Speech Model Update** Specifies whether the device will receive updates to the speech recognition and speech synthesis models (to improve accuracy and performance)
+
+### <a href="" id="hardware-restrictions"></a>Hardware restrictions
+
+*Applies to: Corporate devices*
+
+Windows 10 Mobile devices use state-of-the-art technology that includes popular hardware features such as cameras, global positioning system (GPS) sensors, microphones, speakers, near-field communication (NFC) radios, storage card slots, USB interfaces, Bluetooth interfaces, cellular radios, and Wi Fi. You can use hardware restrictions to control the availability of these features. 
+
+The following lists the MDM settings that Windows 10 Mobile supports to configure hardware restrictions.
+
+>**Note:** Some of these hardware restrictions provide connectivity and assist in data protection. 
+
+-   **Allow NFC:** Whether the NFC radio is enabled
+-   **Allow USB Connection:** Whether the USB connection is enabled (doesn’t affect USB charging)
+-   **Allow Bluetooth:** Whether users can enable and use the Bluetooth radio on their devices
+-   **Allow Bluetooth Advertising:** Whether the device can act as a source for Bluetooth advertisements and be discoverable to other devices
+-   **Allow Bluetooth Discoverable Mode:** Whether the device can discover other devices (e.g., headsets)
+-   **Allow Bluetooth pre-pairing** Whether to allow specific bundled Bluetooth peripherals to automatically pair with the host device
+-   **Bluetooth Services Allowed List:** The list of Bluetooth services and profiles to which the device can connect
+-   **Set Bluetooth Local Device Name:** The local Bluetooth device name
+-   **Allow Camera:** Whether the camera is enabled
+-   **Allow Storage Card:** Whether the storage card slot is enabled
+-   **Allow Voice Recording:** Whether the user can use the microphone to create voice recordings
+-   **Allow Location:** Whether the device can use the GPS sensor or other methods to determine location so applications can use location information
+
+### <a href="" id="certificates"></a>Certificates 
+
+*Applies to: Personal and corporate devices*
+
+Certificates help improve security by providing account authentication, Wi Fi authentication, VPN encryption, and SSL encryption of web content. Although users can manage certificates on devices manually, it’s a best practice to use your MDM system to manage those certificates throughout their entire lifecycle – from enrollment through renewal and revocation. 
+To install certificates manually, you can post them on Microsoft Edge website or send them directly via email, which is ideal for testing purposes. 
+Using SCEP and MDM systems, certificate management is completely transparent and requires no user intervention, helping improve user productivity, and reduce support calls. Your MDM system can automatically deploy these certificates to the devices’ certificate stores after you enroll the device (as long as the MDM system supports the Simple Certificate Enrollment Protocol (SCEP) or Personal Information Exchange (PFX)). The MDM server can also query and delete SCEP enrolled client certificate (including user installed certificates), or trigger a new enrollment request before the current certificate is expired.
+In addition to SCEP certificate management, Windows 10 Mobile supports deployment of PFX certificates. The table below lists the Windows 10 Mobile PFX certificate deployment settings.
+Get more detailed information about MDM certificate management in the [Client Certificate Install CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn920023(v=vs.85).aspx) and [Install digital certificates on Windows 10 Mobile](../keep-secure/installing-digital-certificates-on-windows-10-mobile.md).
+Use the Allow Manual Root Certificate Installation setting to prevent users from manually installing root and intermediate CA certificates intentionally or accidently.
+
+>**Note:** To diagnose certificate-related issues on Windows 10 Mobile devices, use the free Certificates app in Windows Store. This Windows 10 Mobile app can help you:
+-   View a summary of all personal certificates
+-   View the details of individual certificates
+-   View the certificates used for VPN, Wi-Fi, and email authentication
+-   Identify which certificates may have expired
+-   Verify the certificate path and confirm that you have the correct intermediate and root CA certificates
+-   View the certificate keys stored in the device TPM
+
+### <a href="" id="wi-fi-profiles"></a>Wi-Fi profiles
+
+*Applies to: Corporate and personal devices*
+
+Wi-Fi is used on mobile devices as much as, or more than, cellular data connections. Most corporate Wi Fi networks require certificates and other complex information to restrict and secure user access. This advanced Wi Fi information is difficult for typical users to configure, but MDM systems can fully configure these Wi-Fi profiles without user intervention.
+You can create multiple Wi-Fi profiles in your MDM system. The below table lists the Windows 10 Mobile Wi Fi connection profile settings that can be configured by administrators.
+
+-   **SSID** The case-sensitive name of the Wi Fi network Service Set Identifier
+-   **Security type** The type of security the Wi Fi network uses; can be one of the following authentication types:
+    -   Open 802.11
+    -   Shared 802.11
+    -   WPA-Enterprise 802.11
+    -   WPA-Personal 802.11
+    -   WPA2-Enterprise 802.11
+    -   WPA2-Personal 802.11
+-   **Authentication encryption** The type of encryption the authentication uses; can be one of the following encryption methods:
+    -   None (no encryption)
+    -   Wired Equivalent Privacy
+    -   Temporal Key Integrity Protocol
+    -   Advanced Encryption Standard (AES)
+-   **Extensible Authentication Protocol Transport Layer Security (EAP-TLS)** WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use EAP-TLS with certificates for authentication
+-   **Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MSCHAPv2)** WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use PEAP-MSCHAPv2 with a user name and password for authentication
+-   **Shared key** WPA-Personal 802.11 and WPA2-Personal 802.11 security types can use a shared key for authentication.
+-   **Proxy** The configuration of any network proxy that the Wi Fi connection requires (to specify the proxy server, use its fully qualified domain name [FQDN], Internet Protocol version 4 [IPv4] address, IP version 6 [IPv6] address, or IPvFuture address)
+-   **Disable Internet connectivity checks** Whether the Wi Fi connection should check for Internet connectivity
+-   **Proxy auto-configuration URL** A URL that specifies the proxy auto-configuration file
+-   **Enable Web Proxy Auto-Discovery Protocol (WPAD)** Specifies whether WPAD is enabled
+
+In addition, you can set a few device wide Wi-Fi settings. 
+-   **Allow Auto Connect to Wi Fi Sense Hotspots** Whether the device will automatically detect and connect to Wi-Fi  networks
+-   **Allow Manual Wi-Fi Configuration** Whether the user can manually configure Wi-Fi  settings
+-   **Allow Wi-Fi** Whether the Wi-Fi hardware is enabled
+-   **Allow Internet Sharing** Allow or disallow Internet sharing
+-   **WLAN Scan Mode** How actively the device scans for Wi-Fi  networks
+
+Get more detailed information about Wi-Fi connection profile settings in the [Wi-Fi CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904981(v=vs.85).aspx) and [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx).
+
+### <a href="" id="apn-profiles"></a>APN profiles
+
+*Applies to: Corporate devices*
+
+An Access Point Name (APN) defines network paths for cellular data connectivity. Typically, you define just one APN for a device in collaboration with a mobile operator, but you can define multiple APNs if your company uses multiple mobile operators.
+An APN provides a private connection to the corporate network that is unavailable to other companies on the mobile operator network. 
+You can define and deploy APN profiles in MDM systems that configure cellular data connectivity for Windows 10 Mobile. Devices running Windows 10 Mobile can have only one APN profile. The following lists the MDM settings that Windows 10 Mobile supports for APN profiles.
+
+-   **APN name** The APN name 
+-   *IP connection type* The IP connection type; set to one of the following values:
+    -	IPv4 only
+    -	IPv6 only
+    -	IPv4 and IPv6 concurrently
+    -	IPv6 with IPv4 provided by 46xlat 
+-   **LTE attached** Whether the APN should be attached as part of an LTE Attach 
+-   **APN class ID** The globally unique identifier that defines the APN class to the modem
+-   **APN authentication type** The APN authentication type; set to one of the following values:
+    -	None
+    -	Auto
+    -	PAP
+    -	CHAP
+    -	MSCHAPv2 
+-   **User name** The user account when users select Password Authentication Protocol (PAP), CHAP, or MSCHAPv2 authentication in APN authentication type
+-   **Password** The password for the user account specified in User name
+-   **Integrated circuit card ID** The integrated circuit card ID associated with the cellular connection profile
+-   **Always on** Whether the connection manager will automatically attempt to connect to the APN whenever it is available
+-   **Connection enabled** Specifies whether the APN connection is enabled
+-   **Allow user control** Allows users to connect with other APNs than the enterprise APN
+-   **Hide view** Whether the cellular UX will allow the user to view enterprise APNs
+
+Get more detailed information about APN settings in the [APN CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn958617(v=vs.85).aspx).
+
+### <a href="" id="proxy"></a>Proxy
+
+*Applies to: Corporate devices*
+
+The below lists the Windows 10 Mobile settings for managing APN proxy settings for Windows 10 Mobile device connectivity.
+
+-   **Connection name** Specifies the name of the connection the proxy is associated with (this is the APN name of a configured connection)
+-   **Bypass Local** Specifies if the proxy should be bypassed when local hosts are accessed by the device
+-   **Enable** Specifies if the proxy is enabled
+-   **Exception** Specifies a semi-colon delimited list of external hosts which should bypass the proxy when accessed
+-   **User Name** Specifies the username used to connect to the proxy
+-   **Password** Specifies the password used to connect to the proxy
+-   **Server** Specifies the name of the proxy server
+-   **Proxy connection type** The proxy connection type, supporting: Null proxy, HTTP, WAP, SOCKS4 
+-   **Port** The port number of the proxy connection
+
+For more details on proxy settings, see [CM_ProxyEntries CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914762(v=vs.85).aspx).
+
+### <a href="" id="vpn"></a>VPN
+
+*Applies to: Corporate and personal devices*
+
+Organizations often use a VPN to control access to apps and resources on their company’s intranet. In addition to native Microsoft Point to Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and Internet Key Exchange Protocol version 2 (IKEv2) VPNs, Windows 10 Mobile supports SSL VPN connections, which require a downloadable plugin from the Windows Store and are specific to the VPN vendor of your choice. These plugins work like apps and can be installed directly from the Windows Store using your MDM system (see App Management).
+
+You can create and provision multiple VPN connection profiles and then deploy them to managed devices that run Windows 10 Mobile. 
+To create a VPN profile that uses native Windows 10 Mobile VPN protocols (such as IKEv2, PPTP, or L2TP), you can use the following settings:
+
+-   **VPN Servers** The VPN server for the VPN profile
+-   **Routing policy type** The type of routing policy the VPN profile uses can be set to one of the following values: 
+    -   Split tunnel. Only network traffic destined to the intranet goes through the VPN connection
+    -   Force tunnel. All traffic goes through the VPN connection
+-   **Tunneling protocol type** The tunneling protocol used for VPN profiles that use native Windows 10 Mobile VPN protocols can be one the following values: PPTP, L2TP, IKEv2, Automatic
+-   **User authentication method** The user authentication method for the VPN connection can have a value of EAP or MSChapv2 (Windows 10 Mobile does not support the value MSChapv2 for IKEv2-based VPN connections)
+-   **Machine certificate** The machine certificate used for IKEv2-based VPN connections
+-   **EAP configuration** To create a single sign-on experience for VPN users using certificate authentication, you need to create an Extensible Authentication Protocol (EAP) configuration XML file and include it in the VPN profile 
+-   **L2tpPsk** The pre-shared key used for an L2TP connection
+-   **Cryptography Suite** Enable the selection of cryptographic suite attributes used for IPsec tunneling
+
+>**Note:** The easiest way to create a profile for a single sign-on experience with an EAP configuration XML is through the rasphone tool on a Windows 10 PC. Once you run the rasphone.exe, the configuration wizard will walk you through the necessary steps. For step-by-step instructions on creating the EAP configuration XML blob, see EAP configuration. You can use the resulting XML blob in the MDM system to create the VPN profile on Windows 10 Mobile phone. If you have multiple certificates on the devices, you may want to configure filtering conditions for automatic certificate selection, so the employee does not need to select an authentication certificate every time the VPN is turned on. See this article for details. Windows 10 for PCs and Windows 10 Mobile have the same VPN client.
+
+Windows Store–based VPN plugins for the VPN connection allow you to create a VPN plugin profile with the following attributes:
+
+-   **VPN server** A comma-separated list of VPN servers; you can specify the servers with a URL, fully qualified host name, or IP address
+-   **Custom configuration** An HTML-encoded XML blob for SSL–VPN plugin–specific configuration information (e.g., authentication information) that the plugin provider requires
+-   **Windows Store VPN plugin family name** Specifies the Windows Store package family name for the Windows Store–based VPN plugin
+
+In addition, you can specify per VPN Profile:
+
+-   **App Trigger List** You can add an App Trigger List to every VPN profile. The app specified in the list will automatically trigger the VPN profile for intranet connectivity. When multiple VPN profiles are needed to serve multiple apps, the operating system automatically establishes the VPN connection when the user switches between apps. Only one VPN connection at a time can be active. In the event the device drops the VPN connection, Windows 10 Mobile automatically reconnects to the VPN without user intervention.
+-   **Route List** List of routes to be added to the routing table for the VPN interface. This is required for split tunneling cases where the VPN server site has more subnets that the default subnet based on the IP assigned to the interface.
+-   **Domain Name Information List** Name Resolution Policy Table (NRPT) rules for the VPN profile.
+-   **Traffic Filter List** Specifies a list of rules. Only traffic that matches these rules can be sent via the VPN Interface.
+-   **DNS suffixes** A comma-separated list of DNS suffixes for the VPN connection. Any DNS suffixes in this list are automatically added to Suffix Search List.
+-   **Proxy** Any post-connection proxy support required for the VPN connection; including Proxy server name and Automatic proxy configuration URL. Specifies the URL for automatically retrieving proxy server settings.
+-   **Always on connection** Windows 10 Mobile features always-on VPN, which makes it possible to automatically start a VPN connection when a user signs in. The VPN stays connected until the user manually disconnects it.
+-   **Remember credentials** Whether the VPN connection caches credentials.
+-   **Trusted network detection** A comma-separated list of trusted networks that causes the VPN not to connect when the intranet is directly accessible (Wi-Fi).
+-   **Enterprise Data Protection Mode ID** Enterprise ID, which is an optional field that allows the VPN to automatically trigger based on an app defined with a Windows Information Protection policy.
+-   **Device Compliance** To set up Azure AD-based Conditional Access for VPN and allow that SSO with a certificate different from the VPN Authentication certificate for Kerberos Authentication in the case of Device Compliance.
+-   **Lock Down VPN profile** A Lock Down VPN profile has the following characteristics:
+    -   It is an always-on VPN profile.
+    -   It can never be disconnected.
+    -   If the VPN profile is not connected, the user has no network connectivity.
+    -   No other VPN profiles can be connected or modified.
+-   **ProfileXML** In case your MDM system does not support all the VPN settings you want to configure, you can create an XML file that defines the VPN profile you want to apply to all the fields you require. 
+
+For more details about VPN profiles, see the [VPNv2 CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn914776(v=vs.85).aspx)
+
+Some device-wide settings for managing VPN connections can help you manage VPNs over cellular data connections, which in turn helps reduce costs associated with roaming or data plan charges.
+-   **Allow VPN** Whether users can change VPN settings
+-   **Allow VPN Over Cellular** Whether users can establish VPN connections over cellular networks
+-   **Allow VPN Over Cellular when Roaming** Whether users can establish VPN connections over cellular networks when roaming
+
+### <a href="" id="storage-management"></a>Storage management
+
+*Applies to: Corporate and personal devices*
+
+Protecting the apps and data stored on a device is critical to device security. One method for helping protect your apps and data is to encrypt internal device storage. The device encryption in Windows 10 Mobile helps protect corporate data against unauthorized access, even when an unauthorized user has physical possession of the device.
+
+Windows 10 Mobile also has the ability to install apps on a secure digital (SD) card. The operating system stores apps on a partition specifically designated for that purpose. This feature is always on so you don’t need to set a policy explicitly to enable it.
+
+The SD card is uniquely paired with a device. No other devices can see the apps or data on the encrypted partition, but they can access the data stored on the unencrypted partition of the SD card, such as music or photos. This gives users the flexibility to use an SD card while still protecting the confidential apps and data on it. 
+
+You can disable the **Allow Storage Card** setting if you wish to prevent users from using SD cards entirely. If you choose not to encrypt storage, you can help protect your corporate apps and data by using the Restrict app data to the system volume and Restrict apps to the system volume settings. These help ensure that users cannot copy your apps and data to SD cards.
+
+Here is a list of MDM storage management settings that Windows 10 Mobile provides.
+
+-   **Allow Storage Card** Whether the use of storage cards for data storage is allowed
+-   **Require Device Encryption** Whether internal storage is encrypted (when a device is encrypted, you cannot use a policy to turn encryption off)
+-   **Encryption method** Specifies the BitLocker drive encryption method and cipher strength; can be one of the following values:
+    -   AES-Cipher Block Chaining (CBC) 128-bit
+    -   AES-CBC 256-bit
+    -   XEX-based tweaked-codebook mode with cipher text stealing (XTS)–AES (XTS-AES) 128-bit (this is the default)
+    -   XTS-AES-256-bit
+-   **Allow Federal Information Processing Standard (FIPS) algorithm policy** Whether the device allows or disallows the FIPS algorithm policy
+-   **SSL cipher suites** Specifies a list of the allowed cryptographic cipher algorithms for SSL connections
+-   **Restrict app data to the system volume** Specifies whether app data is restricted to the system drive
+-   **Restrict apps to the system volume** Specifies whether apps are restricted to the system drive
+
+
+## Apps
+
+*Applies to: Corporate and personal devices*
+
+User productivity on mobile devices is often driven by apps. 
+
+Windows 10 makes it possible to develop apps that work seamlessly across multiple devices using the Universal Windows Platform (UWP) for Windows apps. UWP converges the application platform for all devices running Windows 10 so that apps run without modification on all editions of Windows 10. This saves developers both time and resources, helping deliver apps to mobile users more quickly and efficiently. This write-once, run-anywhere model also boosts user productivity by providing a consistent, familiar app experience on any device type. 
+
+For compatibility with existing apps, Windows Phone 8.1 apps still run on Windows 10 Mobile devices, easing the migration to the newest platform. Microsoft recommend migrating your apps to UWP to take full advantage of the improvements in Windows 10 Mobile. In addition, bridges have been developed to easily and quickly update existing Windows Phone 8.1 (Silverlight) and iOS apps to the UWP.
+
+Microsoft also made it easier for organizations to license and purchase UWP apps via Windows Store for Business and deploy them to employee devices using the Windows Store, or an MDM system, that can be integrated with the Windows Store for Business. Putting apps into the hands of mobile workers is critical, but you also need an efficient way to ensure those apps comply with corporate policies for data security. 
+
+To learn more about Universal Windows apps, see the [Guide to Universal Windows Platform (UWP) apps](https://msdn.microsoft.com/en-us/library/windows/apps/dn894631.aspx) for additional information, or take this [Quick Start Challenge: Universal Windows Apps in Visual Studio](https://mva.microsoft.com/en-US/training-courses/quick-start-challenge-universal-windows-apps-in-visual-studio-14477?l=Be2FMfgmB_505192797). Also, see [Porting apps to Windows 10](https://msdn.microsoft.com/en-us/windows/uwp/porting/index). 
+
+### <a href="" id="windows-store-for-business"></a>Windows Store for Business: Sourcing the right app
+
+*Applies to: Corporate and personal devices*
+
+The first step in app management is to obtain the apps your users need. You can develop your own apps or source your apps from the Windows Store. With Windows Phone 8.1, an MSA was needed to acquire and install apps from the Windows Store. With the Windows Store for Business, Microsoft enables organizations to acquire apps for employees from a private store with the Windows Store, without the need for MSAs on Windows 10 devices. 
+
+Windows Store for Business is a web portal that allows IT administrators to find, acquire, manage, and distribute apps to Windows 10 devices. 
+
+Azure AD authenticated managers have access to Windows Store for Business functionality and settings, and store managers can create a private category of apps that are specific and private to their organization. (You can get more details about what specific Azure AD accounts have access to Windows Store for Business here). Windows Store for Business enables organizations to purchase app licenses for their organization and make apps available to their employees. In addition to commercially available apps, your developers can publish line-of-business (LOB) apps to Windows Store for Business by request. You can also integrate their Windows Store for Business subscriptions with their MDM systems, so the MDM system can distribute and manage apps from Windows Store for Business.
+
+Windows Store for Business supports app distribution under two licensing models: online and offline. 
+
+The online model (store-managed) is the recommended method, and supports both personal device and corporate device management scenarios. To install online apps, the device must have Internet access at the time of installation. On corporate devices, an employee can be authenticated with an Azure AD account to install online apps. On personal devices, an employee must register their device with Azure AD to be able to install corporate licensed online apps.
+Corporate device users will find company licensed apps in the Store app on their phone in a private catalog. When an MDM system is associated with the Store for Business, IT administrators can present Store apps within the MDM system app catalog where users can find and install their desired apps. IT administrators can also push required apps directly to employee devices without the employee’s intervention. 
+
+Employees with personal devices can install apps licensed by their organization using the Store app on their device. They can use either the Azure AD account or Microsoft Account within the Store app if they wish to purchase personal apps. If you allow employees with corporate devices to add a secondary Microsoft Account (MSA), the Store app on the device provides a unified method for installing personal and corporate apps.
+
+Online licensed apps do not need to be transferred or downloaded from the Windows Store to the MDM system to be distributed and managed. When an employee chooses a company-owned app, it will automatically be installed from the cloud. Also, apps will be automatically updated when a new version is available or can be removed if needed. When an app is removed from a device by the MDM system or the user, Windows Store for Business reclaims the license so it can be used for another user or on another device. 
+
+To distribute an app offline (organization-managed), the app must be downloaded from the Windows Store for Business. This can be accomplished in the Windows Store for Business portal by an authorized administrator. Offline licensing requires the app developer to opt-in to the licensing model, as the Windows Store is no longer able to track licenses for the developer. If the app developer doesn’t allow download of the app from Windows Store, then you must obtain the files directly from the developer or use the online licensing method. 
+
+To install acquired Windows Store or LOB apps offline on a Windows 10 Mobile device, IT administrators can use an MDM system. The MDM system distributes the app packages that you downloaded from Windows Store (also called sideloading) to Windows 10 Mobile devices. Support for offline app distribution depends on the MDM system you are using, so consult your MDM vendor documentation for details. You can fully automate the app deployment process so that no user intervention is required.
+
+Windows Store apps or LOB apps that have been uploaded to the Windows Store for Business are automatically trusted on all Windows devices, as they are cryptographically signed with Windows Store certificates. LOB apps that are uploaded to the Windows Store for Business are private to your organization and are never visible to other companies or consumers. If you do not want to upload your LOB apps, you have to establish trust for the app on your devices. To establish this trust, you’ll need to generate a signing certificate with your Public Key Infrastructure and add your chain of trust to the trusted certificates on the device (see the certificates section). You can install up to 20 self-signed LOB apps per device with Windows 10 Mobile. To install more than 20 apps on a device, you can purchase a signing certificate from a trusted public Certificate Authority, or upgrade your devices to Windows 10 Mobile Enterprise edition.
+
+Learn more about the [Windows Store for Business](windows-store-for-business.md). 
+
+### <a href="" id="managing-apps"></a>Managing apps
+
+*Applies to: Corporate devices*
+
+IT administrators can control which apps are allowed to be installed on Windows 10 Mobile devices and how they should be kept up-to-date. 
+
+Windows 10 Mobile includes AppLocker, which enables administrators to create allow or disallow (sometimes also called whitelist/blacklist) lists of apps from the Windows Store. This capability extends to built-in apps, as well, such as Xbox, Groove, text messaging, email, and calendar, etc. The ability to allow or deny apps helps to ensure that people use their mobile devices for their intended purposes. However, it is not always an easy approach to find a balance between what employees need or request and security concerns. Creating allow or disallow lists also requires keeping up with the changing app landscape in the Windows Store. 
+
+For more details, see [AppLocker CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn920019(v=vs.85).aspx).
+
+In addition to controlling which apps are allowed, IT professionals can also implement additional app management settings on Windows 10 Mobile, using an MDM.
+
+-   **Allow All Trusted Apps** Whether users can sideload apps on the device.
+-   **Allow App Store Auto Update** Whether automatic updates of apps from Windows Store are allowed.
+-   **Allow Developer Unlock** Whether developer unlock is allowed.
+-   **Allow Shared User App Data** Whether multiple users of the same app can share data.
+-   **Allow Store** Whether Windows Store app is allowed to run. This will completely block the user from installing apps from the Store, but will still allow app distribution through an MDM system. 
+-   **Application Restrictions** An XML blob that defines the app restrictions for a device. The XML blob can contain an app allow or deny list. You can allow or deny apps based on their app ID or publisher. See AppLocker above.
+-   **Disable Store Originated Apps** Disables the launch of all apps from Windows Store that came pre-installed or were downloaded before the policy was applied.
+-   **Require Private Store Only** Whether the private store is exclusively available to users in the Store app on the device. If enabled, only the private store is available. If disabled, the retail catalog and private store are both available.
+-   **Restrict App Data to System Volume** Whether app data is allowed only on the system drive or can be stored on an SD card.
+-   **Restrict App to System Volume** Whether app installation is allowed only to the system drive or can be installed on an SD card.
+-   **Start screen layout** An XML blob used to configure the Start screen (see [Start layout for Windows 10 Mobile](http://msdn.microsoft.com/en-us/library/windows/hardware/mt171093(v=vs.85).aspx) for more information).
+
+Find more details on application management options in the [Policy CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#ApplicationManagement_AllowAllTrustedApps)
+
+### <a href="" id="data-leak-prevention"></a>Data leak prevention
+
+*Applies to: Corporate and personal devices*
+
+One of the biggest challenges in protecting corporate information on mobile devices is keeping that data separate from personal data. Most solutions available to create this data separation require users to login in with a separate username and password to a container that stores all corporate apps and data, an experience that degrades user productivity. 
+
+Windows 10 Mobile includes Windows Information Protection to transparently keep corporate data protected and personal data private. It automatically tags personal and corporate data and applies policies for those apps that can access data classified as corporate. This includes when data is at rest on local or removable storage. Because corporate data is always protected, users cannot copy it to public locations like social media or personal email. 
+
+Windows Information Protection works with all apps, which are classified into two categories: enlightened and unenlightened. Enlighted apps can differentiate between corporate and personal data, correctly determining which to protect based on policies. Corporate data will be encrypted at all times and attempts to copy/paste or share this information with non-corporate apps or users will fail. Unenlightened apps consider all data corporate and encrypt everything by default. 
+
+Any app developed on the UWA platform can be enlightened. Microsoft has made a concerted effort to enlighten several of its most popular apps, including: 
+-   Microsoft Edge
+-   Microsoft People
+-   Mobile Office apps (Word, Excel, PowerPoint, and OneNote) 
+-   Outlook Mail and Calendar
+-   Microsoft Photos
+-   Microsoft OneDrive
+-   Groove Music
+-   Microsoft Movies & TV
+-   Microsoft Messaging
+
+The following table lists the settings that can be configured for Windows Information Protection: 
+-   **Enforcement level*** Set the enforcement level for information protection:
+    -   Off (no protection)
+    -   Silent mode (encrypt and audit only)
+    -   Override mode (encrypt, prompt, and audit)
+    -   Block mode (encrypt, block, and audit)
+-   **Enterprise protected domain names*** A list of domains used by the enterprise for its user identities. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. 
+-   **Allow user decryption** Allows the user to decrypt files. If not allowed, the user will not be able to remove protection from enterprise content through the OS or app user experience. 
+-   **Require protection under lock configuration** Specifies whether the protection under lock feature (also known as encrypt under PIN) should be configured. 
+-   **Data recovery certificate*** Specifies a recovery certificate that can be used for data recovery of encrypted files. This is the same as the data recovery agent (DRA) certificate for encrypting file system (EFS), only delivered through MDM instead of Group Policy. 
+-   **Revoke on unenroll** Whether to revoke the information protection keys when a device unenrolls from the management service. 
+-   **RMS template ID for information protection** Allows the IT admin to configure the details about who has access to RMS-protected files and for how long. 
+-   **Allow Azure RMS for information protection** Specifies whether to allow Azure RMS encryption for information protection.
+-   **Show information protection icons** Determines whether overlays are added to icons for information protection secured files in web browser and enterprise-only app tiles in the Start menu.
+-   **Status** A read-only bit mask that indicates the current state of information protection on the device. The MDM service can use this value to determine the current overall state of information protection. 
+-   **Enterprise IP Range*** The enterprise IP ranges that define the computers in the enterprise network. Data that comes from those computers will be considered part of the enterprise and protected.
+-   **Enterprise Network Domain Names*** the list of domains that comprise the boundaries of the enterprise. Data from one of these domains that is sent to a device will be considered enterprise data and protected.
+-   **Enterprise Cloud Resources** A list of Enterprise resource domains hosted in the cloud that need to be protected.
+
+>**Note:** * Are mandatory Windows Information Protection policies. To make Windows Information Protection functional, AppLocker and network isolation settings - specifically Enterprise IP Range and Enterprise Network Domain Names –  must be configured. This defines the source of all corporate data that needs protection and also ensures data written to these locations won’t be encrypted by the user’s encryption key (so that others in the company can access it.
+
+For more information on Windows Information Protection, see the [EnterpriseDataProtection CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/mt697634(v=vs.85).aspx) and the following in-depth article series [Protect your enterprise data using Windows Information Protection](../keep-secure/protect-enterprise-data-using-wip.md).  
+
+### <a href="" id="managing-user-activities"></a>Managing user activities
+
+*Applies to: Corporate devices*
+
+On corporate devices, some user activities expose corporate data to unnecessary risk. For example, users might create a screen capture of corporate information out of an internal LOB app. To mitigate the risk, you can restrict the Windows 10 Mobile user experience to help protect corporate data and prevent data leaks. The following demonstrates those capabilities that can be used to help prevent data leaks.
+
+-   **Allow copy and paste** Whether users can copy and paste content
+-   **Allow Cortana** Whether users can use Cortana on the device (where available)
+-   **Allow device discovery** Whether the device discovery user experience is available on the lock screen (for example, controlling whether a device could discover a projector [or other devices] when the lock screen is displayed)
+-   **Allow input personalization** Whether personally identifiable information can leave the device or be saved locally (e.g., Cortana learning, inking, dictation)
+-   **Allow manual MDM unenrollment** Whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system)
+-   **Allow screen capture** Whether users are allowed to capture screenshots on the device
+-   **Allow SIM error dialog prompt** Specifies whether to display a dialog prompt when no SIM card is installed
+-   **Allow sync my settings** Whether the user experience settings are synchronized between devices (works with Microsoft accounts only)
+-   **Allow toasts notifications above lock screen** Whether users are able to view toast notification on the device lock screen
+-   **Allow voice recording** Whether users are allowed to perform voice recordings
+-   **Do Not Show Feedback Notifications** Prevents devices from showing feedback questions from Microsoft
+-   **Allow Task Switcher** Allows or disallows task switching on the device to prevent visibility of App screen tombstones in the task switcher
+-   **Enable Offline Maps Auto Update** Disables the automatic download and update of map data
+-   **Allow Offline Maps Download Over Metered Connection** Allows the download and update of map data over metered connections
+
+You can find more details on the experience settings in Policy CSP. 
+
+### <a href="" id="microsoft-edge"></a>Microsoft Edge
+
+*Applies to: Corporate and personal devices*
+
+MDM systems also give you the ability to manage Microsoft Edge on mobile devices. Microsoft Edge is the only browser available on Windows 10 Mobile devices. It differs slightly from the desktop version as it does not support Flash or Extensions. Edge is also an excellent PDF viewer as it can be managed and integrates with Windows Information Protection.
+
+The following settings for Microsoft Edge on Windows 10 Mobile can be managed.
+
+-   **Allow Browser** Whether users can run Microsoft Edge on the device
+-   **Allow Do Not Track headers** Whether Do Not Track headers are allowed
+-   **Allow InPrivate** Whether users can use InPrivate browsing
+-   **Allow Password Manager** Whether users can use Password Manager to save and manage passwords locally
+-   **Allow Search Suggestions in Address Bar** Whether search suggestions are shown in the address bar
+-   **Allow SmartScreen** Whether SmartScreen Filter is enabled
+-   **Cookies**	Whether cookies are allowed
+-   **Favorites** Configure Favorite URLs
+-   **First Run URL** The URL to open when a user launches Microsoft Edge for the first time
+-   **Prevent SmartScreen Prompt Override** Whether users can override the SmartScreen warnings for URLs
+-   **Prevent Smart Screen Prompt Override for Files** Whether users can override the SmartScreen warnings for files
+
+## Manage
+
+In enterprise IT environments, the need for security and cost control must be balanced against the desire to provide users with the latest technologies. Since cyberattacks have become an everyday occurrence, it is important to properly maintain the state of your Windows 10 Mobile devices. IT needs to control configuration settings, keeping them from drifting out of compliance, as well as enforce which devices can access internal applications. Windows 10 Mobile delivers the mobile operations management capabilities necessary to ensure that devices are in compliance with corporate policy. 
+
+### <a href="" id="servicing-options"></a>Servicing options
+
+**A streamlined update process**
+
+*Applies to: Corporate and personal devices*
+
+Microsoft has streamlined the Windows product engineering and release cycle so new features, experiences, and functionality demanded by the market can be delivered more quickly than ever before. Microsoft plans to deliver two Feature Updates per year (12-month period). <strong>Feature Updates</strong> establish a Current Branch or CB, and have an associated version. 
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
 </colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
 <tbody>
 <tr class="odd">
-<td align="left">Device Password Enabled</td>
-<td align="left"><p>Specifies whether users are required to use a device lock password</p>
-<div class="alert">
-<strong>Note</strong>  
-<p></p>
-<ul>
-<li><p>When a device is registered with Azure AD and automatic MDM enrollment is not configured, the user will automatically be prompted to set a password PIN of at least six digits (simple PINs are not allowed).</p></li>
-<li><p>If the device is capable of using biometric authentication, the user will be able to enroll an iris or other biometric gesture (depending on hardware) for device lock purposes. When a user uses a biometric gesture, he or she can still use the PIN as a fallback mechanism (for example, if the iris-recognition camera fails).</p></li>
-</ul>
-</div>
-<div>
- 
-</div></td>
+<td align="left"><strong>Branch</strong></td>
+<td align="left"><strong>Version</strong></td>
+<td align="left"><strong>Release Date</strong></td>
 </tr>
 <tr class="even">
-<td align="left">Allow Simple Device Password</td>
-<td align="left">Whether users can use a simple password (for example, 1111 or 1234)</td>
+<td align="left">Current Branch</td>
+<td align="left">1511</td>	      
+<td align="left">November 2015</td>
 </tr>
 <tr class="odd">
-<td align="left">Alphanumeric Device Password Required</td>
-<td align="left">Whether users need to use an alphanumeric password When configured, Windows prompts the user with a full device keyboard to enter a complex password. When not configured, the user will be able to enter a numeric PIN on the keyboard.</td>
+<td align="left">Current Branch for Business</td>
+<td align="left">1511</td>	      
+<td align="left">March 2016</td>
 </tr>
 <tr class="even">
-<td align="left">Min Device Password Complex Characters</td>
-<td align="left">The number of password element types (in other words, uppercase letters, lowercase letters, numbers, or punctuation) required to create strong passwords</td>
-</tr>
-<tr class="odd">
-<td align="left">Device Password Expiration</td>
-<td align="left">The number of days before a password expires (Biometric data does not expire.)</td>
-</tr>
-<tr class="even">
-<td align="left">Device Password History</td>
-<td align="left">The number of passwords Windows 10 Mobile remembers in the password history (Users cannot reuse passwords in the history to create new passwords.)</td>
-</tr>
-<tr class="odd">
-<td align="left">Min Device Password Length</td>
-<td align="left">The minimum number of characters required to create new passwords</td>
-</tr>
-<tr class="even">
-<td align="left">Max Inactivity Time Device Lock</td>
-<td align="left">The number of minutes of inactivity before devices are locked and require a password to unlock</td>
-</tr>
-<tr class="odd">
-<td align="left">Allow Idle Return Without Password</td>
-<td align="left">Whether users are required to re-authenticate when their devices return from a sleep state, before the inactivity time was reached</td>
-</tr>
-<tr class="even">
-<td align="left">Max Device Password Failed Attempts</td>
-<td align="left">The number of authentication failures allowed before a device is wiped (A value of zero disables device wipe functionality.)</td>
-</tr>
-<tr class="odd">
-<td align="left">Screen Timeout While Locked</td>
-<td align="left">The number of minutes before the lock screen times out (This policy influences the device’s power management.)</td>
-</tr>
-<tr class="even">
-<td align="left">Allow Screen Timeout While Locked User Configuration</td>
-<td align="left">Whether users can manually configure screen timeout while the device is on the lock screen (Windows 10 Mobile ignores the <strong>Screen Timeout While Locked</strong> setting if you disable this setting.)</td>
+<td align="left">Current Branch</td>
+<td align="left">1607</td>	      
+<td align="left">July 2016</td>
 </tr>
 </tbody>
 </table>
- 
-### <a href="" id="hardware"></a>Hardware restrictions
 
-Windows 10 Mobile devices use state-of-the-art technology that includes popular hardware features such as cameras, global positioning system (GPS) sensors, microphones, speakers, near-field communication (NFC) radios, storage card slots, USB interfaces, Bluetooth interfaces, cellular radios, and Wi-Fi. You can also use hardware restrictions to control the availability of these features. Table 7 lists the MDM settings that Windows 10 Mobile supports to configure hardware restrictions.
+Microsoft will also deliver and install monthly updates for security and stability directly to Windows 10 Mobile devices. These <strong>Quality Updates</strong>, released under Microsoft control via Windows Update, are available for all devices running Windows 10 Mobile. Windows 10 Mobile devices consume Feature Updates and Quality Updates as part of the same standard update process. 
 
->**Note:**  Some of these hardware restrictions provide connectivity and assist in data protection. Enterprise data protection is currently being tested in select customer evaluation programs.
- 
-Table 7. Windows 10 Mobile hardware restrictions
+Quality Updates are usually smaller than Feature Updates, but the installation process and experience is very similar, though larger updates will take more time to install.  Enterprise customers can manage the update experience and process on Windows 10 Mobile devices using an MDM system, after upgrading the devices to Enterprise edition. In most cases, policies to manage the update process will apply to both feature and quality updates. 
 
-| Setting                                    | Description                                                                                                                   |
-|--------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------|
-| Allow NFC                                  | Whether the NFC radio is enabled                                                                                              |
-| Allow USB Connection                       | Whether the USB connection is enabled (this setting doesn’t affect USB charging)                                              |
-| Allow Bluetooth                            | Whether users can enable and use the Bluetooth radio on their devices                                                         |
-| Allow Bluetooth Advertising                | Whether the device can act as a source for Bluetooth advertisements and be discoverable to other devices                      |
-| Allow Bluetooth Discoverable Mode          | Whether the device can discover other devices (for example, headsets)                                                         |
-| Bluetooth Services Allowed List            | The list of Bluetooth services and profiles to which the device can connect                                                   |
-| Set Bluetooth Local Device Name            | The local Bluetooth device name                                                                                               |
-| Allow Wi-Fi                                | Whether the Wi-Fi radio is enabled                                                                                            |
-| Allow Auto Connect to Wi-Fi Sense Hotspots | Whether the device can automatically connect to Wi-Fi hotspots and friends’ home networks that are shared through Wi-Fi Sense |
-| Allow Manual Wi-Fi Configuration           | Whether users can manually connect to Wi-Fi networks not specified in the MDM system’s list of configured Wi-Fi networks      |
-| WLAN Scan Mode                             | How actively the device scans for Wi-Fi networks (This setting is hardware dependent.)                                        |
-| Allow Camera                               | Whether the camera is enabled                                                                                                 |
-| Allow Storage Card                         | Whether the storage card slot is enabled                                                                                      |
-| Allow Voice Recording                      | Whether the user can use the microphone to create voice recordings                                                            |
-| Allow Location                             | Whether the device can use the GPS sensor or other methods to determine location so applications can use location information |
- 
-### <a href="" id="certificate"></a>Certificate management
-
-Managing certificates can be difficult for users, but certificates are pervasive for a variety of uses, including, account authentication, Wi-Fi authentication, VPN encryption, and SSL encryption of web content. Although users could manage certificates on devices manually, it’s a best practice to use your MDM system to manage those certificates for their entire life cycle, from enrollment through renewal to revocation. You can use the Simple Certificate Enrollment Protocol (SCEP) and Personal Information Exchange (PFX) certificates files to install certificates on Windows 10 Mobile. Certificate management through SCEP and MDM systems is fully transparent to users and requires no user intervention, so it helps improve user productivity and reduce support calls. Your MDM system can automatically deploy these certificates to the devices’ certificate stores after you enroll the device. Table 8 lists the SCEP settings that the MDM client in Windows 10 Mobile provides.
-
-Table 8. Windows 10 Mobile SCEP certificate enrollment settings
-
-| Setting                                              | Description                                                                                                                                                                                                                               |
-|------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Certificate enrollment server URLs                   | The certificate enrollment servers (to specify multiple server URLs, separate the URLs with semicolons \[;\])                                                                                                                             |
-| SCEP enrollment challenge                            | The Base64-encoded SCEP enrollment challenge                                                                                                                                                                                              |
-| Extended key use object identifiers                  | The object identifiers (OIDs) for extended key use                                                                                                                                                                                        |
-| Key usage                                            | The key usage bits for the certificate in decimal format                                                                                                                                                                                  |
-| Subject name                                         | The certificate subject name                                                                                                                                                                                                              |
-| Private key storage                                  | Where to store the private key (in other words, the Trusted Platform Module \[TPM\], a software key storage provider \[KSP\], or the Microsoft Passport KSP)                                                                              |
-| Pending retry delay                                  | How long the device will wait to retry when the SCEP server sends a pending status                                                                                                                                                        |
-| Pending retry count                                  | The number of times a device will retry when the SCEP server sends a pending status                                                                                                                                                       |
-| Template name                                        | The OID of the certificate template name                                                                                                                                                                                                  |
-| Private key length                                   | The private key length (in other words, 1024, 2048, or 4096 bits; Microsoft Passport supports only the 2048 key length)                                                                                                                   |
-| Certificate hash algorithm                           | The hash algorithm family (in other words, SHA-1, SHA-2, SHA-3; multiple hash algorithm families are separated by plus signs \[+\])                                                                                                       |
-| Root CA thumbprint                                   | The root CA thumbprint                                                                                                                                                                                                                    |
-| Subject alternative names                            | Subject alternative names for the certificate (Use semicolons to separate multiple subject alternative names.)                                                                                                                            |
-| Valid period                                         | The unit of measure for the period of time the certificate is considered valid (in other words, days, months, or years)                                                                                                                   |
-| Valid period units                                   | The number of units of time that the certificate is considered valid (Use this setting with the **Valid Period** setting. For example, if this setting is **3** and **Valid Period** is **Years**, the certificate is valid for 3 years.) |
-| Custom text to show in Microsoft Passport PIN prompt | The custom text to show on the Microsoft Passport PIN prompt during certificate enrollment                                                                                                                                                |
-| Thumbprint                                           | The current certificate thumbprint, if certificate enrollment succeeds                                                                                                                                                                    |
- 
-In addition to SCEP certificate management, Windows 10 Mobile supports deployment of PFX certificates. Table 9 lists the Windows 10 Mobile PFX certificate deployment settings.
-
-Table 9. Windows 10 Mobile PFX certificate deployment settings
-
-| Setting                           | Description                                                                                                                                                                  |
-|-----------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Private key storage               | Where to store the private key (in other words, the TPM, a software KSP, or the Microsoft Passport KSP)                                                                      |
-| Microsoft Passport container name | The tenant identifier of the Azure AD tenant from which the Microsoft Passport is derived, required only if you select **Microsoft Passport KSP** in **Private key storage** |
-| PFX packet                        | The PFX packet with the exported and encrypted certificates and keys in Binary64 format                                                                                      |
-| PFX packet password               | The password that protects the PFX blob specified in **PFX packet**                                                                                                          |
-| PFX packet password encryption    | Whether the MDM system encrypts the PFX certificate password with the MDM certificate                                                                                        |
-| PFX private key export            | Whether the PFX private key can be exported                                                                                                                                  |
-| Thumbprint                        | The thumbprint of the installed PFX certificate                                                                                                                              |
- 
-Use the **Allow Manual Root Certificate Installation** setting to prevent users from manually installing root and intermediate CA certificates intentionally or accidently.
-
->**Note:**  To diagnose certificate-related issues on Windows 10 Mobile devices, use the free [Certificates app](http://go.microsoft.com/fwlink/p/?LinkId=723996) in Windows Store. This Windows 10 Mobile app can help you:
-
--   View a summary of all personal certificates.
--   View the details of individual certificates.
--   View the certificates used for VPN, Wi-Fi, and email authentication.
--   Identify which certificates may have expired.
--   Verify the certificate path and confirm that you have the correct intermediate and root CA certificates.
--   View the certificate keys stored in the device TPM.
- 
-### <a href="" id="wifi"></a>Wi-Fi
-
-People use Wi-Fi on their mobile devices as much as or more than cellular data. Most corporate Wi-Fi networks require certificates and other complex information to restrict and secure user access. This advanced Wi-Fi information is difficult for typical users to configure, but you can use your MDM system to fully configure Wi-Fi settings without user intervention.
-
-Table 10 lists the Windows 10 Mobile Wi-Fi connection profile settings. Use the information in this table to help you create Wi-Fi connection profiles in your MDM system.
-
-Table 10. Windows 10 Mobile Wi-Fi connection profile settings
+Microsoft aspires to update Windows 10 Mobile devices with the latest updates automatically and without being disruptive for all customers. Out-of-the-box, a Windows 10 Mobile device will Auto Scan for available updates. However, depending on the device’s network and power status, update methods and timing will vary. 
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="15%" />
+<col width="25%" />
+<col width="15%" />
+<col width="15%" />
+<col width="15%" />
+<col width="15%" />
 </colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
 <tbody>
 <tr class="odd">
-<td align="left">SSID</td>
-<td align="left">The case-sensitive name of the Wi-Fi network (service set identifier [SSID])</td>
+<td align="left"><strong>Network connection</strong></td>
+<td align="left"><strong>Description</strong></td>
+<td align="left"><strong>Auto Scan</strong></td>
+<td align="left"><strong>Auto Download</strong></td>
+<td align="left"><strong>Auto Install</strong></td>
+<td align="left"><strong>Auto Restart</strong></td>
 </tr>
 <tr class="even">
-<td align="left">Security type</td>
-<td align="left">The type of security the Wi-Fi network uses; can be one of the following authentication types:
-<ul>
-<li><p>Open 802.11</p></li>
-<li><p>Shared 802.11</p></li>
-<li><p>WPA-Enterprise 802.11</p></li>
-<li><p>WPA-Personal 802.11</p></li>
-<li><p>WPA2-Enterprise 802.11</p></li>
-<li><p>WPA2-Personal 802.11</p></li>
-</ul></td>
+<td align="left"><strong>Wi-Fi</strong></td>
+<td align="left">Device is connected to a personal or corporate Wi-Fi network (no data charges)</td>
+<td align="left">Yes</td>	      
+<td align="left">Yes/td>
+<td align="left">Yes</td>	      
+<td align="left">Yes – outside of Active Hours (forced restart after 7 days if user postpones restart)</td>	      
 </tr>
 <tr class="odd">
-<td align="left">Authentication encryption</td>
-<td align="left">The type of encryption the authentication uses; can be one of the following encryption methods:
-<ul>
-<li><p>None (no encryption)</p></li>
-<li><p>Wired Equivalent Privacy</p></li>
-<li><p>Temporal Key Integrity Protocol</p></li>
-<li><p>Advanced Encryption Standard (AES)</p></li>
-</ul></td>
+<td align="left"><strong>Cellular</strong></td>
+<td align="left">Device is only connected to a cellular network (standard data charges apply)</td>
+<td align="left">Will skip a daily scan if scan was successfully completed in the last 5 days</td>	      
+<td align="left">Will only occur if update package is small and does not exceed the mobile operator data limit or the user clicks “download now”.</td>
+<td align="left">Yes, if the user clicked “download now”</td>	      
+<td align="left">Idem</td>	      
 </tr>
 <tr class="even">
-<td align="left">Extensible Authentication Protocol Transport Layer Security (EAP-TLS)</td>
-<td align="left">WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use EAP-TLS with certificates for authentication</td>
-</tr>
-<tr class="odd">
-<td align="left">Protected Extensible Authentication Protocol with Microsoft Challenge Handshake Authentication Protocol version 2 (PEAP-MSCHAPv2)</td>
-<td align="left">WPA-Enterprise 802.11 and WPA2-Enterprise 802.11 security types can use PEAP-MSCHAPv2 with a user name and password for authentication</td>
-</tr>
-<tr class="even">
-<td align="left">Shared key</td>
-<td align="left">WPA-Personal 802.11 and WPA2-Personal 802.11 security types can use a shared key for authentication.</td>
-</tr>
-<tr class="odd">
-<td align="left">Proxy</td>
-<td align="left">The configuration of any network proxy that the Wi-Fi connection requires (To specify the proxy server, use its fully qualified domain name [FQDN], Internet Protocol version 4 [IPv4] address, IP version 6 [IPv6] address, or IPvFuture address.)</td>
-</tr>
-<tr class="even">
-<td align="left">Disable Internet connectivity checks</td>
-<td align="left">Whether the Wi-Fi connection should check for Internet connectivity</td>
-</tr>
-<tr class="odd">
-<td align="left">Proxy auto-configuration URL</td>
-<td align="left">A URL that specifies the proxy auto-configuration file</td>
-</tr>
-<tr class="even">
-<td align="left">Enable Web Proxy Auto-Discovery Protocol (WPAD)</td>
-<td align="left">Specifies whether WPAD is enabled</td>
+<td align="left"><strong>Cellular -- Roaming</strong></td>
+<td align="left">Device is only connected to a cellular network and roaming charges apply</td>
+<td align="left">No</td>	      
+<td align="left">No</td>
+<td align="left">No</td>	      
+<td align="left">Idem</td>	      
 </tr>
 </tbody>
 </table>
- 
-Table 11 lists the Windows 10 Mobile settings for managing Wi-Fi connectivity.
 
-Table 11. Windows 10 Mobile Wi-Fi connectivity settings
+**Keeping track of updates releases**
 
-| Setting                                    | Configuration                                                              |
-|--------------------------------------------|----------------------------------------------------------------------------|
-| Allow Auto Connect To Wi-Fi Sense Hotspots | Whether the device will automatically detect and connect to Wi-Fi networks |
-| Allow Manual Wi-Fi Configuration           | Whether the user can manually configure Wi-Fi settings                     |
-| Allow Wi-Fi                                | Whether the Wi-Fi hardware is enabled                                      |
-| WLAN Scan Mode                             | How actively the device scans for Wi-Fi networks                           |
- 
-### Proxy
+*Applies to: Corporate and Personal devices*
 
-Apps running on Windows 10 Mobile (for example, Microsoft Edge) can use proxy connections to access Internet content, but Wi-Fi connections on the corporate intranet most typically use proxy connections, instead. You can define multiple proxies in Windows 10 Mobile.
+Microsoft publishes new feature updates for Windows 10 and Windows 10 Mobile on a regular basis. The [Windows release information page](https://technet.microsoft.com/en-us/windows/release-info) is designed to help you determine if your devices are current with the latest Windows 10 feature and quality updates. The release information published on this page, covers both Windows 10 for PCs and Windows 10 Mobile. In addition, the [Windows update history page](http://windows.microsoft.com/en-us/windows-10/update-history-windows-10) helps you understand what these updates are about.
 
->**Note:**  Windows 10 Mobile also supports proxy auto-configuration (PAC) files, which can automatically configure proxy settings. The Web Proxy Auto-Discovery Protocol (WPAD) lets apps use Dynamic Host Configuration Protocol and Domain Name System (DNS) lookups to locate the PAC file.
- 
-Table 12 lists the Windows 10 Mobile settings for proxy connections.
+>**Note:** 
+We invite IT Professionals to participate in the Windows Insider Program to test updates before they are officially released to make Windows 10 Mobile even better. If you find any issues, please send us feedback via the Feedback Hub 
 
-Table 12. Windows 10 Mobile proxy connection settings
+**Windows as a Service**
+
+*Applies to: Corporate and Personal devices*
+
+Microsoft created a new way to deliver and install updates to Windows 10 Mobile directly to devices without Mobile Operator approval. This capability helps to simplify update deployments and ongoing management, broadens the base of employees who can be kept current with the latest Windows features and experiences, and lowers total cost of ownership for organizations who no longer have to manage updates to keep devices secure.
+
+Update availability depends on what servicing option you choose for the device. These servicing options are outlined in the chart below: 
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="15%" />
+<col width="22%" />
+<col width="22%" />
+<col width="22%" />
+<col width="22%" />
 </colgroup>
-<thead>
-<tr class="header">
-<th align="left">Settings</th>
-<th align="left">Configuration</th>
-</tr>
-</thead>
 <tbody>
 <tr class="odd">
-<td align="left">Proxy name</td>
-<td align="left">The unique name of the proxy connection</td>
+<td align="left"><strong>Servicing option</strong></td>
+<td align="left"><strong>Availability of new features for installation</strong></td>
+<td align="left"><strong>Minimum length of servicing lifetime</strong></td>
+<td align="left"><strong>Key benefits</strong></td>
+<td align="left"><strong>Supported editions</strong></td>
 </tr>
 <tr class="even">
-<td align="left">Proxy ID</td>
-<td align="left">The unique identifier for the proxy connection</td>
+<td align="left"><strong>Windows Insider Builds</strong></td>
+<td align="left">As appropriate during development cycle, released to Windows Insiders only</td>
+<td align="left">Variable, until the next Insider build is released to Windows Insiders</td>	      
+<td align="left">Allows Insiders to test new feature and application compatibility before a Feature Update is released/td>
+<td align="left">Mobile</td>
 </tr>
 <tr class="odd">
-<td align="left">Name</td>
-<td align="left">The user-friendly name of the proxy connection</td>
+<td align="left"><strong>Current Branch (CB)</strong></td>
+<td align="left">Immediately after the Feature Update is published to Windows Update by Microsoft</td>
+<td align="left">Microsoft typically releases two Feature Updates per 12-month period (approximately every four months, though it can potentially be longer)</td>	      
+<td align="left">Makes new features available to users as soon as possible</td>
+<td align="left">Mobile & Mobile Enterprise</td>	      
 </tr>
 <tr class="even">
-<td align="left">Server address</td>
-<td align="left">The address of the proxy server, which can be the server FQDN or IP address</td>
-</tr>
-<tr class="odd">
-<td align="left">IP address type</td>
-<td align="left">The IP address type that identifies the proxy server, which can be one of the following values:
-<ul>
-<li><p><strong>IPV4</strong></p></li>
-<li><p><strong>IPV6</strong></p></li>
-<li><p><strong>E164</strong></p></li>
-<li><p><strong>ALPHA</strong></p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">Proxy connection type</td>
-<td align="left">The proxy connection type, which can be one of the following values:
-<ul>
-<li><p><strong>ISA</strong></p></li>
-<li><p><strong>WAP</strong></p></li>
-<li><p><strong>SOCKS</strong></p></li>
-<li><p><strong>NULL</strong></p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">Ports</td>
-<td align="left">The port information for the proxy connection; includes the following settings:
-<ul>
-<li><p><strong>Port Name.</strong> The unique name of a port that the proxy connection uses, such as <strong>PORT0</strong> or <strong>PORT1</strong></p></li>
-<li><p><strong>Port Name/Port Nbr.</strong> The proxy connection port number for this port</p></li>
-<li><p><strong>Port Name/Services.</strong> The services that use this proxy connection port</p></li>
-<li><p><strong>Services/Service Name.</strong> The name of a service that uses the proxy connection</p></li>
-<li><p><strong>Services/<em>Service Name</em>/Service Name.</strong> The protocol associated with the parent port connection</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">Configuration reference</td>
-<td align="left">The connection reference information for the proxy connection. The corporation determines the information in this optional setting.</td>
+<td align="left"><strong>Current Branch for Business (CBB)</strong></td>
+<td align="left">A minimum of four months after the corresponding Feature Update is first published to Windows Update by Microsoft</td>
+<td align="left">A minimum of four months, though it potentially can be longerNo</td>	      
+<td align="left">Provides additional time to test new feature before deployment</td>
+<td align="left">Mobile Enterprise only</td>			     
 </tr>
 </tbody>
 </table>
- 
-### VPN
 
-In addition to Wi-Fi, users often use a VPN to securely access apps and resources on their company’s intranet behind a firewall. Windows 10 Mobile supports several VPN vendors in addition to native Microsoft VPNs (such as Point to Point Tunneling Protocol \[PPTP\], Layer 2 Tunneling Protocol \
-[L2TP\], and Internet Key Exchange Protocol version 2 \[IKEv2\]), including:
+**Enterprise Edition**
 
--   IKEv2
--   IP security
--   SSL VPN connections (which require a downloadable plug-in from the VPN server vendor)
+*Applies to: Corporate devices*
 
-You can configure Windows 10 Mobile to use auto-triggered VPN connections, as well. You define a VPN connection for each app that requires intranet connectivity. When users switch between apps, the operating system automatically establishes the VPN connection for that app. In the event the device drops the VPN connection, Windows 10 Mobile automatically reconnects to the VPN without user intervention.
+While Windows 10 Mobile provides updates directly to user devices from Windows Update, there are many organizations that want to track, test, and schedule updates to corporate devices. To support these requirements, we created the Windows 10 Mobile Enterprise edition. 
 
-With always-on VPN, Windows 10 Mobile can automatically start a VPN connection when a user signs-in, as well. The VPN stays connected until the user manually disconnects it.
-MDM support for VPN connections in Windows 10 Mobile includes provisioning and updating VPN connection profiles and associating VPN connections with apps. You can create and provision VPN connection profiles, and then deploy them to managed devices that run Windows 10 Mobile. Table 13 lists the Windows 10 Mobile fields for VPN connection profiles.
+Upgrading to Windows 10 Mobile Enterprise edition provides additional device and app management capabilities for organizations that want to:
+-   **Defer, approve and deploy feature and quality updates:** Windows 10 Mobile devices get updates directly from Windows Update. If you want to curate updates prior to deploying them, an upgrade to Windows 10 Mobile Enterprise edition is required. Once Enterprise edition is enabled, the phone can be set to the Current Branch for Business servicing option, giving IT additional time to test updates before they are released. 
+-   **Deploy an unlimited number of self-signed LOB apps to a single device:** To use an MDM system to deploy LOB apps directly to devices, you must cryptographically sign the software packages with a code signing certificate that your organization’s certificate authority (CA) generates. You can deploy a maximum of 20 self-signed LOB apps to a Windows 10 Mobile device. To deploy more than 20 self-signed LOB apps, Windows 10 Mobile Enterprise is required.
+-   **Set the telemetry level:** Microsoft collects telemetry data to help keep Windows devices secure and to help Microsoft improve the quality of Windows and Microsoft services. An upgrade to Windows 10 Mobile Enterprise edition is required to set the telemetry level so that only telemetry information required to keep devices secured is gathered. 
 
-Table 13. Windows 10 Mobile VPN connection profile settings
+To learn more about telemetry, visit [Configure Windows telemetry in your organization](configure-windows-telemetry-in-your-organization.md).
+
+To activate Windows 10 Mobile Enterprise, use your MDM system or a provisioning package to inject the Windows 10 Enterprise license on a Windows 10 Mobile device. Licenses can be obtained from the Volume Licensing portal. For testing purposes, you can obtain a licensing file from the MSDN download center. A valid MSDN subscription is required.
+
+Details on updating a device to Enterprise edition with [WindowsLicensing CSP](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904983(v=vs.85).aspx)
+
+>**Recommendation:** Microsoft recommends using Enterprise edition only on corporate devices. Once a device has been upgraded, it cannot be downgraded. Even a device wipe or reset will not remove the enterprise license from personal devices. 
+
+**Deferring and Approving Updates with MDM**
+
+*Applies to: Corporate devices with Enterprise edition*
+
+Once a device is upgraded to Windows 10 Mobile Enterprise edition, you can manage devices that receive updates from Windows Update (or Windows Update for Business) with a set of update policies. 
+
+To control Feature Updates, you will need to move your devices to the Current Branch for Business (CBB) servicing option. A device that subscribes to CBB will wait for the next CBB to be published by Microsoft Update. While the device will wait for Feature Updates until the next CBB, Quality Updates will still be received by the device. 
+
+To control monthly Quality Update additional deferral policies, need to be set to your desired deferral period. When Quality Updates are available for your Windows 10 Mobile devices from Windows Update, these updates will not install until your deferral period lapses. This gives IT Professionals some time to test the impact of the updates on devices and apps. 
+
+Before updates are distributed and installed, you may want to test them for issues or application compatibility. IT pros have the ability require updates to be approved. This enables the MDM administrator to select and approve specific updates to be installed on a device and accept the EULA associated with the update on behalf of the user. Please remember that on Windows 10 Mobile all updates are packaged as a “OS updates” and never as individual fixes. 
+
+You may want to choose to handle Quality Updates and Feature Updates in the same way and not wait for the next CBB to be released to your devices. This streamlines the release of updates using the same process for approval and release. You can apply different deferral period by type of update. In version 1607 Microsoft added additional policy settings to enable more granularity to control over updates. 
+
+Once updates are being deployed to your devices, you may want to pause the rollout of updates to enterprise devices. 
+For example, after you start rolling out a quality update, certain phone models are adversely impacted or users are reporting a specific LOB app is not connecting and updating a database. Problems can occur that did not surface during initial testing. 
+IT professionals can pause updates to investigate and remediate unexpected issues. 
+
+The following table summarizes applicable update policy settings by version of Windows 10 Mobile.  All policy settings are backward compatible, and will be maintained in future Feature Updates. Consult the documentation of your MDM system to understand support for these settings in your MDM.
 
 <table>
 <colgroup>
-<col width="50%" />
-<col width="50%" />
+<col width="33%" />
+<col width="33%" />
+<col width="33%" />
 </colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
 <tbody>
 <tr class="odd">
-<td align="left">Native VPN protocol profile</td>
-<td align="left"><p>The configuration information when the VPN uses native Windows 10 Mobile VPN protocols (such as IKEv2, PPTP, or L2TP); includes the following settings:</p>
-<ul>
-<li><p><strong>Servers.</strong> The VPN server for the VPN profile</p></li>
-<li><p><strong>Routing policy type.</strong> The type of routing policy the VPN profile uses; can be set to one of the following values:</p>
-<ul>
-<li><p><strong>Split tunnel.</strong> Only network traffic destined to the intranet goes through the VPN connection.</p></li>
-<li><p><strong>Force tunnel.</strong> All traffic goes through the VPN connection.</p></li>
-</ul></li>
-<li><p><strong>Tunneling protocol type.</strong> The tunneling protocol used for VPN profiles that use native Windows 10 Mobile VPN protocols; can be one the following values:</p>
-<ul>
-<li><p><strong>PPTP</strong></p></li>
-<li><p><strong>L2TP</strong></p></li>
-<li><p><strong>IKEv2</strong></p></li>
-<li><p><strong>Automatic</strong></p></li>
-</ul></li>
-<li><p><strong>User authentication method.</strong> The user authentication method for the VPN connection; can have a value of <strong>EAP</strong> or <strong>MSChapv2</strong>. Windows 10 Mobile does not support the value <strong>MSChapv2</strong> for IKEv2-based VPN connections.</p></li>
-<li><p><strong>Machine certificate.</strong> The machine certificate used for IKEv2-based VPN connections.</p></li>
-<li><p><strong>EAP configuration.</strong> An HTML-encoded XML blob of the EAP configuration. For more information about creating the EAP configuration XML blob, see [EAP configuration](http://go.microsoft.com/fwlink/p/?LinkId=734055). You can use the XML blob these steps create in the MDM system to create the VPN profile.</p></li>
-</ul></td>
+<td align="left"><strong>Activity (Policy)</strong></td>
+<td align="left"><strong>Version 1511 settings</strong></td>
+<td align="left"><strong>Version 1607 settings</strong></td>
 </tr>
 <tr class="even">
-<td align="left">VPN plugin profile</td>
-<td align="left">Windows Store–based VPN plug-ins for the VPN connection; includes the following settings:
-<ul>
-<li><p><strong>VPN servers.</strong> A comma-separated list of VPN servers; you can specify the servers with a URL, fully qualified host name, or IP address.</p></li>
-<li><p><strong>Custom configuration.</strong> An HTML-encoded XML blob for SSL–VPN plug-in–specific configuration information (e.g., authentication information) that the plug-in provider requires.</p></li>
-<li><p><strong>Windows Store VPN plugin family name.</strong> Specifies the Windows Store package family name for the Windows Store–based VPN plug-in.</p></li>
-</ul></td>
+<td align="left"><strong>Subscribe device to CBB, to defer Feature Updates</strong></td>
+<td align="left">RequireDeferUpgrade
+
+Defers Feature Update until next CBB release. Device will receive quality updates from Current Branch for Business (CBB).
+Defers feature update for minimum of 4 months after Current Branch was release.</td>
+<td align="left">BranchReadinessLevel
+
+Defers Feature Update until next CBB release. Device will receive quality updates from Current Branch for Business (CBB).
+Defers feature update for minimum of 4 months after Current Branch was release.</td></tr>
+<tr class="odd">
+<td align="left"><strong>Defer Updates</strong></td>
+<td align="left">DeferUpdatePeriod
+
+Defer Quality Updates for 4 weeks or 28 days</td>
+<td align="left">DeferQualityUpdatePeriodInDays
+
+Defer Feature and Quality Updates for up to 30 days.</td></tr>
+<tr class="even">
+<td align="left"><strong>Approve Updates</strong></td>
+<td align="left">RequireUpdateApproval
+  
+</td>
+<td align="left">RequireUpdateApproval
+  
+</td>	      
 </tr>
 <tr class="odd">
-<td align="left">Always on connection</td>
-<td align="left">Whether the VPN connects at user sign-in and stays connected until the user manually disconnects the VPN connection.</td>
-</tr>
-<tr class="even">
-<td align="left">App trigger list</td>
-<td align="left">A list of apps that automatically initiate the VPN connection. Each app trigger in the list includes the following settings:
-<ul>
-<li><p><strong>App ID.</strong> The app identity for the app that automatically initiates the VPN connection Any apps in this list can send data through the VPN connection; set it to one of the following values:</p>
-<ul>
-<li><p>Unique name of the Windows Store app (<strong>Package Family Name</strong>). The package family name is a unique name for each app. For example, the package family name for the Skype app is <em>Microsoft.SkypeApp_kzf8qxf38zg5c</em>.</p></li>
-<li><p>Fully qualified path to the app (such as C:\Windows\System\Notepad.exe).</p></li>
-<li><p>Kernel driver name.</p></li>
-</ul></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">DNS suffixes</td>
-<td align="left">A comma-separated list of DNS suffixes for the VPN connection. Any DNS suffixes in this list are automatically added to <strong>Suffix Search List</strong>.</td>
-</tr>
-<tr class="even">
-<td align="left">LockDown VPN profile</td>
-<td align="left">Whether this VPN connection is a LockDown profile. A LockDown VPN profile has the following characteristics:
-<ul>
-<li><p>It is an always-on VPN profile.</p></li>
-<li><p>It can never be disconnected.</p></li>
-<li><p>If the VPN profile is not connected, the user has no network connectivity.</p></li>
-<li><p>No other VPN profiles can be connected or modified.</p></li>
-</ul>
-<p>You must delete a LockDown VPN profile before you can add, remove, or connect other VPN profiles.</p></td>
-</tr>
-<tr class="odd">
-<td align="left">Name Resolution Policy Table rules</td>
-<td align="left">A list of Name Resolution Policy Table rules for the VPN connection. Each rule in the list includes the following settings:
-<ul>
-<li><p><strong>Domain name.</strong> The namespace for the policy; can be an FQDN or a domain suffix.</p></li>
-<li><p><strong>Domain name type.</strong> The type of namespace in <strong>Domain name</strong>; has a value of either <strong>FQDN</strong> or <strong>Suffix</strong>.</p></li>
-<li><p>DNS servers. A comma-separated list of DNS server IP addresses to use for the namespace specified in <strong>Domain name</strong>.</p></li>
-<li><p><strong>Web proxy servers</strong>. The IP address for the web proxy server (if the intranet redirects traffic through a web proxy server).</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">Proxy</td>
-<td align="left">Any post connection proxy support required for the VPN connection; includes the following settings:
-<ul>
-<li><p><strong>Proxy server.</strong> Specifies the fully qualified host name or IP address of the proxy server when a specific proxy server is required.</p></li>
-<li><p><strong>Automatic proxy configuration URL.</strong> Specifies the URL for automatically retrieving proxy server settings.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">Remember credentials</td>
-<td align="left">Whether the VPN connection caches credentials.</td>
-</tr>
-<tr class="even">
-<td align="left">Route list</td>
-<td align="left">A list of routes to add to the routing table for the VPN connection. Each route in the list includes the following settings:
-<ul>
-<li><p><strong>Address.</strong> The destination subnet address in IPv4 or IPv6 format (such as <em>192.168.0.0</em>).</p></li>
-<li><p><strong>Prefix size.</strong> The portion of the address used to identify the destination subnet address (such as <em>16</em> to produce the subnet <em>192.168.0.0/16</em>).</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">Traffic filter list</td>
-<td align="left">A list of traffic rules that define the traffic that can be sent through the VPN connection. Each rule in the list includes the following settings:
-<ul>
-<li><p><strong>App ID.</strong> The app identity for the traffic filter based on a specific app (app-based traffic filter). Any apps in this list can send data through the VPN connection; set to one of the following values:</p>
-<ul>
-<li><p>Unique name of the Windows Store app (<strong>Package Family Name</strong>). The package family name is a unique name for each app. For example, the package family name for the Skype app is Microsoft.<em>SkypeApp_kzf8qxf38zg5c</em>.</p></li>
-<li><p>Fully qualified path to the app (such as C:\Windows\System\Notepad.exe).</p></li>
-<li><p>Kernel driver name.</p></li>
-</ul></li>
-<li><p><strong>Protocol.</strong> The IP protocol to use for the traffic filter rule (for example, TCP = 6, UDP = 17).</p></li>
-<li><p><strong>Local port ranges.</strong> Specifies a comma-separated list of local IP port ranges (for example, 100–180, 200, 300–350).</p></li>
-<li><p><strong>Remote port ranges.</strong> A comma-separated list of remote IP port ranges (for example, 100–180, 200, 300–350).</p></li>
-<li><p><strong>Local address ranges.</strong> A comma-separated list of local IP address ranges that are allowed to use the VPN connection (for example, 192.168.0.1–192.168.0.255, 172.16.10.0–172.16.10.255).</p></li>
-<li><p><strong>Remote address ranges.</strong> A comma-separated list of remote IP address ranges that are allowed to use the VPN connection (for example, 192.168.0.1–192.168.0.255, 172.16.10.0–172.16.10.255).</p></li>
-<li><p><strong>Routing policy type.</strong> The type of IP tunnel for the VPN connection; set to one of the following:</p>
-<ul>
-<li><p><strong>Split tunnel.</strong> Only traffic destined for the intranet is sent through the VPN connection.</p></li>
-<li><p><strong>Force tunnel.</strong> All traffic is sent through the VPN connection.</p></li>
-</ul></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">Trusted network detection</td>
-<td align="left">A comma-separated list of trusted networks that causes the VPN not to connect when the intranet is directly accessible.</td>
+<td align="left"><strong>Pause Update rollout once an approved update is being deployed, pausing the rollout of the update.</strong></td>
+<td align="left">PauseDeferrals
+
+Pause Feature Updates for up to 35 days</td>			     
+<td align="left">PauseQualityUpdates
+
+Pause Feature Updates for up to 35 days</td>			     
 </tr>
 </tbody>
 </table>
- 
-Table 14 lists the Windows 10 Mobile settings for managing VPN connections. These settings help you manage VPNs over cellular data connections, which in turn help reduce costs associated with roaming or data plan charges.
-
-Table 14. Windows 10 Mobile VPN management settings
-
-| Setting                              | Description                                                                     |
-|--------------------------------------|---------------------------------------------------------------------------------|
-| Allow VPN                            | Whether users can change VPN settings                                           |
-| Allow VPN Over Cellular              | Whether users can establish VPN connections over cellular networks              |
-| Allow VPN Over Cellular when Roaming | Whether users can establish VPN connections over cellular networks when roaming |
- 
-### <a href="" id="apn"></a>APN profiles
-
-An APN defines network paths for cellular data connectivity. Typically, you define just one APN for a device in collaboration with a mobile operator, but you can define multiple APNs if your company uses multiple mobile operators.
-
-An APN provides a private connection to the corporate network that is unavailable to other companies on the mobile operator network. Corporations in Europe and the Asia-Pacific use APNs, but they are not common in the United States.
-
-You can define and deploy APN profiles in MDM systems that configure cellular data connectivity for Windows 10 Mobile. Devices running Windows 10 Mobile can have only one APN profile. Table 15 lists the MDM settings that Windows 10 Mobile supports for APN profiles.
-
-Table 15. Windows 10 Mobile APN profile settings
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left">APN name</td>
-<td align="left">The APN name</td>
-</tr>
-<tr class="even">
-<td align="left">IP connection type</td>
-<td align="left">The IP connection type; set to one of the following values:
-<ul>
-<li><p><strong>IPv4 only</strong></p></li>
-<li><p><strong>IPv6 only</strong></p></li>
-<li><p><strong>IPv4 and IPv6 concurrently</strong></p></li>
-<li><p><strong>IPv6 with IPv4 provided by 46xlat</strong></p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">LTE attached</td>
-<td align="left">Whether the APN should be attached as part of an LTE Attach</td>
-</tr>
-<tr class="even">
-<td align="left">APN class ID</td>
-<td align="left">The globally unique identifier that defines the APN class to the modem</td>
-</tr>
-<tr class="odd">
-<td align="left">APN authentication type</td>
-<td align="left">The APN authentication type; set to one of the following values:
-<ul>
-<li><p><strong>None</strong></p></li>
-<li><p><strong>Auto</strong></p></li>
-<li><p><strong>PAP</strong></p></li>
-<li><p><strong>CHAP</strong></p></li>
-<li><p><strong>MSCHAPv2</strong></p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">User name</td>
-<td align="left">The user account when users select Password Authentication Protocol (PAP), CHAP, or MSCHAPv2 authentication in <strong>APN authentication type</strong></td>
-</tr>
-<tr class="odd">
-<td align="left">Password</td>
-<td align="left">The password for the user account specified in <strong>User name</strong></td>
-</tr>
-<tr class="even">
-<td align="left">Integrated circuit card ID</td>
-<td align="left">The integrated circuit card ID associated with the cellular connection profile</td>
-</tr>
-</tbody>
-</table>
- 
-### <a href="" id="data"></a>Data leak protection
-
-Some user experiences can risk corporate data stored on corporate devices. For example, allowing users to copy and paste information out of the organization’s LOB app can put data at risk. To mitigate the risk, you can restrict the Windows 10 Mobile user experience to help protect corporate data 
-and prevent data leaks. For example, you can prevent settings synchronization, copy-and-paste operations, and screen captures. Table 16 lists the MDM settings in Windows 10 Mobile that you can use to help prevent data leaks.
-
-Table 16. Windows 10 Mobile data leak protection settings
-
-| Setting                                      | Description                                                                                                                                                                                                              |
-|----------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Allow copy and paste                         | Whether users can copy and paste content                                                                                                                                                                                 |
-| Allow Cortana                                | Whether users can use Cortana on the device, where available                                                                                                                                                             |
-| Allow device discovery                       | Whether the device discovery user experience is available on the lock screen (For example, this setting can control whether a device could discover a projector \[or other devices\] when the lock screen is displayed.) |
-| Allow input personalization                  | Whether personally identifiable information can leave the device or be saved locally (for example, Cortana learning, inking, dictation)                                                                                  |
-| Allow manual MDM unenrollment                | Whether users are allowed to delete the workplace account (in other words, unenroll the device from the MDM system)                                                                                                      |
-| Allow screen capture                         | Whether users are allowed to capture screenshots on the device                                                                                                                                                           |
-| Allow SIM error dialog prompt                | Specifies whether to display a dialog prompt when no SIM card is installed                                                                                                                                               |
-| Allow sync my settings                       | Whether the user experience settings are synchronized between devices (works with Microsoft accounts only)                                                                                                               |
-| Allow toasts notifications above lock screen | Whether users are able to view toast notification on the device lock screen                                                                                                                                              |
-| Allow voice recording                        | Whether users are allowed to perform voice recordings.                                                                                                                                                                   |
- 
-### <a href="" id="storage"></a>Storage management
-
-Protecting the apps and data stored on a device is critical to device security. One method for helping protect your apps and data is to encrypt internal device storage by using the device encryption in Windows 10 Mobile. This encryption helps protect corporate data against unauthorized access, even when an unauthorized user has physical possession of the device.
-
-A feature in Windows 10 Mobile is the ability to install apps on a secure digital (SD) card. The operating system stores apps on a partition specifically designated for that purpose. This feature is always on, so you don’t need to set a policy explicitly to enable it.
-The SD card is uniquely paired with a device. No other devices can see the apps or data on the encrypted partition, but they can access the data stored on the unencrypted partition of the SD card, such as music or photos.
-You can disable the **Allow Storage Card** setting to prevent users from using SD cards altogether, but the primary advantage of the SD card app partition–encryption feature is that organizations can give users the flexibility to use an SD card while still protecting the confidential apps and data on it.
-
-If you don’t encrypt storage, you can help protect your corporate apps and data by using the **Restrict app data to the system volume** and **Restrict apps to the system volume** settings. They help ensure that users cannot copy your apps and data to SD cards.
-
-Table 17 lists the MDM storage-management settings that Windows 10 Mobile provides.
-
-Table 17. Windows 10 Mobile storage management settings
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left">Allow Storage Card</td>
-<td align="left">Whether users can use storage cards for device storage (This setting does not prevent programmatic access to the storage cards.)</td>
-</tr>
-<tr class="even">
-<td align="left">Require Device Encryption</td>
-<td align="left">Whether internal storage is encrypted (When a device is encrypted, you cannot use a policy to turn encryption off.)</td>
-</tr>
-<tr class="odd">
-<td align="left">Encryption method</td>
-<td align="left">Specifies the BitLocker drive encryption method and cipher strength; can be one of the following values:
-<ul>
-<li><p>AES-Cipher Block Chaining (CBC) 128-bit</p></li>
-<li><p>AES-CBC 256-bit</p></li>
-<li><p>XEX-based tweaked-codebook mode with cipher text stealing (XTS)–AES (XTS-AES) 128-bit (this is the default)</p></li>
-<li><p>XTS-AES-256-bit</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">Allow Federal Information Processing Standard (FIPS) algorithm policy</td>
-<td align="left">Whether the device allows or disallows the FIPS algorithm policy</td>
-</tr>
-<tr class="odd">
-<td align="left">SSL cipher suites</td>
-<td align="left">Specifies a list of the allowed cryptographic cipher algorithms for SSL connections</td>
-</tr>
-<tr class="even">
-<td align="left">Restrict app data to the system volume</td>
-<td align="left">Specifies whether app data is restricted to the system drive</td>
-</tr>
-<tr class="odd">
-<td align="left">Restrict apps to the system volume</td>
-<td align="left">Specifies whether apps are restricted to the system drive</td>
-</tr>
-</tbody>
-</table>
- 
-## <a href="" id="--app-management"></a> App management
-
-Apps help improve user productivity on mobile devices. New to Windows 10 is the ability for organizations purchase apps from Windows Store for their employees and deploy those apps from Windows Store or an MDM system. App management is becoming a key capability of MDM systems, helping reduce the effort required to perform common app-related tasks, such as distributing apps, and protecting data through app policies. This section describes the app management features in Windows 10 Mobile and includes the following topics:
-
--   [Universal Windows Platform (UWP)](#uwp)
--   [Sourcing the right app](#sourcing)
--   [Windows Store for Business](#store)
--   [Mobile application management (MAM) policies](#mam)
--   [Microsoft Edge](#edge)
-
-### <a href="" id="uwp"></a>Universal Windows Platform
-
-Windows 10 introduces UWP, converging the application platform for all devices running some edition of Windows 10. UWP apps run without modification on all editions of Windows 10, and Windows Store now has apps that you can license and purchased for all your Windows 10 devices. Windows Phone 8.1 and Windows 8.1 apps still run on Windows 10 devices, but the MAM improvements in Windows 10 work only with UWP apps. See the [Guide to Universal Windows Platform (UWP) apps](http://go.microsoft.com/fwlink/p/?LinkId=734056) for additional information.
-
-### <a href="" id="sourcing"></a>Sourcing the right app
-
-The first step in app management is to obtain the apps your users need, and you can now acquire apps from Windows Store. Developers can also create apps specific to an organization, known as *line-of-business (LOB) apps* (the developers of these apps are *LOB publishers*). An LOB developer (internal or external) can now publish these apps to Windows Store at your request, or you can obtain the app packages offline and distribute them through your MDM system.
-
-To install Windows Store or LOB apps, use the Windows Store cloud service or your MDM system to distribute the app packages. Your MDM system can deploy apps online by redirecting the user to a licensed app in Windows Store or offline by distributing a package that you downloaded from Windows Store (also called *sideloading*) on Windows 10 Mobile devices. You can fully automate the app deployment process so that no user intervention is required.
-
-IT administrators can obtain apps through Store for Business. Most apps can be distributed online, meaning that the user must be logged in to the device with an Azure AD account and have Internet access at the time of installation. To distribute an app offline, the developer must opt in. If the app developer doesn’t allow download of the app from Windows Store, then you must obtain the files directly from the developer or use the online method. See [Windows Store for Business](windows-store-for-business.md) for additional information about apps obtained through Store for Business.
-Windows Store apps are automatically trusted. For custom LOB apps developed internally or by a trusted software vendor, ensure that the device trusts the app signing certificate. There are two ways to establish this trust: use a signing certificate from a trusted source, or generate your own signing certificate and add your chain of trust to the trusted certificates on the device. You can install up to 20 self-signed apps on a Windows 10 Mobile device. When you purchase a signing certificate from a public CA, you can install more than 20 apps on a device, although you can install more than 20 self-signed apps per device with [Windows 10 Mobile Enterprise](#mobile-edition).
-
-Users can install apps from Windows Store that the organization purchases through the Store app on their device. If you allow your users to log in with a Microsoft account, the Store app on the device provides a unified method for installing personal and corporate apps.
-
-### <a href="" id="store"></a>Store for Business
-
-[Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkId=722910) is a web portal that IT pros and purchasers use to find, acquire, manage, and distribute apps to Windows 10 devices. This online portal gives Azure AD authenticated managers access to Store for Business functionality and settings. Store managers can create a private section of Windows Store in which organizations can manage apps specific and private to them. Store for Business allows organizations to make apps available to their users and purchase app licenses for them. They can also integrate their Store for Business subscriptions with their MDM systems, so the MDM system can deploy apps from their free Store for Business subscription.
-
-The process for using Store for Business is as follows:
-
-1.  Create a Store for Business subscription for your organization.
-2.  In the Store for Business portal, acquire apps from Windows Store (only free apps are available at this time).
-3.  In Store for Business, distribute apps to users, and manage the app licenses for the apps acquired in the previous step.
-4.  Integrate your MDM system with your organization’s Store for Business subscription.
-5.  Use your MDM system to deploy the apps.
-
-For more information about Store for Business, see [Windows Store for Business](windows-store-for-business.md).
-
-### <a href="" id="mam"></a>Mobile application management (MAM) policies
-
-With MDM, you can manage Device Guard on Windows 10 Mobile and create an allow (whitelist) or deny (blacklist) list of apps. This capability extends to built-in apps, as well, such as phone, text messaging, email, and calendar. The ability to allow or deny apps helps to ensure that people use their mobile devices for their intended purposes.
-
-You can also control users’ access to Windows Store and whether the Store service updates apps automatically. You can manage all these capabilities through your MDM system. Table 18 lists the Windows 10 Mobile app management settings.
-
-Table 18. Windows 10 Mobile app management settings
-
-| Setting                                        | Description                                                                                                                                                                          |
-|------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Allow All Trusted Apps                         | Whether users can sideload apps on the device                                                                                                                                        |
-| Allow App Store Auto Update                    | Whether automatic updates of apps from Windows Store are allowed                                                                                                                     |
-| Allow Developer Unlock                         | Whether developer unlock is allowed                                                                                                                                                  |
-| Allow Shared User App Data                     | Whether multiple users of the same app can share data                                                                                                                                |
-| Allow Store                                    | Whether Windows Store app is allowed to run                                                                                                                                          |
-| Allow Windows Bridge For Android App Execution | Whether the Windows Bridge for Android app is allowed to run                                                                                                                         |
-| Application Restrictions                       | An XML blob that defines the app restrictions for a device (The XML blob can contain an app allow or deny list. You can allow or deny apps based on their app ID or publisher.)      |
-| Require Private Store Only                     | Whether the private store is exclusively available to users (If enabled, only the private store is available. If disabled, the retail catalog and private store are both available.) |
-| Restrict App Data To System Volume             | Whether app data is allowed only on the system drive                                                                                                                                 |
-| Restrict App To System Volume                  | Whether app installation is allowed only to the system drive                                                                                                                         |
-| Start screen layout                            | An XML blob used to configure the Start screen (See [Start layout for Windows 10 Mobile editions](http://go.microsoft.com/fwlink/p/?LinkId=734057) for more information.)            |
- 
-One potential security issue is that users can register as Windows 10 Mobile app developers and turn on developer features on their device, potentially installing apps from unknown sources and opening the device to malware threats. To prevent users from turning on developer features on their devices, set the **Disable development unlock (side loading)** policy, which you can configure through your MDM system.
-
-### <a href="" id="edge"></a>Microsoft Edge
-
-MDM systems give you the ability to manage Microsoft Edge on mobile devices. Table 19 lists the Microsoft Edge settings for Windows 10 Mobile.
-
-Table 19. Microsoft Edge settings for Windows 10 Mobile
-
-| Setting                                         | Description                                                                                           |
-|-------------------------------------------------|-------------------------------------------------------------------------------------------------------|
-| Allow Active Scripting                          | Whether active scripting is allowed                                                                   |
-| Allow Autofill                                  | Whether values are automatically filled on websites                                                   |
-| Allow Browser                                   | Whether Internet Explorer is allowed on the device                                                    |
-| Allow Cookies                                   | Whether cookies are allowed                                                                           |
-| Allow Do Not Track headers                      | Whether Do Not Track headers are allowed                                                              |
-| Allow InPrivate                                 | Whether users can use InPrivate browsing                                                              |
-| Allow Password Manager                          | Whether users can use Password Manager to save and manage passwords locally                           |
-| Allow Search Suggestions in Address Bar         | Whether search suggestions are shown in the address bar                                               |
-| Allow SmartScreen                               | Whether SmartScreen Filter is enabled                                                                 |
-| First Run URL                                   | The URL to open when a user launches Microsoft Edge for the first time                                |
-| Prevent Smart Screen Prompt Override For Files  | Whether users can override the SmartScreen Filter warnings about downloading unverified files         |
- 
-## Device operations
-
-In this section, you learn how MDM settings in Windows 10 Mobile enable the following scenarios:
-
--   [Device update](#device-update)
--   [Device compliance monitoring](#device-comp)
--   [Device inventory](#data-inv)
--   [Remote assistance](#remote-assist)
--   [Cloud services](#cloud-serv)
-
-### Device update
-
-To help protect mobile devices and their data, you must keep those devices updated. Windows Update automatically installs updates and upgrades when they become available.
-
-The device update features described in this section are available only in [Windows 10 Mobile Enterprise](#mobile-edition). You can use your MDM system to postpone system upgrades when you activate an Enterprise license on managed Windows 10 Mobile devices and control how updates and upgrades are applied. For example, you can disable updates altogether, defer updates and upgrades, and schedule the day and time to install updates, as you would with Windows Server Update Services (WSUS) on Windows 10 desktops running the [Current Branch for Business](introduction-to-windows-10-servicing.md). 
-Table 20 lists the Windows 10 Mobile Enterprise settings that you can use to configure updates and upgrades.
-
-Table 20. Windows 10 Mobile Enterprise update management settings
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left">Allow automatic update</td>
-<td align="left">The automatic update behavior for scanning, downloading, and installing updates; the behavior can be one of the following:
-<ul>
-<li><p>Notify users prior to downloading updates.</p></li>
-<li><p>Automatically install updates, and then notify users to schedule a restart (this is the default behavior).</p></li>
-<li><p>Automatically install and restart devices with user notification.</p></li>
-<li><p>Automatically install and restart devices at a specified time.</p></li>
-<li><p>Automatically install and restart devices without user interaction.</p></li>
-<li><p>Turn off automatic updates.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left">Allow non Microsoft signed update</td>
-<td align="left">Whether automatic updates will accept updates that entities other than Microsoft have signed</td>
-</tr>
-<tr class="odd">
-<td align="left">Allow update service</td>
-<td align="left">Whether devices can obtain updates from Windows Update, WSUS, or Windows Store</td>
-</tr>
-<tr class="even">
-<td align="left">Monthly security updates deferred</td>
-<td align="left">Whether monthly updates (for example, security patches) are deferred (You can defer updates up to 4 weeks.)</td>
-</tr>
-<tr class="odd">
-<td align="left">Nonsecurity upgrades deferred</td>
-<td align="left">Whether nonsecurity upgrades are deferred (You can defer upgrades up to 4 weeks.)</td>
-</tr>
-<tr class="even">
-<td align="left">Pause update deferrals</td>
-<td align="left">Whether the device should skip an update cycle (This setting is valid only when you configure devices to defer updates or upgrades.)</td>
-</tr>
-<tr class="odd">
-<td align="left">Require update approval</td>
-<td align="left">Whether approval is required before updates can be installed on devices (If approval is required, any updates that have an End User License Agreement [EULA] are automatically accepted on the user’s behalf.)</td>
-</tr>
-<tr class="even">
-<td align="left">Schedule install time</td>
-<td align="left">The scheduled time at which updates are installed</td>
-</tr>
-<tr class="odd">
-<td align="left">Scheduled install day</td>
-<td align="left">The schedule of days on which updates are installed</td>
-</tr>
-<tr class="even">
-<td align="left">Update deferral period</td>
-<td align="left">How long updates should be deferred</td>
-</tr>
-<tr class="odd">
-<td align="left">Update service URL</td>
-<td align="left">The name of a WSUS server from which to download updates instead of Windows Update</td>
-</tr>
-<tr class="even">
-<td align="left">Upgrade deferral period</td>
-<td align="left">How long Windows 10 Mobile upgrades should be deferred</td>
-</tr>
-</tbody>
-</table>
- 
-In addition to configuring how Windows 10 Mobile Enterprise obtains updates, you can manage individual Windows 10 Mobile updates. Table 21 provides information about approved updates to help you control the rollout of new updates to Windows 10 Mobile Enterprise devices.
-
-Table 21. Windows 10 Mobile Enterprise approved update information
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Setting</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left">Approved updates</td>
-<td align="left">A list of approved updates. Each update in the list includes the <strong>Approved Time</strong> setting, which specifies the update approval time. Any approved updates automatically accept EULAs on behalf of users.</td>
-</tr>
-<tr class="even">
-<td align="left">Failed updates</td>
-<td align="left">A list of updates that failed during installation. Each update in the list includes the following settings:
-<ul>
-<li><p><strong>H Result.</strong> The update failure code</p></li>
-<li><p><strong>Status.</strong> The failed update state (for example, <strong>download</strong>, <strong>install</strong>)</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">Installed updates</td>
-<td align="left">A list of updates that are installed on the device.</td>
-</tr>
-<tr class="even">
-<td align="left">Installable updates</td>
-<td align="left">A list of updates that are available for installation. Each update in the list includes the following settings:
-<ul>
-<li><p><strong>Type.</strong> The type of update available for installation, set to one of the following values:</p>
-<ul>
-<li><p><strong>0</strong> (no type)</p></li>
-<li><p><strong>1</strong> (security)</p></li>
-<li><p><strong>2</strong> (critical)</p></li>
-</ul></li>
-<li><p><strong>Revision Number.</strong> The revision number for the update used to get metadata for the update during synchronization.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">Pending reboot updates</td>
-<td align="left">A list of updates that require a restart to complete update installation. Each update in the last has the <strong>Installed Time</strong> setting enabled, which specifies installation time for the update.</td>
-</tr>
-<tr class="even">
-<td align="left">Last successful scan time</td>
-<td align="left">The last time a successful update scan was completed.</td>
-</tr>
-<tr class="odd">
-<td align="left">Defer upgrade</td>
-<td align="left">Whether the upgrade is deferred until the next update cycle.</td>
-</tr>
-</tbody>
-</table>
- 
-
-### <a href="" id="device-comp"></a>Device compliance monitoring
-
-You can use your MDM system to monitor compliance. Windows 10 Mobile provides audit information to track issues or perform remedial actions. This information helps you ensure that devices are configured to comply with organizational standards.
-
-You can also assess the health of devices that run Windows 10 Mobile and take enterprise policy actions. The process that the health attestation feature in Windows 10 Mobile uses is as follows:
-
-1.  The health attestation client collects data used to verify device health.
-2.  The client forwards the data to the Health Attestation Service (HAS).
-3.  The HAS generates a Health Attestation Certificate.
-4.  The client forwards the Health Attestation Certificate and related information to the MDM system for verification.
-
-For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](../keep-secure/windows-10-mobile-security-guide.md).
-
-Depending on the results of the health state validation, an MDM system can take one of the following actions:
-
--   Allow the device to access resources.
--   Allow the device to access resources but identify the device for further investigation.
--   Prevent the device from accessing resources.
-
-Table 21 lists data points that the HAS collects and evaluates from devices that run Windows 10 Mobile to determine the action to perform. For most of these data points, the MDM system can take one of the following actions:
-
--   Disallow all access.
--   Disallow access to high-business-impact assets.
--   Allow conditional access based on other data points that are present at evaluation time—for example, other attributes on the health certificate or a device’s past activities and trust history.
--   Take one of the previous actions, and also place the device on a watch list to monitor it more closely for potential risks.
--   Take corrective action, such as informing IT administrators to contact the owner and investigate the issue.
-
-Table 21. Windows 10 Mobile HAS data points
-
-| Data point                                               | Description                                                                                                                                                                                                                    |
-|----------------------------------------------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Attestation Identity Key (AIK) present                   | Indicates that an AIK is present (in other words, the device can be trusted more than a device without an AIK).                                                                                                                |
-| Data Execution Prevention (DEP) enabled                  | Whether a DEP policy is enabled for the device, indicating that the device can be trusted more than a device without a DEP policy.                                                                                             |
-| BitLocker status                                         | BitLocker helps protect the storage on the device. A device with BitLocker can be trusted more than a device without BitLocker.                                                                                                |
-| Secure Boot enabled                                      | Whether Secure Boot is enabled on the device. A device with Secure Boot enabled can be trusted more than a device without Secure Boot. Secure Boot is always enabled on Windows 10 Mobile devices.                             |
-| Code integrity enabled                                   | Whether the code integrity of a drive or system file is validated each time it’s loaded into memory. A device with code integrity enabled can be trusted more than a device without code integrity.                            |
-| Safe mode                                                | Whether Windows is running in safe mode. A device that is running Windows in safe mode isn’t as trustworthy as a device running in standard mode.                                                                              |
-| Running Windows Preinstallation Environment (Windows PE) | Whether the device is running Windows PE. A device running Windows PE isn’t as secure as a device running Windows 10 Mobile.                                                                                                   |
-| Boot debug enabled                                       | Whether the device has boot debug enabled. A device that has boot debug enabled is less secure (trusted) than a device without boot debug enabled.                                                                             |
-| OS kernel debugging enabled                              | Whether the device has operating system kernel debugging enabled. A device that has operating system kernel debugging enabled is less secure (trusted) than a device with operating system kernel debugging disabled.          |
-| Test signing enabled                                     | Whether test signing is disabled. A device that has test signing disabled is more trustworthy than a device that has test signing enabled.                                                                                     |
-| Boot Manager Version                                     | The version of the Boot Manager running on the device. The HAS can check this version to determine whether the most current Boot Manager is running, which is more secure (trusted).                                           |
-| Code integrity version                                   | Specifies the version of code that is performing integrity checks during the boot sequence. The HAS can check this version to determine whether the most current version of code is running, which is more secure (trusted).   |
-| Secure Boot Configuration Policy (SBCP) present          | Whether the hash of the custom SBCP is present. A device with an SBCP hash present is more trustworthy than a device without an SBCP hash.                                                                                     |
-| Boot cycle whitelist                                     | The view of the host platform between boot cycles as defined by the manufacturer compared to a published whitelist. A device that complies with the whitelist is more trustworthy (secure) than a device that is noncompliant. |
- 
-### <a href="" id="data-inv"></a>Device inventory
-
-Device inventory helps organizations better manage devices because it provides in-depth information about those devices. MDM systems collect inventory information remotely, and you can use the system’s reporting capabilities to analyze device resources and information. With this information, you can determine the current hardware and software resources of the device (for example, installed updates).
-
-Table 22 lists examples of the Windows 10 Mobile software and hardware information that a device inventory provides. In addition to this information, the MDM system can read any of the configuration settings described in this guide.
-
-Table 22. Windows 10 Mobile software and hardware inventory examples
-
-| Setting  | Description |
-| - | - |
-| Installed enterprise apps | List of the enterprise apps installed on the device |
-| Device name  | The device name configured for the device |
-| Firmware version | Version of firmware installed on the device |
-| Operating system version | Version of the operating system installed on the device |
-| Device local time | Local time on the device |
-| Processor type | Processor type for the device |
-| Device model | Model of the device as defined by the manufacturer |
-| Device manufacturer | Manufacturer of the device |
-| Device processor architecture | Processor architecture for the device |
-| Device language | Language in use on the device |
-| Phone number | Phone number assigned to the device |
-| Roaming status | Indicates whether the device has a roaming cellular connection |
-| International mobile equipment identity (IMEI) and international mobile subscriber identity (IMSI) | Unique identifiers for the cellular connection for the phone; Global System for Mobile Communications networks identify valid devices by using the IMEI, and all cellular networks use the IMSI to identify the device and user | | IPv4 and IPv6 addresses currently assigned to the Wi-Fi adapter in the device                                                                                                                                                   |
-| Wi-Fi media access control (MAC) address | MAC address assigned to the Wi-Fi adapter in the device |
-| Wi-Fi DNS suffix and subnet mask | DNS suffix and IP subnet mask assigned to the Wi-Fi adapter in the device |
-| Secure Boot state | Indicates whether Secure Boot is enabled |
-| Enterprise encryption policy compliance | Indicates whether the device is encrypted |
- 
-### <a href="" id="remote-assist"></a>Remote assistance
-
-The remote assistance features in Windows 10 Mobile help resolve issues that users might encounter even when the help desk does not have physical access to the device. These features include:
-
--   **Remote lock.** Support personnel can remotely lock a device. This ability can help when a user loses his or her mobile device and can retrieve it but not immediately (for example, leaving the device at a customer site).
--   **Remote PIN reset.** Support personnel can remotely reset the PIN, which helps when users forget their PIN and are unable to access their device. No corporate or user data is lost, and users are able to gain access to their devices quickly.
--   **Remote ring.** Support personnel can remotely make devices ring. This ability can help users locate misplaced devices and, in conjunction with the Remote Lock feature, help ensure that unauthorized users are unable to access the device if they find it.
--   **Remote find.** Support personnel can remotely locate a device on a map, which helps identify the geographic location of the device. To configure Windows 10 Mobile remote find, use the settings in Table 23. The remote find feature returns the most current latitude, longitude, and altitude of the device.
+
+**Managing the Update Experience**
+
+*Applies to: Corporate devices with Enterprise edition*
+
+Set update client experience with [Allowautomaticupdate](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_AllowAutoUpdate) policy for your employees. This allows the IT Pro to influence the way the update client on the devices behaves when scanning, downloading, and installing updates. 
+
+This can include: 
+-   Notifying users prior to downloading updates.
+-   Automatically downloading updates, and then notifying users to schedule a restart (this is the default behavior if this policy is not configured).
+-   Automatically downloading and restarting devices with user notification.
+-   Automatically downloading and restarting devices at a specified time.
+-   Automatically downloading and restarting devices without user interaction.
+-   Turning off automatic updates. This option should be used only for systems under regulatory compliance. The device will not receive any updates. 
+
+In addition, in version 1607, you can configure when the update is applied to the employee device to ensure updates installs or reboots don’t interrupt business or worker productivity. Update installs and reboots can be scheduled [outside of active hours](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_ActiveHoursEnd) (supported values are 0-23, where 0 is 12am, 1 is 1am, etc.) or on a specific what [day of the week](https://msdn.microsoft.com/en-us/library/windows/hardware/dn904962(v=vs.85).aspx#Update_ScheduledInstallDay) (supported values are 0-7,  where 0 is every day, 1  is Sunday, 2 is Monday, etc.). 
+
+**Managing the source of updates with MDM**
+
+*Applies to: Corporate devices with Enterprise edition*
+
+Although Windows 10 Enterprise enables IT administrators to defer installation of new updates from Windows Update, enterprises may also want additional control over update processes. With this in mind, Microsoft created Windows Update for Business. Microsoft designed Windows Update for Business to provide IT administrators with additional Windows Update-centric management capabilities, such as the ability to deploy updates to groups of devices and to define maintenance windows for installing updates. If you are using a MDM system, the use of Windows Update for Business is not a requirement, as you can manage these features from your MDM system. 
+
+Learn more about [Windows Update for Business](../plan/windows-update-for-business.md). 
+
+IT administrators can specify where the device gets updates from with AllowUpdateService. This could be Microsoft Update, Windows Update for Business, or Windows Server Update Services (WSUS. 
+
+**Managing Updates with Windows Update Server**
+
+*Applies to: Corporate devices with Enterprise edition*
+
+When using WSUS, set **UpdateServiceUrl** to allow the device to check for updates from a WSUS server instead of Windows Update. This is useful for on-premises MDMs that need to update devices that cannot connect to the Internet, usually handheld devices used for task completion, or other Windows IoT devices. 
+
+Learn more about [managing updates with Windows Server Update Services (WSUS)](https://technet.microsoft.com/en-us/windowsserver/bb332157.aspx)
+
+**Querying the device update status**
+
+*Applies to: Personal and corporate devices*
+
+In addition to configuring how Windows 10 Mobile Enterprise obtains updates, the MDM administrator can query devices for Windows 10 Mobile update information so that update status can be checked against a list of approved updates. 
+
+The device update status query provides an overview of:
+-   Installed updates: A list of updates that are installed on the device. 
+-   Installable updates: A list of updates that are available for installation. 
+-   Failed updates: A list of updates that failed during installation, including indication of why the update failed.
+-   Pending reboot: A list of updates that require a restart to complete update installation. 
+-   Last successful scan time: The last time a successful update scan was completed. 
+-   Defer upgrade: Whether the upgrade is deferred until the next update cycle.		
+
+### <a href="" id="device-health"></a>Device health 
+
+*Applies to: Personal and corporate devices*
+
+Device Health Attestation (DHA) is another line of defense that is new to Windows 10 Mobile. It can be used to remotely detect devices that lack a secure configuration or have vulnerabilities that could allow them to be easily exploited by sophisticated attacks. 
+
+Windows 10 Mobile makes it easy to integrate with Microsoft Intune or third-party MDM solutions for an overall view of device health and compliance. Using these solutions together, you can detect jailbroken devices, monitor device compliance, generate compliance reports, alert users or administrators to issues, initiate corrective action, and manage conditional access to resources like Office 365 or VPN.  
+
+The first version of Device Health Attestation (DHA) was released in June 2015 for Windows 10 devices that supported TPM 2.0 and operated in an enterprise cloud-based topology. In the Windows 10 anniversary release, Device Health Attestation (DHA) capabilities are extended to legacy devices that support TPM 1.2, hybrid, and on-premises environments that have access to the Internet or operate in an air-gapped network. 
+
+The health attestation feature is based on Open Mobile Alliance (OMA) standards. IT managers can use DHA to validate devices that: 
+-   Run Windows 10 operating system (mobile phone or PC)
+-   Support Trusted Module Platform (TPM 1.2 or 2.0) in discrete of firmware format 
+-   Are managed by a DHA-enabled device management solution (Intune or third-party MDM)
+-   Operate in cloud, hybrid, on-premises, and BYOD scenarios 
+
+DHA-enabled device management solutions help IT managers create a unified security bar across all managed Windows 10 Mobile devices. This allows IT managers to:
+-   Collect hardware attested data (highly assured) data remotely
+-   Monitor device health compliance and detect devices that are vulnerable or could be exploited by sophisticated attacks
+-   Take actions against potentially compromised devices, such as: 
+-   Trigger corrective actions remotely so offending device is inaccessible (lock, wipe, or brick the device)
+-   Prevent the device from getting access to high-value assets (conditional access)
+-   Trigger further investigation and monitoring (route the device to a honeypot for further monitoring)
+-   Simply alert the user or the admin to fix the issue 
+
+>**Note:** Windows Device Health Attestation Service can be used for conditional access scenarios which may be enabled by Mobile Device Management solutions (e.g.: Microsoft Intune) and other types of management systems (e.g.: SCCM) purchased separately.
+
+For more information about health attestation in Windows 10 Mobile, see the [Windows 10 Mobile security guide](../keep-secure/windows-10-mobile-security-guide.md).
+
+Thisis a lists of attributes that are supported by DHA and can trigger the corrective actions mentioned above.  
+-   **Attestation Identity Key (AIK) present** Indicates that an AIK is present (i.e., the device can be trusted more than a device without an AIK).
+-   **Data Execution Prevention (DEP) enabled** Whether a DEP policy is enabled for the device, indicating that the device can be trusted more than a device without a DEP policy.
+-   **BitLocker status** BitLocker helps protect the storage on the device. A device with BitLocker can be trusted more than a device without BitLocker.
+-   **Secure Boot enabled** Whether Secure Boot is enabled on the device. A device with Secure Boot enabled can be trusted more than a device without Secure Boot. Secure Boot is always enabled on Windows 10 Mobile devices.
+-   **Code integrity enabled** Whether the code integrity of a drive or system file is validated each time it’s loaded into memory. A device with code integrity enabled can be trusted more than a device without code integrity.
+-   **Safe mode** Whether Windows is running in safe mode. A device that is running Windows in safe mode isn’t as trustworthy as a device running in standard mode.
+-   **Boot debug enabled** Whether the device has boot debug enabled. A device that has boot debug enabled is less secure (trusted) than a device without boot debug enabled.
+-   **OS kernel debugging enabled** Whether the device has operating system kernel debugging enabled. A device that has operating system kernel debugging enabled is less secure (trusted) than a device with operating system kernel debugging disabled.
+-   **Test signing enabled** Whether test signing is disabled. A device that has test signing disabled is more trustworthy than a device that has test signing enabled.
+-   **Boot Manager Version** The version of the Boot Manager running on the device. The HAS can check this version to determine whether the most current Boot Manager is running, which is more secure (trusted).
+-   **Code integrity version** Specifies the version of code that is performing integrity checks during the boot sequence. The HAS can check this version to determine whether the most current version of code is running, which is more secure (trusted).
+-   **Secure Boot Configuration Policy (SBCP) present** Whether the hash of the custom SBCP is present. A device with an SBCP hash present is more trustworthy than a device without an SBCP hash.
+-   **Boot cycle whitelist** The view of the host platform between boot cycles as defined by the manufacturer compared to a published whitelist. A device that complies with the whitelist is more trustworthy (secure) than a device that is noncompliant.
+
+**Example scenario** 
+
+Windows 10 mobile has protective measures that work together and integrate with Microsoft Intune or third-party Mobile Device Management (MDM) solutions. IT administrators can monitor and verify compliance to ensure corporate resources are protected end-to–end with the security and trust rooted in the physical hardware of the device. 
+
+Here is what occurs when a smartphone is turned on:
+1.	Windows 10 Secure Boot protects the boot sequence, enables the device to boot into a defined and trusted configuration, and loads a factory trusted boot loader.
+2.	Windows 10 Trusted Boot takes control, verifies the digital signature of the Windows kernel, and the components are loaded and executed during the Windows startup process.
+3.	In parallel to Steps 1 and 2, Windows 10 Mobile TPM (Trusted Platform Modules – measured boot) runs independently in a hardware-protected security zone (isolated from boot execution path monitors boot activities) to create an integrity protected and tamper evident audit trail - signed with a secret that is only accessible by TPM.   
+4.	Devices managed by a DHA-enabled MDM solution send a copy of this audit trail to Microsoft Health Attestation Service (HAS) in a protected, tamper-resistant, and tamper-evident communication channel.  
+5.	Microsoft HAS reviews the audit trails, issues an encrypted/signed report, and forwards it to the device. 
+6.	IT managers can use a DHA-enabled MDM solution to review the report in a protected, tamper-resistant and tamper-evident communication channel. They can assess if a device is running in a compliant (healthy) state, allow access, or trigger corrective action aligned with security needs and enterprise policies.  
+
+### <a href="" id="asset-reporting"></a>Asset reporting
+
+*Applies to: Corporate devices with Enterprise edition*
+
+Device inventory helps organizations better manage devices because it provides in-depth information about those devices. MDM systems collect inventory information remotely and provide reporting capabilities to analyze device resources and information. This data informs IT about the current hardware and software resources of the device (e.g., installed updates).
+
+The following list shows examples of the Windows 10 Mobile software and hardware information that a device inventory provides. In addition to this information, the MDM system can read any of the configuration settings described in this guide.
+
+-   **Installed enterprise apps** List of the enterprise apps installed on the device
+-   **Device name** The device name configured for the device
+-   **Firmware version** Version of firmware installed on the device
+-   **Operating system version** Version of the operating system installed on the device
+-   **Device local time** Local time on the device
+-   **Processor type** Processor type for the device
+-   **Device model** Model of the device as defined by the manufacturer
+-   **Device manufacturer** Manufacturer of the device
+-   **Device processor architecture** Processor architecture for the device
+-   **Device language** Language in use on the device
+-   **Phone number** Phone number assigned to the device
+-   **Roaming status** Indicates whether the device has a roaming cellular connection
+-   **International mobile equipment identity (IMEI) and international mobile subscriber identity (IMSI)	Unique identifiers for the cellular connection for the phone; Global System for Mobile Communications networks identify valid devices by using the IMEI, and all cellular networks use the IMSI to identify the device and user
+-   **Wi-Fi IP address** IPv4 and IPv6 addresses currently assigned to the Wi-Fi adapter in the device
+-   **Wi-Fi media access control (MAC) address** MAC address assigned to the Wi-Fi adapter in the device
+-   **Wi-Fi DNS suffix and subnet mask** DNS suffix and IP subnet mask assigned to the Wi-Fi adapter in the device
+-   **Secure Boot state** Indicates whether Secure Boot is enabled
+-   **Enterprise encryption policy compliance** Indicates whether the device is encrypted
+
+### <a href="" id="manage-telemetry"></a>Manage telemetry
+
+*Applies to: Corporate devices with Windows 10 Mobile Enterprise edition*
+
+Microsoft uses telemetry (diagnostics, performance, and usage data) from Windows devices to help inform decisions and focus efforts to provide the most robust and valuable platform for your business and the people who count on Windows to enable them to be as productive as possible. Telemetry helps keep Windows devices healthy, improve the operating system, and personalize features and services. 
+
+You can control the level of data that telemetry systems collect. To configure devices, specify one of these levels in the Allow Telemetry setting with your MDM system.
+
+For more information, see [Configure Windows telemetry in Your organization](configure-windows-telemetry-in-your-organization.md).
+
+>**Note:** Telemetry can only be managed when the device is upgraded to Windows 10 Mobile Enterprise edition.
+
+### <a href="" id="mremote-assistance"></a>Remote assistance
+
+*Applies to: Personal and corporate devices*
+
+The remote assistance features in Windows 10 Mobile help resolve issues that users might encounter even when the help desk does not have physical access to the device. These features include:
+-   **Remote lock** Support personnel can remotely lock a device. This ability can help when a user loses his or her mobile device and can retrieve it, but not immediately (e.g., leaving the device at a customer site).
+-   **Remote PIN reset** Support personnel can remotely reset the PIN, which helps when users forget their PIN and are unable to access their device. No corporate or user data is lost and users are able to quickly gain access to their devices.
+-   **Remote ring** Support personnel can remotely make devices ring. This ability can help users locate misplaced devices and, in conjunction with the Remote Lock feature, help ensure that unauthorized users are unable to access the device if they find it.
+-   **Remote find** Support personnel can remotely locate a device on a map, which helps identify the geographic location of the device. Remote find parameters can be configured via phone settings (see table below). The remote find feature returns the most current latitude, longitude, and altitude of the device.
+
+**Remote assistance policies** 
+-   **Desired location accuracy** The desired accuracy as a radius value in meters; has a value between 1 and 1,000 meters
+-   **Maximum remote find** Maximum length of time in minutes that the server will accept a successful remote find; has a value between 0 and 1,000 minutes
+-   **Remote find timeout** The number of seconds devices should wait for a remote find to finish; has a value between 0 and 1,800 seconds
 
 These remote management features help organizations reduce the IT effort required to manage devices. They also help users quickly regain use of their device should they misplace it or forget the device password.
 
-Table 23. Windows 10 Mobile remote find settings
+>**Remote control software** Microsoft does not provide build-in remote control software, but works with partners to deliver these capabilities and services. With version 1607, remote assistant and control applications are available in the Windows Store.
 
-| Setting                   | Description                                                                                                                     |
-|---------------------------|---------------------------------------------------------------------------------------------------------------------------------|
-| Desired location accuracy | The desired accuracy as a radius value in meters; has a value between 1 and 1,000 meters                                        |
-| Maximum remote find       | Maximum length of time in minutes that the server will accept a successful remote find; has a value between 0 and 1,000 minutes |
-| Remote find timeout       | The number of seconds devices should wait for a remote find to finish; has a value between 0 and 1,800 seconds                  |
- 
-### <a href="" id="cloud-serv"></a>Cloud services
+## Retire
 
-On mobile devices that run Windows 10 Mobile, users can easily connect to apps and data. As a result, they frequently connect to cloud services that provide user notifications and collect telemetry (usage data). Windows 10 Mobile enables organizations to manage how devices consume these cloud services.
+*Applies to: Corporate and Personal devices*
 
-**Manage push notifications**
+Device retirement is the last phase of the device lifecycle, which in today’s business environment averages about 18 months. After that time period, employees want the productivity and performance improvements that come with the latest hardware. It’s important that devices being replaced with newer models are securely retired since you don’t want any company data to remain on discarded devices that could compromise the confidentiality of your data. This is typically not a problem with corporate devices, but it can be more challenging in a personal device scenario. You need to be able to selectively wipe all corporate data without impacting personal apps and data on the device. IT also needs a way to adequately support users who need to wipe devices that are lost or stolen.
 
-The Windows Push Notification Services enable software developers to send toast, tile, badge, and raw updates from their cloud services. It provides a mechanism to deliver updates to users in a power-efficient and dependable way.
-Push notifications can affect battery life, however, so the battery saver in Windows 10 Mobile limits background activity on the devices to extend battery life. Users can configure battery saver to turn on automatically when the battery drops below a set threshold. When battery saver is on, Windows 10 Mobile disables the receipt of push notifications to save energy.
+Windows 10 Mobile IT supports device retirement in both personal and corporate scenarios, allowing IT to be confident that corporate data remains confidential and user privacy is protected. 
 
-There is an exception to this behavior, however. In Windows 10 Mobile, the **Always allowed** battery saver settings (found in the Settings app) allow apps to receive push notifications even when battery saver is on. Users can manually configure this list, or you can use the MDM system to configure it—that is, you can use the battery saver settings URI scheme in Windows 10 Mobile (**ms-settings:batterysaver-settings**) to configure these settings.
-For more information about push notifications, see [Windows Push Notification Services (WNS) overview](http://go.microsoft.com/fwlink/p/?LinkId=734060).
+>**Note:** All these MDM capabilities are in addition to the device’s software and hardware factory reset features, which employees can use to restore devices to their factory configuration.
 
-**Manage telemetry**
+**Personal devices:** Windows 10 mobile supports the USA regulatory requirements for a “kill switch” in case your phone is lost or stolen. Reset protection is a free service on account.microsoft.com that helps ensure that the phone cannot be easily reset and reused. All you need to do to turn on **Reset Protection** is sign in with your Microsoft account and accept the recommended settings. To manually turn it on, you can find it under Settings > Updates & security > Find my phone. At this point, Reset Protection is only available with an MSA, not with Azure AD account. It is also only available in the USA and not in other regions of the world. 
 
-As people use Windows 10 Mobile, it can collect performance and usage telemetry that helps Microsoft identify and troubleshoot problems as well as improve its products and services. Microsoft recommends that you select **Full** for this setting.
-Microsoft employees, contractors, vendors, and partners might have access to relevant portions of the information that Windows 10 Mobile collects, but they are permitted to use the information only to repair or improve Microsoft products and services or third-party software and hardware designed for use with Microsoft products and services.
+If you choose to completely wipe a device when lost or when an employee leaves the company, make sure you obtain consent from the user and follow any local legislation that protects the user’s personal data. 
 
-You can control the level of data that MDM systems collect. Table 24 lists the data levels that Windows 10 Mobile collects and provides a brief description of each. To configure devices, specify one of these levels in the **Allow Telemetry** setting.
-Table 24. Windows 10 Mobile data collection levels
-| Level of data | Description |
-|- | - | 
-| Security      | Collects only the information required to keep Windows 10 Mobile enterprise-grade secure, including information about telemetry client settings, the Malicious Software Removal Tool, and Windows Defender. This level is available only on Windows 10 Enterprise, Windows 10 Education, and Windows 10 IoT Core. For Windows 10 Mobile, this setting disables Windows 10 Mobile telemetry. |
-| Basic         | Provides only the data vital to the operation of Windows 10 Mobile. This data level helps keep Windows 10 Mobile and apps running properly by letting Microsoft know the device’s capabilities, what’s installed, and whether Windows is operating correctly. This option also turns on basic error reporting back to Microsoft. By selecting this option, you allow Microsoft to provide updates through Windows Update, including malicious software protection through the Malicious Software Removal Tool. |
-| Enhanced      | Includes all Basic data plus data about how users use Windows 10 Mobile, such as how frequently or how long they use certain features or apps and which apps they use most often. This option also lets operating system collect enhanced diagnostic information, such as the memory state of a device when a system or app crash occurs, and measure reliability of devices, the operating system, and apps.                                                                                                  |
-| Full          | Includes all Basic and Enhanced data and also turns on advanced diagnostic features that collect additional data from devices, such as system files or memory snapshots, which may unintentionally include parts of documents user are working on when a problem occurred. This information helps Microsoft further troubleshoot and fix problems. If an error report contains personal data, Microsoft does not use that information to identify, contact, or target advertising to users.                    |
- 
-## Device retirement
+A better option than wiping the entire device is to use Windows Information Protection to clean corporate-only data from a personal device. As explained in the Apps chapter, all corporate data will be tagged and when the device is unenrolled from your MDM system of your choice, all enterprise encrypted data, apps, settings and profiles will immediately be removed from the device without affecting the employee’s existing personal data. A user can initiate unenrollment via the settings screen or unenrollment action can be taken by IT from within the MDM management console. Unenrollment is a management event and will be reported to the MDM system. 
 
-Device retirement (unenrollment) is the last phase of the device life cycle. Historically, mobile device retirement has been a complex and difficult process for organizations. When the organization no longer needs devices, it must remove (wipe) corporate data from them. BYOD scenarios make retirement even more complex because users expect their personal apps and data to remain untouched. Therefore, organizations must remove their data without affecting users’ data.
+**Corporate device:** You can certainly remotely expire the user’s encryption key in case of device theft, but please remember that that will also make the encrypted data on other Windows devices unreadable for the user. A better approach for retiring a discarded or lost device is to execute a full device wipe. The help desk or device users can initiate a full device wipe. When the wipe is complete, Windows 10 Mobile returns the device to a clean state and restarts the OOBE process. 
 
-You can remotely remove all corporate data from devices that run Windows 10 Mobile without affecting existing user data (partial or enterprise wipe). The help desk or the devices’ users can initiate device retirement. When retirement is complete, Windows 10 Mobile returns the devices to a consumer state, as they were before enrollment. The following list summarizes the corporate data removed from a device when it’s retired:
+**Settings for personal or corporate device retirement**
+-   **Allow manual MDM unenrollment** Whether users are allowed to delete the workplace account (i.e., unenroll the device from the MDM system)
+-   **Allow user to reset phone** Whether users are allowed to use Settings or hardware key combinations to return the device to factory defaults
 
--   Email accounts
--   Enterprise-issued certificates
--   Network profiles
--   Enterprise-deployed apps
--   Any data associated with the enterprise-deployed apps
 
->**Note:**  All these features are in addition to the device’s software and hardware factory reset features, which users can use to restore devices to their factory configuration.
- 
-To specify whether users can delete the workplace account in Control Panel and unenroll from the MDM system, enable the **Allow Manual MDM Unenrollment** setting. Table 25 lists additional Windows 10 remote wipe settings that you can use the MDM system to configure.
-
-Table 25. Windows 10 Mobile remote wipe settings
-
-| Setting                       | Description                                                                                                          |
-|-------------------------------|----------------------------------------------------------------------------------------------------------------------|
-| Wipe                          | Specifies that a remote wipe of the device should be performed                                                       |
-| Allow manual MDM unenrollment | Whether users are allowed to delete the workplace account (in other words, unenroll the device from the MDM system)  |
-| Allow user to reset phone     | Whether users are allowed to use Control Panel or hardware key combinations to return the device to factory defaults |
- 
 ## Related topics
 
-- [Mobile device management](http://go.microsoft.com/fwlink/p/?LinkId=734050)
-- [Enterprise Mobility Suite](http://go.microsoft.com/fwlink/p/?LinkId=723984)
-- [Overview of Mobile Device Management for Office 365](http://go.microsoft.com/fwlink/p/?LinkId=734052)
-- [Windows Store for Business](http://go.microsoft.com/fwlink/p/?LinkId=722910)
+- [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=734050)
+- [Enterprise Mobility + Security](https://go.microsoft.com/fwlink/p/?LinkId=723984)
+- [Overview of Mobile Device Management for Office 365](https://go.microsoft.com/fwlink/p/?LinkId=734052)
+- [Windows Store for Business](https://go.microsoft.com/fwlink/p/?LinkId=722910)
+
+
+## Revision History
+
+-   November 2015   Updated for Windows 10 Mobile (version 1511)
+-   August 2016     Updated for Windows 10 Mobile Anniversary Update (version 1607)
+
diff --git a/windows/manage/windows-10-start-layout-options-and-policies.md b/windows/manage/windows-10-start-layout-options-and-policies.md
index 3b744fbf9e..93ebd58d4e 100644
--- a/windows/manage/windows-10-start-layout-options-and-policies.md
+++ b/windows/manage/windows-10-start-layout-options-and-policies.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Manage Windows 10 Start and taskbar layout
@@ -16,10 +17,12 @@ author: jdeckerMS
 
 -   Windows 10
 
-> **Looking for consumer information?** See [Customize the Start menu](http://windows.microsoft.com/en-us/windows-10/getstarted-see-whats-on-the-menu) and topic-to-be-added-for-taskbars
+> **Looking for consumer information?** See [Customize the Start menu](http://windows.microsoft.com/windows-10/getstarted-see-whats-on-the-menu) 
 
 Organizations might want to deploy a customized Start and taskbar configuration to devices running Windows 10 Enterprise or Windows 10 Education. A standard, customized Start layout can be useful on devices that are common to multiple users and devices that are locked down for specialized purposes. Configuring the taskbar allows the organization to pin useful apps for their employees and to remove apps that are pinned by default.
 
+> **Note:** Taskbar configuration is available starting in Windows 10, version 1607.
+
 ## Start options
 
 ![start layout sections](images/startannotated.png)
@@ -121,11 +124,11 @@ Starting in Windows 10, version 1607, you can pin additional apps to the taskbar
 
 There are three categories of apps that might be pinned to a taskbar:
 * Apps pinned by the user
-* Default Windows apps, pinned during operating system installation (Edge, File Explorer, Store)
+* Default Windows apps, pinned during operating system installation (Microsoft Edge, File Explorer, Store)
 * Apps pinned by the enterprise, such as in an unattended Windows setup
 
  **Note**  
-   The earlier method of using [TaskbarLinks](http://go.microsoft.com/fwlink/p/?LinkId=761230) in an unattended Windows setup file is deprecated in Windows 10, version 1607.
+   The earlier method of using [TaskbarLinks](https://go.microsoft.com/fwlink/p/?LinkId=761230) in an unattended Windows setup file is deprecated in Windows 10, version 1607.
    
 The following example shows how apps will be pinned - Windows default apps to the left (blue circle), apps pinned by the user in the center (orange triangle), and apps that you pin using XML to the right (green square).
 
diff --git a/windows/manage/windows-spotlight.md b/windows/manage/windows-spotlight.md
index af6bd8ed19..f6182e086b 100644
--- a/windows/manage/windows-spotlight.md
+++ b/windows/manage/windows-spotlight.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: jdeckerMS
+localizationpriority: high
 ---
 
 # Windows Spotlight on the lock screen
diff --git a/windows/manage/windows-store-for-business-overview.md b/windows/manage/windows-store-for-business-overview.md
new file mode 100644
index 0000000000..6f8d654f82
--- /dev/null
+++ b/windows/manage/windows-store-for-business-overview.md
@@ -0,0 +1,278 @@
+---
+title: Windows Store for Business overview (Windows 10)
+description: With the new Windows Store for Business, organizations can make volume purchases of Windows apps.
+ms.assetid: 9DA71F6B-654D-4121-9A40-D473CC654A1C
+ms.prod: w10
+ms.pagetype: store, mobile
+ms.mktglfcycl: manage
+ms.sitesec: library
+author: TrudyHa
+localizationpriority: high
+---
+
+# Windows Store for Business overview
+
+
+**Applies to**
+
+-   Windows 10
+-   Windows 10 Mobile
+
+With the new Windows Store for Business, organizations can make volume purchases of Windows apps. The Store for Business provides app purchases based on organizational identity, flexible distribution options, and the ability to reclaim or re-use licenses. Organizations can also use the Store for Business to create a private store for their employees that includes apps from the Store, as well private Line-of-Business (LOB) apps.
+
+## Features
+
+
+Organizations of any size can benefit from using the Store for Business provides:
+
+-   **Scales to fit the size of your business** - For smaller businesses, with Azure AD accounts and Windows 10 devices, you can quickly have an end-to-end process for acquiring and distributing content using the Store for Business. For larger businesses, all the capabilities of the Store for Business are available to you, or you can integrate the Store for Business with management tools, for greater control over access to apps and app updates. You can use existing work or school accounts.
+
+-   **Bulk app acquisition** - Acquire apps in volume from the Store for Business.
+
+-   **Private store** - Curate a private store for your business that’s easily available from any Windows 10 device.
+
+-   **Flexible distribution options** - Flexible options for distributing content and apps to your employee devices:
+
+    -   Distribute through Store for Business services. You can assign apps to individual employees, or make apps available to all employees in your private store.
+
+    -   Use a management tool from Microsoft, or a 3rd-party tool for advanced distribution and management functions, or for managing images.
+
+    -   Offline licensing model allows you to distribute apps without connecting to Store services, and for managing images.
+
+-   **Line-of-business apps** - Privately add and distribute your internal line-of-business apps using any of the distribution options.
+
+-   **App license management**: Admins can reclaim and reuse app licenses. Online and offline licenses allow you to customize how you decide to deploy apps.
+
+-   **Up-to-date apps** - The Store for Business manages the update process for apps with online licenses. Apps are automatically updated so you are always current with the most recent software updates and product features. Store for Business apps also uninstall cleanly, without leaving behind extra files, for times when you need to switch apps for specific employees.
+
+## Prerequisites
+
+
+You'll need this software to work with the Store for Business.
+
+### Required
+
+-   IT Pros that are administering Store for Business need a browser compatible with Store for Business running on a PC or mobile device. Supported browsers include: Internet Explorer 10 or later, Microsoft Edge, or current versions of Chrome or Firefox.
+
+-   Employees using apps from Store for Business need Windows 10, version 1511 running on a PC or mobile device.
+
+Microsoft Azure Active Directory (AD) accounts for your employees:
+
+-   Admins need Azure AD accounts to sign up for the Store for Business, and then to sign in, get apps, distribute apps, and manage app licenses.
+
+-   Employees need Azure AD account when they access Store for Business content from Windows devices.
+
+-   If you use a management tool to distribute and manage online-licensed apps, all employees will need an Azure AD account
+
+-   For offline-licensed apps, Azure AD accounts are not required for employees.
+
+For more information on Azure AD, see [About Office 365 and Azure Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](https://go.microsoft.com/fwlink/p/?LinkId=708611).
+
+### Optional
+
+While not required, you can use a management tool to distribute and manage apps. Using a management tool allows you to distribute content, scope app availability, and control when app updates are installed. This might make sense for larger organizations that already use a management tool. A couple of things to note about management tools:
+
+-   Need to integrate with Windows 10 management framework and Azure AD.
+
+-   Need to sync with the Store for Business inventory to distribute apps.
+
+## How does the Store for Business work?
+
+
+### Sign up!
+
+The first step for getting your organization started with the Store for Business is signing up. To sign up for the Business store, you need an Azure AD account and you must be a Global Administrator for your organization.
+
+For more information, see [Sign up for the Store for Business](../manage/sign-up-windows-store-for-business.md).
+
+### Set up
+
+After your admin signs up for the Store for Business, they can assign roles to other employees in your company. The admin needs Azure AD User Admin permissions to assign WSFB roles. These are the roles and their permissions.
+
+<table>
+<colgroup>
+<col width="20%" />
+<col width="20%" />
+<col width="20%" />
+<col width="20%" />
+<col width="20%" />
+</colgroup>
+<thead>
+<tr class="header">
+<th align="left">Permission</th>
+<th align="left">Account settings</th>
+<th align="left">Acquire apps</th>
+<th align="left">Distribute apps</th>
+<th align="left">Device Guard signing</th>
+</tr>
+</thead>
+<tbody>
+<tr class="odd">
+<td align="left"><p>Admin</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"></td>
+</tr>
+<tr class="even">
+<td align="left"><p>Purchaser</p></td>
+<td align="left"></td>
+<td align="left"><p>X</p></td>
+<td align="left"><p>X</p></td>
+<td align="left"></td>
+</tr>
+<tr class="odd">
+<td align="left"><p>Device Guard signer</p></td>
+<td align="left"></td>
+<td align="left"></td>
+<td align="left"></td>
+<td align="left"><p>X</p></td>
+</tr>
+</tbody>
+</table>
+
+ 
+
+In some cases, admins will need to add Azure Active Directory (AD) accounts for their employees. For more information, see [Manage user accounts and groups](../manage/manage-users-and-groups-windows-store-for-business.md).
+
+Also, if your organization plans to use a management tool, you’ll need to configure your management tool to sync with the Store for Business.
+
+### Get apps and content
+
+Once signed in to the Store for Business, you can browse and search for all products in the Store for Business catalog. Some apps are free, and some apps charge a price. We're continuing to add more paid apps to the Store for Business. Check back if you don't see the app that you're looking for. Currently, you can pay for apps with a credit card. We'll be adding more payment options over time. 
+
+**App types** -- These app types are supported in the Store for Business:
+
+-   Universal Windows Platform apps
+
+-   Universal Windows apps, by device: Phone, Surface Hub, IOT devices, HoloLens
+
+Apps purchased from the Store for Business only work on Windows 10 devices.
+
+Line-of-business (LOB) apps are also supported via the Business store. You can invite IT developers or ISVs to be LOB publishers for your organization. This allows them to submit apps via the developer center that are only available to your organization. These apps can be distributed using the distribution methods discussed in this topic. For more information, see [Working with Line-of-Business apps](working-with-line-of-business-apps.md).
+
+**App licensing model**
+
+The Business store supports two options to license apps: online and offline. **Online** licensing is the default licensing model and is similar to the Windows Store. Online licensed apps require users and devices to connect to the Store for Business service to acquire an app and its license. **Offline** licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center.
+
+For more information, see [Apps in the Store for Business](../manage/apps-in-windows-store-for-business.md#licensing-model).
+
+### Distribute apps and content
+
+App distribution is handled through two channels, either through the Store for Business, or using a management tool. You can use either or both distribution methods in your organization.
+
+**Using the Store for Business** – Distribution options for the Store for Business:
+
+-   Email link – After purchasing an app, admins can send employees a link in an email message. Employees can click the link to install the app.
+
+-   Curate private store for all employees – A private store can include content you’ve purchased from the Store, and your line-of-business apps that you’ve submitted to the Store for Business. Apps in your private store are available to all of your employees. They can browse the private store and install apps when needed.
+
+-   To use the options above users must be signed in with an Azure AD account on a Windows 10 device.
+
+**Using a management tool** – For larger organizations that might want a greater level of control over how apps are distributed and managed, a management tools provides other distribution options:
+
+-   Scoped content distribution – Ability to scope content distribution to specific groups of employees.
+
+-   Install apps for employees – Employees are not responsible for installing apps. Management tool installs apps for employees.
+
+Management tools can synchronize content that has been acquired in the Store for Business. If an offline application has been purchased this will also include the app package, license and metadata for the app (like, icons, count, or localized product descriptions). Using the metadata, management tools can enable portals or apps as a destination for employees to acquire apps.
+
+For more information, see [Distribute apps to your employees from the Store for Business](../manage/distribute-apps-to-your-employees-windows-store-for-business.md).
+
+### Manage Store for Business settings and content
+
+Once you are signed up with the Business store and have purchased apps, Admins can manage Store for Business settings and inventory.
+
+**Manage Store for Business settings**
+
+-   Assign and change roles for employees or groups
+
+-   Device Guard signing
+
+-   Register a management server to deploy and install content
+
+-   Manage relationships with LOB publishers
+
+-   Manage offline licenses
+
+-   Update the name of your private store
+
+**Manage inventory**
+
+-   Assign app licenses to employees
+
+-   Reclaim and reassign app licenses
+
+-   Manage app updates for all apps, or customize updates for each app. Online apps will automatically update from the Store. Offline apps can be updated using a management server.
+
+-   Download apps for offline installs
+
+For more information, see [Manage settings in the Store for Business](../manage/manage-settings-windows-store-for-business.md) and [Manage apps](../manage/manage-apps-windows-store-for-business-overview.md).
+
+## Supported markets
+
+
+Store for Business is currently available in these markets.
+
+|Country or locale|Paid apps|Free apps|
+|-----------------|---------|---------|
+|Argentina|X|X|
+|Australia|X|X|
+|Austria|X|X|
+|Belgium (Dutch, French)|X|X|
+|Brazil| |X|
+|Canada (English, French)|X|X|
+|Chile|X|X|
+|Columbia|X|X|
+|Croatia|X|X|
+|Czech Republic|X|X|
+|Denmark|X|X|
+|Finland|X|X|
+|France|X|X|
+|Germany|X|X|
+|Greece|X|X|
+|Hong Kong SAR|X|X|
+|Hungary|X|X|
+|India| |X|
+|Indonesia|X|X|
+|Ireland|X|X|
+|Italy|X|X|
+|Japan|X|X|
+|Malaysia|X|X|
+|Mexico|X|X|
+|Netherlands|X|X|
+|New Zealand|X|X|
+|Norway|X|X|
+|Philippines|X|X|
+|Poland|X|X|
+|Portugal|X|X|
+|Romania|X|X|
+|Russia| |X|
+|Singapore|X|X|
+|Slovakia|X|X|
+|South Africa|X|X|
+|Spain|X|X|
+|Sweden|X|X|
+|Switzerland (French, German)|X|X|
+|Taiwan| |X|
+|Thailand|X|X|
+|Turkey|X|X|
+|Ukraine| |X|
+|United Kingdom|X|X|
+|United States|X|X|
+|Vietnam|X|X|
+  
+## <a href="" id="isv-wsfb"></a>ISVs and the Store for Business
+
+
+Developers in your organization, or ISVs can create content specific to your organization. In the Store for Business, we call these line-of-business (LOB) apps, and the devs that create them are LOB publishers. The process looks like this:
+
+-   Admin invites devs to be LOB publishers for your organization. These devs can be internal devs, or external ISVs.
+
+-   LOB publishers accept the invitation, develop apps, and submits the app to the Windows Dev Center. LOB publishers use Enterprise associations when submitting the app to make the app exclusive to your organization.
+
+-   Admin adds the app to Store for Business inventory.
+
+Once the app is in inventory, admins can choose how to distribute the app. ISVs creating apps through the dev center can make their apps available in the Store for Business. ISVs can opt-in their apps to make them available for offline licensing. Apps purchased in the Store for Business will work only on Windows 10.
+
+For more information on line-of-business apps, see [Working with Line-of-Business apps](../manage/working-with-line-of-business-apps.md).
diff --git a/windows/manage/windows-store-for-business.md b/windows/manage/windows-store-for-business.md
index d3a4044273..67a6d43bab 100644
--- a/windows/manage/windows-store-for-business.md
+++ b/windows/manage/windows-store-for-business.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Windows Store for Business
diff --git a/windows/manage/working-with-line-of-business-apps.md b/windows/manage/working-with-line-of-business-apps.md
index f780a06748..f16e66fee9 100644
--- a/windows/manage/working-with-line-of-business-apps.md
+++ b/windows/manage/working-with-line-of-business-apps.md
@@ -7,6 +7,7 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
 author: TrudyHa
+localizationpriority: high
 ---
 
 # Working with line-of-business apps
@@ -21,7 +22,7 @@ Your company can make line-of-business (LOB) applications available through Wind
 
 Developers within your own company, or ISVs that you invite, can become LOB publishers and submit apps to the Windows Store for your company. Once a LOB publisher submits an app for your company, the app is only available to your company. LOB publishers submit apps through the Windows Dev Center using the same process as all apps that are in the Store, and then can be managed or deployed using the same process as any other app that has been acquired through the Store.
 
-One advantage of making apps available through Store for Business is that the app has been signed by the Store, and uses the standard Store policies. For companies that can’t submit their application through the Windows Dev Center (for example, those needing additional capabilities or due to compliance purposes), [Sideloading](http://go.microsoft.com/fwlink/p/?LinkId=623433) is also supported in Windows 10.
+One advantage of making apps available through Store for Business is that the app has been signed by the Store, and uses the standard Store policies. For companies that can’t submit their application through the Windows Dev Center (for example, those needing additional capabilities or due to compliance purposes), [Sideloading](https://go.microsoft.com/fwlink/p/?LinkId=623433) is also supported in Windows 10.
 
 ## <a href="" id="adding-lob-apps"></a>Adding LOB apps to your private store
 
@@ -38,7 +39,7 @@ What you'll have to set up:
 
 -   Your company needs to be signed up with Store for Business.
 
--   LOB publishers need to have an active developer account. To learn more about account options, see [Ready to sign up](http://go.microsoft.com/fwlink/p/?LinkId=623432).
+-   LOB publishers need to have an active developer account. To learn more about account options, see [Ready to sign up](https://go.microsoft.com/fwlink/p/?LinkId=623432).
 
 -   LOB publishers need to have an app in the Store, or have an app ready to submit to the Store.
 
@@ -48,7 +49,7 @@ For developers within your own organization, or ISVs you're working with to crea
 
 **To invite a developer to become an LOB publisher**
 
-1.  Sign in to the [Windows Store for Business]( http://go.microsoft.com/fwlink/p/?LinkId=623531).
+1.  Sign in to the [Windows Store for Business]( https://go.microsoft.com/fwlink/p/?LinkId=623531).
 2.  Click **Settings**, and then choose **LOB publishers**.
 3.  On the Line-of business publishers page, click **Add** to complete a form and send an email invitation to a developer.<br>
 **Note** This needs to be the email address listed in contact info for the developer account. 
@@ -57,16 +58,16 @@ For developers within your own organization, or ISVs you're working with to crea
 
 The developer receives an email invite to become an LOB publisher for your company. Once they accept the invite, they can log in to the Windows Dev Center to create an app submission for your company. The info here assumes that devs or ISVs have an active developer account.
 
-After an app is published and available in the Store, ISVs publish an updated version by creating another submission in their dashboard. Creating a new submission allows the ISV to make the changes required to create a LOB app for your company. To learn more about updates to an app submission, see [App submissions](http://go.microsoft.com/fwlink/p/?LinkId=623463) and [Distributing LOB apps to enterprises](http://go.microsoft.com/fwlink/p/?LinkId=627543).
+After an app is published and available in the Store, ISVs publish an updated version by creating another submission in their dashboard. Creating a new submission allows the ISV to make the changes required to create a LOB app for your company. To learn more about updates to an app submission, see [App submissions](https://go.microsoft.com/fwlink/p/?LinkId=623463) and [Distributing LOB apps to enterprises](https://go.microsoft.com/fwlink/p/?LinkId=627543).
 
 **To create a new submission for an app**
 
-1.  Sign in to the [Windows Dev Center](http://go.microsoft.com/fwlink/p/?LinkId=623486), go to your Dashboard, and click the app you want to make available as an LOB app.
+1.  Sign in to the [Windows Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=623486), go to your Dashboard, and click the app you want to make available as an LOB app.
 2.  On the App overview page, under **Action**, click **Update**.
 
     -OR-
 
-    Submit your app following the guidelines in [App submissions](http://go.microsoft.com/fwlink/p/?LinkId=623463). Be sure to completed steps 3 and 4 when you set app pricing and availability options.
+    Submit your app following the guidelines in [App submissions](https://go.microsoft.com/fwlink/p/?LinkId=623463). Be sure to completed steps 3 and 4 when you set app pricing and availability options.
 
 3.  On the **Pricing and availability** page, under **Distribution and visibility**, click **Line-of-business (LOB) distribution**, and then choose the enterprise(s) who will get the LOB app. No one else will have access to the app.
 4.  Under **Organizational licensing**, click **Show options**.
@@ -79,8 +80,8 @@ After an app is published and available in the Store, ISVs publish an updated ve
 
 5.  Click **Save** to save your changes and start the app submission process.
 
-For more information, see [Organizational licensing options]( http://go.microsoft.com/fwlink/p/?LinkId=708615) and [Distributing LOB apps to enterprises](http://go.microsoft.com/fwlink/p/?LinkId=627543).<br>
-**Note** In order to get the LOB app, the organization must be located in a [supported market](https://technet.microsoft.com/en-us/itpro/windows/whats-new/windows-store-for-business-overview#supported-markets), and you must not have excluded that market when submitting your app.
+For more information, see [Organizational licensing options]( https://go.microsoft.com/fwlink/p/?LinkId=708615) and [Distributing LOB apps to enterprises](https://go.microsoft.com/fwlink/p/?LinkId=627543).<br>
+**Note** In order to get the LOB app, the organization must be located in a [supported market](https://technet.microsoft.com/itpro/windows/whats-new/windows-store-for-business-overview#supported-markets), and you must not have excluded that market when submitting your app.
 
 ### <a href="" id="add-lob-app-to-inventory"></a>Add app to inventory (admin)
 
diff --git a/windows/plan/TOC.md b/windows/plan/TOC.md
index c7591ce190..7118e1238c 100644
--- a/windows/plan/TOC.md
+++ b/windows/plan/TOC.md
@@ -1,5 +1,5 @@
 # [Plan for Windows 10 deployment](index.md)
-## [Windows 10 servicing options](windows-10-servicing-options.md)
+## [Windows 10 servicing overview](windows-10-servicing-options.md)
 ## [Windows 10 deployment considerations](windows-10-deployment-considerations.md)
 ## [Windows 10 compatibility](windows-10-compatibility.md)
 ## [Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
@@ -108,4 +108,4 @@
 ### [ACT Product and Documentation Resources](act-product-and-documentation-resources.md)
 ### [ACT Glossary](act-glossary.md)
 ### [Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md)
-## [Change history for Plan for Windows 10 deployment](change-history-for-plan-for-windows-10-deployment.md)
+## [Change history for Plan for Windows 10 deployment](change-history-for-plan-for-windows-10-deployment.md)
\ No newline at end of file
diff --git a/windows/plan/act-community-ratings-and-process.md b/windows/plan/act-community-ratings-and-process.md
index 6d28ac6493..e9c34a2026 100644
--- a/windows/plan/act-community-ratings-and-process.md
+++ b/windows/plan/act-community-ratings-and-process.md
@@ -1,48 +1,5 @@
 ---
 title: ACT Community Ratings and Process (Windows 10)
 description: The Application Compatibility Toolkit (ACT) Community uses the Microsoft® Compatibility Exchange to share compatibility ratings between all registered ACT Community members.
-ms.assetid: be6c8c71-785b-4adf-a375-64ca7d24e26c
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.sitesec: library
-ms.pagetype: appcompat
-author: TrudyHa
----
-
-# ACT Community Ratings and Process
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The Application Compatibility Toolkit (ACT) Community uses the Microsoft® Compatibility Exchange to share compatibility ratings between all registered ACT Community members.
-
-When you access the Microsoft Compatibility Exchange as a registered ACT Community member, you can upload your compatibility data to the community and download issues from other ACT Community members. For information about how compatibility ratings are entered, see [Selecting Your Compatibility Rating](selecting-your-compatibility-rating.md).
-
-ACT takes your information and combines it with all of the information provided by the other ACT Community users and shows the average rating as a color gradient from one to five bars.
-
-![act community](images/dep-win8-e-act-communityexample.gif)
-
-## Process for Synchronizing Compatibility Ratings
-
-
-The following diagram shows the process for synchronizing compatibility ratings with the ACT Community.
-
-You have the option to exclude applications from being shared with the Microsoft Compatibility Exchange. However, you will not get compatibility ratings from the ACT Community for any application that you exclude. For more information, see [Sending and Receiving Compatibility Data](sending-and-receiving-compatibility-data.md).
-
-![act community workflow](images/dep-win8-l-act-communityworkflowdiagram.jpg)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/act-database-configuration.md b/windows/plan/act-database-configuration.md
index dc8103e03e..7c07865d8a 100644
--- a/windows/plan/act-database-configuration.md
+++ b/windows/plan/act-database-configuration.md
@@ -1,85 +1,5 @@
 ---
 title: ACT Database Configuration (Windows 10)
 description: The Application Compatibility Toolkit (ACT) uses a Microsoft® SQL Server® database for storing and sharing compatibility issue data.
-ms.assetid: 032bbfe0-86fa-48ff-b638-b9d6a908c45e
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# ACT Database Configuration
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The Application Compatibility Toolkit (ACT) uses a Microsoft® SQL Server® database for storing and sharing compatibility issue data. If you do not use Microsoft SQL Server, you can download and install Microsoft SQL Server Express. For information about creating Microsoft SQL Server databases, see [Administering the Database Engine](http://go.microsoft.com/fwlink/p/?LinkId=64169).
-
-## ACT Database Creation
-
-
-You can create the ACT database by using one of the following methods:
-
--   Run Application Compatibility Manager (ACM), and then use the ACT Configuration Wizard to create a new database.
-
-    -or-
-
--   Run the CreateDB.sql file, located at %SYSTEMDRIVE%\\ProgramData\\Microsoft\\Application Compatibility Toolkit\\CreateDB.sql.
-
-### ACT Database Permissions
-
-You must assign the following database roles to the following accounts.
-
--   To the user and local service accounts that will run the ACT Log Processing Service (LPS), assign the db\_datareader, db\_datawriter, and db\_owner database roles.
-
--   To the user account that will run Application Compatibility Manager (ACM), assign the db\_datareader and db\_datawriter database roles.
-
-Alternatively, grant the following explicit permissions to each user that will run the ACT LPS or ACM.
-
--   SELECT
-
--   INSERT
-
--   UPDATE
-
--   DELETE
-
--   EXECUTE
-
-### ACT Database Recommendations
-
-We also recommend that you make the following changes to the database as part of your deployment planning:
-
--   **Create a larger database, including a larger log file–size setting, and then set the growth increments appropriately**. If you create a database with the default setting for data storage, the data portion of the database will have an initial size of 1 megabyte (MB), and a growth increment of 1 MB. If you create a database with the default setting for log file storage, the log file portion of the database will have an initial size of 1 MB and a growth increment of 10 percent. We recommend that you maintain a data-to-log file ratio of 5:1 or 4:1. For example, if your data portion is 5 gigabytes (GB), your log file portion should be 1 GB.
-
--   **Change the recovery model of your database**. The default recovery model is **Full**, but we recommend that you change the recovery model to **Simple** to improve performance and reduce disk space requirements.
-
--   **Store the data portion and log file portion of your ACT database on separate hard drives**. Unless otherwise specified by your SQL Administrator, the default is for the data and log files to be stored on the same hard drive. We recommend separating the data from the log files to reduce disk I/O contention.
-
-## Related topics
-
-
-[ACT Tools, Packages, and Services](act-tools-packages-and-services.md)
-
-[ACT Deployment Options](act-deployment-options.md)
-
-[ACT Database Migration](act-database-migration.md)
-
-[ACT LPS Share Permissions](act-lps-share-permissions.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/act-database-migration.md b/windows/plan/act-database-migration.md
index 4b4009c05e..e8b5e9b74f 100644
--- a/windows/plan/act-database-migration.md
+++ b/windows/plan/act-database-migration.md
@@ -1,68 +1,5 @@
 ---
 title: ACT Database Migration (Windows 10)
 description: The schema for an ACT database can change when ACT is updated or when a new version of ACT is released.
-ms.assetid: b13369b4-1fb7-4889-b0b8-6d0ab61aac3d
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# ACT Database Migration
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The schema for an ACT database can change when ACT is updated or when a new version of ACT is released. If the schema for an ACT database does not match the current schema, you can migrate the compatibility data to a new database. You can then use the current version of ACT to open the new database.
-
-To create the new database, you must have database-creation permissions on the instance of SQL Server.
-
-## Migrating Compatibility Data from an ACT Database
-
-
-You can migrate compatibility data from an ACT database to a new database by using one of the following methods:
-
--   Run Application Compatibility Manager (ACM), and then use the ACT Configuration Wizard to open the database. The wizard guides you through migrating the compatibility data to a new database.
-
--   Run the MigrateDB.sql file, located at %SYSTEMDRIVE%\\ProgramData\\Microsoft\\Application Compatibility Toolkit\\MigrateDB.sql.. The following table shows the location of the MigrateDB.sql file.
-
-## Database Migration from ACT 5.6
-
-
-When you migrate compatibility data from an ACT 5.6 database to a new database, the following information is excluded from the migration:
-
--   Issues that were reported by ACT 5.6 data-collection packages (DCPs).
-
--   Solutions that correspond to issues reported by ACT 5.6 DCPs.
-
--   Lists of file names that ACT 5.6 associated with each application.
-
-You cannot migrate any compatibility data from ACT databases that were created on a version of ACT before ACT 5.6.
-
-## Related topics
-
-
-[ACT Tools, Packages, and Services](act-tools-packages-and-services.md)
-
-[ACT Deployment Options](act-deployment-options.md)
-
-[ACT Database Configuration](act-database-configuration.md)
-
-[ACT LPS Share Permissions](act-lps-share-permissions.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/act-deployment-options.md b/windows/plan/act-deployment-options.md
index 32bb1e10f0..a550b72152 100644
--- a/windows/plan/act-deployment-options.md
+++ b/windows/plan/act-deployment-options.md
@@ -1,61 +1,5 @@
 ---
 title: ACT Deployment Options (Windows 10)
 description: While planning your deployment of the Application Compatibility Toolkit (ACT), consider which computers you want running the various tools, packages, and services for ACT.
-ms.assetid: 90d56dd8-8d57-44e8-bf7a-29aabede45ba
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# ACT Deployment Options
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-While planning your deployment of the Application Compatibility Toolkit (ACT), consider which computers you want running the various tools, packages, and services for ACT.
-
-The following diagram shows supported deployment options for an ACT installation. The options listed first are the most highly recommended.
-
-![act supported topologies](images/dep-win8-l-act-supportedtopologies.jpg)
-
-## Collecting Data Across Domains
-
-
-If you plan to deploy inventory-collector packages to computers running Windows XP, where some of the computers are on a different domain than the ACT LPS share, do one of the following:
-
--   Set up a separate ACT LPS share on each domain and configure the inventory-collector package to upload log files to the ACT LPS share on the same domain.
-
--   Set up a single ACT LPS share on one computer. On the computer that hosts the share, use Group Policy to allow connections from anonymous users.
-
-These steps are not necessary if the computers where you deploy inventory-collector packages are running Windows Vista, Windows 7, Windows 8, Windows 8.1, or Windows 10.
-
-If you choose to have distributed logging with a subsequent step of moving log files to your central share, move the files to the central share before processing the files. You can move the files manually or use a technology like Distributed File-System Replication (DFSR).
-
-## Related topics
-
-
-[ACT Tools, Packages, and Services](act-tools-packages-and-services.md)
-
-[ACT Database Configuration](act-database-configuration.md)
-
-[ACT Database Migration](act-database-migration.md)
-
-[ACT LPS Share Permissions](act-lps-share-permissions.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/act-glossary.md b/windows/plan/act-glossary.md
index 87b42aab6e..17f66a70be 100644
--- a/windows/plan/act-glossary.md
+++ b/windows/plan/act-glossary.md
@@ -1,118 +1,5 @@
 ---
 title: ACT Glossary (Windows 10)
 description: The following table lists terms and definitions used by the Application Compatibility Toolkit (ACT).
-ms.assetid: 984d1cce-c1ac-4aa8-839a-a23e15da6f32
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# ACT Glossary
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The following table lists terms and definitions used by the Application Compatibility Toolkit (ACT).
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Term</th>
-<th align="left">Definition</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>ACT Community</p></td>
-<td align="left"><p>An online environment that enables ACT users to share issues and solution data with other registered ACT users.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>ACT Log Processing Service (LPS)</p></td>
-<td align="left"><p>The service that processes the log files uploaded from your client computers, adding the information to your ACT database.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>AppHelp message</p></td>
-<td align="left"><p>A type of compatibility fix. An AppHelp message is designed to appear when a user starts an application that has compatibility issues. The message can prevent the application from starting, or simply provide information about compatibility issues in the application.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Application Compatibility Manager (ACM)</p></td>
-<td align="left"><p>The user interface that enables you to view reports generated from the ACT database. This is also where you create data-collection packages.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Compatibility Administrator</p></td>
-<td align="left"><p>A tool that enables you to create and deploy compatibility fixes, compatibility modes, and AppHelp messages, to resolve your compatibility issues.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>compatibility fix</p></td>
-<td align="left"><p>A small piece of code that intercepts API calls from applications, transforming them so that Windows will provide the same product support for the application as previous versions of the operating system. Previously known as a &quot;shim&quot;.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>compatibility mode</p></td>
-<td align="left"><p>Group of compatibility fixes found to resolve many common application compatibility issues.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>compatibility solution</p></td>
-<td align="left"><p>The solution to a known compatibility issue, as entered by the user, Microsoft, or a vendor.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>data-collection package</p></td>
-<td align="left"><p>A Windows installer (.msi) file created by Application Compatibility Manager (ACM) for deploying to each of your client computers. Data-collection packages include inventory collection packages and runtime analysis packages.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>deployment</p></td>
-<td align="left"><p>The process of distributing and installing a software program throughout an entire organization. A deployment is not the same as a pilot, which is where you provide the software application to a smaller group of users to identify and evaluate problems that might occur during the actual deployment.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>independent software vendor (ISV)</p></td>
-<td align="left"><p>An individual or an organization that independently creates computer software.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>inventory-collector package</p></td>
-<td align="left"><p>A package that examines each of your organization's computers to identify the installed applications and system information. You can view the results on the Analyze screen in ACM.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Microsoft Compatibility Exchange</p></td>
-<td align="left"><p>A web service that transfers compatibility information between Microsoft and the ACT database.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>runtime-analysis package</p></td>
-<td align="left"><p>A data-collection package that you deploy to computers in a test environment for compatibility testing. The runtime-analysis package includes tools for monitoring applications for compatibility issues and submitting compatibility feedback.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>session 0</p></td>
-<td align="left"><p>The session that is used for all of the system services. Previously, users could run in Session 0 without issues; however, this was changed in Windows Vista so that all users are now required to run in Session 1 or later.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>shim</p></td>
-<td align="left"><p>See Other Term: compatibility fix</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>User Account Control (UAC)</p></td>
-<td align="left"><p>A security feature that helps prevent unauthorized changes to a computer, by asking the user for permission or administrator credentials before performing actions that could potentially affect the computer's operation or that change settings that affect multiple users.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/act-lps-share-permissions.md b/windows/plan/act-lps-share-permissions.md
index f2496dc915..37a6534881 100644
--- a/windows/plan/act-lps-share-permissions.md
+++ b/windows/plan/act-lps-share-permissions.md
@@ -1,76 +1,5 @@
 ---
 title: ACT LPS Share Permissions (Windows 10)
 description: To upload log files to the ACT Log Processing Service (LPS) share, certain permissions must be set at the share level and folder level.
-ms.assetid: 51f6ddf7-f424-4abe-a0e0-71fe616f9e84
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# ACT LPS Share Permissions
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-To upload log files to the ACT Log Processing Service (LPS) share, certain permissions must be set at the share level and folder level.
-
-## Share-Level Permissions
-
-
-The **Everyone** group must have **Change** and **Read** permissions to the ACT LPS share.
-
-**To set the share-level permissions**
-
-1.  Browse to the ACT LPS share, right-click the folder, and select **Properties**.
-
-2.  Click the **Sharing** tab, share the folder, and then click **Permissions**.
-
-3.  Add the **Everyone** group if it is not already listed, and then select the **Change** and **Read** check boxes in the **Allow** column.
-
-## Folder-Level Permissions (NTFS Only)
-
-
-The **Everyone** group must have **Write** access to the ACT LPS share.
-
-The ACT Log Processing Service account must have **List Folder Contents**, **Read**, and **Write** permissions.
-
--   If the ACT Log Processing Service account is **Local System Account**, apply the permissions to the *&lt;domain&gt;*\\*&lt;computer&gt;*$ account.
-
--   If the ACT Log Processing Service is a user account, apply the permissions to the specific user.
-
-**To set the folder-level permissions**
-
-1.  In Windows Explorer, right-click the folder for the ACT LPS share, and then click **Properties**.
-
-2.  Click the **Security** tab, add the account that runs the ACT Log Processing Service, and then select the **List Folder Contents**, **Read**, and **Write** check boxes in the **Allow** column.
-
-3.  Add the **Everyone** group if it is not already listed, and then select the **Write** check box in the **Allow** column.
-
-## Related topics
-
-
-[ACT Tools, Packages, and Services](act-tools-packages-and-services.md)
-
-[ACT Deployment Options](act-deployment-options.md)
-
-[ACT Database Configuration](act-database-configuration.md)
-
-[ACT Database Migration](act-database-migration.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/act-operatingsystem-application-report.md b/windows/plan/act-operatingsystem-application-report.md
index 3c0f49d348..62da93a40d 100644
--- a/windows/plan/act-operatingsystem-application-report.md
+++ b/windows/plan/act-operatingsystem-application-report.md
@@ -1,80 +1,5 @@
 ---
 title: OperatingSystem - Application Report (Windows 10)
 description: This section describes the compatibility reports in Application Compatibility Manager (ACM) and how you can work with the reports.
-ms.assetid: 9721485b-6092-4974-8cfe-c84472237a57
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# &lt;OperatingSystem&gt; - Application Report
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section describes the compatibility reports in Application Compatibility Manager (ACM) and how you can work with the reports.
-
-The **&lt;OperatingSystem&gt; - Application Report** screen shows the following information for the applications from which you have collected data:
-
--   The application name, application vendor, and application version.
-
--   Your organization’s compatibility rating for the application.
-
--   Compatibility ratings from users in your organization who are using a runtime analysis package to test the application.
-
--   Whether the information for the application is included in the synchronization process with the Microsoft Compatibility Exchange.
-
--   Compatibility information for the application from the application vendor.
-
--   Compatibility ratings from the ACT Community, if you are a member of the ACT Community. To join the ACT Community, see [Settings Dialog Box - Preferences Tab](act-settings-dialog-box-preferences-tab.md).
-
--   The count of active issues for the application.
-
--   The count of computers in your organization on which the application is installed.
-
-**To open the &lt;OperatingSystem&gt; - Application Report screen**
-
-1.  In ACM, on the **Quick Reports** pane, click **Analyze**.
-
-2.  In the **Quick Reports** pane, under an operating system heading, click **Applications**.
-
-## <a href="" id="using-the--operatingsystem----application-report-screen"></a>Using the &lt;OperatingSystem&gt; - Application Report Screen
-
-
-On the **&lt;OperatingSystem&gt; - Application Report** screen, you can perform the following actions:
-
--   Export the report data to a spreadsheet, or import a report. For more information, see [Saving, Opening, and Exporting Reports](saving-opening-and-exporting-reports.md).
-
--   Choose whether to synchronize data for each application with the Microsoft Compatibility Exchange. For more information, see [Selecting the Send and Receive Status for an Application](selecting-the-send-and-receive-status-for-an-application.md).
-
--   Synchronize your compatibility issues by using the Microsoft Compatibility Exchange. For more information, see [Sending and Receiving Compatibility Data](sending-and-receiving-compatibility-data.md).
-
--   Filter the report by using the query builder. For more information, see [Filtering Your Compatibility Data](filtering-your-compatibility-data.md).
-
--   Select your compatibility rating for an application. For more information, see [Selecting Your Compatibility Rating](selecting-your-compatibility-rating.md).
-
--   Select your deployment status for an application. For more information, see [Selecting Your Deployment Status](selecting-your-deployment-status.md).
-
--   Assign categories and subcategories to an application. For more information, see [Categorizing Your Compatibility Data](categorizing-your-compatibility-data.md).
-
--   Specify the importance of an application to your organization. For more information, see [Prioritizing Your Compatibility Data](prioritizing-your-compatibility-data.md).
-
--   Double-click an application name to view the associated dialog box. For more information, see [&lt;Application&gt; Dialog Box](application-dialog-box.md).
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/act-operatingsystem-computer-report.md b/windows/plan/act-operatingsystem-computer-report.md
index 3547b28c17..bf508ee97a 100644
--- a/windows/plan/act-operatingsystem-computer-report.md
+++ b/windows/plan/act-operatingsystem-computer-report.md
@@ -1,62 +1,5 @@
 ---
 title: OperatingSystem - Computer Report (Windows 10)
-ms.assetid: ed0a56fc-9f2a-4df0-8cef-3a09d6616de8
-description: 
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# &lt;OperatingSystem&gt; - Computer Report
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The **&lt;OperatingSystem&gt; - Computer Report** screen shows the following information for each computer in your organization:
-
--   The computer name, domain, and operating system.
-
--   The count of applications and devices installed on the computer.
-
--   The count of installed applications and devices that have issues.
-
-**To open the &lt;OperatingSystem&gt; - Computer Report screen**
-
-1.  In Application Compatibility Manager (ACM), on the **Quick Reports** pane, click **Analyze**.
-
-2.  In the **Quick Reports** pane, under an operating system heading, click **Computers**.
-
-## <a href="" id="using-the--operatingsystem----computer-report-screen"></a>Using the &lt;OperatingSystem&gt; - Computer Report Screen
-
-
-On the **&lt;OperatingSystem&gt; - Computer Report** screen, you can perform the following actions:
-
--   Export the report data to a spreadsheet, or import a report. For more information, see [Saving, Opening, and Exporting Reports](saving-opening-and-exporting-reports.md).
-
--   Synchronize your compatibility issues by using the Microsoft Compatibility Exchange. For more information, see [Sending and Receiving Compatibility Data](sending-and-receiving-compatibility-data.md).
-
--   Filter the report by using the query builder. For more information, see [Filtering Your Compatibility Data](filtering-your-compatibility-data.md).
-
--   Assign categories and subcategories to a computer. For more information, see [Categorizing Your Compatibility Data](categorizing-your-compatibility-data.md).
-
--   Specify the importance of a computer to your organization. For more information, see [Prioritizing Your Compatibility Data](prioritizing-your-compatibility-data.md).
-
--   Double-click a computer name to view its associated dialog box. For more information, see [&lt;Computer&gt; Dialog Box](computer-dialog-box.md).
-
- 
-
- 
-
-
-
-
-
+description: This section describes the compatibility reports in Application Compatibility Manager (ACM) and how you can work with the reports.
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/act-operatingsystem-device-report.md b/windows/plan/act-operatingsystem-device-report.md
index 67e74536c6..6668aa3041 100644
--- a/windows/plan/act-operatingsystem-device-report.md
+++ b/windows/plan/act-operatingsystem-device-report.md
@@ -1,64 +1,5 @@
 ---
 title: OperatingSystem - Device Report (Windows 10)
-ms.assetid: 8b5a936f-a92e-46a7-ac44-6edace262355
-description: 
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# &lt;OperatingSystem&gt; - Device Report
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The **&lt;OperatingSystem&gt; - Device Report** screen shows the following information for each device installed in your organization:
-
--   The model and manufacturer of the device.
-
--   The class of device, as reported by the device.
-
--   An evaluation from the device manufacturer of whether the device works on a 32-bit operating system or a 64-bit operating system.
-
--   The count of computers on which the device is installed.
-
-**To open the &lt;OperatingSystem&gt; - Device Report screen**
-
-1.  In Application Compatibility Manager (ACM), on the **Quick Reports** pane, click **Analyze**.
-
-2.  In the **Quick Reports** pane, under an operating system heading, click **Devices**.
-
-## <a href="" id="using-the--operatingsystem----device-report-screen"></a>Using the &lt;OperatingSystem&gt; - Device Report Screen
-
-
-On the **&lt;OperatingSystem&gt; - Device Report** screen, you can:
-
--   Export the report data to a spreadsheet, or import a report. For more information, see [Saving, Opening, and Exporting Reports](saving-opening-and-exporting-reports.md).
-
--   Synchronize your compatibility issues by using the Microsoft Compatibility Exchange. For more information, see [Sending and Receiving Compatibility Data](sending-and-receiving-compatibility-data.md).
-
--   Filter the report by using the query builder. For more information, see [Filtering Your Compatibility Data](filtering-your-compatibility-data.md).
-
--   Assign categories and subcategories to a device. For more information, see [Categorizing Your Compatibility Data](categorizing-your-compatibility-data.md).
-
--   Specify the importance of a device to your organization. For more information, see [Prioritizing Your Compatibility Data](prioritizing-your-compatibility-data.md).
-
--   Double-click a device name to view its associated dialog box. For more information, see [&lt;Device&gt; Dialog Box](device-dialog-box.md).
-
- 
-
- 
-
-
-
-
-
+description: This section describes the compatibility reports in Application Compatibility Manager (ACM) and how you can work with the reports.
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/act-product-and-documentation-resources.md b/windows/plan/act-product-and-documentation-resources.md
index 02677af71d..2c3290db5b 100644
--- a/windows/plan/act-product-and-documentation-resources.md
+++ b/windows/plan/act-product-and-documentation-resources.md
@@ -1,62 +1,8 @@
 ---
 title: ACT Product and Documentation Resources (Windows 10)
 description: The following sections provide links to resources and reference material for the Application Compatibility Toolkit (ACT).
-ms.assetid: c7954b5a-164d-4548-af58-cd3a1de5cc43
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
 ---
-
-# ACT Product and Documentation Resources
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The following sections provide links to resources and reference material for the Application Compatibility Toolkit (ACT).
-
-## Information Related to the Application Compatibility Toolkit
-
-
--   [Microsoft SQL Server](http://go.microsoft.com/fwlink/p/?LinkId=184584). Use Microsoft SQL Server to take full advantage of ACT features. Visit the SQL Server home page for product information, technical resources, and support.
-
--   [Microsoft SQL Server Express Edition](http://go.microsoft.com/fwlink/p/?LinkId=690325). If you are not already running SQL Server, download a free version of SQL Server Express and its management tools.
-
--   [Microsoft System Center Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=690326). Visit the System Center Configuration Manager home page for product information, technical resources, and support.
-
--   [Microsoft Application Verifier](http://go.microsoft.com/fwlink/p/?LinkId=52529). Application Verifier is required by the Standard User Analyzer tool.
-
-## Information About Application Compatibility
-
-
--   [Application Compatibility home page](http://go.microsoft.com/fwlink/p/?LinkId=184586). Go here for general application compatibility information, including videos, key resources, advice, and technical guidance.
-
--   [Windows Developer Center home page](http://go.microsoft.com/fwlink/p/?LinkId=184587). Find information about the Windows SDK, including how to develop your application, how to get help with compatibility issues, and other development-related content.
-
-## Information About Windows Deployment
-
-
--   [Microsoft Deployment Toolkit](http://go.microsoft.com/fwlink/p/?LinkId=618117). Download the latest version of the Microsoft Deployment Toolkit (MDT) to assist with image creation and automated installation, reduce deployment time, standardize desktop and server images, limit service disruptions, reduce post-deployment help desk costs, and improve security and ongoing configuration management.
-
--   [Windows website](http://go.microsoft.com/fwlink/p/?LinkId=731). Visit the Windows home page for product information, technical resources, and support.
-
-## Related topics
-
-
-[Troubleshooting ACT](troubleshooting-act.md)
-
-[Using ACT](using-act.md)
-
-[Software Requirements for ACT](software-requirements-for-act.md)
-
  
 
  
diff --git a/windows/plan/act-settings-dialog-box-preferences-tab.md b/windows/plan/act-settings-dialog-box-preferences-tab.md
index 6af88e476e..eaa5fec362 100644
--- a/windows/plan/act-settings-dialog-box-preferences-tab.md
+++ b/windows/plan/act-settings-dialog-box-preferences-tab.md
@@ -1,65 +1,5 @@
 ---
 title: Settings Dialog Box - Preferences Tab (Windows 10)
 description: To display the Settings dialog box, in Application Compatibility Manager (ACM), on the Tools menu, click Settings.
-ms.assetid: deae2100-4110-4d72-b5ee-7c167f80bfa4
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Settings Dialog Box - Preferences Tab
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-To display the **Settings** dialog box, in Application Compatibility Manager (ACM), on the **Tools** menu, click **Settings**.
-
-In the **Settings** dialog box, on the **Preferences** tab, use the following controls to join or leave the ACT Community, send ACT usage data to Microsoft, or be notified when there are updates available for ACT.
-
-<a href="" id="yes--i-want-to-join-the-act-community"></a>**Yes, I want to join the ACT Community**  
-If this check box is selected, you are a member of the ACT Community and can share application compatibility data with other ACT users.
-
-If this check box is cleared, you still receive compatibility data from the Microsoft compatibility database, but not from other ACT users.
-
-For more information about the ACT Community, see [ACT Community Ratings and Process](act-community-ratings-and-process.md).
-
-<a href="" id="send-act-usage-data-to-microsoft"></a>**Send ACT usage data to Microsoft**  
-If this check box is selected, the following ACT usage data is sent to Microsoft:
-
--   The version of SQL Server being used by the ACT database.
-
--   The count of 32-bit or 64-bit computers in your organization.
-
--   The count of computers running a Windows operating system.
-
--   The operating systems you intend to deploy into your organization.
-
--   The count of computers to which you deployed data-collection packages.
-
-If this check box is cleared, your ACT usage data is not sent to Microsoft.
-
-<a href="" id="notify-me-when-a-newer-version-of-act-is-available--recommended-"></a>**Notify me when a newer version of ACT is available (recommended)**  
-If this check box is selected, ACM notifies you when an update is available for ACT.
-
-## Related topics
-
-
-[Settings Dialog Box - Settings Tab](act-settings-dialog-box-settings-tab.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/act-settings-dialog-box-settings-tab.md b/windows/plan/act-settings-dialog-box-settings-tab.md
index 0f1b179b3c..30e7000dd2 100644
--- a/windows/plan/act-settings-dialog-box-settings-tab.md
+++ b/windows/plan/act-settings-dialog-box-settings-tab.md
@@ -1,66 +1,5 @@
 ---
 title: Settings Dialog Box - Settings Tab (Windows 10)
 description: To display the Settings dialog box, in Application Compatibility Manager (ACM), on the Tools menu, click Settings.
-ms.assetid: aeec1647-cf91-4f8b-9f6d-dbf4b898d901
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Settings Dialog Box - Settings Tab
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-To display the **Settings** dialog box, in Application Compatibility Manager (ACM), on the **Tools** menu, click **Settings**.
-
-In the **Settings** dialog box, on the **Settings** tab, use the following controls to modify the settings for your ACT database and ACT Log Processing Service.
-
-<a href="" id="sql-server"></a>**SQL Server**  
-Lists the database server name for the SQL Server database server that contains your ACT database.
-
-Click **Browse** to search for available database servers. A **Select Server** dialog box appears from which you can select the database server that contains your ACT database.
-
-<a href="" id="database"></a>**Database**  
-Lists the database name of your ACT database.
-
-<a href="" id="change"></a>**Change**  
-Opens the user interface where you can create, open, or migrate an ACT database.
-
-<a href="" id="this-computer-is-configured-as-a-log-processing-service"></a>**This computer is configured as a Log Processing Service**  
-If selected, indicates that this computer is used for the ACT Log Processing Service. Clear this check box to use a different computer to process the logs.
-
-If there is no designated ACT Log Processing Service, log processing defaults to the local computer.
-
-<a href="" id="log-processing-service-account"></a>**Log Processing Service Account**  
-Specifies the account information, including the account type and account credentials, to be used to start the ACT Log Processing Service.
-
-The account must have read and write access to the ACT database. For information about setting up database permissions for the ACT Log Processing Service, see [Troubleshooting ACT Database Issues](troubleshooting-act-database-issues.md).
-
-<a href="" id="log-share"></a>**Log Share**  
-Specifies the absolute path to the ACT Log Processing Service share where log files are processed. Click **Browse** to search for a location. The **Share as** box automatically updates to show the directory name.
-
-For information about ensuring that all computers can access the share, see [Troubleshooting the ACT Log Processing Service](troubleshooting-the-act-log-processing-service.md).
-
-## Related topics
-
-
-[Settings Dialog Box - Preferences Tab](act-settings-dialog-box-preferences-tab.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/act-technical-reference.md b/windows/plan/act-technical-reference.md
index c05f03fc92..29e311a2f5 100644
--- a/windows/plan/act-technical-reference.md
+++ b/windows/plan/act-technical-reference.md
@@ -13,77 +13,37 @@ author: TrudyHa
 
 
 **Applies to**
+- Windows 10, version 1607
+ 
+We've replaced the majority of functionality included in the Application Compatibility Toolkit (ACT) with Upgrade Analytics, a solution in the Microsoft Operations Management Suite. Upgrade Analytics gives enterprises the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released.
+ 
+Microsoft developed Upgrade Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. 
+ 
+With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. 
+ 
+Use Upgrade Analytics to get:
+- A visual workflow that guides you from pilot to production
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+- Detailed computer and application inventory
 
-The Microsoft® Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows® operating system.
+- Powerful computer level search and drill-downs 
 
-By using ACT, you can obtain compatibility information from Microsoft and software vendors, identify compatibility issues within your own organization, and share compatibility ratings with other ACT users. The tools in ACT help you analyze and mitigate compatibility issues before you deploy a version of Windows to your organization.
+- Guidance and insights into application and driver compatibility issues, with suggested fixes 
 
-ACT is available in the [Windows Assessment and Deployment Kit (ADK) for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=526740).
+- Data driven application rationalization tools
+
+- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
+
+- Data export to commonly used software deployment tools, including System Center Configuration Manager
+
+The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. For more information about Upgrade Analytics, see [Manage Windows upgrades with Upgrade Analytics](https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics)
+
+At the same time, we've kept the Standard User Analyzer tool, which helps you test your apps and to monitor API calls for potential compatibility issues, and the Compatiblility Administrator, which helps you to resolve potential compatibility issues.
 
 ## In this section
 
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Welcome to ACT](welcome-to-act.md)</p></td>
-<td align="left"><p>The Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows® operating system. With ACT, you can obtain compatibility information from Microsoft and software vendors, identify compatibility issues within your own organization, and share compatibility ratings with other ACT users. The tools in ACT help you analyze and mitigate compatibility issues before deploying a version of Windows to your organization.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Configuring ACT](configuring-act.md)</p></td>
-<td align="left"><p>This section provides information about setting up the Application Compatibility Toolkit (ACT) in your organization.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Using ACT](using-act.md)</p></td>
-<td align="left"><p>This section describes how to use the Application Compatibility Toolkit (ACT) in your organization.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Troubleshooting ACT](troubleshooting-act.md)</p></td>
-<td align="left"><p>This section provides troubleshooting information for the Application Compatibility Toolkit (ACT).</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[ACT User Interface Reference](act-user-interface-reference.md)</p></td>
-<td align="left"><p>This section contains information about the user interface for Application Compatibility Manager (ACM), which is a tool in the Application Compatibility Toolkit (ACT).</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[ACT Product and Documentation Resources](act-product-and-documentation-resources.md)</p></td>
-<td align="left"><p>The following sections provide links to resources and reference material for the Application Compatibility Toolkit (ACT).</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[ACT Glossary](act-glossary.md)</p></td>
-<td align="left"><p>The following table lists terms and definitions used by the Application Compatibility Toolkit (ACT).</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md)</p></td>
-<td align="left"><p>You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
-
-
+|Topic |Description |
+|------|------------|
+|[Standard User Analyzer (SUA) User's Guide](sua-users-guide.md) |The Standard User Analyzer (SUA) helps you test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows. |
+|[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md) |The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows to your organization. |
+|[Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md) |You can fix some compatibility issues that are due to the changes made between Windows operating system versions. These issues can include User Account Control (UAC) restrictions. |
\ No newline at end of file
diff --git a/windows/plan/act-toolbar-icons-in-acm.md b/windows/plan/act-toolbar-icons-in-acm.md
index 9a0d2b3e79..bd6b97dcde 100644
--- a/windows/plan/act-toolbar-icons-in-acm.md
+++ b/windows/plan/act-toolbar-icons-in-acm.md
@@ -1,233 +1,5 @@
 ---
 title: Toolbar Icons in ACM (Windows 10)
 description: The following table shows icons that appear on toolbars and navigational elements in Application Compatibility Manager (ACM).
-ms.assetid: 44872da1-c7ad-41b9-8323-d3c3f49b2706
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Toolbar Icons in ACM
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The following table shows icons that appear on toolbars and navigational elements in Application Compatibility Manager (ACM).
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left"><strong>Icon</strong></th>
-<th align="left"><strong>Description</strong></th>
-<th align="left"><strong>Location</strong></th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-home.gif" alt="ACT home icon" /></td>
-<td align="left"><p>Opens the <strong>Application Compatibility Manager Overview</strong> screen.</p></td>
-<td align="left"><ul>
-<li><p><strong>Collect</strong> toolbar</p></li>
-<li><p><strong>Analyze</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-createnewdcp.gif" alt="ACT Create new DCP" /></td>
-<td align="left"><p>Opens the <strong>New Data Collection Package</strong> dialog box.</p>
-<p>For more information, see [Creating a Runtime-Analysis Package](creating-a-runtime-analysis-package.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Collect</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-exportdcp.gif" alt="ACT export DCP" /></td>
-<td align="left"><p>Exports your data-collection package settings.</p>
-<p>For more information, see [Exporting a Data-Collection Package](exporting-a-data-collection-package.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Collect</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-delete.gif" alt="ACT delete icon" /></td>
-<td align="left"><p>Deletes a data-collection package that has not yet run on your client computers.</p>
-<p>For more information, see [Deleting a Data-Collection Package](deleting-a-data-collection-package.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Collect</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-open.gif" alt="ACT open icon" /></td>
-<td align="left"><p>Imports an existing compatibility report.</p>
-<p>For more information, see [Saving, Opening, and Exporting Reports](saving-opening-and-exporting-reports.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Analyze</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-savereport.gif" alt="ACT save report" /></td>
-<td align="left"><p>Saves a compatibility report, including your preferences and settings.</p>
-<p>For more information, see [Saving, Opening, and Exporting Reports](saving-opening-and-exporting-reports.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Analyze</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-exportreportdata.gif" alt="ACT export report data" /></td>
-<td align="left"><p>Exports your report data to a Microsoft® Excel® spreadsheet (.xls) file.</p>
-<p>For more information, see [Saving, Opening, and Exporting Reports](saving-opening-and-exporting-reports.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Analyze</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-sendandreceive.gif" alt="ACT send and receive" /></td>
-<td align="left"><p>Synchronizes your compatibility data with the Microsoft Compatibility Exchange.</p>
-<p>For more information, see [Sending and Receiving Compatibility Data](sending-and-receiving-compatibility-data.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Analyze</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-filterdata.gif" alt="ACT filter data" /></td>
-<td align="left"><p>Turns the query builder on or off.</p>
-<p>For more information, see [Filtering Your Compatibility Data](filtering-your-compatibility-data.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Analyze</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-riskassessment.gif" alt="ACT Risk Assessment" /></td>
-<td align="left"><p>Opens the <strong>Set Assessment</strong> dialog box.</p>
-<p>For more information, see [Selecting Your Compatibility Rating](selecting-your-compatibility-rating.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Analyze</strong> toolbar</p></li>
-<li><p><strong>Report Details</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-deploymentstatus.gif" alt="ACT deployment status" /></td>
-<td align="left"><p>Opens the <strong>Set Deployment Status</strong> dialog box.</p>
-<p>For more information, see [Selecting Your Deployment Status](selecting-your-deployment-status.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Analyze</strong> toolbar</p></li>
-<li><p><strong>Report Details</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-categorize.gif" alt="ACT categorize icon" /></td>
-<td align="left"><p>Opens the <strong>Assign Categories</strong> dialog box.</p>
-<p>For more information, see [Categorizing Your Compatibility Data](categorizing-your-compatibility-data.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Analyze</strong> toolbar</p></li>
-<li><p><strong>Report Details</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-prioritize.gif" alt="ACT prioritize icon" /></td>
-<td align="left"><p>Opens the <strong>Assign Priorities</strong> dialog box.</p>
-<p>For more information, see [Prioritizing Your Compatibility Data](prioritizing-your-compatibility-data.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Analyze</strong> toolbar</p></li>
-<li><p><strong>Report Details</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-sendandreceiveicon.gif" alt="ACT send and receive icon" /></td>
-<td align="left"><p>Opens the <strong>Send and Receive Status</strong> dialog box.</p>
-<p>For more information, see [Selecting the Send and Receive Status for an Application](selecting-the-send-and-receive-status-for-an-application.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Analyze</strong> toolbar</p></li>
-<li><p><strong>Report Details</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-addissue.gif" alt="ACT Add issue icon" /></td>
-<td align="left"><p>Opens the <strong>Add Issue</strong> dialog box.</p>
-<p>For more information, see [Adding or Editing an Issue](adding-or-editing-an-issue.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Report Details</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-addsolution.gif" alt="ACT add solution" /></td>
-<td align="left"><p>Opens the <strong>Add Solution</strong> dialog box.</p>
-<p>For more information, see [Adding or Editing a Solution](adding-or-editing-a-solution.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Report Details</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-save.gif" alt="ACT Save icon" /></td>
-<td align="left"><p>Saves a compatibility issue.</p></td>
-<td align="left"><ul>
-<li><p><strong>Add Issue</strong> dialog box</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-reactivate-resolved-issue.gif" alt="ACT Reactivate resolved issue icon" /></td>
-<td align="left"><p>Reactivates a resolved compatibility issue.</p>
-<p>For more information, see [Resolving an Issue](resolving-an-issue.md).</p></td>
-<td align="left"><ul>
-<li><p><strong>Add Issue</strong> dialog box</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-refresh.gif" alt="ACT refresh icon" /></td>
-<td align="left"><p>Refreshes the screen. If you are using the query builder, updates the screen with the query results.</p></td>
-<td align="left"><ul>
-<li><p><strong>Collect</strong> toolbar</p></li>
-<li><p><strong>Analyze</strong> toolbar</p></li>
-<li><p><strong>Data Collection Package - Status</strong> toolbar</p></li>
-<li><p><strong>Report Details</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-moveupanddown.gif" alt="ACT move up and down icons" /></td>
-<td align="left"><p>Enables you to scroll up and down the screen or dialog box information, showing the related details.</p>
-<p>This button may not be available for all issues or information.</p></td>
-<td align="left"><ul>
-<li><p><strong>Report Details</strong> toolbar</p></li>
-<li><p><strong>Add Issue</strong> dialog box</p></li>
-<li><p><strong>New Data Collection Package</strong> dialog box</p></li>
-<li><p><strong>Data Collection Package - Status</strong> toolbar</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-help.gif" alt="ACT help icon" /></td>
-<td align="left"><p>Opens the online Help system.</p></td>
-<td align="left"><ul>
-<li><p>All screens</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Ratings Icons in ACM](ratings-icons-in-acm.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/act-tools-packages-and-services.md b/windows/plan/act-tools-packages-and-services.md
index bf9c2bf728..7e20751a4a 100644
--- a/windows/plan/act-tools-packages-and-services.md
+++ b/windows/plan/act-tools-packages-and-services.md
@@ -1,60 +1,5 @@
 ---
 title: ACT Tools, Packages, and Services (Windows 10)
 description: The Application Compatibility Toolkit is included with the Windows ADK. Download the Windows ADK.
-ms.assetid: f5a16548-7d7b-4be9-835e-c06158dd0b89
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# ACT Tools, Packages, and Services
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The Application Compatibility Toolkit is included with the Windows ADK. [Download the Windows ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
-
-ACT includes the following:
-
--   **Application Compatibility Manager (ACM):** A tool that you can use to create your data-collection packages and analyze the collected inventory and compatibility data.
-
--   **Inventory-collector package:** A data-collection package that can be deployed to computers to gather inventory data that will be uploaded to the ACT database.
-
--   **Runtime-analysis package:** A data-collection package that can be deployed to computers in a test environment for compatibility testing on the new operating system.
-
--   **ACT Log Processing Service (LPS):** A service that is used to process the ACT log files uploaded from the computers where your data-collection packages have been installed. The service adds the information to your ACT database.
-
--   **ACT LPS share:** A file share that is accessed by the ACT LPS, to store the log files that will be processed and added to the ACT database.
-
--   **ACT database:** A Microsoft® SQL Server database that stores the collected inventory and compatibility data. You can use ACM to view the information stored in the ACT database.
-
--   **Microsoft Compatibility Exchange:** A web service that propagates application-compatibility issues.
-
-## Related topics
-
-
-[ACT Deployment Options](act-deployment-options.md)
-
-[ACT Database Configuration](act-database-configuration.md)
-
-[ACT Database Migration](act-database-migration.md)
-
-[ACT LPS Share Permissions](act-lps-share-permissions.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/act-user-interface-reference.md b/windows/plan/act-user-interface-reference.md
index ff28470715..affbef996f 100644
--- a/windows/plan/act-user-interface-reference.md
+++ b/windows/plan/act-user-interface-reference.md
@@ -1,74 +1,5 @@
 ---
 title: ACT User Interface Reference (Windows 10)
 description: This section contains information about the user interface for Application Compatibility Manager (ACM), which is a tool in the Application Compatibility Toolkit (ACT).
-ms.assetid: 303d3dd7-2cc1-4f5f-b032-b7e288b04893
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# ACT User Interface Reference
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section contains information about the user interface for Application Compatibility Manager (ACM), which is a tool in the Application Compatibility Toolkit (ACT).
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Toolbar Icons in ACM](act-toolbar-icons-in-acm.md)</p></td>
-<td align="left"><p>The following table shows icons that appear on toolbars and navigational elements in Application Compatibility Manager (ACM).</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Ratings Icons in ACM](ratings-icons-in-acm.md)</p></td>
-<td align="left"><p>Compatibility ratings can originate from Microsoft, the application vendor, your organization, and from the Application Compatibility Toolkit (ACT) community.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Activating and Closing Windows in ACM](activating-and-closing-windows-in-acm.md)</p></td>
-<td align="left"><p>The <strong>Windows</strong> dialog box shows the windows that are open in Application Compatibility Manager (ACM).</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Settings for ACM](settings-for-acm.md)</p></td>
-<td align="left"><p>This section provides information about settings that you can configure in Application Compatibility Manager (ACM).</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Using ACT](using-act.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/activating-and-closing-windows-in-acm.md b/windows/plan/activating-and-closing-windows-in-acm.md
index dfa085659e..4640049e22 100644
--- a/windows/plan/activating-and-closing-windows-in-acm.md
+++ b/windows/plan/activating-and-closing-windows-in-acm.md
@@ -1,47 +1,8 @@
 ---
 title: Activating and Closing Windows in ACM (Windows 10)
 description: The Windows dialog box shows the windows that are open in Application Compatibility Manager (ACM).
-ms.assetid: 747bf356-d861-4ce7-933e-fa4ecfac7be5
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
 ---
-
-# Activating and Closing Windows in ACM
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The **Windows** dialog box shows the windows that are open in Application Compatibility Manager (ACM).
-
-**To view a list of the open windows in ACM**
-
--   On the **Window** menu, click **Windows**.
-
-**To show an open window in ACM**
-
--   In the **Windows** dialog box, click the window name from the list of open windows, and then click **Activate**.
-
-    The selected window appears on top of any others on your screen.
-
-**To close one or more windows in ACM**
-
--   In the **Windows** dialog box, click one or more window names from the list of open windows, and then click **Close Window(s)**.
-
-## Related topics
-
-
-[Managing Your Data-Collection Packages](managing-your-data-collection-packages.md)
-
  
 
  
diff --git a/windows/plan/adding-or-editing-a-solution.md b/windows/plan/adding-or-editing-a-solution.md
index f16e5237b2..b5a52a45c2 100644
--- a/windows/plan/adding-or-editing-a-solution.md
+++ b/windows/plan/adding-or-editing-a-solution.md
@@ -1,105 +1,5 @@
 ---
 title: Adding or Editing a Solution (Windows 10)
 description: If you find your own solutions to compatibility issues, you can enter the solutions in Application Compatibility Manager (ACM). You can use the Microsoft Compatibility Exchange to upload solutions to Microsoft Corporation.
-ms.assetid: 86cb8804-d577-4af6-b96f-5e0409784a23
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Adding or Editing a Solution
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-If you find your own solutions to compatibility issues, you can enter the solutions in Application Compatibility Manager (ACM). You can use the Microsoft Compatibility Exchange to upload solutions to Microsoft Corporation.
-
-## Adding Solutions for Compatibility Issues with Your Applications and Websites
-
-
-You can view or add solutions only for applications or websites.
-
-**Note**  
-The following examples use the **&lt;Application\_Name&gt;** dialog box. The procedures for websites are similar.
-
- 
-
-**To add a solution**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, double-click the name of the application to display the **&lt;Application\_Name&gt;** dialog box.
-
-2.  Click the **Issues** tab.
-
-3.  On the **Actions** menu, click **Add Solution**.
-
-4.  Enter the information from the following table, and then click **Save**.
-
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">Field</th>
-    <th align="left">Description</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>Title</p></td>
-    <td align="left"><p>Can be up to 100 characters in length.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>Solution Type</p></td>
-    <td align="left"><p>You must select a value from the list.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>Solution Details</p></td>
-    <td align="left"><p>Information about your solution, including the steps to reproduce your fix.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>Solution Details URL</p></td>
-    <td align="left"><p>URL for a page that shows more information about the solution.</p></td>
-    </tr>
-    </tbody>
-    </table>
-
-     
-
-**To edit an existing solution**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, double-click the name of the application to display the &lt;Application\_Name&gt; dialog box.
-
-2.  Click the **Issues** tab.
-
-3.  Double-click the issue that includes the solution that you want to modify.
-
-4.  Click the **Solutions** tab.
-
-5.  Double-click the solution to edit.
-
-6.  Modify the information about the solution, and then click **Save**.
-
-    **Note**  
-    You can only modify your own solutions. You cannot modify solutions entered by other users.
-
-     
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/adding-or-editing-an-issue.md b/windows/plan/adding-or-editing-an-issue.md
index 75e4e67390..08d2098675 100644
--- a/windows/plan/adding-or-editing-an-issue.md
+++ b/windows/plan/adding-or-editing-an-issue.md
@@ -1,115 +1,5 @@
 ---
 title: Adding or Editing an Issue (Windows 10)
 description: In Application Compatibility Manager (ACM), you can enter information about the compatibility issues that you discover.
-ms.assetid: 8a9fff79-9f88-4ce2-a4e6-b9382f28143d
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Adding or Editing an Issue
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-In Application Compatibility Manager (ACM), you can enter information about the compatibility issues that you discover.
-
-You can use the Microsoft Compatibility Exchange to share compatibility information with others. For information about the Microsoft Compatibility Exchange, see [Sending and Receiving Compatibility Data](sending-and-receiving-compatibility-data.md).
-
-## Adding Issues for Your Applications and Websites
-
-
-You can view or add issues only for applications or websites.
-
-**Note**  
-The following examples use the **&lt;Application\_Name&gt;** dialog box. The procedures are similar for websites.
-
- 
-
-**To add an issue**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, double-click the name of the application to display the **&lt;Application\_Name&gt;** dialog box.
-
-2.  On the **Actions** menu, click **Add Issue**.
-
-3.  Enter the information from the following table, and then click **Save**.
-
-    <table>
-    <colgroup>
-    <col width="50%" />
-    <col width="50%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">Field</th>
-    <th align="left">Description</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>Title</p></td>
-    <td align="left"><p>Can be up to 256 characters in length.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>Priority</p></td>
-    <td align="left"><p>You must select a value from the list.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>Severity</p></td>
-    <td align="left"><p>You must select a value from the list.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>Symptom</p></td>
-    <td align="left"><p>You must select a value from the list.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>Cause</p></td>
-    <td align="left"><p>You must select a value from the list.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>Affected Operating Systems</p></td>
-    <td align="left"><p>Operating systems on which the issue occurs. You must select at least one operating system.</p></td>
-    </tr>
-    <tr class="odd">
-    <td align="left"><p>Issue Description</p></td>
-    <td align="left"><p>Description of the issue, including the steps to reproduce the problem.</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>Link to More Information</p></td>
-    <td align="left"><p>URL for a page that shows more information about the issue.</p></td>
-    </tr>
-    </tbody>
-    </table>
-
-     
-
-**To edit an existing issue**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, double-click the name of the application that includes the issue you want to modify.
-
-2.  In the **&lt;Application\_Name&gt;** dialog box, click the **Issues** tab, and then double-click the specific issue to be edited.
-
-3.  Modify the issue information, and then click **Save**.
-
-    **Note**  
-    You can modify your own issues. You cannot modify issues entered by another user.
-
-     
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/analyzing-your-compatibility-data.md b/windows/plan/analyzing-your-compatibility-data.md
index 30f6a43c24..2d69b55931 100644
--- a/windows/plan/analyzing-your-compatibility-data.md
+++ b/windows/plan/analyzing-your-compatibility-data.md
@@ -1,80 +1,5 @@
 ---
 title: Analyzing Your Compatibility Data (Windows 10)
 description: This section provides information about viewing and working with your compatibility data in Application Compatibility Manager (ACM).
-ms.assetid: b98f3d74-fe22-41a2-afe8-2eb2799933a1
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Analyzing Your Compatibility Data
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section provides information about viewing and working with your compatibility data in Application Compatibility Manager (ACM).
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Viewing Your Compatibility Reports](viewing-your-compatibility-reports.md)</p></td>
-<td align="left"><p>This section describes the compatibility reports in Application Compatibility Manager (ACM) and how you can work with the reports.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Organizing Your Compatibility Data](organizing-your-compatibility-data.md)</p></td>
-<td align="left"><p>This section provides step-by-step instructions for organizing your compatibility data in Application Compatibility Manager (ACM).</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Filtering Your Compatibility Data](filtering-your-compatibility-data.md)</p></td>
-<td align="left"><p>You can use Query Builder to filter your compatibility-issue data or reports by selecting specific restriction criteria.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Sending and Receiving Compatibility Data](sending-and-receiving-compatibility-data.md)</p></td>
-<td align="left"><p>The Microsoft® Compatibility Exchange is a web service that propagates application compatibility issues between various data sources, for example Microsoft Corporation, independent software vendors (ISVs) and the ACT Community. This process involves checking for updated compatibility information from Microsoft over the Internet. You can send and receive data to keep Application Compatibility Manager (ACM) updated with the latest compatibility information.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Taking Inventory of Your Organization](taking-inventory-of-your-organization.md)
-
-[Testing Compatibility on the Target Platform](testing-compatibility-on-the-target-platform.md)
-
-[Managing Your Data-Collection Packages](managing-your-data-collection-packages.md)
-
-[Fixing Compatibility Issues](fixing-compatibility-issues.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/application-dialog-box.md b/windows/plan/application-dialog-box.md
index c8d9515fa6..7615d0949e 100644
--- a/windows/plan/application-dialog-box.md
+++ b/windows/plan/application-dialog-box.md
@@ -1,126 +1,5 @@
 ---
 title: Application Dialog Box (Windows 10)
 description: In Application Compatibility Manager (ACM), the Application dialog box shows information about the selected application.
-ms.assetid: a43e85a6-3cd4-4235-bc4d-01e4d097db7e
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# &lt;Application&gt; Dialog Box
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-In Application Compatibility Manager (ACM), the *&lt;Application&gt;* dialog box shows information about the selected application.
-
-**To open the &lt;Application&gt; dialog box**
-
-1.  In ACM, in the **Quick Reports** pane, click **Analyze**.
-
-2.  Under an operating system heading, click **Applications**.
-
-3.  Double-click the name of an application.
-
-## <a href="" id="tabs-in-the--application--dialog-box"></a>Tabs in the &lt;Application&gt; dialog box
-
-
-The following table shows the information available in the *&lt;Application&gt;* dialog box.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Tab</th>
-<th align="left">Information</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Assessment</p></td>
-<td align="left"><p>Shows the compatibility ratings for the application from the application vendor, your internal organization, and the ACT Community.</p>
-<p>For more information, see [Selecting Your Compatibility Rating](selecting-your-compatibility-rating.md).</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Issues</p></td>
-<td align="left"><p>For each issue associated with the selected application, shows:</p>
-<ul>
-<li><p>The issue status, either active (a red X) or resolved (a green check mark).</p></li>
-<li><p>The provider who created the record of the issue.</p></li>
-<li><p>The severity of the issue as entered by the provider.</p></li>
-<li><p>The symptom of the issue as entered by the provider.</p></li>
-<li><p>The date on which the issue was added to the ACT database.</p></li>
-</ul>
-<p>For more information, see [Creating and Editing Issues and Solutions](creating-and-editing-issues-and-solutions.md).</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Application Properties</p></td>
-<td align="left"><p>Shows the following properties for the selected application:</p>
-<ul>
-<li><p><strong>MSI</strong>. Shows the installer name, vendor, version, language, and so on.</p></li>
-<li><p><strong>Add/Remove Programs</strong>. Shows the application name that appears in Control Panel, vendor, registry path, and string for uninstalling.</p></li>
-<li><p><strong>Shell</strong>. Shows the shortcuts for the application and where the shortcuts appear on the <strong>Start</strong> menu.</p></li>
-<li><p><strong>Registry</strong>. Shows the registry name for the application, registry path, file name, and so on.</p></li>
-<li><p><strong>Service Control Manager</strong>. Shows the entries in the <strong>Services</strong> console that correspond to the application.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Computers</p></td>
-<td align="left"><p>Shows the following information for each of the computers that have the specified application installed:</p>
-<ul>
-<li><p>Computer name, domain, and operating system.</p></li>
-<li><p>Media Access Control (MAC) address for the computer.</p></li>
-<li><p>Manufacturer of the computer.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Labels</p></td>
-<td align="left"><p>Shows the label for the selected application.</p>
-<p>For information about labels, see [Labeling Data in ACM](labeling-data-in-acm.md).</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Feedback</p></td>
-<td align="left"><p>Shows feedback that your testers have submitted to the ACT database for the selected application.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## <a href="" id="using-the--application--dialog-box"></a>Using the &lt;Application&gt; Dialog Box
-
-
-In the **&lt;Application&gt;** dialog box, you can perform the following actions:
-
--   Select your compatibility rating for the application. For more information, see [Selecting Your Compatibility Rating](selecting-your-compatibility-rating.md).
-
--   Select your deployment status for the application. For more information, see [Selecting Your Deployment Status](selecting-your-deployment-status.md).
-
--   Assign categories and subcategories to the application. For more information, see [Categorizing Your Compatibility Data](categorizing-your-compatibility-data.md).
-
--   Specify the importance of the application to your organization. For more information, see [Prioritizing Your Compatibility Data](prioritizing-your-compatibility-data.md).
-
--   Choose whether to synchronize data for the application with the Microsoft Compatibility Exchange. For more information, see [Selecting the Send and Receive Status for an Application](selecting-the-send-and-receive-status-for-an-application.md).
-
--   Add, edit, or resolve an issue for the selected application, and add or edit solutions. For more information, see [Creating and Editing Issues and Solutions](creating-and-editing-issues-and-solutions.md).
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/available-data-types-and-operators-in-compatibility-administrator.md b/windows/plan/available-data-types-and-operators-in-compatibility-administrator.md
index 8076d0787c..a83be4fbc1 100644
--- a/windows/plan/available-data-types-and-operators-in-compatibility-administrator.md
+++ b/windows/plan/available-data-types-and-operators-in-compatibility-administrator.md
@@ -222,8 +222,6 @@ The following table shows the operators that you can use for querying your custo
  
 
 ## Related topics
-
-
 [Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
 
  
diff --git a/windows/plan/categorizing-your-compatibility-data.md b/windows/plan/categorizing-your-compatibility-data.md
index f00d576eee..e77b9ca34e 100644
--- a/windows/plan/categorizing-your-compatibility-data.md
+++ b/windows/plan/categorizing-your-compatibility-data.md
@@ -1,90 +1,5 @@
 ---
 title: Categorizing Your Compatibility Data (Windows 10)
-ms.assetid: 6420f012-316f-4ef0-bfbb-14baaa664e6e
-description: 
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Categorizing Your Compatibility Data
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-To customize and filter your compatibility reports, you can create categories and subcategories to assign to your applications, computers, devices, and websites. By default, Microsoft provides the following categories:
-
--   **Software Vendor**. In this category, you can, for example, create a subcategory for each vendor. You can then use this category to generate reports by software vendor, which can be helpful when having discussions with a specific vendor or evaluating the vendor’s performance relative to your compatibility requirements.
-
--   **Test Complexity**. You can use this category to help with planning and assigning test resources. You can, for example, create subcategories like Critical and Nice-to-Have.
-
-Categories are extensible, multiple-selection string values, so you can use them for almost anything. For example, you can create a category for signoff from multiple owners so that software can be authorized only when all categories have been selected, indicating that each group has signed off.
-
-As another example, you can create a category for unit of deployment. You can use subcategories such as Division and Region. You can use this category to track the software needs of a specific deployment unit. This way, you can see when the software required by the unit has been tested, approved, and is ready for deployment to the unit.
-
-**Note**  
-The following examples use the **&lt;Operating\_System&gt; - Application Report** screen. You can alternatively use the **&lt;Application\_Name&gt;** dialog box. You can also complete these procedures in the reports for computers, devices, and websites.
-
- 
-
-## Creating, Renaming, or Deleting Categories and Subcategories
-
-
-You can manage your categories and subcategories from both the report screen and report-details screen.
-
-**To create, rename, or delete a category or subcategory**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, click any application name.
-
-2.  On the **Actions** menu, click **Assign Categories**.
-
-3.  Click **Category List**.
-
-4.  In the **Categories** or **Subcategories** area, do any or all of the following:
-
-    -   Add a category or subcategory, by clicking **Add**. Type the name of your new category or subcategory, and then click outside the active text area.
-
-        You must create at least one subcategory before a category will appear in the **Assign Categories** dialog box.
-
-    -   Rename a category or subcategory, by selecting the item and then clicking **Rename**. Type the new name, and then click outside the active text area.
-
-    -   Delete a category or subcategory, by selecting the item and then clicking **Remove**.
-
-5.  After you have finished adding, renaming, and deleting categories and subcategories, click **OK** to close the **Category List** dialog box.
-
-## Assigning Data to a Category and Subcategory
-
-
-You can assign categories and subcategories from both the report screen and report-details screen.
-
-**To assign and unassign categories and subcategories**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, click the application name.
-
-2.  On the **Actions** menu, click **Assign Categories**.
-
-3.  To assign a category, select the check box next to the applicable category or subcategory.
-
-    To unassign a category, clear the check box.
-
-4.  Click **OK**.
-
-    You can use the query builder to filter based on this information.
-
- 
-
- 
-
-
-
-
-
+description: Steps to customize and filter your compatibility reports through categories and subcategories.
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/change-history-for-plan-for-windows-10-deployment.md b/windows/plan/change-history-for-plan-for-windows-10-deployment.md
index 215b92dbfb..fe06fd00a1 100644
--- a/windows/plan/change-history-for-plan-for-windows-10-deployment.md
+++ b/windows/plan/change-history-for-plan-for-windows-10-deployment.md
@@ -14,9 +14,10 @@ author: TrudyHa
 This topic lists new and updated topics in the [Plan for Windows 10 deployment](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
 
+
 ## RELEASE: Windows 10, version 1607
 
-The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update). The following new topics have been added: 
+The topics in this library have been updated for Windows 10, version 1607 (also known as the Anniversary Update).
 
 
 ## July 2016
@@ -24,6 +25,7 @@ The topics in this library have been updated for Windows 10, version 1607 (also
 
 | New or changed topic                                                                                                                             | Description |
 |--------------------------------------------------------------------------------------------------------------------------------------------------|-------------|
+|[Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md) (multiple topics) |Redirected deprecated content to the [Upgrade Analytics](../deploy/manage-windows-upgrades-with-upgrade-analytics.md) content. Only Standard User Analyzer and Compatibility Administrator continue to be supported.|
 | [Windows 10 servicing overview](windows-10-servicing-options.md) | Content on this page was summarized. Detailed content about servicing branches was moved to the [Windows 10 servicing options](../manage/introduction-to-windows-10-servicing.md) page. |
 
 
diff --git a/windows/plan/chromebook-migration-guide.md b/windows/plan/chromebook-migration-guide.md
index 12773fdd7e..8db7b3b57c 100644
--- a/windows/plan/chromebook-migration-guide.md
+++ b/windows/plan/chromebook-migration-guide.md
@@ -236,7 +236,7 @@ Assign the setting-migration priority based on how critical the setting is to th
 ## <a href="" id="plan-email-migrate"></a>Plan for email migration
 
 Many of your users may be using Google Apps Gmail to manage their email, calendars, and contacts. You need to create the list of users you will migrate and the best time to perform the migration.
-Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information, see [Migrate Google Apps mailboxes to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690252).
+Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information, see [Migrate Google Apps mailboxes to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690252).
 
 **Identify the list of user mailboxes to migrate**
 
@@ -244,7 +244,7 @@ In regards to creating the list of users you will migrate, it might seem that th
 
 Also, when you perform a migration it is a great time to verify that all user mailboxes are active. In many environments there are a significant number of mailboxes that were provisioned for users that are no longer a part of the institution (such as interns or student assistants). You can eliminate these users from your list of user mailboxes to migrate.
 
-Create your list of user mailboxes to migrate in Excel 2016 based on the format described in step 7 in [Create a list of Gmail mailboxes to migrate](http://go.microsoft.com/fwlink/p/?LinkId=690253). If you follow this format, you can use the Microsoft Excel spreadsheet to perform the actual migration later in the process.
+Create your list of user mailboxes to migrate in Excel 2016 based on the format described in step 7 in [Create a list of Gmail mailboxes to migrate](https://go.microsoft.com/fwlink/p/?LinkId=690253). If you follow this format, you can use the Microsoft Excel spreadsheet to perform the actual migration later in the process.
 
 **Identify companion devices that access Google Apps Gmail**
 
@@ -252,7 +252,7 @@ In addition to Chromebook devices, users may have companion devices (smartphones
 
 After you have identified each companion device, verify the settings for the device that are used to access Office 365. You only need to test one type of each companion device. For example, if users use Android phones to access Google Apps Gmail mailboxes, configure the device to access Office 365 and then record those settings. You can publish those settings on a website or to your helpdesk staff so that users will know how to access their Office 365 mailbox.
 
-In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify this on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690254).
+In most instances, users will only need to provide in their Office 365 email account and password. However, you should verify this on each type of companion device. For more information about how to configure a companion device to work with Office 365, see [Compare how different mobile devices work with Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690254).
 **Identify the optimal timing for the migration**
 
 Typically, the best time to perform the migration is between academic years or during semester breaks. Select the time of least activity for your institution. And during that time, the optimal time to perform the migration might be during an evening or over a weekend.
@@ -571,9 +571,9 @@ Examine each of the following network infrastructure technologies and services a
 
     For more information that compares Internet bandwidth consumption for Chromebook and Windows devices, see the following resources:
 
-    -   [Chromebook vs. Windows Notebook Network Traffic Analysis](http://go.microsoft.com/fwlink/p/?LinkId=690255)
-    -   [Hidden Cost of Chromebook Deployments](http://go.microsoft.com/fwlink/p/?LinkId=690256)
-    -   [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](http://go.microsoft.com/fwlink/p/?LinkId=690257)
+    -   [Chromebook vs. Windows Notebook Network Traffic Analysis](https://go.microsoft.com/fwlink/p/?LinkId=690255)
+    -   [Hidden Cost of Chromebook Deployments](https://go.microsoft.com/fwlink/p/?LinkId=690256)
+    -   [Microsoft Windows 8.1 Notebook vs. Chromebooks for Education](https://go.microsoft.com/fwlink/p/?LinkId=690257)
 
 -   **Power.** Although not specifically a network infrastructure, you need to ensure your classrooms have adequate power. Chromebook and Windows devices should consume similar amounts of power. This means that your existing power outlets should support the same number of Windows devices.
 
@@ -612,15 +612,15 @@ Table 7. Network infrastructure products and technologies and deployment resourc
 <tr class="odd">
 <td align="left">DHCP</td>
 <td align="left"><ul>
-<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
-<li><p>[DHCP Deployment Guide](http://go.microsoft.com/fwlink/p/?LinkId=734021)</p></li>
+<li><p>[Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[DHCP Deployment Guide](https://go.microsoft.com/fwlink/p/?LinkId=734021)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">DNS</td>
 <td align="left"><ul>
-<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
-<li><p>[Deploying Domain Name System (DNS)](http://go.microsoft.com/fwlink/p/?LinkId=734022)</p></li>
+<li><p>[Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[Deploying Domain Name System (DNS)](https://go.microsoft.com/fwlink/p/?LinkId=734022)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -650,16 +650,16 @@ Table 8. AD DS, Azure AD and deployment resources
 <tr class="odd">
 <td align="left">AD DS</td>
 <td align="left"><ul>
-<li><p>[Core Network Guide](http://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
-<li><p>[Active Directory Domain Services Overview](http://go.microsoft.com/fwlink/p/?LinkId=733909)</p></li>
+<li><p>[Core Network Guide](https://go.microsoft.com/fwlink/p/?LinkId=733920)</p></li>
+<li><p>[Active Directory Domain Services Overview](https://go.microsoft.com/fwlink/p/?LinkId=733909)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Azure AD</td>
 <td align="left"><ul>
-<li><p>[Azure Active Directory documentation](http://go.microsoft.com/fwlink/p/?LinkId=690258)</p></li>
-<li><p>[Manage and support Azure Active Directory Premium](http://go.microsoft.com/fwlink/p/?LinkId=690259)</p></li>
-<li><p>[Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](http://go.microsoft.com/fwlink/p/?LinkId=690260)</p></li>
+<li><p>[Azure Active Directory documentation](https://go.microsoft.com/fwlink/p/?LinkId=690258)</p></li>
+<li><p>[Manage and support Azure Active Directory Premium](https://go.microsoft.com/fwlink/p/?LinkId=690259)</p></li>
+<li><p>[Guidelines for Deploying Windows Server Active Directory on Azure Virtual Machines](https://go.microsoft.com/fwlink/p/?LinkId=690260)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -689,38 +689,38 @@ Table 9. Management systems and deployment resources
 <tr class="odd">
 <td align="left">Windows provisioning packages</td>
 <td align="left"><ul>
-<li><p>[Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=733918)</p></li>
-<li><p>[Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911)</p></li>
-<li><p>[Step-By-Step: Building Windows 10 Provisioning Packages](http://go.microsoft.com/fwlink/p/?LinkId=690261)</p></li>
+<li><p>[Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkId=733918)</p></li>
+<li><p>[Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=733911)</p></li>
+<li><p>[Step-By-Step: Building Windows 10 Provisioning Packages](https://go.microsoft.com/fwlink/p/?LinkId=690261)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Group Policy</td>
 <td align="left"><ul>
-<li><p>[Core Network Companion Guide: Group Policy Deployment](http://go.microsoft.com/fwlink/p/?LinkId=733915)</p></li>
-<li><p>[Deploying Group Policy](http://go.microsoft.com/fwlink/p/?LinkId=734024)</p></li>
+<li><p>[Core Network Companion Guide: Group Policy Deployment](https://go.microsoft.com/fwlink/p/?LinkId=733915)</p></li>
+<li><p>[Deploying Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=734024)</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left">Configuration Manager</td>
 <td align="left"><ul>
-<li><p>[Site Administration for System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733914)</p></li>
-<li><p>[Deploying Clients for System Center 2012 Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733919)</p></li>
+<li><p>[Site Administration for System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733914)</p></li>
+<li><p>[Deploying Clients for System Center 2012 Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733919)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Intune</td>
 <td align="left"><ul>
-<li><p>[Set up and manage devices with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=690262)</p></li>
-<li><p>[Smoother Management Of Office 365 Deployments with Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=690263)</p></li>
-<li><p>[System Center 2012 R2 Configuration Manager &amp; Windows Intune](http://go.microsoft.com/fwlink/p/?LinkId=690264)</p></li>
+<li><p>[Set up and manage devices with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=690262)</p></li>
+<li><p>[Smoother Management Of Office 365 Deployments with Windows Intune](https://go.microsoft.com/fwlink/p/?LinkId=690263)</p></li>
+<li><p>[System Center 2012 R2 Configuration Manager &amp; Windows Intune](https://go.microsoft.com/fwlink/p/?LinkId=690264)</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left">MDT</td>
 <td align="left"><ul>
-<li><p>[MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=690324)</p></li>
-<li><p>[Step-By-Step: Installing Windows 8.1 From A USB Key](http://go.microsoft.com/fwlink/p/?LinkId=690265)</p></li>
+<li><p>[MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=690324)</p></li>
+<li><p>[Step-By-Step: Installing Windows 8.1 From A USB Key](https://go.microsoft.com/fwlink/p/?LinkId=690265)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -751,23 +751,23 @@ Table 10. Management systems and app deployment resources
 <tr class="odd">
 <td align="left">Group Policy</td>
 <td align="left"><ul>
-<li><p>[Editing an AppLocker Policy](http://go.microsoft.com/fwlink/p/?LinkId=734025)</p></li>
-<li><p>[Group Policy Software Deployment Background](http://go.microsoft.com/fwlink/p/?LinkId=734026)</p></li>
-<li><p>[Assigning and Publishing Software](http://go.microsoft.com/fwlink/p/?LinkId=734027)</p></li>
+<li><p>[Editing an AppLocker Policy](https://go.microsoft.com/fwlink/p/?LinkId=734025)</p></li>
+<li><p>[Group Policy Software Deployment Background](https://go.microsoft.com/fwlink/p/?LinkId=734026)</p></li>
+<li><p>[Assigning and Publishing Software](https://go.microsoft.com/fwlink/p/?LinkId=734027)</p></li>
 </ul></td>
 </tr>
 <tr class="even">
 <td align="left">Configuration Manager</td>
 <td align="left"><ul>
-<li><p>[How to Deploy Applications in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733917)</p></li>
-<li><p>[Application Management in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733907)</p></li>
+<li><p>[How to Deploy Applications in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733917)</p></li>
+<li><p>[Application Management in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733907)</p></li>
 </ul></td>
 </tr>
 <tr class="odd">
 <td align="left">Intune</td>
 <td align="left"><ul>
-<li><p>[Deploy apps to mobile devices in Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733913)</p></li>
-<li><p>[Manage apps with Microsoft Intune](http://go.microsoft.com/fwlink/p/?LinkId=733910)</p></li>
+<li><p>[Deploy apps to mobile devices in Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733913)</p></li>
+<li><p>[Manage apps with Microsoft Intune](https://go.microsoft.com/fwlink/p/?LinkId=733910)</p></li>
 </ul></td>
 </tr>
 </tbody>
@@ -792,13 +792,13 @@ If you do no want to migrate any user or device settings from the Chromebook dev
 
 In the [Plan for email migration](#plan-email-migrate) section, you identified the user mailboxes to migrate, identified the companion devices that access Google Apps Gmail, and identified the optimal timing for migration. You can perform this migration before or after you deploy the Windows devices.
 
-Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information on how to automate the migration from Google Apps Gmail to Office 365, see [Migrate Google Apps mailboxes to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690252).
+Office 365 supports automated migration from Google Apps Gmail to Office 365. For more information on how to automate the migration from Google Apps Gmail to Office 365, see [Migrate Google Apps mailboxes to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690252).
 
 Alternatively, if you want to migrate to Office 365 from:
 -   **On-premises Microsoft Exchange Server.** Use the following resources to migrate to Office 365 from an on-premises Microsoft Exchange Server:
-    -   [Cutover Exchange Migration and Single Sign-On](http://go.microsoft.com/fwlink/p/?LinkId=690266)
-    -   [Step-By-Step: Migration of Exchange 2003 Server to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690267)
-    -   [Step-By-Step: Migrating from Exchange 2007 to Office 365](http://go.microsoft.com/fwlink/p/?LinkId=690268)
+    -   [Cutover Exchange Migration and Single Sign-On](https://go.microsoft.com/fwlink/p/?LinkId=690266)
+    -   [Step-By-Step: Migration of Exchange 2003 Server to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690267)
+    -   [Step-By-Step: Migrating from Exchange 2007 to Office 365](https://go.microsoft.com/fwlink/p/?LinkId=690268)
 -   **Another on-premises or cloud-based email service.** Follow the guidance from that vendor.
 
 ## Perform cloud storage migration
@@ -832,11 +832,11 @@ For example, if you selected to deploy Windows devices by each classroom, start
 In some instances, you may receive the devices with Windows 10 already deployed, and want to use provisioning packages. In other cases, you may have a custom Windows 10 image that you want to deploy to the devices by using Configuration Manager and/or MDT. For information on how to deploy 
 Windows 10 images to the devices, see the following resources:
 
--   [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911)
--   [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkId=733918)
--   [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](http://go.microsoft.com/fwlink/p/?LinkId=690324)
--   [Step-By-Step: Installing Windows 8.1 From A USB Key](http://go.microsoft.com/fwlink/p/?LinkId=690265)
--   [Operating System Deployment in Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=733916)
+-   [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=733911)
+-   [Build and apply a provisioning package](https://go.microsoft.com/fwlink/p/?LinkId=733918)
+-   [MDT documentation in the Microsoft Deployment Toolkit (MDT) 2013](https://go.microsoft.com/fwlink/p/?LinkId=690324)
+-   [Step-By-Step: Installing Windows 8.1 From A USB Key](https://go.microsoft.com/fwlink/p/?LinkId=690265)
+-   [Operating System Deployment in Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=733916)
 
 In addition to the Windows 10 image deployment, you may need to perform the following tasks as a part of device deployment:
 
@@ -848,7 +848,7 @@ In addition to the Windows 10 image deployment, you may need to perform the fol
 After you complete these steps, your management system should take over the day-to-day maintenance tasks for the Windows 10 devices. Verify that the user and device settings migrated correctly as you deploy each batch of Windows 10 devices. Continue this process until you deploy all Windows 10 devices.
 
 ## Related topics
-- [Try it out: Windows 10 deployment (for education)](http://go.microsoft.com/fwlink/p/?LinkId=623254)
-- [Try it out: Windows 10 in the classroom](http://go.microsoft.com/fwlink/p/?LinkId=623255)
+- [Try it out: Windows 10 deployment (for education)](https://go.microsoft.com/fwlink/p/?LinkId=623254)
+- [Try it out: Windows 10 in the classroom](https://go.microsoft.com/fwlink/p/?LinkId=623255)
  
  
diff --git a/windows/plan/common-compatibility-issues.md b/windows/plan/common-compatibility-issues.md
index 4e96594b85..0883298316 100644
--- a/windows/plan/common-compatibility-issues.md
+++ b/windows/plan/common-compatibility-issues.md
@@ -1,58 +1,6 @@
 ---
 title: Common Compatibility Issues (Windows 10)
 ms.assetid: f5ad621d-bda2-45b5-ae85-bc92970f602f
-description: 
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Common Compatibility Issues
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-Compatibility issues tend to occur with the following technologies:
-
--   **User Account Control (UAC)**: Adds security to Windows by limiting administrator-level access to the computer, restricting most users to running as Standard Users. UAC limits the context in which a process executes to minimize the ability of the user to inadvertently expose the computer to viruses or other malware. UAC affects any application installer or update that requires Administrator permissions to run, performs Administrator checks or actions, or attempts to write to a non-virtualized registry location.
-
--   **Windows Resource Protection (WRP)**: Enables applications to function properly even if an application attempts to write to protected system files or registry locations. WRP creates a temporary work area and redirects write actions for the application session. WRP affects any application installation that attempts to replace, modify, or delete protected operating system files or registry keys. Attempts typically fail and return an Access Denied error.
-
--   **Internet Explorer Protected Mode**: Helps to defend against elevation-of-privilege attacks by restricting the ability to write to any local-computer-zone resources other than temporary Internet files. This mode affects any website or web application that attempts to modify user files or registry keys or that attempts to open a new window in another domain.
-
--   **Deprecation**: Any application that uses .dll files, executable (.exe) files, COM objects, registry keys, APIs, or other files that have been deprecated from previous versions of Windows may lose functionality or fail to start.
-
--   **Graphical Identification and Authentication (GINA) DLL**: Prior to the release of Windows Vista, independent software vendors (ISVs) were able to modify authentication by installing a GINA DLL. The GINA DLL performed the user identification and authentication.
-
-    The current authentication model does not require the GINA DLL and ignores all previous GINA DLLs. This change affects any application or hardware component that attempts to log on by using customized logon applications, including biometric devices (fingerprint readers), customized user interfaces, and virtual private network (VPN) solutions for remote users with customized logon user interfaces.
-
--   **Session 0**: Prior to the release of Windows Vista, the first user who logged on to a computer ran in Session 0, which is the same session that is used for system services. The current model requires all users to run in Session 1 or later so that no user runs in the same session as the system services. Applications will fail to start if they depend on *interactive services*. An interactive service is any service that attempts to send a window message, attempts to locate a window or additional service, or attempts to run any user processes that open the same named object, unless it is a globally named object.
-
--   **Windows Filtering Platform (WFP)**: WFP is an API that enables developers to create code that interacts with the filtering that occurs at several layers in the networking stack and throughout the operating system. If you are using a previous version of the WFP API in your environment, you might experience failures when running network-scanning, antivirus, or firewall applications.
-
--   **Operating System Version Changes**: The operating system version number changes with each operating system release. The **GetVersion** function returns the version number when queried by an application. This change affects any application or application installer that specifically checks for the operating system version and might prevent the installation from occurring or the application from running.
-
--   **Windows 64-bit**: 64-bit versions of Windows use the Windows on Windows 64 (WOW64) emulator. This emulator enables the 64-bit operating system to run 32-bit applications. The use of this emulator might cause an application or a component that uses 16-bit executables or installers, or 32-bit kernel drivers, to fail to start or to function incorrectly.
-
-## Related topics
-
-
-[Using Compatibility Monitor to Send Feedback](using-compatibility-monitor-to-send-feedback.md)
-
- 
-
- 
-
-
-
-
-
+description: List of common compatibility issues, based on the type of technology.
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/compatibility-fix-database-management-strategies-and-deployment.md b/windows/plan/compatibility-fix-database-management-strategies-and-deployment.md
index f608310bd6..fe4aede4bb 100644
--- a/windows/plan/compatibility-fix-database-management-strategies-and-deployment.md
+++ b/windows/plan/compatibility-fix-database-management-strategies-and-deployment.md
@@ -161,15 +161,4 @@ End Function
 Most of your testing of application-compatibility issues will happen prior to the deployment of a new Windows operating system into your environment. As such, a common approach is to include the custom compatibility-fix database, which includes all of your known issues, in your corporate image. Then, as you update your compatibility-fix database, you can provide the updates by using one of the two mechanisms described in the "Deploying Your Custom Compatibility Fix Databases" section earlier in this topic.
 
 ## Related topics
-
-
-[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)
-
- 
-
- 
-
-
-
-
-
+[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)
\ No newline at end of file
diff --git a/windows/plan/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/plan/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
index 688cf0a0d5..a27d633a60 100644
--- a/windows/plan/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
+++ b/windows/plan/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
@@ -78,7 +78,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix blocks <strong>InstallShield</strong> from setting the value of <strong>RunAs</strong> registry keys to InteractiveUser Because InteractiveUser no longer has Administrator rights.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the BlockRunAsInteractiveUser Fix](http://go.microsoft.com/fwlink/p/?LinkId=690328).</p>
+<p>For more detailed information about this application fix, see [Using the BlockRunAsInteractiveUser Fix](https://go.microsoft.com/fwlink/p/?LinkId=690328).</p>
 </div>
 <div>
  
@@ -101,7 +101,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>You can control this fix further by entering the relevant registry keys as parameters that are separated by the ^ Symbol; for example: <code>Software\MyCompany\Key1^Software\MyCompany\Key2</code>.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the CopyHKCUSettingsFromOtherUsers Fix](http://go.microsoft.com/fwlink/p/?LinkId=690329).</p>
+<p>For more detailed information about this application fix, see [Using the CopyHKCUSettingsFromOtherUsers Fix](https://go.microsoft.com/fwlink/p/?LinkId=690329).</p>
 </div>
 <div>
  
@@ -118,7 +118,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix modifies the file path names to point to a new location on the hard disk.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about the CorrectFilePaths application fix, see [Using the CorrectFilePaths Fix](http://go.microsoft.com/fwlink/p/?LinkId=690330). We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you are applying it to a setup installation file.</p>
+<p>For more detailed information about the CorrectFilePaths application fix, see [Using the CorrectFilePaths Fix](https://go.microsoft.com/fwlink/p/?LinkId=690330). We recommend that you use this fix together with the CorrectFilePathsUninstall fix if you are applying it to a setup installation file.</p>
 </div>
 <div>
  
@@ -130,7 +130,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix corrects the file paths that are used by the uninstallation process of an application.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this fix, see [Using the CorrectFilePathsUninstall Fix](http://go.microsoft.com/fwlink/p/?LinkId=690331). We recommend that you use this fix together with the CorrectFilePaths fix if you are applying it to a setup installation file.</p>
+<p>For more detailed information about this fix, see [Using the CorrectFilePathsUninstall Fix](https://go.microsoft.com/fwlink/p/?LinkId=690331). We recommend that you use this fix together with the CorrectFilePaths fix if you are applying it to a setup installation file.</p>
 </div>
 <div>
  
@@ -142,7 +142,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix intercepts the ShellExecute(Ex) calls, and then inspects the HWND value. If the value is invalid, this fix enables the call to use the currently active HWND value.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about the CorrectShellExecuteHWND application fix, see [Using the CorrectShellExecuteHWND Fix](http://go.microsoft.com/fwlink/p/?LinkId=690332).</p>
+<p>For more detailed information about the CorrectShellExecuteHWND application fix, see [Using the CorrectShellExecuteHWND Fix](https://go.microsoft.com/fwlink/p/?LinkId=690332).</p>
 </div>
 <div>
  
@@ -214,7 +214,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix temporarily disables the Windows Aero menu theme functionality for unsupported applications.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the DisableDWM Fix]( http://go.microsoft.com/fwlink/p/?LinkId=690334).</p>
+<p>For more detailed information about this application fix, see [Using the DisableDWM Fix]( https://go.microsoft.com/fwlink/p/?LinkId=690334).</p>
 </div>
 <div>
  
@@ -252,7 +252,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix handles the error code and attempts to recall the CreateProcess function together with requested elevation. If the fixed application already has a UAC manifest, the error code will be returned unchanged.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the ElevateCreateProcess Fix](http://go.microsoft.com/fwlink/p/?LinkId=690335).</p>
+<p>For more detailed information about this application fix, see [Using the ElevateCreateProcess Fix](https://go.microsoft.com/fwlink/p/?LinkId=690335).</p>
 </div>
 <div>
  
@@ -269,7 +269,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix determines the amount of free space, so that if the amount of free space is larger than 2 GB, the compatibility fix returns a value of 2 GB, but if the amount of free space is smaller than 2 GB, the compatibility fix returns the actual free space amount.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the EmulateGetDiskFreeSpace Fix](http://go.microsoft.com/fwlink/p/?LinkId=690336).</p>
+<p>For more detailed information about this application fix, see [Using the EmulateGetDiskFreeSpace Fix](https://go.microsoft.com/fwlink/p/?LinkId=690336).</p>
 </div>
 <div>
  
@@ -281,7 +281,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix forces applications that use the CompareStringW/LCMapString sorting table to use an older version of the table.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this e application fix, see [Using the EmulateSorting Fix](http://go.microsoft.com/fwlink/p/?LinkId=690337).</p>
+<p>For more detailed information about this e application fix, see [Using the EmulateSorting Fix](https://go.microsoft.com/fwlink/p/?LinkId=690337).</p>
 </div>
 <div>
  
@@ -297,7 +297,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix enables the computer to restart and finish the installation process by verifying and enabling that the SeShutdownPrivilege service privilege exists.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the EnableRestarts Fix](http://go.microsoft.com/fwlink/p/?LinkId=690338).</p>
+<p>For more detailed information about this application fix, see [Using the EnableRestarts Fix](https://go.microsoft.com/fwlink/p/?LinkId=690338).</p>
 </div>
 <div>
  
@@ -332,7 +332,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix intercepts the GetCurrentThemeName API and returns the value for the Windows XP default theme, (Luna).</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about the FakeLunaTheme application fix, see [Using the FakeLunaTheme Fix](http://go.microsoft.com/fwlink/p/?LinkId=690339).</p>
+<p>For more detailed information about the FakeLunaTheme application fix, see [Using the FakeLunaTheme Fix](https://go.microsoft.com/fwlink/p/?LinkId=690339).</p>
 </div>
 <div>
  
@@ -353,7 +353,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix allows the user to temporarily imitate being a part of the Administrators group by returning a value of True during the administrator check.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the ForceAdminAccess Fix](http://go.microsoft.com/fwlink/p/?LinkId=690342).</p>
+<p>For more detailed information about this application fix, see [Using the ForceAdminAccess Fix](https://go.microsoft.com/fwlink/p/?LinkId=690342).</p>
 </div>
 <div>
  
@@ -402,7 +402,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix intercepts the RegisterRawInputDevices API and prevents the delivery of the WM_INPUT messages. This delivery failure forces the included hooks to be ignored and forces DInput to use Windows-specific hooks.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the IgnoreAltTab Fix](http://go.microsoft.com/fwlink/p/?LinkId=690343).</p>
+<p>For more detailed information about this application fix, see [Using the IgnoreAltTab Fix](https://go.microsoft.com/fwlink/p/?LinkId=690343).</p>
 </div>
 <div>
  
@@ -440,7 +440,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 </div>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the IgnoreException Fix](http://go.microsoft.com/fwlink/p/?LinkId=690344).</p>
+<p>For more detailed information about this application fix, see [Using the IgnoreException Fix](https://go.microsoft.com/fwlink/p/?LinkId=690344).</p>
 </div>
 <div>
  
@@ -462,7 +462,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix intercepts the MessageBox* APIs and inspects them for specific message text. If matching text is found, the application continues without showing the message box.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the IgnoreMessageBox Fix](http://go.microsoft.com/fwlink/p/?LinkId=690345).</p>
+<p>For more detailed information about this application fix, see [Using the IgnoreMessageBox Fix](https://go.microsoft.com/fwlink/p/?LinkId=690345).</p>
 </div>
 <div>
  
@@ -491,7 +491,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix intercepts the function call to create the object and replaces the word Global with Local.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the LocalMappedObject Fix](http://go.microsoft.com/fwlink/p/?LinkId=690346).</p>
+<p>For more detailed information about this application fix, see [Using the LocalMappedObject Fix](https://go.microsoft.com/fwlink/p/?LinkId=690346).</p>
 </div>
 <div>
  
@@ -503,7 +503,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix locates any RunDLL.exe-based uninstallers and forces them to run with different credentials during the application installation. After it applies this fix, the installer will create a shortcut that specifies a matching string to run during the application installation, thereby enabling the uninstallation to occur later.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the MakeShortcutRunas Fix]( http://go.microsoft.com/fwlink/p/?LinkId=690347)</p>
+<p>For more detailed information about this application fix, see [Using the MakeShortcutRunas Fix]( https://go.microsoft.com/fwlink/p/?LinkId=690347)</p>
 </div>
 <div>
  
@@ -528,7 +528,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix reduces the security privilege levels on a specified set of files and folders.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the OpenDirectoryACL Fix](http://go.microsoft.com/fwlink/p/?LinkId=690348).</p>
+<p>For more detailed information about this application fix, see [Using the OpenDirectoryACL Fix](https://go.microsoft.com/fwlink/p/?LinkId=690348).</p>
 </div>
 <div>
  
@@ -603,7 +603,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix enables a child .exe file to run with elevated privileges when it is difficult to determine the parent process with either the ElevateCreateProcess fix or by marking the .exe files to RunAsAdmin.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the RelaunchElevated Fix](http://go.microsoft.com/fwlink/p/?LinkId=690349).</p>
+<p>For more detailed information about this application fix, see [Using the RelaunchElevated Fix](https://go.microsoft.com/fwlink/p/?LinkId=690349).</p>
 </div>
 <div>
  
@@ -620,7 +620,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <li><p>STANDARD_READ_RIGHTS</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the RetryOpenSCManagerwithReadAccess Fix](http://go.microsoft.com/fwlink/p/?LinkId=690350).</p>
+<p>For more detailed information about this application fix, see [Using the RetryOpenSCManagerwithReadAccess Fix](https://go.microsoft.com/fwlink/p/?LinkId=690350).</p>
 </div>
 <div>
  
@@ -633,7 +633,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix retries the OpenService() API call and verifies that the user has Administrator rights, is not a Protected Administrator, and by using read-only access. Applications can test for the existence of a service by calling the OpenService() API but some applications ask for all access when making this check. This fix retries the call but only asking for read-only access. The user needs to be an administrator for this to work</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the RetryOpenServiceWithReadAccess Fix](http://go.microsoft.com/fwlink/p/?LinkId=690351).</p>
+<p>For more detailed information about this application fix, see [Using the RetryOpenServiceWithReadAccess Fix](https://go.microsoft.com/fwlink/p/?LinkId=690351).</p>
 </div>
 <div>
  
@@ -645,7 +645,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix enables the application to run by using elevated privileges. The fix is the equivalent of specifying requireAdministrator in an application manifest.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the RunAsAdmin Fix](http://go.microsoft.com/fwlink/p/?LinkId=690353).</p>
+<p>For more detailed information about this application fix, see [Using the RunAsAdmin Fix](https://go.microsoft.com/fwlink/p/?LinkId=690353).</p>
 </div>
 <div>
  
@@ -657,7 +657,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix enables the application to run by using the highest available permissions. This is the equivalent of specifying highestAvailable in an application manifest.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the RunAsHighest Fix](http://go.microsoft.com/fwlink/p/?LinkId=690355).</p>
+<p>For more detailed information about this application fix, see [Using the RunAsHighest Fix](https://go.microsoft.com/fwlink/p/?LinkId=690355).</p>
 </div>
 <div>
  
@@ -669,7 +669,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix enables the application to run by using the privileges that are associated with the creation process, without requiring elevation. This is the equivalent of specifying asInvoker in an application manifest.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the RunAsInvoker Fix](http://go.microsoft.com/fwlink/p/?LinkId=690356).</p>
+<p>For more detailed information about this application fix, see [Using the RunAsInvoker Fix](https://go.microsoft.com/fwlink/p/?LinkId=690356).</p>
 </div>
 <div>
  
@@ -692,7 +692,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 </div>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the SessionShim Fix](http://go.microsoft.com/fwlink/p/?LinkId=690358).</p>
+<p>For more detailed information about this application fix, see [Using the SessionShim Fix](https://go.microsoft.com/fwlink/p/?LinkId=690358).</p>
 </div>
 <div>
  
@@ -727,7 +727,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix applies the specified compatibility fixes by modifying the export table and by nullifying the use of module inclusion and exclusion.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more information about this application fix, see [Using the ShimViaEAT Fix](http://go.microsoft.com/fwlink/p/?LinkId=690359).</p>
+<p>For more information about this application fix, see [Using the ShimViaEAT Fix](https://go.microsoft.com/fwlink/p/?LinkId=690359).</p>
 </div>
 <div>
  
@@ -752,7 +752,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix flags the application as being an installer file (for example, setup.exe), and then prompts for elevation.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the SpecificInstaller Fix]( http://go.microsoft.com/fwlink/p/?LinkId=690361).</p>
+<p>For more detailed information about this application fix, see [Using the SpecificInstaller Fix]( https://go.microsoft.com/fwlink/p/?LinkId=690361).</p>
 </div>
 <div>
  
@@ -764,7 +764,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix flags the application to exclude it from detection by the GenericInstaller function.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the SpecificNonInstaller Fix](http://go.microsoft.com/fwlink/p/?LinkId=690363).</p>
+<p>For more detailed information about this application fix, see [Using the SpecificNonInstaller Fix](https://go.microsoft.com/fwlink/p/?LinkId=690363).</p>
 </div>
 <div>
  
@@ -795,7 +795,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>Where MessageString1 and MessageString2 reflect the message strings that can pass.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>Multiple message strings must be separated by spaces. For more detailed information about this application fix, see [Using the UIPIEnableCustomMsgs Fix](http://go.microsoft.com/fwlink/p/?LinkId=690365).</p>
+<p>Multiple message strings must be separated by spaces. For more detailed information about this application fix, see [Using the UIPIEnableCustomMsgs Fix](https://go.microsoft.com/fwlink/p/?LinkId=690365).</p>
 </div>
 <div>
  
@@ -810,7 +810,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>Where 1055 reflects the first message ID, 1056 reflects the second message ID, and 1069 reflects the third message ID that can pass.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>Multiple messages can be separated by spaces. For more detailed information about this application fix, see [Using the UIPIEnableStandardMsgs Fix [act]](http://go.microsoft.com/fwlink/p/?LinkId=690367).</p>
+<p>Multiple messages can be separated by spaces. For more detailed information about this application fix, see [Using the UIPIEnableStandardMsgs Fix [act]](https://go.microsoft.com/fwlink/p/?LinkId=690367).</p>
 </div>
 <div>
  
@@ -828,7 +828,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <td align="left"><p>VirtualRegistry</p></td>
 <td align="left"><p>The problem is indicated when a Component failed to be located error message displays when an application is started.</p>
 <p>The fix enables the registry functions to allow for virtualization, redirection, expansion values, version spoofing, the simulation of performance data counters, and so on.</p>
-<p>For more detailed information about this application fix, see [Using the VirtualRegistry Fix](http://go.microsoft.com/fwlink/p/?LinkId=690368).</p></td>
+<p>For more detailed information about this application fix, see [Using the VirtualRegistry Fix](https://go.microsoft.com/fwlink/p/?LinkId=690368).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>VirtualizeDeleteFile</p></td>
@@ -836,7 +836,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix makes the application's DeleteFile function call a virtual call in an effort to remedy the UAC and file virtualization issues that were introduced with Windows Vista. This fix also links other file APIs (for example, GetFileAttributes) to ensure that the virtualization of the file is deleted.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the VirtualizeDeleteFile Fix](http://go.microsoft.com/fwlink/p/?LinkId=690369).</p>
+<p>For more detailed information about this application fix, see [Using the VirtualizeDeleteFile Fix](https://go.microsoft.com/fwlink/p/?LinkId=690369).</p>
 </div>
 <div>
  
@@ -848,14 +848,14 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix redirects the HKCR write calls (HKLM) to the HKCU hive for a per-user COM registration. This operates much like the VirtualRegistry fix when you use the VirtualizeHKCR parameter; however, VirtualizeHKCRLite provides better performance.</p>
 <p>HKCR is a virtual merge of the HKCU\Software\Classes and HKLM\Software\Classes directories. The use of HKCU is preferred if an application is not elevated and is ignored if the application is elevated.</p>
 <p>You typically will use this compatibility fix in conjunction with the VirtualizeRegisterTypeLib fix.</p>
-<p>For more detailed information about this application fix, see [Using the VirtualizeHKCRLite Fix](http://go.microsoft.com/fwlink/p/?LinkId=690370).</p></td>
+<p>For more detailed information about this application fix, see [Using the VirtualizeHKCRLite Fix](https://go.microsoft.com/fwlink/p/?LinkId=690370).</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>VirtualizeRegisterTypeLib</p></td>
 <td align="left"><p>The fix, when it is used with the VirtualizeHKCRLite fix, ensures that the type library and the COM class registration happen simultaneously. This functions much like the RegistryTypeLib fix when the RegisterTypeLibForUser parameter is used.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the VirtualizeRegisterTypelib Fix](http://go.microsoft.com/fwlink/p/?LinkId=690371).</p>
+<p>For more detailed information about this application fix, see [Using the VirtualizeRegisterTypelib Fix](https://go.microsoft.com/fwlink/p/?LinkId=690371).</p>
 </div>
 <div>
  
@@ -907,7 +907,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <li><p>Save the custom database.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more information about the WinXPSP2VersionLie application fix, see [Using the WinXPSP2VersionLie Fix](http://go.microsoft.com/fwlink/p/?LinkId=690374).</p>
+<p>For more information about the WinXPSP2VersionLie application fix, see [Using the WinXPSP2VersionLie Fix](https://go.microsoft.com/fwlink/p/?LinkId=690374).</p>
 </div>
 <div>
  
@@ -923,7 +923,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>Where Component1.dll and Component2.dll reflect the components to be skipped.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about this application fix, see [Using the WRPDllRegister Fix](http://go.microsoft.com/fwlink/p/?LinkId=690375).</p>
+<p>For more detailed information about this application fix, see [Using the WRPDllRegister Fix](https://go.microsoft.com/fwlink/p/?LinkId=690375).</p>
 </div>
 <div>
  
@@ -935,7 +935,7 @@ The following table lists the known compatibility fixes for all Windows operatin
 <p>The fix emulates the successful authentication and modification of file and registry APIs, so that the application can continue.</p>
 <div class="alert">
 <strong>Note</strong>  
-<p>For more detailed information about WRPMitigation, see [Using the WRPMitigation Fix](http://go.microsoft.com/fwlink/p/?LinkId=690376).</p>
+<p>For more detailed information about WRPMitigation, see [Using the WRPMitigation Fix](https://go.microsoft.com/fwlink/p/?LinkId=690376).</p>
 </div>
 <div>
  
@@ -1009,15 +1009,4 @@ The following table lists the known compatibility modes.
 </ul></td>
 </tr>
 </tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
-
-
+</table>
\ No newline at end of file
diff --git a/windows/plan/compatibility-monitor-users-guide.md b/windows/plan/compatibility-monitor-users-guide.md
index 9a72ed30d3..a183923ba1 100644
--- a/windows/plan/compatibility-monitor-users-guide.md
+++ b/windows/plan/compatibility-monitor-users-guide.md
@@ -1,72 +1,5 @@
 ---
 title: Compatibility Monitor User's Guide (Windows 10)
 description: Compatibility Monitor is a tool in the runtime analysis package that you can use to monitor applications for compatibility issues. You can also use the Compatibility Monitor tool to submit compatibility feedback.
-ms.assetid: 67d6eff0-1576-44bd-99b4-a3ffa5e205ac
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Compatibility Monitor User's Guide
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-Compatibility Monitor is a tool in the runtime analysis package that you can use to monitor applications for compatibility issues. You can also use the Compatibility Monitor tool to submit compatibility feedback.
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Using Compatibility Monitor to Send Feedback](using-compatibility-monitor-to-send-feedback.md)</p></td>
-<td align="left"><p>The Microsoft Compatibility Monitor tool is installed as part of the runtime-analysis package. From the computers in your test environment, you can use Compatibility Monitor to submit compatibility information to the Application Compatibility Toolkit (ACT) database for your organization.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Common Compatibility Issues](common-compatibility-issues.md)</p></td>
-<td align="left"><p>Compatibility issues tend to occur with the following technologies:</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Deciding Which Applications to Test](deciding-which-applications-to-test.md)
-
-[Creating an Enterprise Environment for Compatibility Testing](creating-an-enterprise-environment-for-compatibility-testing.md)
-
-[Creating a Runtime-Analysis Package](creating-a-runtime-analysis-package.md)
-
-[Deploying a Runtime-Analysis Package](deploying-a-runtime-analysis-package.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/computer-dialog-box.md b/windows/plan/computer-dialog-box.md
index b191d79a79..89054bac9a 100644
--- a/windows/plan/computer-dialog-box.md
+++ b/windows/plan/computer-dialog-box.md
@@ -1,109 +1,5 @@
 ---
 title: Computer Dialog Box (Windows 10)
 description: In Application Compatibility Manager (ACM), the Computer dialog box shows information about the selected computer.
-ms.assetid: f89cbb28-adcd-41cd-9a54-402bc4aaffd9
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# &lt;Computer&gt; Dialog Box
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-In Application Compatibility Manager (ACM), the *&lt;Computer&gt;* dialog box shows information about the selected computer.
-
-**To open the &lt;Computer&gt; dialog box**
-
-1.  In ACM, in the **Quick Reports** pane, click **Analyze**.
-
-2.  Under an operating system heading, click **Computers**.
-
-3.  Double-click the name of a computer.
-
-## <a href="" id="tabs-in-the--computer--dialog-box"></a>Tabs in the &lt;Computer&gt; dialog box
-
-
-The following table shows the information available in the *&lt;Computer&gt;* dialog box.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Tab</th>
-<th align="left">Information</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Details</p></td>
-<td align="left"><p>Shows the following information for the selected computer:</p>
-<ul>
-<li><p>The computer name, operating system, architecture, and domain.</p></li>
-<li><p>The IP address, Media Access Control (MAC) address, and hardware identifier.</p></li>
-<li><p>The manufacturer, asset tag, and system number.</p></li>
-<li><p>The hardware specifications.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Applications</p></td>
-<td align="left"><p>Shows the following information for each of the applications installed on the selected computer:</p>
-<ul>
-<li><p>The application name, version number, and application vendor.</p></li>
-<li><p>The compatibility rating for the application as determined by your organization.</p></li>
-<li><p>The compatibility information from the application vendor.</p></li>
-<li><p>The compatibility information from the ACT Community, which you can view if you are a member of the ACT Community. For more information, see [Settings Dialog Box - Preferences Tab](act-settings-dialog-box-preferences-tab.md).</p></li>
-<li><p>The issues that have been opened for the application.</p></li>
-<li><p>The count of computers in your organization on which the application is installed.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Devices</p></td>
-<td align="left"><p>Shows the following information for each of the devices installed on the selected computer:</p>
-<ul>
-<li><p>The model and manufacturer of the device.</p></li>
-<li><p>An evaluation of whether the device works on a 32-bit operating system or a 64-bit operating system.</p></li>
-<li><p>The class of device, as reported by the device.</p></li>
-<li><p>The count of computers in your organization on which the device is installed.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Labels</p></td>
-<td align="left"><p>Shows the label for the selected computer.</p>
-<p>For information about labels, see [Labeling Data in ACM](labeling-data-in-acm.md).</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## <a href="" id="using-the--computer--dialog-box"></a>Using the &lt;Computer&gt; Dialog Box
-
-
-In the *&lt;Computer&gt;* dialog box, you can perform the following actions:
-
--   Assign categories and subcategories to the computer. For more information, see [Categorizing Your Compatibility Data](categorizing-your-compatibility-data.md).
-
--   Specify the importance of the computer to your organization. For more information, see [Prioritizing Your Compatibility Data](prioritizing-your-compatibility-data.md).
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/configuring-act.md b/windows/plan/configuring-act.md
index f5803ddd81..372e1dcaf1 100644
--- a/windows/plan/configuring-act.md
+++ b/windows/plan/configuring-act.md
@@ -1,90 +1,5 @@
 ---
 title: Configuring ACT (Windows 10)
 description: This section provides information about setting up the Application Compatibility Toolkit (ACT) in your organization.
-ms.assetid: aacbe35e-ea40-47ac-bebf-ed2660c8fd86
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Configuring ACT
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section provides information about setting up the Application Compatibility Toolkit (ACT) in your organization.
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[ACT Tools, Packages, and Services](act-tools-packages-and-services.md)</p></td>
-<td align="left"><p>The Application Compatibility Toolkit is included with the Windows ADK. [Download the Windows ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[ACT Deployment Options](act-deployment-options.md)</p></td>
-<td align="left"><p>While planning your deployment of the Application Compatibility Toolkit (ACT), consider which computers you want running the various tools, packages, and services for ACT.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[ACT Database Configuration](act-database-configuration.md)</p></td>
-<td align="left"><p>The Application Compatibility Toolkit (ACT) uses a Microsoft® SQL Server® database for storing and sharing compatibility issue data. If you do not use Microsoft SQL Server, you can download and install Microsoft SQL Server Express. For information about creating Microsoft SQL Server databases, see [Administering the Database Engine](http://go.microsoft.com/fwlink/p/?LinkId=64169).</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[ACT Database Migration](act-database-migration.md)</p></td>
-<td align="left"><p>The schema for an ACT database can change when ACT is updated or when a new version of ACT is released. If the schema for an ACT database does not match the current schema, you can migrate the compatibility data to a new database. You can then use the current version of ACT to open the new database.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[ACT LPS Share Permissions](act-lps-share-permissions.md)</p></td>
-<td align="left"><p>To upload log files to the ACT Log Processing Service (LPS) share, certain permissions must be set at the share level and folder level.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Welcome to ACT](welcome-to-act.md)
-
-[Using ACT](using-act.md)
-
-[Troubleshooting ACT](troubleshooting-act.md)
-
-[ACT User Interface Reference](act-user-interface-reference.md)
-
-[ACT Product and Documentation Resources](act-product-and-documentation-resources.md)
-
-[ACT Glossary](act-glossary.md)
-
-[Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/creating-a-custom-compatibility-fix-in-compatibility-administrator.md b/windows/plan/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
index a88189a7a2..90b404e888 100644
--- a/windows/plan/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
+++ b/windows/plan/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
@@ -69,8 +69,6 @@ If you are unable to find a preloaded compatibility fix for your application, yo
     By default, Compatibility Administrator selects the basic matching criteria for your application. As a best practice, use a limited set of matching information to represent your application, because it reduces the size of the database. However, make sure you have enough information to correctly identify your application.
 
 ## Related topics
-
-
 [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
 
  
diff --git a/windows/plan/creating-a-custom-compatibility-mode-in-compatibility-administrator.md b/windows/plan/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
index ac5091d0bb..789f3199ca 100644
--- a/windows/plan/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
+++ b/windows/plan/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
@@ -74,8 +74,6 @@ A compatibility mode includes a set of compatibility fixes and must be deployed
     The compatibility mode is added to your custom database.
 
 ## Related topics
-
-
 [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
 
  
diff --git a/windows/plan/creating-a-runtime-analysis-package.md b/windows/plan/creating-a-runtime-analysis-package.md
index 04411a5fa7..e6b56c752b 100644
--- a/windows/plan/creating-a-runtime-analysis-package.md
+++ b/windows/plan/creating-a-runtime-analysis-package.md
@@ -1,59 +1,8 @@
 ---
 title: Creating a Runtime-Analysis Package (Windows 10)
 description: In Application Compatibility Manager (ACM), you can create runtime-analysis packages, which you can then deploy to computers for compatibility testing in your test environment.
-ms.assetid: 3c703ebe-46b3-4dcd-b355-b28344bc159b
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
 ---
-
-# Creating a Runtime-Analysis Package
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-In Application Compatibility Manager (ACM), you can create runtime-analysis packages, which you can then deploy to computers for compatibility testing in your test environment.
-
-**To create a runtime-analysis package**
-
-1.  In ACM, click **Collect** to open the Collect screen.
-
-2.  On the **File** menu, click **New**.
-
-3.  Click **Runtime application testing**.
-
-4.  Provide the information that is requested for the package, and then click **Create**.
-
-5.  Navigate to the location where you want to save the Windows installer (.msi) file for the package.
-
-    This .msi file is the file that you can use to install the runtime-analysis package on each computer in your test environment.
-
-6.  Type a file name for the .msi file, and then click **Save**.
-
-7.  Click **Finish**.
-
-## Related topics
-
-
-[Deciding Which Applications to Test](deciding-which-applications-to-test.md)
-
-[Creating an Enterprise Environment for Compatibility Testing](creating-an-enterprise-environment-for-compatibility-testing.md)
-
-[Deploying a Runtime-Analysis Package](deploying-a-runtime-analysis-package.md)
-
-[Compatibility Monitor User's Guide](compatibility-monitor-users-guide.md)
-
- 
-
  
 
 
diff --git a/windows/plan/creating-an-apphelp-message-in-compatibility-administrator.md b/windows/plan/creating-an-apphelp-message-in-compatibility-administrator.md
index 5b48ebdbb8..f63dd95d8f 100644
--- a/windows/plan/creating-an-apphelp-message-in-compatibility-administrator.md
+++ b/windows/plan/creating-an-apphelp-message-in-compatibility-administrator.md
@@ -89,15 +89,4 @@ The following issues might occur with computers running Windows 2000:
 -   Copying an AppHelp entry for a system database or a custom-compatibility fix from a system database might cause Compatibility Administrator to hide the descriptive text.
 
 ## Related topics
-
-
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
-
- 
-
- 
-
-
-
-
-
+[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
\ No newline at end of file
diff --git a/windows/plan/creating-an-enterprise-environment-for-compatibility-testing.md b/windows/plan/creating-an-enterprise-environment-for-compatibility-testing.md
index 840fa87695..2953ad9c9f 100644
--- a/windows/plan/creating-an-enterprise-environment-for-compatibility-testing.md
+++ b/windows/plan/creating-an-enterprise-environment-for-compatibility-testing.md
@@ -1,115 +1,5 @@
 ---
 title: Creating an Enterprise Environment for Compatibility Testing (Windows 10)
 description: The goal of the test environment is to model the operating system that you want to deploy and assess compatibility before deploying the operating system to your production environment.
-ms.assetid: cbf6d8b6-7ebc-4faa-bbbd-e02653ed4adb
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Creating an Enterprise Environment for Compatibility Testing
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The goal of the test environment is to model the operating system that you want to deploy and assess compatibility before deploying the operating system to your production environment. Your test environment is composed of computers on which the new operating system is installed. Your test environment can be a long-term investment. Consider retaining the test environment after deployment to assist in future deployment projects.
-
-## Modeling the Production Environment
-
-
-We recommend the following practices for setting up your test environment:
-
--   Physically separate your test environment from your production environment. Physical separation helps ensure that activity in the test environment does not affect the production environment.
-
--   On the computers in your test environment, install the new operating system.
-
--   Perform all of your tests by using accounts that have similar permissions to the accounts in your production environment. This approach helps to ensure that you can determine potential security issues.
-
-## Configuring the Test Environment for Automated Testing
-
-
-Typically, tests are run more than once, which requires being able to revert your test environment to a previous state. We recommend the following practices to ensure consistency in testing and consistency in restoring the state of your test environment:
-
--   Use disk-imaging software to create physical disk images.
-
--   Use software virtualization features to reverse changes to virtualized hard disks.
-
-## Determining When Virtualization Is Appropriate
-
-
-The following table shows some of the advantages and disadvantages of virtualization.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Advantages</th>
-<th align="left">Disadvantages</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><ul>
-<li><p>Supports a large number of servers in a limited amount of physical space. You can run as many virtual servers as the physical computer’s resources allow.</p></li>
-<li><p>Easily shares your test environment between teams. For example, your test team can create a virtualized test environment and then provide a copy to your development team for use in its development processes.</p></li>
-<li><p>Supports multiple users performing simultaneous testing, mimicking the ability for each user to have a dedicated test environment.</p></li>
-<li><p>Easily restores your environment to a previous state. For example, you can revert to a previous state by using the <strong>Undo Disks</strong> option.</p></li>
-</ul></td>
-<td align="left"><ul>
-<li><p>May reduce performance. Virtualized servers may be slower than their physical counterparts. The performance of virtualized servers is reduced because physical resources such as disks are virtualized.</p></li>
-<li><p>May not support all applications and device drivers. Some hardware-specific device drivers and applications are not supported in virtualized servers.</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Testing Methodology
-
-
-When testing an application in a new operating system, we recommend the following methods:
-
--   Retain the default security-feature selections.
-
--   Use test automation tools to run your test cases in a consistent, reproducible way.
-
--   Use your application in the same way that you use it in your production environment.
-
--   Use the Compatibility Monitor tool in the runtime-analysis package to gather compatibility feedback.
-
--   Send and receive compatibility data to obtain data and solutions through the Microsoft Compatibility Exchange.
-
--   When testing a website or a web application, include both intranet and extranet sites, prioritizing the list based on how critical the site or the application is to your organization.
-
-## Related topics
-
-
-[Deciding Which Applications to Test](deciding-which-applications-to-test.md)
-
-[Creating a Runtime-Analysis Package](creating-a-runtime-analysis-package.md)
-
-[Deploying a Runtime-Analysis Package](deploying-a-runtime-analysis-package.md)
-
-[Compatibility Monitor User's Guide](compatibility-monitor-users-guide.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/creating-an-inventory-collector-package.md b/windows/plan/creating-an-inventory-collector-package.md
index c174e746e0..c52e8f3965 100644
--- a/windows/plan/creating-an-inventory-collector-package.md
+++ b/windows/plan/creating-an-inventory-collector-package.md
@@ -1,58 +1,5 @@
 ---
 title: Creating an Inventory-Collector Package (Windows 10)
 description: You can use Application Compatibility Manager (ACM) to create an inventory-collector package.
-ms.assetid: 61d041d6-e308-47b3-921b-709d72926d6d
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Creating an Inventory-Collector Package
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-You can use Application Compatibility Manager (ACM) to create an inventory-collector package. You can then deploy the inventory-collector package to other computers to gather inventory data. The package uploads inventory data to the Application Compatibility Toolkit (ACT) database.
-
-**To create an inventory-collector package**
-
-1.  In ACM, click **Collect** to open the **Collect** screen.
-
-2.  On the **File** menu, click **New**.
-
-3.  Click **Application inventory**.
-
-4.  Provide the information that is requested for the package, and then click **Create**.
-
-5.  Browse to the location where you want to save the Windows® Installer (.msi) file for the package.
-
-    You can use this .msi file to install the inventory-collector package on each computer for which you want to gather inventory data.
-
-6.  Type a file name for the .msi file, and then click **Save**.
-
-7.  Click **Finish**.
-
-## Related topics
-
-
-[Identifying Computers for Inventory Collection](identifying-computers-for-inventory-collection.md)
-
-[Deploying an Inventory-Collector Package](deploying-an-inventory-collector-package.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/creating-and-editing-issues-and-solutions.md b/windows/plan/creating-and-editing-issues-and-solutions.md
index 0ce76a3f2f..e1897a0122 100644
--- a/windows/plan/creating-and-editing-issues-and-solutions.md
+++ b/windows/plan/creating-and-editing-issues-and-solutions.md
@@ -1,65 +1,5 @@
 ---
 title: Creating and Editing Issues and Solutions (Windows 10)
 description: This section provides step-by-step instructions for adding and editing application compatibility issues and solutions. Your issue and solution data can be uploaded to Microsoft through the Microsoft® Compatibility Exchange.
-ms.assetid: b64fe4e0-24bd-4bbd-9645-80ae5644e774
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Creating and Editing Issues and Solutions
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section provides step-by-step instructions for adding and editing application compatibility issues and solutions. Your issue and solution data can be uploaded to Microsoft through the Microsoft® Compatibility Exchange.
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Adding or Editing an Issue](adding-or-editing-an-issue.md)</p></td>
-<td align="left"><p>In Application Compatibility Manager (ACM), you can enter information about the compatibility issues that you discover.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Adding or Editing a Solution](adding-or-editing-a-solution.md)</p></td>
-<td align="left"><p>If you find your own solutions to compatibility issues, you can enter the solutions in Application Compatibility Manager (ACM). You can use the Microsoft Compatibility Exchange to upload solutions to Microsoft Corporation.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Resolving an Issue](resolving-an-issue.md)</p></td>
-<td align="left"><p>You can use Application Compatibility Manager (ACM) to flag issues as resolved. Resolving an issue changes the status of the issue from a red <strong>x</strong> to a green check mark on your report and report detail screens.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/customizing-your-report-views.md b/windows/plan/customizing-your-report-views.md
index a68961a2e6..1c69e77305 100644
--- a/windows/plan/customizing-your-report-views.md
+++ b/windows/plan/customizing-your-report-views.md
@@ -1,149 +1,5 @@
 ---
 title: Customizing Your Report Views (Windows 10)
 description: You can customize how you view your report data in Application Compatibility Manager (ACM).
-ms.assetid: ba8da888-6749-43b4-8efb-4f26c7954721
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Customizing Your Report Views
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-You can customize how you view your report data in Application Compatibility Manager (ACM).
-
-## <a href="" id="modifying-the--operating-system--reports-view"></a>Modifying the &lt;Operating\_System&gt; Reports View
-
-
-You can choose which operating systems ACM shows in the compatibility reports. For operating systems that you exclude from the reports, the data continues to be collected but ACM does not display it.
-
-If you are using ACM on multiple computers that access the same ACT database, when you remove an operating system from your reports, all of the computers running ACM no longer show the operating system.
-
-**To add or remove an operating system from the Quick Reports pane**
-
-1.  On the **Analyze** screen, at the bottom of the **Quick Reports** pane, click **Customize this view**.
-
-2.  In the **Deployment Reports** area, select the check boxes for the operating systems you want to show in your reports, and then click **OK**.
-
-3.  Select the architectures, **32-bit**, **64-bit**, or **Both**, for which you want to see compatibility ratings in the report screens.
-
-## Adding and Removing Columns from the Report Views
-
-
-You can add and remove columns from most of the report screens. In the report dialog boxes, you cannot add or remove columns, but you can reorder the columns.
-
-**To add or remove a column**
-
-1.  On the selected report screen, right-click the column headings, and then click **Column Options**.
-
-2.  Select the check box next to any column that you want to add, and clear the check box next to any column that you want to remove.
-
-3.  If you want, reorder the columns by using the **Move Up** and **Move Down** buttons.
-
-4.  Click **OK**.
-
-### Columns by Screen
-
-The following table shows the columns that are available for each screen.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Screen</th>
-<th align="left">Default columns</th>
-<th align="left">Additional columns</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[&lt;OperatingSystem&gt; - Application Report](act-operatingsystem-application-report.md)</p></td>
-<td align="left"><ul>
-<li><p>Application Name</p></li>
-<li><p>Version</p></li>
-<li><p>Company</p></li>
-<li><p>My Assessment</p></li>
-<li><p>User Assessment</p></li>
-<li><p>Send/Receive Status</p></li>
-<li><p>Vendor Assessment</p></li>
-<li><p>Community Assessment</p></li>
-<li><p>Active Issues</p></li>
-<li><p>Computers</p></li>
-</ul></td>
-<td align="left"><ul>
-<li><p>Resolved Issues</p></li>
-<li><p>Language</p></li>
-<li><p>Priority</p></li>
-<li><p>Deployment Status</p></li>
-<li><p>Issues with Solutions</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[&lt;OperatingSystem&gt; - Computer Report](act-operatingsystem-computer-report.md)</p></td>
-<td align="left"><ul>
-<li><p>Computer Name</p></li>
-<li><p>Applications with Issues</p></li>
-<li><p>Devices with Issues</p></li>
-<li><p>Operating System</p></li>
-<li><p>Domain</p></li>
-<li><p>Applications</p></li>
-<li><p>Devices</p></li>
-</ul></td>
-<td align="left"><ul>
-<li><p>Priority</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[&lt;OperatingSystem&gt; - Device Report](act-operatingsystem-device-report.md)</p></td>
-<td align="left"><ul>
-<li><p>Model</p></li>
-<li><p>Manufacturer</p></li>
-<li><p>Assessment</p></li>
-<li><p>Device Class</p></li>
-<li><p>Computers</p></li>
-</ul></td>
-<td align="left"><ul>
-<li><p>Assessment</p></li>
-<li><p>Priority</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Internet Explorer - Web Site Report](internet-explorer-web-site-report.md)</p></td>
-<td align="left"><ul>
-<li><p>Web Site</p></li>
-<li><p>My Assessment</p></li>
-<li><p>Active Issues</p></li>
-<li><p>Resolved Issues</p></li>
-</ul></td>
-<td align="left"><ul>
-<li><p>None</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/data-sent-through-the-microsoft-compatibility-exchange.md b/windows/plan/data-sent-through-the-microsoft-compatibility-exchange.md
index 8bb30d37a8..97e2f14378 100644
--- a/windows/plan/data-sent-through-the-microsoft-compatibility-exchange.md
+++ b/windows/plan/data-sent-through-the-microsoft-compatibility-exchange.md
@@ -1,239 +1,5 @@
 ---
 title: Data Sent Through the Microsoft Compatibility Exchange (Windows 10)
 description: The Microsoft Compatibility Exchange propagates data of various types between Microsoft Corporation, independent software vendors (ISVs) and the Application Compatibility Toolkit (ACT) Community.
-ms.assetid: 3ec61e33-9db8-4367-99d5-e05c2f50e144
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Data Sent Through the Microsoft Compatibility Exchange
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The Microsoft Compatibility Exchange propagates data of various types between Microsoft Corporation, independent software vendors (ISVs) and the Application Compatibility Toolkit (ACT) Community.
-
-## Data Sent to Microsoft
-
-
-During synchronization, the Microsoft Compatibility Exchange sends the following information to Microsoft Corporation:
-
--   **Application information and properties**. This data includes the application name, the vendor, the version number, the language, and the deployment type.
-
-The data-synchronization process does not send your list of URLs visited as part of the information exchange.
-
-## Data Sent to the ACT Community
-
-
-The Microsoft Compatibility Exchange sends the following information to the ACT Community for each application that you decide to share with the ACT Community:
-
--   **Application information and properties**. This data includes the application name, the vendor, the version number, the language, and the deployment type.
-
--   **Miscellaneous data**. This data includes:
-
-    -   The database GUID that identifies the organization that is the source of the data.
-
-    -   The issue data.
-
-    -   The issue ID.
-
-    -   The platform and destination operating system.
-
-    -   The severity.
-
-    -   The cause.
-
-    -   The symptom.
-
-    -   The solution data.
-
-    -   The solution type.
-
-    -   The issue and solution provider.
-
-    -   The issue and solution subprovider.
-
-    -   The issue and solution published date.
-
-    -   Your risk assessment.
-
-The data-synchronization process does not send your list of URLs visited as part of the information exchange.
-
-## Data Matching
-
-
-After you send your data, the Microsoft Compatibility Exchange matches your application properties against the known issues listed in the Application Profile database. The Microsoft Compatibility Exchange downloads any issues and corresponding solutions that match your application set and then stores the information in your ACT database.
-
-## Data Sent From Microsoft and ISVs
-
-
-For each application that matches an application in the Application Profile database, the Microsoft Compatibility Exchange returns the following information, provided by authoritative sources including Microsoft Corporation and independent software vendors (ISVs).
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Data</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Risk assessment</p></td>
-<td align="left"><p>The determination of whether the application has compatibility issues.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Symptom</p></td>
-<td align="left"><p>Behavior exhibited by the application.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Cause</p></td>
-<td align="left"><p>Reason for the failure.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Provider and subprovider</p></td>
-<td align="left"><p>Source of the compatibility issue.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Issue ID</p></td>
-<td align="left"><p>A unique ID number for the compatibility issue.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Severity</p></td>
-<td align="left"><p>Impact this issue has on the application experience.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Priority</p></td>
-<td align="left"><p>Degree of impact that this issue has on your organization.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Published Date</p></td>
-<td align="left"><p>Date that the source entered the data into the database.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Operating system name</p></td>
-<td align="left"><p>Friendly name of the installed operating system.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Major version</p></td>
-<td align="left"><p>Major version number of the operating system.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Minor version</p></td>
-<td align="left"><p>Minor version number of the operating system.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Locale</p></td>
-<td align="left"><p>Language ID of the application to which the compatibility issue applies.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Title</p></td>
-<td align="left"><p>Short title of the compatibility issue.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Summary</p></td>
-<td align="left"><p>Description of the compatibility issue.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Service pack major</p></td>
-<td align="left"><p>Major version number of the operating system service pack.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Service pack minor</p></td>
-<td align="left"><p>Minor version number of the operating system service pack.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>URL HREF</p></td>
-<td align="left"><p>URL of any links provided for the compatibility issue.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Provider and subprovider IDs</p></td>
-<td align="left"><p>IDs for the source of the compatibility issue's solution.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Solution type</p></td>
-<td align="left"><p>Type of solution provided for the compatibility issue.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Locale</p></td>
-<td align="left"><p>Language ID of the application to which the solution applies.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Title</p></td>
-<td align="left"><p>Short title of the solution.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Details</p></td>
-<td align="left"><p>Description of the solution.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>URL HREF</p></td>
-<td align="left"><p>URL of any links provided for the compatibility issue solution.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Data Sent From the ACT Community
-
-
-For each application that matches an application in the Application Profile database, the Microsoft Compatibility Exchange returns the following ACT Community information, which you receive only if you are a member of the ACT Community:
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Data</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p><strong>Works</strong></p></td>
-<td align="left"><p>The count of <strong>Works</strong> ratings, for 32-bit and 64-bit operating systems.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p><strong>Works with Minor Issues or has Solutions</strong></p></td>
-<td align="left"><p>The count of <strong>Works with Minor Issues or has Solutions</strong> ratings, for 32-bit and 64-bit operating systems.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p><strong>Does Not Work</strong></p></td>
-<td align="left"><p>The count of <strong>Does Not Work</strong> ratings, for 32-bit and 64-bit operating systems.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Selecting the Send and Receive Status for an Application](selecting-the-send-and-receive-status-for-an-application.md)
-
-[Sending and Receiving Compatibility Data](sending-and-receiving-compatibility-data.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/deciding-whether-to-fix-an-application-or-deploy-a-workaround.md b/windows/plan/deciding-whether-to-fix-an-application-or-deploy-a-workaround.md
index 0bf24136b1..d4d3319cbc 100644
--- a/windows/plan/deciding-whether-to-fix-an-application-or-deploy-a-workaround.md
+++ b/windows/plan/deciding-whether-to-fix-an-application-or-deploy-a-workaround.md
@@ -1,54 +1,5 @@
 ---
 title: Deciding Whether to Fix an Application or Deploy a Workaround (Windows 10)
 description: You can fix a compatibility issue by changing the code for the application or by deploying a workaround.
-ms.assetid: e495d0c8-bfba-4537-bccd-64c4b52206f1
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Deciding Whether to Fix an Application or Deploy a Workaround
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-You can fix a compatibility issue by changing the code for the application or by deploying a workaround.
-
-## Fixing an Application
-
-
-Fixing an application by changing the code is often the recommended way to address a compatibility issue. Although applying a fix to the code might involve higher initial costs or additional development time, it can limit long-term maintenance or operational costs. After you change the code, all users can use the application without encountering the issue.
-
-If you do not have access to the code, or if you do not have the time and resources to apply a fix, an alternative approach is to deploy a workaround.
-
-## Deploying a Workaround
-
-
-A workaround involves applying alternative registry settings to address a compatibility issue. Deploying a workaround might be quicker and easier than changing the code, but you can incur long-term maintenance or operational costs. For example, you must make sure that new users have the correct set of features enabled or disabled on their computers. Using a workaround might also make your application or systems less secure. However, the overall security enhancement associated with deploying the newer version of Windows® may more than offset this reduction in security.
-
-Consider changing registry settings as a short-term solution while you develop the long-term solution of changing the code.
-
-## Related topics
-
-
-[SUA User's Guide](sua-users-guide.md)
-
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/deciding-which-applications-to-test.md b/windows/plan/deciding-which-applications-to-test.md
index a0d4d06986..4b548c65f6 100644
--- a/windows/plan/deciding-which-applications-to-test.md
+++ b/windows/plan/deciding-which-applications-to-test.md
@@ -1,54 +1,5 @@
 ---
 title: Deciding Which Applications to Test (Windows 10)
 description: Before starting your compatibility testing on the version of Windows that you want to deploy, you can use the Application Compatibility Toolkit (ACT) to identify which applications should be the focus of your testing.
-ms.assetid: d7c1c28f-b7b4-43ac-bf87-2910a2b603bf
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Deciding Which Applications to Test
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-Before starting your compatibility testing on the version of Windows that you want to deploy, you can use the Application Compatibility Toolkit (ACT) to identify which applications should be the focus of your testing.
-
-**To choose the applications to include in compatibility testing**
-
-1.  Gather your application and device inventory. For more information, see [Taking Inventory of Your Organization](taking-inventory-of-your-organization.md).
-
-2.  Use the Microsoft Compatibility Exchange to get the latest compatibility ratings. For more information, see [Sending and Receiving Compatibility Data](sending-and-receiving-compatibility-data.md).
-
-3.  Organize and group your applications, and determine which applications need to be tested. For more information, see [Organizing Your Compatibility Data](organizing-your-compatibility-data.md).
-
-    After completing these steps, you can then start creating and deploying your runtime-analysis packages to the test environment for your compatibility testing.
-
-## Related topics
-
-
-[Creating an Enterprise Environment for Compatibility Testing](creating-an-enterprise-environment-for-compatibility-testing.md)
-
-[Creating a Runtime-Analysis Package](creating-a-runtime-analysis-package.md)
-
-[Deploying a Runtime-Analysis Package](deploying-a-runtime-analysis-package.md)
-
-[Compatibility Monitor User's Guide](compatibility-monitor-users-guide.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/deleting-a-data-collection-package.md b/windows/plan/deleting-a-data-collection-package.md
index 002a431377..c5401542c9 100644
--- a/windows/plan/deleting-a-data-collection-package.md
+++ b/windows/plan/deleting-a-data-collection-package.md
@@ -1,52 +1,5 @@
 ---
 title: Deleting a Data-Collection Package (Windows 10)
 description: In Application Compatibility Manager (ACM), you can delete any of your existing data-collection packages from the database.
-ms.assetid: 1b397d7a-7216-4078-93d9-47c7becbf73e
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Deleting a Data-Collection Package
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-In Application Compatibility Manager (ACM), you can delete any of your existing data-collection packages from the database.
-
-You cannot undo the deletion of a data-collection package. If you mistakenly delete a data-collection package, you must create a new package to replace the deleted package.
-
-**To delete a data-collection package**
-
-1.  In ACM, click **Collect** to open the Collect screen.
-
-2.  Select the data-collection package that you want to delete, and then press the DELETE key.
-
-3.  In the confirmation box, click **Yes**.
-
-## Related topics
-
-
-[Log File Locations for Data-Collection Packages](log-file-locations-for-data-collection-packages.md)
-
-[Exporting a Data-Collection Package](exporting-a-data-collection-package.md)
-
-[Labeling Data in ACM](labeling-data-in-acm.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/deploy-windows-10-in-a-school.md b/windows/plan/deploy-windows-10-in-a-school.md
index dd53f66282..b451e7b8aa 100644
--- a/windows/plan/deploy-windows-10-in-a-school.md
+++ b/windows/plan/deploy-windows-10-in-a-school.md
@@ -142,7 +142,7 @@ You can use MDT to deploy 32-bit or 64-bit versions of Windows 10. Install the 6
 
 >**Note:**&nbsp;&nbsp;If you install the 32-bit version of MDT, you can install only 32-bit versions of Windows 10. Ensure that you download and install the 64-bit version of MDT so that you can install 64-bit and 32 bit versions of the operating system.
 
-For more information about installing MDT on the admin device, see [Installing a New Instance of MDT](https://technet.microsoft.com/en-us/library/dn759415.aspx#InstallingaNewInstanceofMDT).
+For more information about installing MDT on the admin device, see [Installing a New Instance of MDT](https://technet.microsoft.com//library/dn759415.aspx#InstallingaNewInstanceofMDT).
 
 Now, you’re ready to create the MDT deployment share and populate it with the operating system, apps, and device drivers you want to deploy to your devices.
 
@@ -336,7 +336,7 @@ Now that you have an Office 365 subscription, you need to determine how you will
 
 In this method, you have an on-premises AD DS domain. As shown in Figure 4, the Azure AD Connector tool automatically synchronizes AD DS with Azure AD. When you add or change any user accounts in AD DS, the Azure AD Connector tool automatically updates Azure AD.
 
->**Note:**&nbsp;&nbsp;Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](https://technet.microsoft.com/en-us/library/dn510997.aspx?f=255&MSPPError=-2147217396).
+>**Note:**&nbsp;&nbsp;Azure AD Connect also supports synchronization from any Lightweight Directory Access Protocol version 3 (LDAPv3)–compliant directory by using the information provided in [Generic LDAP Connector for FIM 2010 R2 Technical Reference](https://technet.microsoft.com//library/dn510997.aspx?f=255&MSPPError=-2147217396).
 
 ![fig 4](images/deploy-win-10-school-figure4.png)
 
@@ -385,7 +385,7 @@ You can deploy the Azure AD Connect tool by using one of the following methods:
 
  *Figure 7. Azure AD Connect in Azure*
 
-This guide describes how to run Azure AD Connect on premises. For information about running Azure AD Connect in Azure, see [Deploy Office 365 Directory Synchronization (DirSync) in Microsoft Azure](https://technet.microsoft.com/en-us/library/dn635310.aspx).
+This guide describes how to run Azure AD Connect on premises. For information about running Azure AD Connect in Azure, see [Deploy Office 365 Directory Synchronization (DirSync) in Microsoft Azure](https://technet.microsoft.com//library/dn635310.aspx).
 
 ### Deploy Azure AD Connect on premises
 
@@ -436,8 +436,8 @@ Several methods are available to bulk-import user accounts into AD DS domains. T
 
 |Method | Description and reason to select this method |
 |-------| ---------------------------------------------|
-|Ldifde.exe |This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).|
-|VBScript | This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx) and [ADSI Scriptomatic](https://technet.microsoft.com/en-us/scriptcenter/dd939958.aspx).|
+|Ldifde.exe |This command-line tool allows you to import and export objects (such as user accounts) from AD DS. Select this method if you aren’t comfortable with Microsoft Visual Basic Scripting Edition (VBScript), Windows PowerShell, or other scripting languages. For more information about using Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com//library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).|
+|VBScript | This scripting language uses the Active Directory Services Interfaces (ADSI) Component Object Model interface to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with VBScript. For more information about using VBScript and ADSI, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com//library/bb727091.aspx) and [ADSI Scriptomatic](https://technet.microsoft.com//scriptcenter/dd939958.aspx).|
 |Windows PowerShell| This scripting language natively supports cmdlets to manage AD DS objects, including user and group objects. Select this method if you’re comfortable with Window PowerShell scripting. For more information about using Windows PowerShell, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](http://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).|
 <p>
 ### Create a source file that contains the user and group accounts
@@ -448,8 +448,8 @@ After you have selected your user and group account bulk import method, you’re
 
 | Method | Source file format |
 |--------| -------------------|
-|Ldifde.exe|Ldifde.exe requires a specific format for the source file. Use Ldifde.exe to export existing user and group accounts so that you can see the format. For examples of the format that Ldifde.exe requires, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).|
-|VBScript | VBScript can use any .csv file format to create a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in comma-separated values (CSV) format, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx).|
+|Ldifde.exe|Ldifde.exe requires a specific format for the source file. Use Ldifde.exe to export existing user and group accounts so that you can see the format. For examples of the format that Ldifde.exe requires, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com//library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).|
+|VBScript | VBScript can use any .csv file format to create a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in comma-separated values (CSV) format, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com//library/bb727091.aspx).|
 | Windows PowerShell| Windows PowerShell can use any .csv file format you want to create as a source file for the bulk-import process. To create the .csv file, use software such as Excel. For examples of how to format your source file in CSV format, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](http://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).|
 <p>
 ### Import the user accounts into AD DS
@@ -460,8 +460,8 @@ With the bulk-import source file finished, you’re ready to import the user and
 
 For more information about how to import user accounts into AD DS by using:
 
-- Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).
-- VBScript, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com/en-us/library/bb727091.aspx).
+- Ldifde.exe, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com//library/bb727091.aspx), [LDIFDE—Export/Import data from Active Directory—LDIFDE commands](https://support.microsoft.com/en-us/kb/555636), [Import or Export Directory Objects Using Ldifde](https://technet.microsoft.com/library/cc816781.aspx), and [LDIFDE](https://technet.microsoft.com/library/cc755456.aspx).
+- VBScript, see [Step-by-Step Guide to Bulk Import and Export to Active Directory](https://technet.microsoft.com//library/bb727091.aspx).
 - Windows PowerShell, see [Import Bulk Users to Active Directory](https://blogs.technet.microsoft.com/bettertogether/2011/01/09/import-bulk-users-to-active-directory/) and [PowerShell: Bulk create AD Users from CSV file](http://social.technet.microsoft.com/wiki/contents/articles/24541.powershell-bulk-create-ad-users-from-csv-file.aspx).
 
 ### Summary
@@ -702,14 +702,14 @@ The first step in preparation for Windows 10 deployment is to configure—that i
 <tbody>
 <tr>
 <td valign="top">1. Import operating systems</td>
-<td>Import the operating systems that you selected in the [Select operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import an Operating System into the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#ImportanOperatingSystemintotheDeploymentWorkbench).</td>
+<td>Import the operating systems that you selected in the [Select operating systems](#select-the-operating-systems) section into the deployment share. For more information about how to import operating systems, see [Import an Operating System into the Deployment Workbench](https://technet.microsoft.com//library/dn759415.aspx#ImportanOperatingSystemintotheDeploymentWorkbench).</td>
 </tr>
 
 <tr>
 <td valign="top">2. Import device drives</td>
 <td>Device drivers allow Windows 10 to know a device’s hardware resources and connected hardware accessories. Without the proper device drivers, certain features may be unavailable. For example, without the proper audio driver, a device cannot play sounds; without the proper camera driver, the device cannot take photos or use video chat.<br/><br/>
 
-Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#ImportDeviceDriversintotheDeploymentWorkbench).
+Import device drivers for each device in your institution. For more information about how to import device drivers, see [Import Device Drivers into the Deployment Workbench](https://technet.microsoft.com//library/dn759415.aspx#ImportDeviceDriversintotheDeploymentWorkbench).
 
 </td>
 </tr>
@@ -724,8 +724,8 @@ If you have Intune, you can deploy Windows Store apps after you deploy Windows 1
 
 In addition, you must prepare your environment for sideloading (deploying) Windows Store apps. For more information about how to:<br/><br/>
 <ul>
-<li>Prepare your environment for sideloading, see [Sideload LOB apps in Windows 10](https://technet.microsoft.com/en-us/itpro/windows/deploy/sideload-apps-in-windows-10).</li>
-<li>Create an MDT application, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench).</li>
+<li>Prepare your environment for sideloading, see [Sideload LOB apps in Windows 10](https://technet.microsoft.com/itpro/windows/deploy/sideload-apps-in-windows-10).</li>
+<li>Create an MDT application, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com//library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench).</li>
 </ul>
 
 
@@ -737,11 +737,11 @@ In addition, you must prepare your environment for sideloading (deploying) Windo
 </td>
 <td>You need to create an MDT application for each Windows desktop app you want to deploy. You can obtain the Windows desktop apps from any source, but ensure that you have sufficient licenses for them.<br/><br/>
 
-To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in [Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](https://technet.microsoft.com/en-us/library/jj219423.aspx?f=255&MSPPError=-2147217396).<br/><br/>
+To help reduce the effort needed to deploy Microsoft Office 2016 desktop apps, use the Office Deployment Tool, as described in [Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool](https://technet.microsoft.com//library/jj219423.aspx?f=255&MSPPError=-2147217396).<br/><br/>
 
 If you have Intune, you can deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section. This method provides granular deployment of Windows desktop apps, and you can use it for ongoing management of the apps. This is the preferred method for deploying and managing Windows desktop apps.<br/><br/>**Note:**&nbsp;&nbsp;You can also deploy Windows desktop apps after you deploy Windows 10, as described in the [Deploy apps by using Intune](#deploy-apps-by-using-intune) section.<br/><br/>
 
-For more information about how to create an MDT application for Window desktop apps, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench).
+For more information about how to create an MDT application for Window desktop apps, see [Create a New Application in the Deployment Workbench](https://technet.microsoft.com//library/dn759415.aspx#CreateaNewApplicationintheDeploymentWorkbench).
 
 </td>
 </tr>
@@ -757,7 +757,7 @@ For more information about how to create an MDT application for Window desktop a
 <li>Upgrade existing devices to Windows 10 Education 32-bit.</li>
 </ul>
 
-Again, you will create the task sequences based on the operating systems that you imported in Step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench).
+Again, you will create the task sequences based on the operating systems that you imported in Step 1. For more information about how to create a task sequence, see [Create a New Task Sequence in the Deployment Workbench](https://technet.microsoft.com//library/dn759415.aspx#CreateaNewTaskSequenceintheDeploymentWorkbench).
 
 </td>
 </tr>
@@ -767,7 +767,7 @@ Again, you will create the task sequences based on the operating systems that yo
 </td>
 <td>Updating a deployment share generates the MDT boot images you use to initiate the Windows 10 deployment process. You can configure the process to create 32 bit and 64 bit versions of the .iso and .wim files you can use to create bootable media or in Windows Deployment Services.<br/><br/>
 
-For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](https://technet.microsoft.com/en-us/library/dn759415.aspx#UpdateaDeploymentShareintheDeploymentWorkbench).</td>
+For more information about how to update a deployment share, see [Update a Deployment Share in the Deployment Workbench](https://technet.microsoft.com//library/dn759415.aspx#UpdateaDeploymentShareintheDeploymentWorkbench).</td>
 </tr>
 </tbody>
 </table>
@@ -782,9 +782,9 @@ You can use Windows Deployment Services in conjunction with MDT to automatically
 
   - [Windows Deployment Services overview](https://technet.microsoft.com/library/hh831764.aspx)
   - The Windows Deployment Services Help file, included in Windows Deployment Services
-  - [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com/en-us/library/jj648426.aspx)
+  - [Windows Deployment Services Getting Started Guide for Windows Server 2012](https://technet.microsoft.com//library/jj648426.aspx)
 
-2. Add LTI boot images (Windows PE images) to Windows Deployment Services.<p>The LTI boot images (.wim files) that you will add to Windows Deployment Services are in the MDT deployment share. Locate the .wim files in the Boot subfolder in the deployment share. For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](https://technet.microsoft.com/en-us/library/dn759415.aspx#AddLTIBootImagestoWindowsDeploymentServices).
+2. Add LTI boot images (Windows PE images) to Windows Deployment Services.<p>The LTI boot images (.wim files) that you will add to Windows Deployment Services are in the MDT deployment share. Locate the .wim files in the Boot subfolder in the deployment share. For more information about how to perform this step, see [Add LTI Boot Images to Windows Deployment Services](https://technet.microsoft.com//library/dn759415.aspx#AddLTIBootImagestoWindowsDeploymentServices).
 
 ### Summary
 
@@ -897,7 +897,7 @@ Microsoft has several recommended settings for educational institutions. Table 1
 <td valign="top">Use of Microsoft accounts</td>
 <td>You want faculty and students to use only Azure AD accounts for institution-owned devices. For these devices, do not use Microsoft accounts or associate a Microsoft account with the Azure AD accounts.<br/><br/>
 **Note:**&nbsp;&nbsp;Personal devices typically use Microsoft accounts. Faculty and students can associate their Microsoft account with their Azure AD account on these devices.<br/><br/>
-**Group Policy.** Configure the [Accounts: Block Microsoft accounts](https://technet.microsoft.com/en-us/library/jj966262.aspx?f=255&MSPPError=-2147217396) Group Policy setting to use the Users can’t add Microsoft accounts setting option.<br/><br/>
+**Group Policy.** Configure the [Accounts: Block Microsoft accounts](https://technet.microsoft.com//library/jj966262.aspx?f=255&MSPPError=-2147217396) Group Policy setting to use the Users can’t add Microsoft accounts setting option.<br/><br/>
 **Intune.** Enable or disable the camera by using the **Allow Microsoft account**, **Allow adding non-Microsoft accounts manually**, and **Allow settings synchronization for Microsoft accounts** policy settings under the **Accounts and Synchronization** section of a **Windows 10 General Configuration** policy.
 </td>
 </tr>
@@ -905,7 +905,7 @@ Microsoft has several recommended settings for educational institutions. Table 1
 <tr>
 <td valign="top">Restrict local administrator accounts on the devices</td>
 <td>Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.<br/><br/>
-**Group Policy**. Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the **Delete all member users** and **Delete all member groups** check boxes to remove any existing members. For more information about how to configure Local Group preferences, see [Configure a Local Group Item](https://technet.microsoft.com/en-us/library/cc732525.aspx).<br/><br/>
+**Group Policy**. Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the **Delete all member users** and **Delete all member groups** check boxes to remove any existing members. For more information about how to configure Local Group preferences, see [Configure a Local Group Item](https://technet.microsoft.com//library/cc732525.aspx).<br/><br/>
 **Intune**. Not available.
 </td>
 </tr>
@@ -913,7 +913,7 @@ Microsoft has several recommended settings for educational institutions. Table 1
 <tr>
 <td valign="top">Restrict the local administrator accounts on the devices</td>
 <td>Ensure that only authorized users are local administrators on institution-owned devices. Typically, you don’t want students to be administrators on instruction-owned devices. Explicitly specify the users who will be local administrators on a group of devices.<br/><br/>
-**Group Policy**. Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the **Delete all member users** and **Delete all member groups** check boxes to remove any existing members. For more information about how to configure Local Group preferences, see [Configure a Local Group Item](https://technet.microsoft.com/en-us/library/cc732525.aspx).<br/><br/>
+**Group Policy**. Create a **Local Group** Group Policy preference to limit the local administrators group membership. Select the **Delete all member users** and **Delete all member groups** check boxes to remove any existing members. For more information about how to configure Local Group preferences, see [Configure a Local Group Item](https://technet.microsoft.com//library/cc732525.aspx).<br/><br/>
 **Intune**. Not available.
 </td>
 </tr>
@@ -921,7 +921,7 @@ Microsoft has several recommended settings for educational institutions. Table 1
 <tr>
 <td valign="top">Manage the built-in administrator account created during device deployment</td>
 <td>When you use MDT to deploy Windows 10, the MDT deployment process automatically creates a local Administrator account with the password you specified. As a security best practice, rename the built-in Administrator account and optionally disable it.<br/><br/>
-**Group Policy**. Rename the built-in Administrator account by using the **Accounts: Rename administrator account** Group Policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](https://technet.microsoft.com/en-us/library/cc747484.aspx). You will specify the new name for the Administrator account. You can disable the built-in Administrator account by using the **Accounts: Administrator account status** Group Policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](https://technet.microsoft.com/en-us/library/jj852165.aspx).<br/><br/>
+**Group Policy**. Rename the built-in Administrator account by using the **Accounts: Rename administrator account** Group Policy setting. For more information about how to rename the built-in Administrator account, see [To rename the Administrator account using the Group Policy Management Console](https://technet.microsoft.com//library/cc747484.aspx). You will specify the new name for the Administrator account. You can disable the built-in Administrator account by using the **Accounts: Administrator account status** Group Policy setting. For more information about how to disable the built-in Administrator account, see [Accounts: Administrator account status](https://technet.microsoft.com//library/jj852165.aspx).<br/><br/>
 **Intune**. Not available.
 </td>
 </tr>
@@ -929,7 +929,7 @@ Microsoft has several recommended settings for educational institutions. Table 1
 <tr>
 <td valign="top">Control Windows Store access</td>
 <td>You can control access to Windows Store and whether existing Windows Store apps receive updates. You can only disable the Windows Store app in Windows 10 Education and Windows 10 Enterprise.<br/><br/>
-**Group Policy**. You can disable the Windows Store app by using the **Turn off the Store Application** Group Policy setting. You can prevent Windows Store apps from receiving updates by using the **Turn off Automatic Download and Install of updates** Group Policy setting. For more information about configuring these settings, see [Can I use Group Policy to control the Windows Store in my enterprise environment?](https://technet.microsoft.com/en-us/library/hh832040.aspx#BKMK_UseGP).<br/><br/>
+**Group Policy**. You can disable the Windows Store app by using the **Turn off the Store Application** Group Policy setting. You can prevent Windows Store apps from receiving updates by using the **Turn off Automatic Download and Install of updates** Group Policy setting. For more information about configuring these settings, see [Can I use Group Policy to control the Windows Store in my enterprise environment?](https://technet.microsoft.com//library/hh832040.aspx#BKMK_UseGP).<br/><br/>
 **Intune**. You can enable or disable the camera by using the **Allow application store** policy setting in the **Apps** section of a **Windows 10 General Configuration** policy.
 </td>
 </tr>
@@ -953,7 +953,7 @@ Microsoft has several recommended settings for educational institutions. Table 1
 <tr>
 <td valign="top">Use of audio recording</td>
 <td>Audio recording (by using the Sound Recorder app) can be a source of disclosure or privacy issues in an education environment. Depending on your institution’s policies, you may want to disable the Sound Recorder app on your devices.<br/><br/>
-**Group Policy**. You can disable the Sound Recorder app by using the **Do not allow Sound Recorder to run** Group Policy setting. You can disable other audio recording apps by using AppLocker policies. Create AppLocker policies by using the information in [Editing an AppLocker Policy](https://technet.microsoft.com/en-us/library/ee791894(v=ws.10).aspx) and [Create Your AppLocker Policies](https://technet.microsoft.com/en-us/library/ee791899.aspx).<br/><br/>
+**Group Policy**. You can disable the Sound Recorder app by using the **Do not allow Sound Recorder to run** Group Policy setting. You can disable other audio recording apps by using AppLocker policies. Create AppLocker policies by using the information in [Editing an AppLocker Policy](https://technet.microsoft.com//library/ee791894(v=ws.10).aspx) and [Create Your AppLocker Policies](https://technet.microsoft.com//library/ee791899.aspx).<br/><br/>
 **Intune**. You can enable or disable the camera by using the **Allow voice recording** policy setting in the **Features** section of a **Windows 10 General Configuration** policy.
 </td>
 </tr>
@@ -989,13 +989,13 @@ Microsoft has several recommended settings for educational institutions. Table 1
 
 Now, you’re ready to configure settings by using Group Policy. The steps in this section assume that you have an AD DS infrastructure. You will configure the Group Policy settings you select in the [Select Microsoft-recommended settings](#select-microsoft-recommended-settings) section.
 
-For more information about Group Policy, see [Group Policy Planning and Deployment Guide](https://technet.microsoft.com/en-us/library/cc754948.aspx).
+For more information about Group Policy, see [Group Policy Planning and Deployment Guide](https://technet.microsoft.com//library/cc754948.aspx).
 
 #### To configure Group Policy settings
 
-1. Create a Group Policy object (GPO) that will contain the Group Policy settings by completing the steps in [Create a new Group Policy object](https://technet.microsoft.com/en-us/library/cc738830.aspx).
-2. Configure the settings in the GPO by completing the steps in [Edit a Group Policy object](https://technet.microsoft.com/en-us/library/cc739902.aspx).
-3. Link the GPO to the appropriate AD DS site, domain, or organizational unit by completing the steps in [Link a Group Policy object to a site, domain, or organizational unit](https://technet.microsoft.com/en-us/library/cc738954(v=ws.10).aspx).
+1. Create a Group Policy object (GPO) that will contain the Group Policy settings by completing the steps in [Create a new Group Policy object](https://technet.microsoft.com//library/cc738830.aspx).
+2. Configure the settings in the GPO by completing the steps in [Edit a Group Policy object](https://technet.microsoft.com//library/cc739902.aspx).
+3. Link the GPO to the appropriate AD DS site, domain, or organizational unit by completing the steps in [Link a Group Policy object to a site, domain, or organizational unit](https://technet.microsoft.com//library/cc738954(v=ws.10).aspx).
 
 ### Configure settings by using Intune
 
@@ -1006,9 +1006,9 @@ For more information about Intune, see [Documentation for Microsoft Intune](http
 #### To configure Intune settings
 
 1. Add Intune to your Office 365 subscription by completing the steps in [Get started with a paid subscription to Microsoft Intune](https://docs.microsoft.com/en-us/intune/get-started/start-with-a-paid-subscription-to-microsoft-intune).
-2. Enroll devices with Intune by completing the steps in [Get ready to enroll devices in Microsoft Intune](https://technet.microsoft.com/en-us/library/dn646962.aspx).
-3. Configure the settings in Intune Windows 10 policies by completing the steps in [Manage settings and features on your devices with Microsoft Intune policies](https://technet.microsoft.com/en-us/library/dn646984.aspx).
-4. Manage Windows 10 devices by completing the steps in [Manage Windows PCs with Microsoft Intune](https://technet.microsoft.com/en-us/library/dn646959.aspx). 
+2. Enroll devices with Intune by completing the steps in [Get ready to enroll devices in Microsoft Intune](https://technet.microsoft.com//library/dn646962.aspx).
+3. Configure the settings in Intune Windows 10 policies by completing the steps in [Manage settings and features on your devices with Microsoft Intune policies](https://technet.microsoft.com//library/dn646984.aspx).
+4. Manage Windows 10 devices by completing the steps in [Manage Windows PCs with Microsoft Intune](https://technet.microsoft.com//library/dn646959.aspx). 
 
 ### Deploy apps by using Intune
 
@@ -1041,14 +1041,14 @@ Prior to deployment of Windows 10, ensure that you complete the tasks listed in
 
 Use the Deployment Wizard to deploy Windows 10. The LTI deployment process is almost fully automated: You provide only minimal information to the Deployment Wizard at the beginning of the process. After the wizard collects the necessary information, the remainder of the process is fully automated. 
 
->**Note:**&nbsp;&nbsp;To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section in the [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com/en-us/library/dn781089.aspx).
+>**Note:**&nbsp;&nbsp;To fully automate the LTI deployment process, complete the steps in the “Fully Automated LTI Deployment Scenario” section in the [Microsoft Deployment Toolkit Samples Guide](https://technet.microsoft.com//library/dn781089.aspx).
 
 In most instances, deployments occur without incident. Only in rare occasions do deployments experience problems.
 
 #### To deploy Windows 10
 
 1. **Initiate the LTI deployment process**. Initiate the LTI deployment process booting over the network (PXE boot) or from local media. You selected the method for initiating the LTI deployment process in the [Select a method to initiate deployment](#select-a-method-to-initiate-deployment) section earlier in this guide.
-2. **Complete the Deployment Wizard**. For more information about how to complete the Deployment Wizard, see the “Running the Deployment Wizard” topic in [Using the Microsoft Deployment Toolkit](https://technet.microsoft.com/en-us/library/dn759415.aspx#Running%20the%20Deployment%20Wizard).
+2. **Complete the Deployment Wizard**. For more information about how to complete the Deployment Wizard, see the “Running the Deployment Wizard” topic in [Using the Microsoft Deployment Toolkit](https://technet.microsoft.com//library/dn759415.aspx#Running%20the%20Deployment%20Wizard).
 
 ### Set up printers
 
@@ -1256,8 +1256,8 @@ Now, you have identified the tasks you need to perform monthly, at the end of an
 
 ##Related resources
 <ul>
-<li>[Try it out: Windows 10 deployment (for educational institutions)](http://go.microsoft.com/fwlink/p/?LinkId=623254)</li>
-<li>[Try it out: Windows 10 in the classroom](http://go.microsoft.com/fwlink/p/?LinkId=623255)</li>
-<li>[Chromebook migration guide](http://go.microsoft.com/fwlink/p/?LinkId=623249)</li>
+<li>[Try it out: Windows 10 deployment (for educational institutions)](https://go.microsoft.com/fwlink/p/?LinkId=623254)</li>
+<li>[Try it out: Windows 10 in the classroom](https://go.microsoft.com/fwlink/p/?LinkId=623255)</li>
+<li>[Chromebook migration guide](https://go.microsoft.com/fwlink/p/?LinkId=623249)</li>
 </ul>
 
diff --git a/windows/plan/deploying-a-runtime-analysis-package.md b/windows/plan/deploying-a-runtime-analysis-package.md
index bf01c5258c..38f478a9b9 100644
--- a/windows/plan/deploying-a-runtime-analysis-package.md
+++ b/windows/plan/deploying-a-runtime-analysis-package.md
@@ -1,48 +1,5 @@
 ---
 title: Deploying a Runtime-Analysis Package (Windows 10)
 description: When you deploy a runtime-analysis package, you are deploying it to your test environment for compatibility testing.
-ms.assetid: 304bf0be-0e7c-4c5f-baac-bed7f8bef509
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Deploying a Runtime-Analysis Package
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-When you deploy a runtime-analysis package, you are deploying it to your test environment for compatibility testing.
-
-For information about creating the test environment, see [Creating an Enterprise Environment for Compatibility Testing](creating-an-enterprise-environment-for-compatibility-testing.md).
-
-To deploy a runtime-analysis package, you can use the same deployment methods that you might use to deploy an inventory-collector package. For information about deployment methods, see [Deploying an Inventory-Collector Package](deploying-an-inventory-collector-package.md).
-
-## Related topics
-
-
-[Deciding Which Applications to Test](deciding-which-applications-to-test.md)
-
-[Creating an Enterprise Environment for Compatibility Testing](creating-an-enterprise-environment-for-compatibility-testing.md)
-
-[Creating a Runtime-Analysis Package](creating-a-runtime-analysis-package.md)
-
-[Compatibility Monitor User's Guide](compatibility-monitor-users-guide.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/deploying-an-inventory-collector-package.md b/windows/plan/deploying-an-inventory-collector-package.md
index 406a2823fd..784ecd61b4 100644
--- a/windows/plan/deploying-an-inventory-collector-package.md
+++ b/windows/plan/deploying-an-inventory-collector-package.md
@@ -1,142 +1,5 @@
 ---
 title: Deploying an Inventory-Collector Package (Windows 10)
-ms.assetid: 8726ff71-0d17-4449-bdb7-66957ae51c62
-description: 
-ms.prod: w10
-ms.mktglfcycl: plan 
-ms.sitesec: library
-author: TrudyHa
----
-
-# Deploying an Inventory-Collector Package
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-You can use the following methods to deploy an inventory-collector package to the destination computers:
-
--   **Group Policy Software Installation.** This is a feature of Active Directory Domain Services in Windows Server. All computers to which you deploy the package must be part of the Active Directory forest.
-
--   **Logon script.** You can use Windows Script Host to create a logon script. Installing by using a logon script requires administrator credentials on the local computer.
-
--   **Microsoft® System Center Configuration Manager.** For information about how to use System Center Configuration Manager, see the product documentation.
-
--   **Manual distribution.** You can use a file server on the network as a software distribution point, or you can distribute removable media. User installation of an inventory-collector package requires administrator credentials on the local computer.
-
-**To deploy an inventory-collector package by using Group Policy Software Installation**
-
-1.  Ensure that the computers to which you want to deploy the inventory-collector package are members of the Active Directory forest.
-
-2.  Create a Group Policy Object (GPO) for publishing the inventory-collector package.
-
-3.  Assign the GPO to the organizational units (OUs) that contain the set of computers.
-
-4.  Create and publish a new software installation package by using Group Policy Software Installation.
-
-    For information about the Group Policy Software Installation process, see [Best practices for Group Policy Software Installation](http://go.microsoft.com/fwlink/p/?LinkId=87996).
-
-**To assign a logon script for installing an inventory-collector package to an organizational unit**
-
-1.  Create the logon script. The following script is an example.
-
-    ``` syntax
-    Set ws = WScript.CreateObject("WScript.Shell")
-    ws.Run("\\servername\collector\package_name.exe")
-    ```
-
-    To keep the installation from running repeatedly, your script must create a marker.
-
-    For more information about logon scripts, see [Assign a Logon Script to a User in the Active Directory](http://go.microsoft.com/fwlink/p/?LinkId=87997).
-
-2.  Save your script in the SYSVOL\\Scripts folder.
-
-3.  Open the Active Directory Users and Computers console by clicking **Start**, clicking **All Programs**, clicking **Administrative Tools**, and then clicking **Active Directory Users and Computers**.
-
-4.  Right-click the OU to which you intend to assign the logon script, click **Properties**, and then click the **Group Policy** tab.
-
-5.  Click **New** to add a new GPO, or select an existing GPO and then click **Edit**.
-
-6.  In the left pane, expand the **User Configuration** object, expand the **Windows Setting** object, and then click **Scripts (Logon/Logoff)**.
-
-7.  In the right pane, double-click the **Logon** script.
-
-8.  Click **Add**.
-
-9.  Click **Browse**, browse to the \\\\*&lt;domain&gt;*\\Sysvol\\Scripts folder, select your script, and then click **Open**.
-
-10. Click **OK** to close the **Logon Properties** dialog box.
-
-11. Close the Group Policy Management console and the Active Directory Users and Computers console.
-
-12. On a computer that is a member of the domain and a part of the OU, log on as an OU user.
-
-13. Open a **Command Prompt** window, and then type `GPUPDATE /force` to force the update of the Group Policy setting.
-
-14. At the command prompt, type `RSOP.msc` to verify your Group Policy assignment.
-
-15. In the left pane, expand the **Computer Configuration** object, expand the **Windows Setting** object, and then click **Security Settings**.
-
-16. Expand **Account Policies**, click **Password Policy**, and verify the assigned Group Policy setting.
-
-17. Close the Resultant Set of Policy console and the **Command Prompt** window.
-
-**To deploy an inventory-collector package by using System Center Configuration Manager**
-
-1.  Verify that the computers to which you want to deploy the package are included in your Configuration Manager inventory.
-
-2.  Create a Configuration Manager computer collection that includes the computers.
-
-3.  Create a shared folder that contains the source image of the inventory-collector package.
-
-4.  Create a Configuration Manager package that is based on the source image from the shared folder.
-
-    For more information, see [How to Create a Package](http://go.microsoft.com/fwlink/p/?LinkId=131355).
-
-5.  Specify the Configuration Manager software distribution points.
-
-6.  Create a Configuration Manager program that includes the required commands and command-line options to deploy the inventory-collector package.
-
-    For more information, see [How to Create a Program](http://go.microsoft.com/fwlink/p/?LinkId=131356).
-
-7.  Create a Configuration Manager advertisement that instructs Configuration Manager clients to run the program that you specified in the previous step.
-
-    For more information, see [How to Create an Advertisement](http://go.microsoft.com/fwlink/p/?LinkId=131357).
-
-**To deploy an inventory-collector package from a network share**
-
-1.  Store your package (.msi) file in a shared folder on the network.
-
-2.  Notify the users of the computers that require the inventory-collector package to run the .msi file. For example, you might send an email message that includes a hyperlink to the shared folder.
-
-**To deploy an inventory-collector package to offline computers**
-
-1.  In your inventory-collector package, specify a local output path for the log file.
-
-2.  Burn your.msi file to removable media.
-
-3.  Send the removable media to users of the offline computers.
-
-4.  Instruct the users to run the .msi file and then return the generated log file. For example, the users might send the log file in an email message or place the file on a network share.
-
-## Related topics
-
-
-[Identifying Computers for Inventory Collection](identifying-computers-for-inventory-collection.md)
-
-[Creating an Inventory-Collector Package](creating-an-inventory-collector-package.md)
-
- 
-
- 
-
-
-
-
-
+description: How to deploy an inventory-collector package to your destination computers.
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/deployment-considerations-for-windows-to-go.md b/windows/plan/deployment-considerations-for-windows-to-go.md
index 5ef6884c18..a1a32d6836 100644
--- a/windows/plan/deployment-considerations-for-windows-to-go.md
+++ b/windows/plan/deployment-considerations-for-windows-to-go.md
@@ -56,11 +56,11 @@ When a Windows To Go workspace is first used at the workplace, the Windows To Go
 When the Windows To Go workspace is going to be used first on an off-premises computer, such as one at the employee’s home, then the IT professional preparing the Windows To Go drives should configure the drive to be able to connect to organizational resources and to maintain the security of the workspace. In this situation, the Windows To Go workspace needs to be configured for offline domain join and BitLocker needs to be enabled before the workspace has been initialized.
 
 **Tip**  
-Applying BitLocker Drive Encryption to the drives before provisioning is a much faster process than encrypting the drives after data has already been stored on them due to a new feature called used-disk space only encryption. For more information, see [What's New in BitLocker](http://go.microsoft.com/fwlink/p/?LinkId=619076).
+Applying BitLocker Drive Encryption to the drives before provisioning is a much faster process than encrypting the drives after data has already been stored on them due to a new feature called used-disk space only encryption. For more information, see [What's New in BitLocker](https://go.microsoft.com/fwlink/p/?LinkId=619076).
 
  
 
-DirectAccess can be used to ensure that the user can login with their domain credentials without needing a local account. For instructions on setting up a DirectAccess solution, for a small pilot deployment see [Deploy a Single Remote Access Server using the Getting Started Wizard](http://go.microsoft.com/fwlink/p/?LinkId=619077) for a larger scale deployment, see [Deploy Remote Access in an Enterprise](http://go.microsoft.com/fwlink/p/?LinkId=619078). If you do not want to use DirectAccess as an alternative users could log on using a local user account on the Windows To Go workspace and then use a virtual private network for remote access to your organizational network.
+DirectAccess can be used to ensure that the user can login with their domain credentials without needing a local account. For instructions on setting up a DirectAccess solution, for a small pilot deployment see [Deploy a Single Remote Access Server using the Getting Started Wizard](https://go.microsoft.com/fwlink/p/?LinkId=619077) for a larger scale deployment, see [Deploy Remote Access in an Enterprise](https://go.microsoft.com/fwlink/p/?LinkId=619078). If you do not want to use DirectAccess as an alternative users could log on using a local user account on the Windows To Go workspace and then use a virtual private network for remote access to your organizational network.
 
 ### <a href="" id="wtg-imagedep"></a>Image deployment and drive provisioning considerations
 
@@ -155,28 +155,28 @@ The following list of commonly used Wi-Fi network adapters that are not supporte
 <td align="left"><p>Marvell</p></td>
 <td align="left"><p>Yukon 88E8001/8003/8010 PCI Gigabit Ethernet</p></td>
 <td align="left"><p>pci\ven_11ab&amp;dev_4320&amp;subsys_811a1043</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619080)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619082)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619080)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619082)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Marvell</p></td>
 <td align="left"><p>Libertas 802.11b/g Wireless</p></td>
 <td align="left"><p>pci\ven_11ab&amp;dev_1faa&amp;subsys_6b001385&amp;rev_03</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619128)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619129)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619128)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619129)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Qualcomm</p></td>
 <td align="left"><p>Atheros AR6004 Wireless LAN Adapter</p></td>
 <td align="left"><p>sd\vid_0271&amp;pid_0401</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619086)</p>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619086)</p>
 <p>64-bit driver not available</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Qualcomm</p></td>
 <td align="left"><p>Atheros AR5BWB222 Wireless Network Adapter</p></td>
 <td align="left"><p>pci\ven_168c&amp;dev_0034&amp;subsys_20031a56</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619348)</p>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619348)</p>
 <p>64-bit driver not available</p></td>
 </tr>
 <tr class="odd">
@@ -189,43 +189,43 @@ The following list of commonly used Wi-Fi network adapters that are not supporte
 <td align="left"><p>Qualcomm</p></td>
 <td align="left"><p>Atheros AR5005G Wireless Network Adapter</p></td>
 <td align="left"><p>pci\ven_168c&amp;dev_001a&amp;subsys_04181468&amp;rev_01</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619349)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619091)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619349)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619091)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Ralink</p></td>
 <td align="left"><p>Wireless-G PCI Adapter</p></td>
 <td align="left"><p>pci\ven_1814&amp;dev_0301&amp;subsys_00551737&amp;rev_00</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619092)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619093)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619092)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619093)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Ralink</p></td>
 <td align="left"><p>Turbo Wireless LAN Card</p></td>
 <td align="left"><p>pci\ven_1814&amp;dev_0301&amp;subsys_25611814&amp;rev_00</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619094)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619095)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619094)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619095)</p></td>
 </tr>
 <tr class="odd">
 <td align="left"><p>Ralink</p></td>
 <td align="left"><p>Wireless LAN Card V1</p></td>
 <td align="left"><p>pci\ven_1814&amp;dev_0302&amp;subsys_3a711186&amp;rev_00</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619097)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619098)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619097)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619098)</p></td>
 </tr>
 <tr class="even">
 <td align="left"><p>Ralink</p></td>
 <td align="left"><p>D-Link AirPlus G DWL-G510 Wireless PCI Adapter(rev.C)</p></td>
 <td align="left"><p>pci\ven_1814&amp;dev_0302&amp;subsys_3c091186&amp;rev_00</p></td>
-<td align="left"><p>[32-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619099)</p>
-<p>[64-bit driver](http://go.microsoft.com/fwlink/p/?LinkId=619100)</p></td>
+<td align="left"><p>[32-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619099)</p>
+<p>[64-bit driver](https://go.microsoft.com/fwlink/p/?LinkId=619100)</p></td>
 </tr>
 </tbody>
 </table>
 
  
 
-IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that is not supported by class drivers. Some consumer devices require OEM specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](http://go.microsoft.com/fwlink/p/?LinkId=619079).
+IT administrators that want to target Windows To Go images for specific systems should test their images to ensure that the necessary system drivers are in the image, especially for critical functionality like Wi-Fi that is not supported by class drivers. Some consumer devices require OEM specific driver packages, which may not be available on Windows Update. For more information on how to add a driver to a Windows Image, please refer to the [Basic Windows Deployment Step-by-Step Guide](https://go.microsoft.com/fwlink/p/?LinkId=619079).
 
 ### <a href="" id="wtg-appinstall"></a>Application installation and domain join
 
@@ -273,7 +273,7 @@ Enabling a system to always boot from USB first has implications that you should
 
  
 
-If you are going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](http://go.microsoft.com/fwlink/p/?LinkID=618951).
+If you are going to be using a Windows 7 computer as a host-PC, see the wiki article [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
 
 ### <a href="" id="stg-firmware"></a>Roaming between different firmware types
 
diff --git a/windows/plan/device-dialog-box.md b/windows/plan/device-dialog-box.md
index 7cd1c0d3ec..5d32e55b8f 100644
--- a/windows/plan/device-dialog-box.md
+++ b/windows/plan/device-dialog-box.md
@@ -1,90 +1,5 @@
 ---
 title: Device Dialog Box (Windows 10)
 description: In Application Compatibility Manager (ACM), the Device dialog box shows information about the selected device.
-ms.assetid: 5bd7cfda-31ea-4967-8b64-6c0425092f4e
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# &lt;Device&gt; Dialog Box
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-In Application Compatibility Manager (ACM), the *&lt;Device&gt;* dialog box shows information about the selected device.
-
-**To open the &lt;Device&gt; dialog box**
-
-1.  In ACM, in the **Quick Reports** pane, click **Analyze**.
-
-2.  Under an operating system heading, click **Devices**.
-
-3.  Double-click the name of a device.
-
-## <a href="" id="tabs-in-the--device--dialog-box"></a>Tabs in the &lt;Device&gt; dialog box
-
-
-The following table shows the information available in the *&lt;Device&gt;* dialog box.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Tab</th>
-<th align="left">Information</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Details</p></td>
-<td align="left"><p>Shows the following information for the selected device:</p>
-<ul>
-<li><p>The model and manufacturer of the device.</p></li>
-<li><p>The class of device, as reported by the device.</p></li>
-<li><p>An evaluation of whether the device works on a 32-bit operating system or a 64-bit operating system.</p></li>
-</ul></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Computers</p></td>
-<td align="left"><p>Shows the following information for each of the computers on which the device is installed:</p>
-<ul>
-<li><p>Computer name, domain, and operating system.</p></li>
-<li><p>The count of installed applications and devices.</p></li>
-<li><p>The count of installed applications and devices that have issues.</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## <a href="" id="using-the--device--dialog-box"></a>Using the &lt;Device&gt; Dialog Box
-
-
-In the *&lt;Device&gt;* dialog box, you can perform the following actions:
-
--   Assign categories and subcategories to the device. For more information, see [Categorizing Your Compatibility Data](categorizing-your-compatibility-data.md).
-
--   Specify the importance of the device to your organization. For more information, see [Prioritizing Your Compatibility Data](prioritizing-your-compatibility-data.md).
-
- 
-
- 
-
-
-
-
-
+description: This section describes the compatibility reports in Application Compatibility Manager (ACM) and how you can work with the reports.
+---
\ No newline at end of file
diff --git a/windows/plan/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md b/windows/plan/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
index 85c5e0ba27..7bcd802f03 100644
--- a/windows/plan/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
+++ b/windows/plan/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
@@ -60,15 +60,4 @@ You can enable your disabled compatibility fixes at any time.
 2.  On the **Database** menu, click **Enable Entry**.
 
 ## Related topics
-
-
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
-
- 
-
- 
-
-
-
-
-
+[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
\ No newline at end of file
diff --git a/windows/plan/example-filter-queries.md b/windows/plan/example-filter-queries.md
index 7b7732863d..8494d2a4b1 100644
--- a/windows/plan/example-filter-queries.md
+++ b/windows/plan/example-filter-queries.md
@@ -1,79 +1,5 @@
 ---
 title: Example Filter Queries (Windows 10)
 description: You can filter your compatibility-issue data or reports by selecting specific restriction criteria.
-ms.assetid: eae59380-56cc-4d57-bd2c-11a0e3c689c9
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Example Filter Queries
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-You can filter your compatibility-issue data or reports by selecting specific restriction criteria.
-
-## Example Queries
-
-
-The following sections show example queries created by using the Query Builder.
-
-### All Applications with Issues
-
-The following example query returns all applications that have one or more known issues.
-
-![act filter example all apps with issues](images/dep-win8-e-act-filterexampleallappswissues.gif)
-
-### All Applications with Solutions for Known Issues
-
-The following example query returns all applications that have solutions for their known issues.
-
-![act filter examples for issues with solutions](images/dep-win8-e-act-filterexampleforissueswsolutions.gif)
-
-### All Applications with Specific Solution Types
-
-The following example query returns all applications that have a solution type of Application Update or Application Configuration.
-
-![act filter example for specific solutions](images/dep-win8-e-act-filterexampleforspecificsolutions.gif)
-
-### All Applications with No Known Issues
-
-The following example query returns all applications that have no known issues.
-
-![act filter example all apps with no issues](images/dep-win8-e-act-filterexampleallapps0issues.gif)
-
-### All Applications with No Active Issues
-
-The following example query returns all applications that have no active issues.
-
-![act filter example all apps with no active issues](images/dep-win8-e-act-filterexampleallapps0activeissues.gif)
-
-### All Applications Appearing in a Specific Category and Subcategory
-
-The following example query returns all applications that have a category of Department and a subcategory of either Human Resources or Finance.
-
-![act filter example category](images/dep-win8-e-act-filterexamplecategory.gif)
-
-## Related topics
-
-
-[Filtering Your Compatibility Data](filtering-your-compatibility-data.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/exporting-a-data-collection-package.md b/windows/plan/exporting-a-data-collection-package.md
index 5baee693f6..e3b5a9ce64 100644
--- a/windows/plan/exporting-a-data-collection-package.md
+++ b/windows/plan/exporting-a-data-collection-package.md
@@ -1,54 +1,5 @@
 ---
 title: Exporting a Data-Collection Package (Windows 10)
 description: In Application Compatibility Manager (ACM), you can export a data-collection package as a Windows installer (.msi) file. You can then use the .msi file to install the data-collection package on the computers from which you want to gather data.
-ms.assetid: 98fe19e4-9533-4ffc-a275-8b3776ee93ed
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Exporting a Data-Collection Package
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-In Application Compatibility Manager (ACM), you can export a data-collection package as a Windows installer (.msi) file. You can then use the .msi file to install the data-collection package on the computers from which you want to gather data.
-
-You can export only one data-collection package at a time.
-
-**To export a data-collection package**
-
-1.  In ACM, click **Collect** to open the Collect screen.
-
-2.  Select the data-collection package that you want to export.
-
-3.  On the **File** menu, click **Export**.
-
-4.  Navigate to the folder where you want to store the Windows installer (.msi) file for the data-collection package, and then click **Save**.
-
-## Related topics
-
-
-[Log File Locations for Data-Collection Packages](log-file-locations-for-data-collection-packages.md)
-
-[Deleting a Data-Collection Package](deleting-a-data-collection-package.md)
-
-[Labeling Data in ACM](labeling-data-in-acm.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/filtering-your-compatibility-data.md b/windows/plan/filtering-your-compatibility-data.md
index fcc724c2d5..83040f196c 100644
--- a/windows/plan/filtering-your-compatibility-data.md
+++ b/windows/plan/filtering-your-compatibility-data.md
@@ -1,115 +1,5 @@
 ---
 title: Filtering Your Compatibility Data (Windows 10)
 description: You can use Query Builder to filter your compatibility-issue data or reports by selecting specific restriction criteria.
-ms.assetid: b64267b5-83c0-4b4d-a075-0975d3a359c8
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Filtering Your Compatibility Data
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-You can use Query Builder to filter your compatibility-issue data or reports by selecting specific restriction criteria.
-
-The following table shows the columns in Query Builder.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Column</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>And/Or</p></td>
-<td align="left"><p>If you select <strong>And</strong>, your data must match all query rows to appear as a returned result.</p>
-<p>If you select <strong>Or</strong>, your data can match any query row to appear as a returned result.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Field</p></td>
-<td align="left"><p>Select filter criteria.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Operator</p></td>
-<td align="left"><p>Select an operator. The available operators depend on the field that you choose.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Value</p></td>
-<td align="left"><p>Type or select a value.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Creating Basic Queries
-
-
-You can insert as many query clauses as you want to create a customized view of your compatibility data.
-
-**Note**  
-The following examples use the **&lt;Operating\_System&gt; - Application Report** screen. The process is the same for other report types.
-
- 
-
-**To create a basic query**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, click **Toggle Filter**.
-
-2.  In the Query Builder, enter your filter criteria, pressing the Tab key to add clauses.
-
-    To delete a clause, right-click the row, and then click **Delete Clause**.
-
-3.  Click **Refresh**.
-
-    Your filtered results appear. To close the Query Builder, click **Toggle Filter** again.
-
-## Querying on Objects
-
-
-You can query your compatibility data based on its relationship with other objects. For example, in the applications report, you can query for applications that have corresponding issues. Fields that have a (+) suffix in Query Builder are collections of objects.
-
-**To query for a collection of objects**
-
-1.  In Query Builder, in the **Field** column, click any field that contains a plus sign (+) as suffix.
-
-2.  In the **Operator** column, select **Exists**, **Not Exists**, or **All Have**.
-
-    Query Builder creates a group clause, which is shown by a bracket that spans the rows that are included in the group.
-
-3.  Move your cursor to the next row in the group clause, and then in the **Field** column, select a field.
-
-4.  In the **Operator** column, select an operator.
-
-5.  In the **Value** column, enter a value, and then click **Refresh**.
-
-## Related topics
-
-
-[Example Filter Queries](example-filter-queries.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/fixing-compatibility-issues.md b/windows/plan/fixing-compatibility-issues.md
index b7f338d5ac..50f8032d64 100644
--- a/windows/plan/fixing-compatibility-issues.md
+++ b/windows/plan/fixing-compatibility-issues.md
@@ -1,78 +1,5 @@
 ---
 title: Fixing Compatibility Issues (Windows 10)
 description: This section provides step-by-step instructions and describes development tools that you can use to help fix your compatibility issues.
-ms.assetid: 30ba8d14-a41a-41b3-9019-e8658d6974de
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Fixing Compatibility Issues
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section provides step-by-step instructions and describes development tools that you can use to help fix your compatibility issues.
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Deciding Whether to Fix an Application or Deploy a Workaround](deciding-whether-to-fix-an-application-or-deploy-a-workaround.md)</p></td>
-<td align="left"><p>You can fix a compatibility issue by changing the code for the application or by deploying a workaround.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[SUA User's Guide](sua-users-guide.md)</p></td>
-<td align="left"><p>You can use Standard User Analyzer (SUA) to test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)</p></td>
-<td align="left"><p>The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows to your organization. Compatibility Administrator provides the following:</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Taking Inventory of Your Organization](taking-inventory-of-your-organization.md)
-
-[Testing Compatibility on the Target Platform](testing-compatibility-on-the-target-platform.md)
-
-[Managing Your Data-Collection Packages](managing-your-data-collection-packages.md)
-
-[Analyzing Your Compatibility Data](analyzing-your-compatibility-data.md)
-
-[Troubleshooting ACT](troubleshooting-act.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/identifying-computers-for-inventory-collection.md b/windows/plan/identifying-computers-for-inventory-collection.md
index a7378b9820..524304a7cf 100644
--- a/windows/plan/identifying-computers-for-inventory-collection.md
+++ b/windows/plan/identifying-computers-for-inventory-collection.md
@@ -1,104 +1,5 @@
 ---
 title: Identifying Computers for Inventory Collection (Windows 10)
-ms.assetid: f5bf2d89-fff2-4960-a153-dc1146b442fb
-description: 
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.sitesec: library
-author: TrudyHa
----
-
-# Identifying Computers for Inventory Collection
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-An inventory-collector package gathers inventory data from the computers on which it is installed. This data includes the following:
-
--   **System inventory.** Information about the client computer. This information includes the memory capacity, the processor speed, and the processor architecture.
-
--   **Device inventory.** Information about the devices that are installed on the client computer. This information includes the model, the manufacturer, and the device class.
-
--   **Software inventory.** An inventory of the applications that are installed on the computer. This information includes system technologies such as Windows® Installer.
-
-To generate a complete inventory and obtain a comprehensive view of your organization, inventory all computers. However, remember that deploying inventory-collector packages to all computers in your organization will require the additional work of analyzing and reducing a larger list of applications. If you do not have the resources to deploy to all computers or you cannot process a larger list of applications, consider deploying inventory-collector packages to representative subsets of computers instead.
-
-If you decide to deploy inventory-collector packages to representative subsets of computers in your organization, consider the following:
-
--   [Managed and Unmanaged Environments](#bmk-managedunmanaged)
-
--   [Role-Based Applications](#bmk-rolebasedapplications)
-
--   [Software Distribution](#bmk-softwaredistribution)
-
--   [Geographic Distribution](#bmk-geographicdistribution)
-
--   [Computer Types](#bmk-computertypes)
-
-## <a href="" id="bmk-managedunmanaged"></a>Managed and Unmanaged Environments
-
-
-In your organization, you may have managed environments and unmanaged environments.
-
-In a managed environment, IT administrators strictly control and manage the installation and use of applications. In this environment, you can discover the full inventory by deploying inventory-collector packages to a limited subset of computers.
-
-In an unmanaged environment, users have administrator permissions and can install applications at their own discretion. To obtain the full inventory, you must deploy your inventory-collector packages to more computers.
-
-## <a href="" id="bmk-rolebasedapplications"></a>Role-Based Applications
-
-
-Your organization may use role-based applications that relate to job function. For example, accountants may use finance-related applications. Reviewing application use together with job function helps you better identify which subsets of computers need inventory-collector packages.
-
-## <a href="" id="bmk-softwaredistribution"></a>Software Distribution
-
-
-You can distribute applications in various ways within an organization. For example, you can use Group Policy, Microsoft® IntelliMirror®, Microsoft System Center Configuration Manager, or a customized distribution method. Reviewing the policies for your software distribution system helps you better identify which subsets of computers need inventory-collector packages.
-
-## <a href="" id="bmk-geographicdistribution"></a>Geographic Distribution
-
-
-While you plan for inventory collection, consider the geographic distribution of your organization, and consider application use within each region. Be sure to account for divisional applications, localized applications, and applications that are specific to the geographic location and export restrictions. Consult with technical and business leaders from each region to understand the differences and determine which subsets of computers need inventory-collector packages.
-
-## <a href="" id="bmk-computertypes"></a>Computer Types
-
-
-Computer types can be an important factor in the deployment of inventory-collector packages. The following sections describe common computer types.
-
-### Mobile Computers
-
-Mobile users are frequently offline, occasionally synchronizing with the corporate network through a LAN or VPN connection. The user must be online for the inventory-collector package to be downloaded and installed, and must be online again for the logged data to be uploaded.
-
-### Multiuser Computers
-
-Multiuser computers are typically in university computer labs, libraries, and organizations that enable job sharing. These computers include a core set of applications that are always available, in addition to many applications that can be installed and removed as necessary. Because these computers typically have a core set of applications, you can identify a narrow subset of computers to receive the inventory-collector package.
-
-### AppStations and TaskStations
-
-AppStations that run vertical applications are typically for marketing, claims and loan processing, and customer service. TaskStations are typically dedicated to running a single application in a location such as a manufacturing floor (as an entry terminal) or a call center. Because AppStations and TaskStations do not typically enable users to add or remove applications, you can identify a narrow subset of computers to receive the inventory-collector package.
-
-### Kiosks
-
-Kiosks are generally in public areas. These computers run unattended. They also generally run a single application by using a single-use account and automatic logon. Because these computers typically run a single application, you can identify a narrow subset of computers to receive the inventory-collector package.
-
-## Related topics
-
-
-[Creating an Inventory-Collector Package](creating-an-inventory-collector-package.md)
-
-[Deploying an Inventory-Collector Package](deploying-an-inventory-collector-package.md)
-
- 
-
- 
-
-
-
-
-
+description: To generate a complete inventory and obtain a comprehensive view of your organization, inventory all computers. However, remember that deploying inventory-collector packages to all computers in your organization will require the additional work of analyzing and reducing a larger list of applications. If you do not have the resources to deploy to all computers or you cannot process a larger list of applications, consider deploying inventory-collector packages to representative subsets of computers instead.
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/index.md b/windows/plan/index.md
index 1a3583938b..b692bf0504 100644
--- a/windows/plan/index.md
+++ b/windows/plan/index.md
@@ -15,11 +15,11 @@ Windows 10 provides new deployment capabilities, scenarios, and tools by buildi
 ## In this section
 |Topic |Description |
 |------|------------|
-|[Windows 10 servicing options](windows-10-servicing-options.md) |Windows 10 provides a new model for organizations to deploy and upgrade Windows by providing updates to features and capabilities through a continual process. |
+| [Windows 10 servicing overview](windows-10-servicing-options.md) | Windows 10 provides a new model for organizations to deploy and upgrade Windows by providing updates to features and capabilities through a continual process. |
 |[Windows 10 deployment considerations](windows-10-deployment-considerations.md) |There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications. |
 |[Windows 10 compatibility](windows-10-compatibility.md) |Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. |
 |[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) |There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. |
-|[Windows Update for Business](windows-update-for-business.md) |Get an overview of how you can implement and deploy a Windows Update for Business solution and how to maintain enrolled systems. |
+| [Windows Update for Business](windows-update-for-business.md) | Get an overview of how you can implement and deploy a Windows Update for Business solution and how to maintain enrolled systems. |
 |[Windows To Go: feature overview](windows-to-go-overview.md) |Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs. |
 |[Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md) |The Microsoft® Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows® operating system. |
 |[Change history for Plan for Windows 10 deployment](change-history-for-plan-for-windows-10-deployment.md) |This topic lists new and updated topics in the Plan for Windows 10 deployment documentation for [Windows 10 and Windows 10 Mobile](../index.md). |
@@ -30,14 +30,9 @@ Windows 10 provides new deployment capabilities, scenarios, and tools by buildi
 - [Deploy Windows 10 with Configuration Manager and MDT 2013 Update 1](../deploy/deploy-windows-10-with-system-center-2012-r2-configuration-manager.md)
 - [Upgrade to Windows 10 with MDT 2013 Update 1](../deploy/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
 - [Upgrade to Windows 10 with Configuration Manager](../deploy/upgrade-to-windows-10-with-system-center-configuraton-manager.md)
-- [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=733911)
+- [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=733911)
 - [Windows 10 and Windows 10 Mobile](../index.md)
 
  
 
  
-
-
-
-
-
diff --git a/windows/plan/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md b/windows/plan/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
index c55deebb84..bd057029b9 100644
--- a/windows/plan/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
+++ b/windows/plan/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
@@ -59,15 +59,4 @@ When a custom database is no longer necessary, either because the applications a
 2.  On the **File** menu, click **Uninstall**.
 
 ## Related topics
-
-
-[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
-
- 
-
- 
-
-
-
-
-
+[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
\ No newline at end of file
diff --git a/windows/plan/integration-with-management-solutions-.md b/windows/plan/integration-with-management-solutions-.md
index 83dcaee001..73206e6baf 100644
--- a/windows/plan/integration-with-management-solutions-.md
+++ b/windows/plan/integration-with-management-solutions-.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: servicing, devices
-author: TrudyHa
+author: jdeckerMS
 ---
 
 # Integration with management solutions
diff --git a/windows/plan/internet-explorer-web-site-report.md b/windows/plan/internet-explorer-web-site-report.md
index da0098b6c3..f30fc92bd6 100644
--- a/windows/plan/internet-explorer-web-site-report.md
+++ b/windows/plan/internet-explorer-web-site-report.md
@@ -1,68 +1,5 @@
 ---
 title: Internet Explorer - Web Site Report (Windows 10)
-ms.assetid: f072033d-9d42-47ed-8fb0-dbdc28442910
-description: 
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Internet Explorer - Web Site Report
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The **Internet Explorer - Web Site Report** screen shows the following information for each of the websites visited in your organization:
-
--   The website URL.
-
--   Your organization's compatibility rating for the website.
-
--   The count of issues for the website.
-
--   The count of resolved issues for the website.
-
-**To open the Internet Explorer - Web Site Report screen**
-
-1.  In Application Compatibility Manager (ACM), on the **Quick Reports** pane, click **Analyze**.
-
-2.  In the **Quick Reports** pane, under the **Internet Explorer** heading, click **Web Sites**.
-
-## Using the Internet Explorer - Web Site Report Screen
-
-
-On the **Internet Explorer - Web Site Report** screen, you can:
-
--   Export the report data to a spreadsheet, or import a report. For more information, see [Saving, Opening, and Exporting Reports](saving-opening-and-exporting-reports.md).
-
--   Synchronize your compatibility issues by using the Microsoft Compatibility Exchange. For more information, see [Sending and Receiving Compatibility Data](sending-and-receiving-compatibility-data.md).
-
--   Filter the report by using the query builder. For more information, see [Filtering Your Compatibility Data](filtering-your-compatibility-data.md).
-
--   Specify your compatibility rating for a website. For more information, see [Selecting Your Compatibility Rating](selecting-your-compatibility-rating.md).
-
--   Select your deployment status for a website. For more information, see [Selecting Your Deployment Status](selecting-your-deployment-status.md).
-
--   Assign categories and subcategories to a website. For more information, see [Categorizing Your Compatibility Data](categorizing-your-compatibility-data.md).
-
--   Specify the importance of a website to your organization. For more information, see [Prioritizing Your Compatibility Data](prioritizing-your-compatibility-data.md).
-
--   Double-click a website name to view its associated dialog box. For more information, see [&lt;WebsiteURL&gt; Dialog Box](websiteurl-dialog-box.md).
-
- 
-
- 
-
-
-
-
-
+description: The Internet Explorer - Web Site Report screen shows the URL, your organization's compatibility rating, issue count, and resolved issue count, for each of the websites visited in your organization.
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/labeling-data-in-acm.md b/windows/plan/labeling-data-in-acm.md
index 1e0ae71639..92f7448f84 100644
--- a/windows/plan/labeling-data-in-acm.md
+++ b/windows/plan/labeling-data-in-acm.md
@@ -1,54 +1,5 @@
 ---
 title: Labeling Data in ACM (Windows 10)
 description: Application data and its associated compatibility issues can vary within an organization.
-ms.assetid: d099c747-e68a-4cad-a639-9f33efab35b3
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Labeling Data in ACM
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-Application data and its associated compatibility issues can vary within an organization. For example, the applications used by a Human Resources (HR) department might differ from the applications used by a Sales department. Even for applications that are used across an organization, different compatibility issues might be found for each business group because of the unique application use by each business group.
-
-Your data-collection packages can add a *label* to your inventoried applications. To filter by business group when analyzing reports, you can create a different data-collection package for each business group and have each package assign a unique label. For example, you can create a data-collection package for your Sales department with a **Sales** label. During reports analysis, you can filter your results so that only the data with the **Sales** label is visible.
-
-You can specify a label when you create a data-collection package. You cannot change the label for an existing data-collection package.
-
-**To specify the label for a new data-collection package**
-
-1.  In Application Compatibility Manager (ACM), on the **Go** menu, click **Collect**.
-
-2.  On the **Collect** screen, click **File** from the toolbar, and then click **New** to start creating a new data-collection package.
-
-3.  In the wizard, enter the label that you want to be applied by the data-collection package.
-
-## Related topics
-
-
-[Log File Locations for Data-Collection Packages](log-file-locations-for-data-collection-packages.md)
-
-[Exporting a Data-Collection Package](exporting-a-data-collection-package.md)
-
-[Deleting a Data-Collection Package](deleting-a-data-collection-package.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/log-file-locations-for-data-collection-packages.md b/windows/plan/log-file-locations-for-data-collection-packages.md
index 99ea5bc63f..5fa3b6c466 100644
--- a/windows/plan/log-file-locations-for-data-collection-packages.md
+++ b/windows/plan/log-file-locations-for-data-collection-packages.md
@@ -1,54 +1,5 @@
 ---
 title: Log File Locations for Data-Collection Packages (Windows 10)
-ms.assetid: dcc395e7-2d9c-4935-abab-33c5934ce24a
-description: 
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Log File Locations for Data-Collection Packages
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-When you create a data-collection package in Application Compatibility Manager (ACM), you can select an output location for your log files. You have the following options:
-
--   Specify an ACT Log Processing Service (LPS) share. The data-collection package automatically writes the log files to the specified ACT LPS share.
-
-    If the ACT LPS share is unavailable when the upload time interval is reached, the data-collection package will make two more attempts.
-
-    For inventory collector packages, after the third attempt, the inventory collector package no longer attempts to upload data.
-
-    For runtime-analysis packages, if the problem persists, the runtime-analysis package will store the log file in %SYSTEMDRIVE%\\Users\\All Users\\Microsoft\\Application Compatibility Toolkit\\LogProcessor\\Failed. The runtime-analysis package will attempt to upload the files again at the next upload interval.
-
--   Select **Local (%ACTAppData%\\DataCollector\\Output)**. If you use this option, the data-collection package creates log files on the local system and the computer administrator must manually copy the files to the ACT LPS share location. Consider this option for mobile users who are not always connected to the network. The log files are located in %SYSTEMDRIVE%\\Users\\All Users\\Microsoft\\Application Compatibility Toolkit\\DataCollector\\Output.
-
--   Type an alternate network share location. If you use this option, verify that the data-collection package can write to the alternate location. You might consider this option if your organization is geographically diverse. For example, administrators can create data-collection packages and file shares individually for each geographic location. Administrators at a central location must then move the log files to a central location and map the files to the ACT LPS share for processing and entry into the ACT database.
-
-## Related topics
-
-
-[Exporting a Data-Collection Package](exporting-a-data-collection-package.md)
-
-[Deleting a Data-Collection Package](deleting-a-data-collection-package.md)
-
-[Labeling Data in ACM](labeling-data-in-acm.md)
-
- 
-
- 
-
-
-
-
-
+description: Selecting the output for your data-collection package log files.
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/managing-application-compatibility-fixes-and-custom-fix-databases.md b/windows/plan/managing-application-compatibility-fixes-and-custom-fix-databases.md
index 7c8a961d1d..a654054608 100644
--- a/windows/plan/managing-application-compatibility-fixes-and-custom-fix-databases.md
+++ b/windows/plan/managing-application-compatibility-fixes-and-custom-fix-databases.md
@@ -56,17 +56,6 @@ This section provides information about managing your application-compatibility
  
 
 ## Related topics
-
-
 [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
 
-[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
-
- 
-
- 
-
-
-
-
-
+[Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
\ No newline at end of file
diff --git a/windows/plan/managing-your-data-collection-packages.md b/windows/plan/managing-your-data-collection-packages.md
index 46eaa26130..03cbe4849d 100644
--- a/windows/plan/managing-your-data-collection-packages.md
+++ b/windows/plan/managing-your-data-collection-packages.md
@@ -1,80 +1,5 @@
 ---
 title: Managing Your Data-Collection Packages (Windows 10)
 description: This section provides information about using Application Compatibility Manager (ACM) to manage your data-collection packages.
-ms.assetid: 369ae82f-c8ca-42ec-85df-1b760a74e70a
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Managing Your Data-Collection Packages
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section provides information about using Application Compatibility Manager (ACM) to manage your data-collection packages. Data-collection packages include inventory-collector packages and runtime-analysis packages. The following procedures apply to both package types.
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Log File Locations for Data-Collection Packages](log-file-locations-for-data-collection-packages.md)</p></td>
-<td align="left"><p>When you create a data-collection package in Application Compatibility Manager (ACM), you can select an output location for your log files. You have the following options:</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Exporting a Data-Collection Package](exporting-a-data-collection-package.md)</p></td>
-<td align="left"><p>In Application Compatibility Manager (ACM), you can export a data-collection package as a Windows installer (.msi) file. You can then use the .msi file to install the data-collection package on the computers from which you want to gather data.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Deleting a Data-Collection Package](deleting-a-data-collection-package.md)</p></td>
-<td align="left"><p>In Application Compatibility Manager (ACM), you can delete any of your existing data-collection packages from the database.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Labeling Data in ACM](labeling-data-in-acm.md)</p></td>
-<td align="left"><p>Application data and its associated compatibility issues can vary within an organization. For example, the applications used by a Human Resources (HR) department might differ from the applications used by a Sales department. Even for applications that are used across an organization, different compatibility issues might be found for each business group because of the unique application use by each business group.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Taking Inventory of Your Organization](taking-inventory-of-your-organization.md)
-
-[Testing Compatibility on the Target Platform](testing-compatibility-on-the-target-platform.md)
-
-[Analyzing Your Compatibility Data](analyzing-your-compatibility-data.md)
-
-[Fixing Compatibility Issues](fixing-compatibility-issues.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/organizational-tasks-for-each-report-type.md b/windows/plan/organizational-tasks-for-each-report-type.md
index e572f3b042..61498e165d 100644
--- a/windows/plan/organizational-tasks-for-each-report-type.md
+++ b/windows/plan/organizational-tasks-for-each-report-type.md
@@ -1,96 +1,5 @@
 ---
 title: Organizational Tasks for Each Report Type (Windows 10)
 description: The following table shows which tasks can be performed for each report type.
-ms.assetid: 7463fab1-ba6e-4a9a-9112-0b69a18fe353
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Organizational Tasks for Each Report Type
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The following table shows which tasks can be performed for each report type.
-
-<table style="width:100%;">
-<colgroup>
-<col width="14%" />
-<col width="14%" />
-<col width="14%" />
-<col width="14%" />
-<col width="14%" />
-<col width="14%" />
-<col width="14%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Report</th>
-<th align="left">[Selecting Your Compatibility Rating](selecting-your-compatibility-rating.md)</th>
-<th align="left">[Selecting Your Deployment Status](selecting-your-deployment-status.md)</th>
-<th align="left">[Categorizing Your Compatibility Data](categorizing-your-compatibility-data.md)</th>
-<th align="left">[Prioritizing Your Compatibility Data](prioritizing-your-compatibility-data.md)</th>
-<th align="left">[Selecting the Send and Receive Status for an Application](selecting-the-send-and-receive-status-for-an-application.md)</th>
-<th align="left">[Creating and Editing Issues and Solutions](creating-and-editing-issues-and-solutions.md)</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[&lt;OperatingSystem&gt; - Application Report](act-operatingsystem-application-report.md)</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[&lt;OperatingSystem&gt; - Computer Report](act-operatingsystem-computer-report.md)</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[&lt;OperatingSystem&gt; - Device Report](act-operatingsystem-device-report.md)</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>No</p></td>
-<td align="left"><p>No</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[&lt;WebsiteURL&gt; Dialog Box](websiteurl-dialog-box.md)</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-<td align="left"><p>Yes</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/organizing-your-compatibility-data.md b/windows/plan/organizing-your-compatibility-data.md
index 54bc38d151..30d2918977 100644
--- a/windows/plan/organizing-your-compatibility-data.md
+++ b/windows/plan/organizing-your-compatibility-data.md
@@ -1,90 +1,5 @@
 ---
 title: Organizing Your Compatibility Data (Windows 10)
 description: This section provides step-by-step instructions for organizing your compatibility data in Application Compatibility Manager (ACM).
-ms.assetid: e91ae444-5d85-4b5f-b655-a765ecc78b1e
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Organizing Your Compatibility Data
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section provides step-by-step instructions for organizing your compatibility data in Application Compatibility Manager (ACM).
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Organizational Tasks for Each Report Type](organizational-tasks-for-each-report-type.md)</p></td>
-<td align="left"><p>The following table shows which tasks can be performed for each report type.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Selecting Your Compatibility Rating](selecting-your-compatibility-rating.md)</p></td>
-<td align="left"><p>You can rate the compatibility of your applications, installation packages, or websites, based on whether they run successfully on a 32-bit or 64-bit operating system. Your rating applies to your entire organization and is based on your own testing results and organizational requirements.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Selecting Your Deployment Status](selecting-your-deployment-status.md)</p></td>
-<td align="left"><p>In Application Compatibility Manager (ACM), you can track the deployment status of your applications and websites.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Categorizing Your Compatibility Data](categorizing-your-compatibility-data.md)</p></td>
-<td align="left"><p>To customize and filter your compatibility reports, you can create categories and subcategories to assign to your applications, computers, devices, and websites. By default, Microsoft provides the following categories:</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Prioritizing Your Compatibility Data](prioritizing-your-compatibility-data.md)</p></td>
-<td align="left"><p>You can prioritize your applications, websites, computers, and devices to help customize and filter your compatibility reports. The priority levels are:</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Selecting the Send and Receive Status for an Application](selecting-the-send-and-receive-status-for-an-application.md)</p></td>
-<td align="left"><p>For each application listed in Application Compatibility Manager (ACM), you can select whether to send and receive specific application data through the Microsoft Compatibility Exchange</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Creating and Editing Issues and Solutions](creating-and-editing-issues-and-solutions.md)</p></td>
-<td align="left"><p>This section provides step-by-step instructions for adding and editing application compatibility issues and solutions. Your issue and solution data can be uploaded to Microsoft through the Microsoft® Compatibility Exchange.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Viewing Your Compatibility Reports](viewing-your-compatibility-reports.md)
-
-[Filtering Your Compatibility Data](filtering-your-compatibility-data.md)
-
-[Sending and Receiving Compatibility Data](sending-and-receiving-compatibility-data.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/prepare-your-organization-for-windows-to-go.md b/windows/plan/prepare-your-organization-for-windows-to-go.md
index fabf25bc73..a5443fb11c 100644
--- a/windows/plan/prepare-your-organization-for-windows-to-go.md
+++ b/windows/plan/prepare-your-organization-for-windows-to-go.md
@@ -70,7 +70,7 @@ Because Windows To Go requires no additional software and minimal configuration,
 
 Windows To Go uses volume activation. You can use either Active Directory-based activation or KMS activation with Windows To Go. The Windows To Go workspace counts as another installation when assessing compliance with application licensing agreements.
 
-Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Please note, due to the retail subscription activation method associated with Office 365 ProPlus, Office 365 ProPlus subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This is available to organizations who purchase Office 365 ProPlus or Office 365 Enterprise SKUs containing Office 365 ProPlus via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](http://go.microsoft.com/fwlink/p/?LinkId=618922).
+Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Please note, due to the retail subscription activation method associated with Office 365 ProPlus, Office 365 ProPlus subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This is available to organizations who purchase Office 365 ProPlus or Office 365 Enterprise SKUs containing Office 365 ProPlus via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](https://go.microsoft.com/fwlink/p/?LinkId=618922).
 
 You should investigate other software manufacturer’s licensing requirements to ensure they are compatible with roaming usage before deploying them to a Windows To Go workspace.
 
@@ -79,7 +79,7 @@ Using Multiple Activation Key (MAK) activation is not a supported activation met
 
  
 
-See [Plan for Volume Activation](http://go.microsoft.com/fwlink/p/?LinkId=618923) for more information about these activation methods and how they can be used in your organization.
+See [Plan for Volume Activation](https://go.microsoft.com/fwlink/p/?LinkId=618923) for more information about these activation methods and how they can be used in your organization.
 
 ## Organizational unit structure and use of Group Policy Objects
 
@@ -98,14 +98,14 @@ If you configure Windows To Go drives for scenarios where drives may remain unus
 ## User account and data management
 
 
-People use computers to work with data and consume content - that is their core function. The data must be stored and retrievable for it to be useful. When users are working in a Windows To Go workspace, they need to have the ability to get to the data that they work with and to keep it accessible when the workspace is not being used. For this reason we recommend that you use folder redirection and offline files to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. We also recommend that you use roaming user profiles to synchronize user specific settings so that users receive the same operating system and application settings when using their Windows To Go workspace and their desktop computer. When a user signs in using a domain account that is set up with a file share as the profile path, the user’s profile is downloaded to the local computer and merged with the local profile (if present). When the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](http://go.microsoft.com/fwlink/p/?LinkId=618924).
+People use computers to work with data and consume content - that is their core function. The data must be stored and retrievable for it to be useful. When users are working in a Windows To Go workspace, they need to have the ability to get to the data that they work with and to keep it accessible when the workspace is not being used. For this reason we recommend that you use folder redirection and offline files to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. We also recommend that you use roaming user profiles to synchronize user specific settings so that users receive the same operating system and application settings when using their Windows To Go workspace and their desktop computer. When a user signs in using a domain account that is set up with a file share as the profile path, the user’s profile is downloaded to the local computer and merged with the local profile (if present). When the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](https://go.microsoft.com/fwlink/p/?LinkId=618924).
 
 Windows To Go is fully integrated with your Microsoft account. Setting synchronization is accomplished by connecting a Microsoft account to a user account. Windows To Go devices fully support this feature and can be managed by Group Policy so that the customization and configurations you prefer will be applied to your Windows To Go workspace.
 
 ## Remote connectivity
 
 
-If you want Windows To Go to be able to connect back to organizational resources when it is being used off-premises a remote connectivity solution must be enabled. Windows Server 2012 DirectAccess can be used as can a virtual private network (VPN) solution. For more information about configuring a remote access solution, see the [Remote Access (DirectAccess, Routing and Remote Access) Overview](http://go.microsoft.com/fwlink/p/?LinkId=618925).
+If you want Windows To Go to be able to connect back to organizational resources when it is being used off-premises a remote connectivity solution must be enabled. Windows Server 2012 DirectAccess can be used as can a virtual private network (VPN) solution. For more information about configuring a remote access solution, see the [Remote Access (DirectAccess, Routing and Remote Access) Overview](https://go.microsoft.com/fwlink/p/?LinkId=618925).
 
 ## Related topics
 
diff --git a/windows/plan/prioritizing-your-compatibility-data.md b/windows/plan/prioritizing-your-compatibility-data.md
index 3d55e9d1f3..7304d6dbb9 100644
--- a/windows/plan/prioritizing-your-compatibility-data.md
+++ b/windows/plan/prioritizing-your-compatibility-data.md
@@ -1,103 +1,5 @@
 ---
 title: Prioritizing Your Compatibility Data (Windows 10)
-ms.assetid: 103e125a-bd2b-4019-9d6a-2e1d50c380b1
-description: 
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Prioritizing Your Compatibility Data
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-You can prioritize your applications, websites, computers, and devices to help customize and filter your compatibility reports. The priority levels are:
-
--   **Priority 1 - Business Critical**. The highest priority level, applied to an item that is so important to your organization that a compatibility issue with the item would keep you from deploying a new operating system.
-
--   **Priority 2 - Important**. Items that your organization regularly uses but can function without.
-
--   **Priority 3 - Nice to Have**. Lower-priority items that you want to show in your compatibility reports that do not belong in either of the previous two categories.
-
--   **Priority 4 - Unimportant**. Items that are irrelevant to the daily functions of your organization.
-
--   **Unspecified**. The default priority level, applied to items that have not yet been reviewed for deployment.
-
-## Prioritizing Your Applications, Computers, Devices, and Websites
-
-
-The following example uses the **&lt;Operating\_System&gt; - Application Report** screen. You can alternatively use the **&lt;Application\_Name&gt;** dialog box. The procedure is the same on the reports for computers, devices, and websites.
-
-**To change the priority**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, click the name of the application.
-
-2.  On the **Actions** menu, click **Set Priority**.
-
-3.  Click a priority, and then click **OK**.
-
-**To filter your data by priority**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, click **Toggle Filter**.
-
-2.  Enter your filter criteria, pressing the Tab key to add clauses.
-
-    Consider the following example, which shows a query that filters for all applications that have a priority level of **Business Critical** or **Important**.
-
-    <table>
-    <colgroup>
-    <col width="25%" />
-    <col width="25%" />
-    <col width="25%" />
-    <col width="25%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">And/Or</th>
-    <th align="left">Field</th>
-    <th align="left">Operator</th>
-    <th align="left">Value</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>And</p></td>
-    <td align="left"><p>Priority</p></td>
-    <td align="left"><p>Equals</p></td>
-    <td align="left"><p>Priority 1 - Business Critical</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>Or</p></td>
-    <td align="left"><p>Priority</p></td>
-    <td align="left"><p>Equals</p></td>
-    <td align="left"><p>Priority 2 - Important</p></td>
-    </tr>
-    </tbody>
-    </table>
-
-     
-
-    To delete a clause, right-click the row, and then click **Delete Clause**.
-
-3.  Click **Refresh**.
-
-    Your filtered results appear.
-
- 
-
- 
-
-
-
-
-
+description: Prioritizing your apps, websites, computers, and devices to help customize and filter your compatibilty reports.
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/ratings-icons-in-acm.md b/windows/plan/ratings-icons-in-acm.md
index e8f095c0ac..c1f0184338 100644
--- a/windows/plan/ratings-icons-in-acm.md
+++ b/windows/plan/ratings-icons-in-acm.md
@@ -1,111 +1,5 @@
 ---
 title: Ratings Icons in ACM (Windows 10)
 description: Compatibility ratings can originate from Microsoft, the application vendor, your organization, and from the Application Compatibility Toolkit (ACT) community.
-ms.assetid: 0165499e-cb47-4d76-98a6-b871d23e4e83
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Ratings Icons in ACM
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-Compatibility ratings can originate from Microsoft, the application vendor, your organization, and from the Application Compatibility Toolkit (ACT) community.
-
-For information about specifying your own ratings, see [Selecting Your Compatibility Rating](selecting-your-compatibility-rating.md). For information about community ratings, see [ACT Community Ratings and Process](act-community-ratings-and-process.md).
-
-## Icons
-
-
-The following table shows icons that appear on the report screens and dialog boxes for **Company Assessment** and **Vendor Assessment**.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Icon</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-greenworksicon.gif" alt="ACT Green icon" /></td>
-<td align="left"><p>Application, device, or website functions as expected on a 32-bit operating system.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-greenworks64icon.gif" alt="ACT green 64-bit icon" /></td>
-<td align="left"><p>Application, device, or website functions as expected on a 64-bit operating system.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-minorissuesicon.png" alt="ACT minor issue icon" /></td>
-<td align="left"><p>Application, device, or website with issues that are minor or have known solutions on a 32-bit operating system. Severity 3 issues are considered minor issues.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-minorissues64icon.gif" alt="ACT Minor issues 64-bit icon" /></td>
-<td align="left"><p>Application, device, or website with issues that are minor or have known solutions on a 64-bit operating system.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-doesnotworkicon.gif" alt="ACT does not work icon" /></td>
-<td align="left"><p>Application, device, or website with major issues, such as data loss or severely impaired functionality, on 32-bit operating systems. Severity 1 and Severity 2 issues are considered major issues.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-doesnotwork64icon.gif" alt="ACT does not work 64-bit icon" /></td>
-<td align="left"><p>Application, device, or website with major issues, such as data loss or severely impaired functionality, on 64-bit operating systems.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><img src="images/dep-win8-e-act-infoicon.gif" alt="ACT Information icon" /></td>
-<td align="left"><p>Application, device, or website that does not have any application assessment data for 32-bit operating systems. The item does not match any information in the database, or no assessments have been submitted.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><img src="images/dep-win8-e-act-info64icon.gif" alt="ACT 64-bit info icon" /></td>
-<td align="left"><p>Application, device, or website that does not have any application assessment data for 64-bit operating systems.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## User Ratings and ACT Community Ratings
-
-
-Ratings are displayed graphically in the **User Ratings** column and the **Community Assessment** column. The rating color and bar count depend on how the users or community rated the item. There are three possible ratings:
-
--   **Works**. Applications with this rating receive five green bars.
-
--   **Works with minor issues or has solutions**. Applications with this rating receive three light-green bars.
-
--   **Does not work**. Applications with this rating receive a single red bar.
-
-The color gradient from one to five bars shows the average rating.
-
-![act community](images/dep-win8-e-act-communityexample.gif)
-
-## Related topics
-
-
-[Selecting Your Compatibility Rating](selecting-your-compatibility-rating.md)
-
-[Analyzing Your Compatibility Data](analyzing-your-compatibility-data.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/resolving-an-issue.md b/windows/plan/resolving-an-issue.md
index 4d5557c944..e6a5b97651 100644
--- a/windows/plan/resolving-an-issue.md
+++ b/windows/plan/resolving-an-issue.md
@@ -1,62 +1,5 @@
 ---
 title: Resolving an Issue (Windows 10)
 description: You can use Application Compatibility Manager (ACM) to flag issues as resolved. Resolving an issue changes the status of the issue from a red x to a green check mark on your report and report detail screens.
-ms.assetid: 96195122-185d-4f6a-8e84-79c3d069e933
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Resolving an Issue
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-You can use Application Compatibility Manager (ACM) to flag issues as resolved. Resolving an issue changes the status of the issue from a red **x** to a green check mark on your report and report detail screens.
-
-Resolving an issue is not required. However, if you do not resolve the issue, the issue remains active in your ACT database and provides inaccurate reports.
-
-## Resolving Issues for Your Applications and Websites
-
-
-This procedure describes how to resolve an existing issue that is documented in ACM. For information about adding an issue, see [Adding or Editing an Issue](adding-or-editing-an-issue.md).
-
-**Note**  
-The following example uses the **&lt;Application\_Name&gt;** dialog box. The procedure is similar for websites.
-
- 
-
-**To resolve issues**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, double-click the name of the application to display the **&lt;Application\_Name&gt;** dialog box.
-
-2.  Click the **Issues** tab.
-
-3.  Double-click the specific issue to resolve.
-
-4.  On the **Actions** menu, click **Resolve**, and then close the **&lt;Application\_Name&gt; - &lt;Issue\_Title&gt;** dialog box.
-
-    The issue appears with a green check mark in the report details screen.
-
-    **Note**  
-    If you have not entered a solution but have resolved the issue, Microsoft recommends that you enter a solution with **Other** solution type and add text that describes why you resolved the issue without a solution. For information about entering solutions, see [Adding or Editing a Solution](adding-or-editing-a-solution.md).
-
-     
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/saving-opening-and-exporting-reports.md b/windows/plan/saving-opening-and-exporting-reports.md
index 67d940bd0d..65bfc93fba 100644
--- a/windows/plan/saving-opening-and-exporting-reports.md
+++ b/windows/plan/saving-opening-and-exporting-reports.md
@@ -1,78 +1,5 @@
 ---
 title: Saving, Opening, and Exporting Reports (Windows 10)
 description: You can perform several common reporting tasks from the Analyze screen, including saving a compatibility report, opening a saved compatibility report (.adq) file, and exporting your report data to a spreadsheet (.xls) file.
-ms.assetid: 8be72a6c-63ab-4451-ad79-815e2ac18aa2
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Saving, Opening, and Exporting Reports
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-You can perform several common reporting tasks from the **Analyze** screen, including saving a compatibility report, opening a saved compatibility report (.adq) file, and exporting your report data to a spreadsheet (.xls) file.
-
-## Saving Your Compatibility Report
-
-
-You can save your compatibility report data, including any custom filters created by the query builder tool. You can import this report data back into Application Compatibility Manager (ACM) at a later time.
-
-**To save a report**
-
-1.  In the **Quick Reports** pane, click **Analyze**.
-
-2.  Expand the node for the target operating system for which you want to see compatibility reports, and then click a node for a report type.
-
-3.  On the **File** menu, click **Save As**.
-
-4.  Browse to the folder where you want to save your report, and then click **Save**.
-
-## Opening an Existing Compatibility Report
-
-
-In ACM, you can open, or import, a compatibility report (.adq) file.
-
-**To open a report**
-
-1.  In the **Quick Reports** pane, click **Analyze**.
-
-2.  Expand the node for the target operating system for which you want to see compatibility reports, and then click a node for a report type.
-
-3.  On the **File** menu, click **Open Report**.
-
-4.  Browse to the folder where you saved your report, and then click **Open**.
-
-## Exporting Compatibility Report Data
-
-
-You can export your compatibility report data to an Microsoft® Excel® spreadsheet (.xls) file.
-
-**To export report data**
-
-1.  In the **Quick Reports** pane, click **Analyze**.
-
-2.  Expand the node for the target operating system for which you want to see compatibility reports, and then click a node for a report type.
-
-3.  On the **File** menu, click **Export Report**.
-
-4.  Browse to the folder where you want to store the spreadsheet file, and then click **Save**.
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/searching-for-fixed-applications-in-compatibility-administrator.md b/windows/plan/searching-for-fixed-applications-in-compatibility-administrator.md
index 99b2f4a61f..2488fe4e38 100644
--- a/windows/plan/searching-for-fixed-applications-in-compatibility-administrator.md
+++ b/windows/plan/searching-for-fixed-applications-in-compatibility-administrator.md
@@ -62,8 +62,6 @@ You can export your search results to a text (.txt) file for later review or arc
 2.  Browse to the location where you want to store your search result file, and then click **Save**.
 
 ## Related topics
-
-
 [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
 
  
diff --git a/windows/plan/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/plan/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
index 25906a1746..34260942d9 100644
--- a/windows/plan/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
+++ b/windows/plan/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
@@ -166,8 +166,6 @@ You can export any of your search results into a tab-delimited text (.txt) file
 2.  Browse to the location where you intend to store the search results file, and then click **Save**.
 
 ## Related topics
-
-
 [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
 
  
diff --git a/windows/plan/security-and-data-protection-considerations-for-windows-to-go.md b/windows/plan/security-and-data-protection-considerations-for-windows-to-go.md
index 999d2e6956..2cce8de874 100644
--- a/windows/plan/security-and-data-protection-considerations-for-windows-to-go.md
+++ b/windows/plan/security-and-data-protection-considerations-for-windows-to-go.md
@@ -22,9 +22,9 @@ One of the most important requirements to consider when you plan your Windows To
 ## Backup and restore
 
 
-As long as you are not saving data on the Windows To Go drive, there is no need for a backup and restore solution for Windows To Go. If you are saving data on the drive and are not using folder redirection and offline files, you should back up all of your data to a network location, such as cloud storage or a network share after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](http://go.microsoft.com/fwlink/p/?LinkId=619102) for different solutions you could implement.
+As long as you are not saving data on the Windows To Go drive, there is no need for a backup and restore solution for Windows To Go. If you are saving data on the drive and are not using folder redirection and offline files, you should back up all of your data to a network location, such as cloud storage or a network share after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](https://go.microsoft.com/fwlink/p/?LinkId=619102) for different solutions you could implement.
 
-If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and re-provision the drive with Windows To Go, so all data and customization on the drive will be lost. This is another reason why using roaming user profiles, folder redirection and offline files with Windows To Go is strongly recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](http://go.microsoft.com/fwlink/p/?LinkId=618924).
+If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and re-provision the drive with Windows To Go, so all data and customization on the drive will be lost. This is another reason why using roaming user profiles, folder redirection and offline files with Windows To Go is strongly recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](https://go.microsoft.com/fwlink/p/?LinkId=618924).
 
 ## BitLocker
 
@@ -47,16 +47,16 @@ We recommend that you use the **NoDefaultDriveLetter** attribute when provisioni
 
 To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It is strongly recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
 
-For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](http://go.microsoft.com/fwlink/p/?LinkId=619103).
+For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](https://go.microsoft.com/fwlink/p/?LinkId=619103).
 
 ## Security certifications for Windows To Go
 
 
 Windows to Go is a core capability of Windows when it is deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for additional certifications by the solution provider that cover the solution provider’s specific hardware environment. For more details about Windows security certifications, see the following topics.
 
--   [Windows Platform Common Criteria Certification](http://go.microsoft.com/fwlink/p/?LinkId=619104)
+-   [Windows Platform Common Criteria Certification](https://go.microsoft.com/fwlink/p/?LinkId=619104)
 
--   [FIPS 140 Evaluation](http://go.microsoft.com/fwlink/p/?LinkId=619107)
+-   [FIPS 140 Evaluation](https://go.microsoft.com/fwlink/p/?LinkId=619107)
 
 ## Related topics
 
diff --git a/windows/plan/selecting-the-send-and-receive-status-for-an-application.md b/windows/plan/selecting-the-send-and-receive-status-for-an-application.md
index 782d3c1651..3674f73b68 100644
--- a/windows/plan/selecting-the-send-and-receive-status-for-an-application.md
+++ b/windows/plan/selecting-the-send-and-receive-status-for-an-application.md
@@ -1,98 +1,5 @@
 ---
 title: Selecting the Send and Receive Status for an Application (Windows 10)
 description: For each application listed in Application Compatibility Manager (ACM), you can select whether to send and receive specific application data through the Microsoft Compatibility Exchange.
-ms.assetid: ae139093-27cf-4ad8-882d-e0509e78d33a
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Selecting the Send and Receive Status for an Application
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-For each application listed in Application Compatibility Manager (ACM), you can select whether to send and receive specific application data through the Microsoft Compatibility Exchange
-
-. For information about how to send and receive data, see [Sending and Receiving Compatibility Data](sending-and-receiving-compatibility-data.md).
-
-## Selecting the Send and Receive Status for an Application
-
-
-**Note**  
-The following example uses the **&lt;Operating\_System&gt; - Application Report** screen. You can alternatively use the **&lt;Application\_Name&gt;** dialog box.
-
- 
-
-**To change the send and receive status for an application**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, click the application name for which you want to select the send and receive status.
-
-2.  On the **Actions** menu, click **Set Send and Receive Status**.
-
-3.  Select one of the following:
-
-    -   **Do not send to Microsoft**
-
-    -   **Send to Microsoft** (default)
-
-4.  Click **OK**.
-
-**To filter based on send and receive status**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, click **Toggle Filter**.
-
-2.  In the **Query Builder**, enter your filter criteria, pressing the Tab key to add clauses.
-
-    To delete a clause, right-click the row, and then click **Delete Clause**.
-
-    The following example shows a query that filters for applications with a send and receive status of **Do not send to Microsoft**.
-
-    <table>
-    <colgroup>
-    <col width="25%" />
-    <col width="25%" />
-    <col width="25%" />
-    <col width="25%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">And/Or</th>
-    <th align="left">Field</th>
-    <th align="left">Operator</th>
-    <th align="left">Value</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>And</p></td>
-    <td align="left"><p>Send and Receive Status</p></td>
-    <td align="left"><p>Equals</p></td>
-    <td align="left"><p>Do not send to Microsoft</p></td>
-    </tr>
-    </tbody>
-    </table>
-
-     
-
-3.  Click **Refresh**.
-
-    Your filtered results appear.
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/selecting-your-compatibility-rating.md b/windows/plan/selecting-your-compatibility-rating.md
index b7042d456d..e0b0defc6d 100644
--- a/windows/plan/selecting-your-compatibility-rating.md
+++ b/windows/plan/selecting-your-compatibility-rating.md
@@ -1,108 +1,5 @@
 ---
 title: Selecting Your Compatibility Rating (Windows 10)
 description: You can rate the compatibility of your applications, installation packages, or websites, based on whether they run successfully on a 32-bit or 64-bit operating system.
-ms.assetid: 959da499-8fd6-4f32-8771-a0580dd8e0d3
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Selecting Your Compatibility Rating
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-You can rate the compatibility of your applications, installation packages, or websites, based on whether they run successfully on a 32-bit or 64-bit operating system. Your rating applies to your entire organization and is based on your own testing results and organizational requirements.
-
-Possible ratings include:
-
--   **Works**. During your organization's testing phase, there were no issues with the application, installation package, or website.
-
--   **Works with minor issues or has solutions**. During your organization's testing phase, there were no Severity 1 or Severity 2 issues with the application, installation package, or website. For information about severity levels, see [Adding or Editing an Issue](adding-or-editing-an-issue.md).
-
--   **Does not work**. During your organization's testing phase, the application, installation package, or website experienced a Severity 1 or Severity 2 issue.
-
--   **No data**. You have no compatibility data to provide.
-
-## Selecting a Compatibility Rating
-
-
-You can select your compatibility rating from the report screen or from the associated dialog box that shows report details. As an example, the following procedures use the **&lt;Operating\_System&gt; - Application Report** screen. You can alternatively use the **&lt;Application\_Name&gt;** dialog box. The procedure is the same on the report for websites.
-
-**To select your compatibility rating**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, click the application name.
-
-2.  On the **Actions** menu, click **Set Assessment**.
-
-3.  Choose your ratings. Select separate ratings for 32-bit operating systems and 64-bit operating systems, and then click **OK**.
-
-    If your organization does not use a 32-bit operating system, or does not use a 64-bit operating system, you can hide the option in the **Customize Report Views** dialog box. If you hide the option, the associated column no longer appears in the **Set Assessment** dialog box.
-
-## Filtering By Your Compatibility Ratings
-
-
-You can filter your applications, installation packages, or website data by your compatibility ratings.
-
-**To filter based on your compatibility ratings**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, click **Toggle Filter**.
-
-2.  In the **Query Builder**, enter your filter criteria, pressing the Tab key to add additional clauses.
-
-    For example, the following query will show applications with a rating of **Works** or a rating of **Works with minor issues or has solutions**.
-
-    <table>
-    <colgroup>
-    <col width="25%" />
-    <col width="25%" />
-    <col width="25%" />
-    <col width="25%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">And/Or</th>
-    <th align="left">Field</th>
-    <th align="left">Operator</th>
-    <th align="left">Value</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>And</p></td>
-    <td align="left"><p>My Assessment</p></td>
-    <td align="left"><p>Equals</p></td>
-    <td align="left"><p>Works</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>Or</p></td>
-    <td align="left"><p>My Assessment</p></td>
-    <td align="left"><p>Equals</p></td>
-    <td align="left"><p>Works with minor issues or has solutions</p></td>
-    </tr>
-    </tbody>
-    </table>
-
-     
-
-    To delete a clause, right-click the row, and then click **Delete Clause**.
-
-3.  Click **Refresh**.
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/selecting-your-deployment-status.md b/windows/plan/selecting-your-deployment-status.md
index 8cc4a070bc..61fdf90369 100644
--- a/windows/plan/selecting-your-deployment-status.md
+++ b/windows/plan/selecting-your-deployment-status.md
@@ -1,117 +1,5 @@
 ---
 title: Selecting Your Deployment Status (Windows 10)
 description: In Application Compatibility Manager (ACM), you can track the deployment status of your applications and websites.
-ms.assetid: 7735d256-77eb-4498-93aa-c838ee6e00fc
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Selecting Your Deployment Status
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-In Application Compatibility Manager (ACM), you can track the deployment status of your applications and websites.
-
-## Selecting Your Deployment Status
-
-
-You can change the deployment status from both the report screen and the associated report dialog box.
-
-**Note**  
-The following examples use the **&lt;Operating\_System&gt; - Application Report** screen. You can alternatively use the **&lt;Application\_Name&gt;** dialog box. The procedure is the same for setting deployment status on the report for websites.
-
- 
-
-**To change the deployment status of an application**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, click the application name.
-
-2.  On the **Actions** menu, click **Set Deployment Status**.
-
-3.  Select one of the following options:
-
-    -   **Not Reviewed** (default)
-
-    -   **Testing**
-
-    -   **Mitigating**
-
-    -   **Ready to Deploy**
-
-    -   **Will Not Deploy**
-
-4.  Click **OK**.
-
-## Filtering By Deployment Status
-
-
-You can filter your applications and websites by your deployment status.
-
-**To filter based on deployment status**
-
-1.  On the **&lt;Operating\_System&gt; - Application Report** screen, click **Toggle Filter**.
-
-    The **Query Builder** appears with a blank row.
-
-2.  In the **Query Builder**, enter your filter criteria, pressing the Tab key to add clauses.
-
-    For example, the following query filters for applications with a deployment status of **Mitigating** or **Ready to Deploy**.
-
-    <table>
-    <colgroup>
-    <col width="25%" />
-    <col width="25%" />
-    <col width="25%" />
-    <col width="25%" />
-    </colgroup>
-    <thead>
-    <tr class="header">
-    <th align="left">And/Or</th>
-    <th align="left">Field</th>
-    <th align="left">Operator</th>
-    <th align="left">Value</th>
-    </tr>
-    </thead>
-    <tbody>
-    <tr class="odd">
-    <td align="left"><p>And</p></td>
-    <td align="left"><p>Deployment Status</p></td>
-    <td align="left"><p>Equals</p></td>
-    <td align="left"><p>Mitigating</p></td>
-    </tr>
-    <tr class="even">
-    <td align="left"><p>Or</p></td>
-    <td align="left"><p>Deployment Status</p></td>
-    <td align="left"><p>Equals</p></td>
-    <td align="left"><p>Ready to Deploy</p></td>
-    </tr>
-    </tbody>
-    </table>
-
-     
-
-    To delete a clause, right-click the row, and then click **Delete Clause**.
-
-3.  Click **Refresh**.
-
-    Your filtered results appear.
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/sending-and-receiving-compatibility-data.md b/windows/plan/sending-and-receiving-compatibility-data.md
index 5a694085b2..fe2e0356a0 100644
--- a/windows/plan/sending-and-receiving-compatibility-data.md
+++ b/windows/plan/sending-and-receiving-compatibility-data.md
@@ -1,69 +1,5 @@
 ---
 title: Sending and Receiving Compatibility Data (Windows 10)
 description: The Microsoft® Compatibility Exchange is a web service that propagates application compatibility issues between various data sources, for example Microsoft Corporation, independent software vendors (ISVs) and the ACT Community.
-ms.assetid: b86d2431-1caa-4f95-baf9-52ff6af546cd
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Sending and Receiving Compatibility Data
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The Microsoft® Compatibility Exchange is a web service that propagates application compatibility issues between various data sources, for example Microsoft Corporation, independent software vendors (ISVs) and the ACT Community. This process involves checking for updated compatibility information from Microsoft over the Internet. You can send and receive data to keep Application Compatibility Manager (ACM) updated with the latest compatibility information.
-
-The synchronization process includes only the changes made since the last synchronization. During the synchronization process, a dialog box displaying the synchronization status appears. You can continue to work during this process. If no new issues have occurred since your last synchronization, the Microsoft Compatibility Exchange uploads your issue information and notifies you that no updates exist.
-
-The synchronization process uses the Microsoft Compatibility Exchange to:
-
--   Download new information from Microsoft and ISVs, except for the applications for which you choose not to send application data to Microsoft.
-
--   Upload your compatibility issues to Microsoft.
-
--   Upload and download compatibility information from the ACT Community, if you are a member of the ACT Community and agree to share your data. For information about configuring your membership in the ACT Community, see [Settings Dialog Box - Preferences Tab](act-settings-dialog-box-preferences-tab.md).
-
-For information about which data is sent and received through the Microsoft Compatibility exchange, see [Data Sent Through the Microsoft Compatibility Exchange](data-sent-through-the-microsoft-compatibility-exchange.md).
-
-## Reviewing and Synchronizing Your Data
-
-
-Prior to sending your application data to Microsoft, you can review your application list and view the exact data being sent as a text (.txt) file. After you are done reviewing the information, you can synchronize your data with Microsoft.
-
-**To review and synchronize your data**
-
-1.  On the **Analyze** screen, click **Send and Receive**.
-
-2.  Click **Review the data before sending**.
-
-    The **Send and Receive Data** dialog box shows all of the application data that is to be sent to Microsoft during the synchronization process. To avoid sending application data for specific applications, see [Selecting the Send and Receive Status for an Application](selecting-the-send-and-receive-status-for-an-application.md).
-
-3.  Optionally, click **Review all data**, save the resulting .txt file locally, and then review the exact XML data that will be sent to Microsoft.
-
-4.  After you finish reviewing the application list and XML data, click **Send**.
-
-## Related topics
-
-
-[Data Sent Through the Microsoft Compatibility Exchange](data-sent-through-the-microsoft-compatibility-exchange.md)
-
-[ACT Community Ratings and Process](act-community-ratings-and-process.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/settings-for-acm.md b/windows/plan/settings-for-acm.md
index 6abb406ec3..fe209d179d 100644
--- a/windows/plan/settings-for-acm.md
+++ b/windows/plan/settings-for-acm.md
@@ -1,70 +1,5 @@
 ---
 title: Settings for ACM (Windows 10)
 description: This section provides information about settings that you can configure in Application Compatibility Manager (ACM).
-ms.assetid: e0126284-4348-4708-8976-a1e404f35971
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Settings for ACM
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section provides information about settings that you can configure in Application Compatibility Manager (ACM).
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Settings Dialog Box - Settings Tab](act-settings-dialog-box-settings-tab.md)</p></td>
-<td align="left"><p>To display the <strong>Settings</strong> dialog box, in Application Compatibility Manager (ACM), on the <strong>Tools</strong> menu, click <strong>Settings</strong>.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Settings Dialog Box - Preferences Tab](act-settings-dialog-box-preferences-tab.md)</p></td>
-<td align="left"><p>To display the <strong>Settings</strong> dialog box, in Application Compatibility Manager (ACM), on the <strong>Tools</strong> menu, click <strong>Settings</strong>.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Configuring ACT](configuring-act.md)
-
-[ACT Database Configuration](act-database-configuration.md)
-
-[Troubleshooting ACT](troubleshooting-act.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/setup-and-deployment.md b/windows/plan/setup-and-deployment.md
index 618c4b80a0..6705747d10 100644
--- a/windows/plan/setup-and-deployment.md
+++ b/windows/plan/setup-and-deployment.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: servicing, devices
-author: TrudyHa
+author: jdeckerMS
 ---
 
 # Setup and deployment
@@ -87,7 +87,7 @@ Windows Update for Business allows administrators to control when upgrades and u
 </tr>
 </table>
  
-Administrators can control deferral periods with Group Policy Objects by using the [Local Group Policy Editor (GPEdit)](http://go.microsoft.com/fwlink/p/?LinkId=734030) or, for domain joined systems, [Group Policy Management Console (GPMC)](http://go.microsoft.com/fwlink/p/?LinkId=699325). For additional details on Group Policy management see [Group Policy management for IT pros](http://go.microsoft.com/fwlink/p/?LinkId=699282).
+Administrators can control deferral periods with Group Policy Objects by using the [Local Group Policy Editor (GPEdit)](https://go.microsoft.com/fwlink/p/?LinkId=734030) or, for domain joined systems, [Group Policy Management Console (GPMC)](https://go.microsoft.com/fwlink/p/?LinkId=699325). For additional details on Group Policy management see [Group Policy management for IT pros](https://go.microsoft.com/fwlink/p/?LinkId=699282).
 **Set different deferrals based on update classification in GPedit.msc**
 ![figure 4](images/wuforbusiness-fig4-localpoleditor.png)
 ![figure 5](images/wuforbusiness-fig5-deferupgrade.png)
@@ -157,7 +157,7 @@ Delivery Optimization configuration settings can be viewed by going to: Settings
 
 You can use Group Policy to configure Windows Update Delivery Optimization. To do this, use the following steps:
 
-1.  Download the [Administrative Templates (.admx) file for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=699283) from the Microsoft Download Center.
+1.  Download the [Administrative Templates (.admx) file for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=699283) from the Microsoft Download Center.
 2.  Copy the following files to the SYSVOL central store:
     -   DeliveryOptimization.admx from C:\\Program Files (x86)\\Microsoft Group Policy\\Windows 10\\PolicyDefinitions
     -   DeliveryOptimization.adml from C:\\Program Files (x86)\\Microsoft Group Policy\\Windows 10\\PolicyDefinitions\\en-US
@@ -172,9 +172,9 @@ You can use Group Policy to configure Windows Update Delivery Optimization. To d
 
 Microsoft scanned this file for viruses, using the most current virus-detection software that was available on the date that the file was posted. The file is stored on security-enhanced servers that help prevent any unauthorized changes to it.
 
-For more information about Windows Update Delivery Optimization in Windows 10, see the [Windows Update Delivery Optimization FAQ](http://go.microsoft.com/fwlink/p/?LinkId=699284).
+For more information about Windows Update Delivery Optimization in Windows 10, see the [Windows Update Delivery Optimization FAQ](https://go.microsoft.com/fwlink/p/?LinkId=699284).
 
-For additional resources, see [How to use Group Policy to configure Windows Update Delivery Optimization in Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=699288).
+For additional resources, see [How to use Group Policy to configure Windows Update Delivery Optimization in Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=699288).
 
 ## Related topics
 
diff --git a/windows/plan/software-requirements-for-act.md b/windows/plan/software-requirements-for-act.md
index 3564e2d753..d631eef7aa 100644
--- a/windows/plan/software-requirements-for-act.md
+++ b/windows/plan/software-requirements-for-act.md
@@ -1,86 +1,5 @@
 ---
 title: Software Requirements for ACT (Windows 10)
 description: The Application Compatibility Toolkit (ACT) has the following software requirements.
-ms.assetid: 9bbc21d4-f2ac-4a91-8add-017b1eacdeee
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Software Requirements for ACT
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The Application Compatibility Toolkit (ACT) has the following software requirements.
-
-## Operating Systems
-
-
-ACT can be installed on the following operating systems:
-
--   Windows 10
-
--   Windows 8.1
-
--   Windows 8
-
--   Windows 7
-
--   Windows Server 2012
-
--   Windows Server 2008 R2
-
-You can deploy inventory collector packages to all of the operating systems where you can install ACT. In addition, you can also deploy inventory collector packages to Windows Server 2008, Windows Vista, and Windows XP.
-
-**Note**  
-As of Update 2, there is a known issue where the inventory collector package fails on Windows Vista.
-
- 
-
-## Database Components
-
-
-ACT requires one of the following database components:
-
--   Microsoft® SQL Server® 2012
-
--   Microsoft® SQL Server® 2008 R2
-
--   SQL Server 2008
-
--   SQL Server 2005
-
--   SQL Server 2008 Express
-
--   SQL Server 2005 Express Edition
-
-## .NET Framework
-
-
-ACT requires .NET Framework 4.
-
-## Related topics
-
-
-[What's New in Act 6.1](whats-new-in-act-60.md)
-
-[Software Requirements for RAP](software-requirements-for-rap.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/software-requirements-for-rap.md b/windows/plan/software-requirements-for-rap.md
index 07311438e4..b9914238fc 100644
--- a/windows/plan/software-requirements-for-rap.md
+++ b/windows/plan/software-requirements-for-rap.md
@@ -1,70 +1,5 @@
 ---
 title: Software Requirements for RAP (Windows 10)
 description: The runtime-analysis package (RAP) has the following software requirements.
-ms.assetid: 0163ce70-f5ba-400c-bdd5-a25511aac91f
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Software Requirements for RAP
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The runtime-analysis package (RAP) has the following software requirements.
-
-## Compatibility Monitor Supported Operating Systems
-
-
-The Microsoft Compatibility Monitor tool is included in the runtime-analysis package. You can use the Compatibility Monitor on the following operating systems:
-
--   Windows 10
-
--   Windows 8.1
-
--   Windows 8
-
--   Windows 7
-
-## SUA Tool and Compatibility Administrator Supported Operating Systems
-
-
-The Standard User Analyzer (SUA) tool and wizard and the Compatibility Administrator tool are included in the runtime-analysis package. You can use the tools on the following operating systems:
-
--   Windows 10
-
--   Windows 8.1
-
--   Windows 8
-
--   Windows 7
-
--   Windows Server 2012
-
--   Windows Server 2008 R2
-
-## Related topics
-
-
-[What's New in Act 6.1](whats-new-in-act-60.md)
-
-[Software Requirements for ACT](software-requirements-for-act.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/sua-users-guide.md b/windows/plan/sua-users-guide.md
index e0f2921b80..fff7a5757e 100644
--- a/windows/plan/sua-users-guide.md
+++ b/windows/plan/sua-users-guide.md
@@ -54,16 +54,6 @@ You can use SUA in either of the following ways:
 </tr>
 </tbody>
 </table>
-
- 
-
-## Related topics
-
-
-[Deciding Whether to Fix an Application or Deploy a Workaround](deciding-whether-to-fix-an-application-or-deploy-a-workaround.md)
-
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
-
  
 
  
diff --git a/windows/plan/taking-inventory-of-your-organization.md b/windows/plan/taking-inventory-of-your-organization.md
index 07b40d240a..d199af1ab6 100644
--- a/windows/plan/taking-inventory-of-your-organization.md
+++ b/windows/plan/taking-inventory-of-your-organization.md
@@ -1,76 +1,5 @@
 ---
 title: Taking Inventory of Your Organization (Windows 10)
 description: This section provides information about how to use the Application Compatibility Toolkit (ACT) to identify applications and devices that are installed in your organization.
-ms.assetid: d52f138d-c6b2-4ab1-bb38-5b036311a51d
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Taking Inventory of Your Organization
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section provides information about how to use the Application Compatibility Toolkit (ACT) to identify applications and devices that are installed in your organization.
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Identifying Computers for Inventory Collection](identifying-computers-for-inventory-collection.md)</p></td>
-<td align="left"><p>An inventory-collector package gathers inventory data from the computers on which it is installed. This data includes the following:</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Creating an Inventory-Collector Package](creating-an-inventory-collector-package.md)</p></td>
-<td align="left"><p>You can use Application Compatibility Manager (ACM) to create an inventory-collector package. You can then deploy the inventory-collector package to other computers to gather inventory data. The package uploads inventory data to the Application Compatibility Toolkit (ACT) database.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Deploying an Inventory-Collector Package](deploying-an-inventory-collector-package.md)</p></td>
-<td align="left"><p>You can use the following methods to deploy an inventory-collector package to the destination computers:</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Testing Compatibility on the Target Platform](testing-compatibility-on-the-target-platform.md)
-
-[Managing Your Data-Collection Packages](managing-your-data-collection-packages.md)
-
-[Analyzing Your Compatibility Data](analyzing-your-compatibility-data.md)
-
-[Fixing Compatibility Issues](fixing-compatibility-issues.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/testing-compatibility-on-the-target-platform.md b/windows/plan/testing-compatibility-on-the-target-platform.md
index 621a8bfeb2..9ba06e8cb3 100644
--- a/windows/plan/testing-compatibility-on-the-target-platform.md
+++ b/windows/plan/testing-compatibility-on-the-target-platform.md
@@ -1,84 +1,5 @@
 ---
 title: Testing Compatibility on the Target Platform (Windows 10)
 description: This section provides information about setting up a test environment for compatibility testing, and about creating and deploying runtime-analysis packages to the test environment.
-ms.assetid: 8f3e9d58-37c2-41ea-a216-32712baf6cf4
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Testing Compatibility on the Target Platform
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section provides information about setting up a test environment for compatibility testing, and about creating and deploying runtime-analysis packages to the test environment.
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Deciding Which Applications to Test](deciding-which-applications-to-test.md)</p></td>
-<td align="left"><p>Before starting your compatibility testing on the version of Windows that you want to deploy, you can use the Application Compatibility Toolkit (ACT) to identify which applications should be the focus of your testing.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Creating an Enterprise Environment for Compatibility Testing](creating-an-enterprise-environment-for-compatibility-testing.md)</p></td>
-<td align="left"><p>The goal of the test environment is to model the operating system that you want to deploy and assess compatibility before deploying the operating system to your production environment. Your test environment is composed of computers on which the new operating system is installed. Your test environment can be a long-term investment. Consider retaining the test environment after deployment to assist in future deployment projects.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Creating a Runtime-Analysis Package](creating-a-runtime-analysis-package.md)</p></td>
-<td align="left"><p>In Application Compatibility Manager (ACM), you can create runtime-analysis packages, which you can then deploy to computers for compatibility testing in your test environment.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Deploying a Runtime-Analysis Package](deploying-a-runtime-analysis-package.md)</p></td>
-<td align="left"><p>When you deploy a runtime-analysis package, you are deploying it to your test environment for compatibility testing.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Compatibility Monitor User's Guide](compatibility-monitor-users-guide.md)</p></td>
-<td align="left"><p>Compatibility Monitor is a tool in the runtime analysis package that you can use to monitor applications for compatibility issues. You can also use the Compatibility Monitor tool to submit compatibility feedback.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Taking Inventory of Your Organization](taking-inventory-of-your-organization.md)
-
-[Managing Your Data-Collection Packages](managing-your-data-collection-packages.md)
-
-[Analyzing Your Compatibility Data](analyzing-your-compatibility-data.md)
-
-[Fixing Compatibility Issues](fixing-compatibility-issues.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/testing-your-application-mitigation-packages.md b/windows/plan/testing-your-application-mitigation-packages.md
index 669904c1e6..5fc970623c 100644
--- a/windows/plan/testing-your-application-mitigation-packages.md
+++ b/windows/plan/testing-your-application-mitigation-packages.md
@@ -84,15 +84,4 @@ At this point, you probably cannot resolve any unresolved application compatibil
     If your developers have insufficient resources to resolve the application compatibility issues, outsource the mitigation effort to another organization within your company.
 
 ## Related topics
-
-
-[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)
-
- 
-
- 
-
-
-
-
-
+[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)
\ No newline at end of file
diff --git a/windows/plan/troubleshooting-act-database-issues.md b/windows/plan/troubleshooting-act-database-issues.md
index ba1e7c4f7a..e0fb05fd2a 100644
--- a/windows/plan/troubleshooting-act-database-issues.md
+++ b/windows/plan/troubleshooting-act-database-issues.md
@@ -1,157 +1,5 @@
 ---
 title: Troubleshooting ACT Database Issues (Windows 10)
 description: The following solutions may help you resolve issues that are related to your Microsoft® SQL Server® database for the Application Compatibility Toolkit (ACT).
-ms.assetid: c36ab5d8-cc82-4681-808d-3d491551b75e
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Troubleshooting ACT Database Issues
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The following solutions may help you resolve issues that are related to your Microsoft® SQL Server® database for the Application Compatibility Toolkit (ACT).
-
-For information about how to set up the database, see [ACT Database Configuration](act-database-configuration.md).
-
-## Connecting to a SQL Server Database
-
-
-When you attempt to connect to a SQL Server database, you may receive the following error message:
-
-The SQL Server you entered either does not exist or you do not have the required credentials for access.
-
-This error message indicates that the connection to the database is not valid. To investigate this error, do the following:
-
-1.  Verify that the SQL Server database to which you are connecting is a valid database.
-
-2.  Verify that you have read and write permissions to the database. If you do not have read and write permissions, contact your SQL Server administrator. For more information, see [Adding a Member to a SQL Server Database Role](http://go.microsoft.com/fwlink/p/?LinkId=64170).
-
-If you have read and write permissions to the database but cannot connect to it, you may be able to change the settings for your instance of SQL Server to resolve the issue. Namely, you can enable TCP/IP and firewall exceptions.
-
-**To enable TCP/IP and firewall exceptions for your instance of SQL Server**
-
-1.  In a **Command Prompt** window, type the following command to stop your instance of SQL Server.
-
-    ``` syntax
-    net stop 
-    <MSSQLSERVER>
-    ```
-
-    In the preceding command, *MSSQLSERVER* is the name of the instance of SQL Server. For SQL Server, the default name is MSSQLSERVER. For Microsoft SQL Server Express, the default name is MSSQL$SQLEXPRESS.
-
-2.  Enable TCP/IP for your instance of SQL Server:
-
-    1.  In the **Command Prompt** window, type `SQLServerManager.msc`
-
-    2.  In SQL Server Configuration Manager, expand **SQL Server 2005 Network Configuration**, and then click **Protocols for MSSQLSERVER**.
-
-    3.  Right-click **TCP/IP**, and then click **Enable**.
-
-3.  Add firewall port exceptions for your instance of SQL Server:
-
-    1.  In the **Command Prompt** window, type `firewall.cpl`
-
-    2.  In the Windows® Firewall tool, click the **Exceptions** tab, and then click **Add Port**.
-
-    3.  Add a firewall exception for TCP port 1433 (SQL Server) and for UDP port 1434 (SQL Server Browser), and then click **OK**.
-
-        **Note**  
-        SQL Server Browser is the service that receives incoming SQL Server requests so that you can access the SQL Server Express database from a remote computer. By default, this service is disabled, which means that you can only access the database locally. If Application Compatibility Manager (ACM) or the ACT Log Processing Service is not installed on the same computer as the database, you must use the Services tool to manually start SQL Server Browser.
-
-         
-
-4.  In the **Command Prompt** window, type `net start <MSSQLSERVER>` to start your instance of SQL Server, where *MSSQLSERVER* is the name of the instance.
-
-5.  Type `sc config SQLBrowser start= auto` to change the configuration of SQL Server Browser.
-
-6.  Type `net start SQLBrowser` to start SQL Server Browser.
-
-## Verifying SQL Server Version
-
-
-If you attempt to connect to a SQL Server version that is not valid for ACT, you may receive the following error message:
-
-The SQL Server you are trying to connect to is not a supported version. Please check the Help documentation to find out about the supported versions of the SQL Server.
-
-To investigate this error, verify that ACT supports your version of SQL Server or SQL Server Express. For more information, see [Software Requirements for ACT](software-requirements-for-act.md).
-
-## Creating an ACT Database
-
-
-You cannot create an ACT database by using ACM if you do not have database-creation permissions for the instance of SQL Server. To create the database, add the required permissions to the user account and then use ACM to create it. Alternatively, ask a SQL Server administrator to create the database.
-
-**To grant database-creation permissions to a user account**
-
-1.  In SQL Server Management Studio, expand the **Security** folder, right-click **Logins**, and then click **New Logins**.
-
-2.  On the **General** page, type the name of the user account that you will use to create the ACT database.
-
-3.  Click **Server Roles**.
-
-4.  Select the **sysadmin** or **dbcreator** check box, depending on your organization's policy.
-
-**To create an ACT database as a SQL Server administrator**
-
-1.  Use SQL Server Management Studio to open and run the CreateDB.sql script against your instance of SQL Server. For information about the location of the CreateDB.sql file, see [ACT Database Configuration](act-database-configuration.md).
-
-    - or -
-
-    Use the OSQL tool, and run the command `osql -E -S <serverName> -I CreateDB.sql`
-
-2.  In ACM, in the **Settings** dialog box, update the **Database** box with the information for the newly created database.
-
-    To use ACM with the ACT database, the user account must have read and write permissions to the database.
-
-## Granting ACT Database Permissions for the ACT Log Processing Service
-
-
-The ACT Log Processing Service requires read and write access to the ACT database.
-
-**To grant permissions to the ACT database**
-
-1.  In SQL Server Management Studio, expand the **Security** folder, right-click **Logins**, and then click **New Login**.
-
-2.  Complete the following information on the **General** page:
-
-    -   **Login name**. Type the name of the account that requires permissions. If you are using the Local System account for the ACT Log Processing Service, provide access to the *&lt;domain&gt;*\\*&lt;computer\_name&gt;*$ account, where *&lt;computer\_name&gt;* is the name of the computer that is running the ACT Log Processing Service.
-
-    -   **Default database**. Select the ACT database to which your user account requires permissions.
-
-3.  Click **User Mapping**.
-
-4.  Select the check box next to your ACT database.
-
-5.  Select the **db\_datareader** and **db\_datawriter** check boxes, and then click **OK**.
-
-    **Important**  
-    If you continue to experience issues with the ACT Log Processing Service, even while you are using the Local System account, see [Troubleshooting Kerberos Delegation](http://go.microsoft.com/fwlink/p/?LinkId=65474).
-
-     
-
-## Related topics
-
-
-[ACT Database Configuration](act-database-configuration.md)
-
-[Software Requirements for ACT](software-requirements-for-act.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/troubleshooting-act.md b/windows/plan/troubleshooting-act.md
index 3de62348a2..1366988ae6 100644
--- a/windows/plan/troubleshooting-act.md
+++ b/windows/plan/troubleshooting-act.md
@@ -1,72 +1,5 @@
 ---
 title: Troubleshooting ACT (Windows 10)
 description: This section provides troubleshooting information for the Application Compatibility Toolkit (ACT).
-ms.assetid: 5696b0c0-5db5-4111-a1e1-825129e683d8
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Troubleshooting ACT
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section provides troubleshooting information for the Application Compatibility Toolkit (ACT).
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Troubleshooting the ACT Configuration Wizard](troubleshooting-the-act-configuration-wizard.md)</p></td>
-<td align="left"><p>When you start Application Compatibility Manager (ACM) for the first time, the Application Compatibility Toolkit (ACT) Configuration Wizard appears. The wizard helps you configure your ACT database, your shared folder for ACT log files, and your ACT Log Processing Service account.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Troubleshooting the ACT Log Processing Service](troubleshooting-the-act-log-processing-service.md)</p></td>
-<td align="left"><p>The following solutions may help you resolve issues that are related to the Application Compatibility Toolkit (ACT) Log Processing Service.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Troubleshooting ACT Database Issues](troubleshooting-act-database-issues.md)</p></td>
-<td align="left"><p>The following solutions may help you resolve issues that are related to your Microsoft® SQL Server® database for the Application Compatibility Toolkit (ACT).</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Using ACT](using-act.md)
-
-[ACT Product and Documentation Resources](act-product-and-documentation-resources.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/troubleshooting-the-act-configuration-wizard.md b/windows/plan/troubleshooting-the-act-configuration-wizard.md
index 709b60fb6d..08200ff49f 100644
--- a/windows/plan/troubleshooting-the-act-configuration-wizard.md
+++ b/windows/plan/troubleshooting-the-act-configuration-wizard.md
@@ -1,76 +1,5 @@
 ---
 title: Troubleshooting the ACT Configuration Wizard (Windows 10)
 description: When you start Application Compatibility Manager (ACM) for the first time, the Application Compatibility Toolkit (ACT) Configuration Wizard appears.
-ms.assetid: f4f489c7-50b7-4b07-8b03-79777e1aaefd
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Troubleshooting the ACT Configuration Wizard
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-When you start Application Compatibility Manager (ACM) for the first time, the Application Compatibility Toolkit (ACT) Configuration Wizard appears. The wizard helps you configure your ACT database, your shared folder for ACT log files, and your ACT Log Processing Service account.
-
-## Selecting a Configuration for ACM
-
-
-The **Enterprise configuration** option enables all ACT functionality. You must be an administrator on the local computer to select this option.
-
-The **View and manage reports only** option enables you to use ACM to create data-collection packages and analyze your data. You cannot access the ACT Log Processing Service. This option assumes that another computer in your organization is processing the logs and loading the compatibility data into the ACT database.
-
-## Configuring ACT Database Settings
-
-
-To configure ACT database settings in the ACT Configuration Wizard, you must have read and write permissions to the ACT database. For more information, see [ACT Database Configuration](act-database-configuration.md). If you do not have the appropriate permissions, contact your Microsoft® SQL Server® administrator. For more information, see [Troubleshooting ACT Database Issues](troubleshooting-act-database-issues.md).
-
-## Configuring the ACT Log Processing Service
-
-
-If you use the Local System account to run the ACT Log Processing Service, your user account must be an Administrator account. Your computer account *&lt;domain&gt;*\\*&lt;computer&gt;*$ must have read and write permissions to the ACT database.
-
-Your user account must also have **Log on as a service** permissions. For more information, see [Troubleshooting the ACT Log Processing Service](troubleshooting-the-act-log-processing-service.md).
-
-## Configuring the Share for the ACT Log Processing Service
-
-
-For information about how to configure the share for the ACT Log Processing Service, see [ACT LPS Share Permissions](act-lps-share-permissions.md).
-
-## Changing Settings After You Finish the ACT Configuration Wizard
-
-
-In the **Settings** dialog box in ACM, you can change some of the settings that you see in the ACT Configuration Wizard. You can also change other settings that are not available in the wizard. For more information, see [Settings for ACM](settings-for-acm.md).
-
-## Restarting the ACT Configuration Wizard
-
-
-If you cancel the configuration process before you reach the final page of the ACT Configuration Wizard, your settings are deleted and the wizard restarts the next time that you start ACM.
-
-## Related topics
-
-
-[Configuring ACT](configuring-act.md)
-
-[Using ACT](using-act.md)
-
-[Troubleshooting ACT](troubleshooting-act.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/troubleshooting-the-act-log-processing-service.md b/windows/plan/troubleshooting-the-act-log-processing-service.md
index 0fff19e588..5f338b3141 100644
--- a/windows/plan/troubleshooting-the-act-log-processing-service.md
+++ b/windows/plan/troubleshooting-the-act-log-processing-service.md
@@ -1,103 +1,5 @@
 ---
 title: Troubleshooting the ACT Log Processing Service (Windows 10)
 description: The following solutions may help you resolve issues that are related to the Application Compatibility Toolkit (ACT) Log Processing Service.
-ms.assetid: cb6f90c2-9f7d-4a34-a91e-8ed55b8c256d
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Troubleshooting the ACT Log Processing Service
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The following solutions may help you resolve issues that are related to the Application Compatibility Toolkit (ACT) Log Processing Service.
-
-For information about how to set up permissions for the service, see [ACT LPS Share Permissions](act-lps-share-permissions.md).
-
-## Reviewing Files in ACT Log File Format
-
-
-When you are reviewing log files for ACT, be aware that the log files are in Unicode format.
-
-## Uploading Files to the ACT Log Processing Service Share After Setting Permissions
-
-
-If you cannot upload files to the ACT Log Processing Service share, you must first verify that the account permissions are set correctly for the share. For more information, see [ACT LPS Share Permissions](act-lps-share-permissions.md).
-
-If the computers from which you are collecting data and the ACT Log Processing Service share are on different domains, or if the computers are not domain members, you must take additional steps. For the **Anonymous** group, provide explicit write permissions to the ACT Log Processing Service share. Alternatively, you can provide similar permissions to the **Authenticated users** group if you do not want to enable anonymous access. For more information, see [Everyone Group Does Not Include Anonymous Security Identifier](http://go.microsoft.com/fwlink/p/?LinkId=79830).
-
-If you are collecting data from computers that are running Microsoft® Windows® 2000 and you are uploading your collected data to a different domain, you must also explicitly enable null session access for the ACT Log Processing Service share.
-
-## Working Around Windows Firewall on the Computer That Hosts the ACT Log Processing Service Share
-
-
-If your organization has configured Windows Firewall on the computer that hosts your ACT Log Processing Service share, log files will not be copied to your share. To work around this issue, you can use one of the following methods:
-
--   Before you set up the ACT Log Processing Service share, turn off Windows Firewall on the computer that will host the share.
-
--   Continue to use Windows Firewall, but enable the **File Sharing** option.
-
-## Viewing and Assigning "Log on as a service" Permissions
-
-
-Starting the ACT Log Processing Service requires either a Local System account or a user account. For a user account to start the ACT Log Processing Service and complete the ACT Configuration Wizard, the *&lt;domain&gt;*\\*&lt;user&gt;* account must have **Log on as a service** permissions. By default, these permissions are assigned to built-in computer accounts, such as the Local System account.
-
-**To add rights to a user account for logging on as a service**
-
-1.  In Control Panel, double-click **Administrative Tools**, and then double-click **Local Security Policy**.
-
-2.  Expand the **Local Policies** folder, and then click **User Rights Assignment**.
-
-3.  Double-click the **Log on as a service** policy.
-
-4.  Verify that your *&lt;domain&gt;*\\*&lt;user&gt;* account appears. If it does not appear, click **Add User or Group**.
-
-5.  Add your user account information, click **OK**, and then click **OK** again.
-
-## Starting the ACT Log Processing Service
-
-
-If the ACT Log Processing Service does not start and log files are not being processed, the reason may be one of the following:
-
--   **A conflict exists between ACT and the Microsoft® SQL Server® database.** If both ACT and the SQL Server database are on the same computer, the ACT Log Processing Service might have started before the SQL Server service.
-
--   **The ACT Log Processing Service does not have the correct permissions to the ACT database.** To investigate, see [Troubleshooting ACT Database Issues](troubleshooting-act-database-issues.md).
-
--   **The account type is incorrect for the account that is running the ACT Log Processing Service.** The ACT Log Processing Service account must be an Administrator account.
-
-**To manually restart the ACT Log Processing Service**
-
-1.  In Control Panel, double-click **Administrative Tools**, and then double-click **Services**.
-
-2.  Right-click **ACT Log Processing Service**, and then click **Restart**.
-
-3.  In the event log, verify that no issues occurred when the service restarted.
-
-## Related topics
-
-
-[Troubleshooting ACT Database Issues](troubleshooting-act-database-issues.md)
-
-[Configuring ACT](configuring-act.md)
-
-[Software Requirements for ACT](software-requirements-for-act.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/understanding-and-using-compatibility-fixes.md b/windows/plan/understanding-and-using-compatibility-fixes.md
index 6c73a5645b..6ab830868c 100644
--- a/windows/plan/understanding-and-using-compatibility-fixes.md
+++ b/windows/plan/understanding-and-using-compatibility-fixes.md
@@ -93,15 +93,4 @@ Compatibility fixes are shipped as part of the Windows operating system and are
 You can apply the compatibility fixes to any of your applications. However, Microsoft does not provide the tools to use the Compatibility Fix infrastructure to create your own custom fixes.
 
 ## Related topics
-
-
-[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)
-
- 
-
- 
-
-
-
-
-
+[Managing Application-Compatibility Fixes and Custom Fix Databases](managing-application-compatibility-fixes-and-custom-fix-databases.md)
\ No newline at end of file
diff --git a/windows/plan/using-act.md b/windows/plan/using-act.md
index 3793af0dd1..3e3ffff7d2 100644
--- a/windows/plan/using-act.md
+++ b/windows/plan/using-act.md
@@ -1,90 +1,5 @@
 ---
 title: Using ACT (Windows 10)
 description: This section describes how to use the Application Compatibility Toolkit (ACT) in your organization.
-ms.assetid: e6a68f44-7503-450d-a000-a04fbb93a146
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Using ACT
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section describes how to use the Application Compatibility Toolkit (ACT) in your organization.
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Taking Inventory of Your Organization](taking-inventory-of-your-organization.md)</p></td>
-<td align="left"><p>This section provides information about how to use the Application Compatibility Toolkit (ACT) to identify applications and devices that are installed in your organization.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Testing Compatibility on the Target Platform](testing-compatibility-on-the-target-platform.md)</p></td>
-<td align="left"><p>This section provides information about setting up a test environment for compatibility testing, and about creating and deploying runtime-analysis packages to the test environment.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Managing Your Data-Collection Packages](managing-your-data-collection-packages.md)</p></td>
-<td align="left"><p>This section provides information about using Application Compatibility Manager (ACM) to manage your data-collection packages. Data-collection packages include inventory-collector packages and runtime-analysis packages. The following procedures apply to both package types.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Analyzing Your Compatibility Data](analyzing-your-compatibility-data.md)</p></td>
-<td align="left"><p>This section provides information about viewing and working with your compatibility data in Application Compatibility Manager (ACM).</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Fixing Compatibility Issues](fixing-compatibility-issues.md)</p></td>
-<td align="left"><p>This section provides step-by-step instructions and describes development tools that you can use to help fix your compatibility issues.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Welcome to ACT](welcome-to-act.md)
-
-[Configuring ACT](configuring-act.md)
-
-[Troubleshooting ACT](troubleshooting-act.md)
-
-[ACT User Interface Reference](act-user-interface-reference.md)
-
-[ACT Product and Documentation Resources](act-product-and-documentation-resources.md)
-
-[ACT Glossary](act-glossary.md)
-
-[Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/using-compatibility-monitor-to-send-feedback.md b/windows/plan/using-compatibility-monitor-to-send-feedback.md
index 9a86a64d25..c5e20c52ba 100644
--- a/windows/plan/using-compatibility-monitor-to-send-feedback.md
+++ b/windows/plan/using-compatibility-monitor-to-send-feedback.md
@@ -1,84 +1,5 @@
 ---
 title: Using Compatibility Monitor to Send Feedback (Windows 10)
 description: The Microsoft Compatibility Monitor tool is installed as part of the runtime-analysis package.
-ms.assetid: dc59193e-7ff4-4950-8c20-e90c246e469d
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Using Compatibility Monitor to Send Feedback
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The Microsoft Compatibility Monitor tool is installed as part of the runtime-analysis package. From the computers in your test environment, you can use Compatibility Monitor to submit compatibility information to the Application Compatibility Toolkit (ACT) database for your organization.
-
-**To automatically monitor applications on your computer for compatibility issues**
-
-1.  Start the Compatibility Monitor tool.
-
-2.  In Compatibility Monitor, click **Start Monitoring**.
-
-3.  Leave Compatibility Monitor running, and use the applications that you want to test for compatibility issues.
-
-    Compatibility information is automatically detected during monitoring, and is silently submitted to the ACT database at regular intervals.
-
-4.  After you finish testing applications, click **Stop Monitoring** to stop the automatic monitoring and submission of compatibility information.
-
-**To submit your compatibility rating for an application**
-
-1.  Start the Compatibility Monitor tool.
-
-2.  In Compatibility Monitor, click **Give Compatibility Feedback**.
-
-    You can enter and submit compatibility ratings whether monitoring is on or off. The process of submitting your compatibility feedback is entirely independent of the monitoring process.
-
-3.  Find your application in the list, and then select your compatibility rating for the application.
-
-    You can select ratings for one or more applications.
-
-4.  Click **Submit** to submit your compatibility ratings to the ACT database.
-
-    A copy of your ratings is kept on your computer so that you can review and modify the ratings later.
-
-**To submit a description of a compatibility issue for an application**
-
-1.  Start the Compatibility Monitor tool.
-
-2.  In Compatibility Monitor, click **Give Compatibility Feedback**.
-
-3.  Find your application in the list, and then click the **Add Details** link.
-
-4.  In the **Title** box, enter a title for the compatibility issue. The title is typically a phrase that briefly describes the issue. Check with others in your organization to verify your organization’s preferred style for issue titles.
-
-5.  In the **Description** box, enter a description of the compatibility issue.
-
-6.  Optionally, attach a screen shot or a step-by-step recording of the compatibility issue.
-
-7.  Click **Submit** to submit your compatibility issue to the ACT database.
-
-    After submitting your compatibility issue, you cannot edit it later. To submit further compatibility issues, you will need to submit a new issue.
-
-## Related topics
-
-
-[Common Compatibility Issues](common-compatibility-issues.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/using-the-sdbinstexe-command-line-tool.md b/windows/plan/using-the-sdbinstexe-command-line-tool.md
index fdd93bf2f3..301917b901 100644
--- a/windows/plan/using-the-sdbinstexe-command-line-tool.md
+++ b/windows/plan/using-the-sdbinstexe-command-line-tool.md
@@ -79,18 +79,5 @@ The following table describes the available command-line options.
 </tbody>
 </table>
 
- 
-
 ## Related topics
-
-
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
-
- 
-
- 
-
-
-
-
-
+[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
\ No newline at end of file
diff --git a/windows/plan/using-the-sua-tool.md b/windows/plan/using-the-sua-tool.md
index c758d2f32d..df93b0550b 100644
--- a/windows/plan/using-the-sua-tool.md
+++ b/windows/plan/using-the-sua-tool.md
@@ -69,8 +69,6 @@ The following flowchart shows the process of using the SUA tool.
     The SUA tool generates a custom compatibility-fix database and automatically applies it to the local computer, so that you can test the fixes to see whether they worked.
 
 ## Related topics
-
-
 [Tabs on the SUA Tool Interface](tabs-on-the-sua-tool-interface.md)
 
 [Showing Messages Generated by the SUA Tool](showing-messages-generated-by-the-sua-tool.md)
diff --git a/windows/plan/using-the-sua-wizard.md b/windows/plan/using-the-sua-wizard.md
index a8f3b3ce03..17703c2eb7 100644
--- a/windows/plan/using-the-sua-wizard.md
+++ b/windows/plan/using-the-sua-wizard.md
@@ -73,8 +73,6 @@ The following flowchart shows the process of using the SUA Wizard.
     If the remedies do not fix the issue with the application, click **No** again, and the wizard may offer additional remedies. If the additional remedies do not fix the issue, the wizard informs you that there are no more remedies available. For information about how to run the SUA tool for additional investigation, see [Using the SUA Tool](using-the-sua-tool.md).
 
 ## Related topics
-
-
 [SUA User's Guide](sua-users-guide.md)
 
  
diff --git a/windows/plan/viewing-the-events-screen-in-compatibility-administrator.md b/windows/plan/viewing-the-events-screen-in-compatibility-administrator.md
index 8c89db2a64..34186e3746 100644
--- a/windows/plan/viewing-the-events-screen-in-compatibility-administrator.md
+++ b/windows/plan/viewing-the-events-screen-in-compatibility-administrator.md
@@ -40,8 +40,6 @@ Compatibility Administrator enables you to copy your compatibility fixes from on
 If you open the **Events** screen and then perform the copy operation, you can see a description of the action, along with the time stamp, which enables you to view your fix information without confusion.
 
 ## Related topics
-
-
 [Creating a Custom Compatibility Mode in Compatibility Administrator](creating-a-custom-compatibility-mode-in-compatibility-administrator.md)
 
 [Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
diff --git a/windows/plan/viewing-your-compatibility-reports.md b/windows/plan/viewing-your-compatibility-reports.md
index c0f5ffaae9..57ba7d07a9 100644
--- a/windows/plan/viewing-your-compatibility-reports.md
+++ b/windows/plan/viewing-your-compatibility-reports.md
@@ -1,86 +1,5 @@
 ---
 title: Viewing Your Compatibility Reports (Windows 10)
 description: This section describes the compatibility reports in Application Compatibility Manager (ACM) and how you can work with the reports.
-ms.assetid: a28bbfbe-5f05-4a1e-9397-0a3ceb585871
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Viewing Your Compatibility Reports
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-This section describes the compatibility reports in Application Compatibility Manager (ACM) and how you can work with the reports.
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[&lt;OperatingSystem&gt; - Application Report](act-operatingsystem-application-report.md)</p></td>
-<td align="left"><p>This section describes the compatibility reports in Application Compatibility Manager (ACM) and how you can work with the reports.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[&lt;OperatingSystem&gt; - Computer Report](act-operatingsystem-computer-report.md)</p></td>
-<td align="left"><p>The <strong>&lt;OperatingSystem&gt; - Computer Report</strong> screen shows the following information for each computer in your organization:</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[&lt;OperatingSystem&gt; - Device Report](act-operatingsystem-device-report.md)</p></td>
-<td align="left"><p>The <strong>&lt;OperatingSystem&gt; - Device Report</strong> screen shows the following information for each device installed in your organization:</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Internet Explorer - Web Site Report](internet-explorer-web-site-report.md)</p></td>
-<td align="left"><p>The <strong>Internet Explorer - Web Site Report</strong> screen shows the following information for each of the websites visited in your organization:</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Saving, Opening, and Exporting Reports](saving-opening-and-exporting-reports.md)</p></td>
-<td align="left"><p>You can perform several common reporting tasks from the <strong>Analyze</strong> screen, including saving a compatibility report, opening a saved compatibility report (.adq) file, and exporting your report data to a spreadsheet (.xls) file.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Customizing Your Report Views](customizing-your-report-views.md)</p></td>
-<td align="left"><p>You can customize how you view your report data in Application Compatibility Manager (ACM).</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Organizing Your Compatibility Data](organizing-your-compatibility-data.md)
-
-[Filtering Your Compatibility Data](filtering-your-compatibility-data.md)
-
-[Sending and Receiving Compatibility Data](sending-and-receiving-compatibility-data.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/websiteurl-dialog-box.md b/windows/plan/websiteurl-dialog-box.md
index f9f44433db..e07214a067 100644
--- a/windows/plan/websiteurl-dialog-box.md
+++ b/windows/plan/websiteurl-dialog-box.md
@@ -1,56 +1,5 @@
 ---
 title: WebsiteURL Dialog Box (Windows 10)
 description: In Application Compatibility Manager (ACM), the websiteURL dialog box shows information about the selected website.
-ms.assetid: 0dad26e1-4bba-4fef-b160-3fa1f4325da8
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# &lt;WebsiteURL&gt; Dialog Box
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-In Application Compatibility Manager (ACM), the *&lt;websiteURL&gt;* dialog box shows information about the selected website.
-
-**To open the &lt;WebsiteURL&gt; Dialog Box**
-
-1.  In ACM, in the **Quick Reports** pane, click **Analyze**.
-
-2.  Under the **Internet Explorer** heading, click **Web Sites**.
-
-3.  Double-click the URL for a website.
-
-## <a href="" id="using-the--websiteurl--dialog-box"></a>Using the &lt;WebsiteURL&gt; Dialog Box
-
-
-In the *&lt;websiteURL&gt;* dialog box, you can perform the following actions:
-
--   Select your compatibility rating for the website. For more information, see [Selecting Your Compatibility Rating](selecting-your-compatibility-rating.md).
-
--   Select your deployment status for the website. For more information, see [Selecting Your Deployment Status](selecting-your-deployment-status.md).
-
--   Assign categories and subcategories to the website. For more information, see [Categorizing Your Compatibility Data](categorizing-your-compatibility-data.md).
-
--   Specify the importance of the website to your organization. For more information, see [Prioritizing Your Compatibility Data](prioritizing-your-compatibility-data.md).
-
--   Add or edit an issue for the selected website, and add or edit a solution. For more information, see [Creating and Editing Issues and Solutions](creating-and-editing-issues-and-solutions.md).
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/welcome-to-act.md b/windows/plan/welcome-to-act.md
index c6755be21e..b4ef6d3088 100644
--- a/windows/plan/welcome-to-act.md
+++ b/windows/plan/welcome-to-act.md
@@ -1,82 +1,5 @@
 ---
 title: Welcome to ACT (Windows 10)
 description: The Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows® operating system.
-ms.assetid: 3963db88-83d2-4b9a-872e-31c275d1a321
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# Welcome to ACT
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-The Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows® operating system. With ACT, you can obtain compatibility information from Microsoft and software vendors, identify compatibility issues within your own organization, and share compatibility ratings with other ACT users. The tools in ACT help you analyze and mitigate compatibility issues before deploying a version of Windows to your organization.
-
-## In this section
-
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Topic</th>
-<th align="left">Description</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[What's New in ACT 6.1](whats-new-in-act-60.md)</p></td>
-<td align="left"><p>Two major updates have been released since ACT 6.1. They are ACT 6.1 Update and ACT 6.1 Update 2. The following table lists changes made in the Application Compatibility Toolkit (ACT), which is included in the Windows Assessment and Deployment Kit (ADK) download.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Software Requirements for ACT](software-requirements-for-act.md)</p></td>
-<td align="left"><p>The Application Compatibility Toolkit (ACT) has the following software requirements.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Software Requirements for RAP](software-requirements-for-rap.md)</p></td>
-<td align="left"><p>The runtime-analysis package (RAP) has the following software requirements.</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-## Related topics
-
-
-[Configuring ACT](configuring-act.md)
-
-[Using ACT](using-act.md)
-
-[Troubleshooting ACT](troubleshooting-act.md)
-
-[ACT User Interface Reference](act-user-interface-reference.md)
-
-[ACT Product and Documentation Resources](act-product-and-documentation-resources.md)
-
-[ACT Glossary](act-glossary.md)
-
-[Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista](compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/whats-new-in-act-60.md b/windows/plan/whats-new-in-act-60.md
index b516ef3eae..89d6afdf1c 100644
--- a/windows/plan/whats-new-in-act-60.md
+++ b/windows/plan/whats-new-in-act-60.md
@@ -1,84 +1,5 @@
 ---
 title: What's New in ACT 6.1 (Windows 10)
 description: Two major updates have been released since ACT 6.1.
-ms.assetid: f12e137d-0b55-4f7d-88e0-149302655d9b
-ms.prod: w10
-ms.mktglfcycl: plan
-ms.pagetype: appcompat
-ms.sitesec: library
-author: TrudyHa
----
-
-# What's New in ACT 6.1
-
-
-**Applies to**
-
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
-
-Two major updates have been released since ACT 6.1. They are ACT 6.1 Update and ACT 6.1 Update 2. The following table lists changes made in the Application Compatibility Toolkit (ACT), which is included in the Windows Assessment and Deployment Kit (ADK) download.
-
-<table>
-<colgroup>
-<col width="50%" />
-<col width="50%" />
-</colgroup>
-<tbody>
-<tr class="odd">
-<td align="left">Version</td>
-<td align="left">Changes</td>
-</tr>
-<tr class="even">
-<td align="left">ACT 6.1 Update</td>
-<td align="left"><ul>
-<li>Support for Windows 10, including viewing Windows 10 reports on Application Compatibility Manager.</li>
-<li><strong>Bug fixes</strong>: this version of ACT fixed an issue where Inventory-Collector package would fail when it tried to inventory the system.</li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left">ACT 6.1 Update 2</td>
-<td align="left"><p><strong>Bug fixes</strong>: this version of ACT addresses the following bugs:</p>
-<ul>
-<li><p>Capability to create custom compatibility fixes for Windows versions other than the currently running version.</p></li>
-<li><p>Fixed issue where Inventory-Collector Package crashes when running on some Windows 7 x86 systems.</p></li>
-<li><p>Fixed issue where not specifying a tag for Inventory-Collector Package would cause an error in the log processing service. The result of this bug was that data collected by the Package would not be processed.</p></li>
-<li><p>Fixed issue where Standard User Analyzer (SUA) returns an error when trying to apply mitigations to an app on Windows 7.</p></li>
-<li><p>Fixed issue where ACT is unable to create custom compatibility fixes for 32-bit systems correctly.</p></li>
-</ul></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-**Note**  
-The version numbers for ACT 6.1 Update and Update 2 are identical, so you will need to look at the product ID of ACT to tell them apart. To find the product ID, open ACT, go to **Help** &gt; **About**, and compare the product ID to the following list.
-
--   **ACT 6.1 Update**: B264FCCB-3F1F-828F-CCF8-EDB93E860970
-
--   **ACT 6.1 Update 2**: B2BC4686-29A9-9E9D-F2E4-7E20659EECE7
-
-If you run into any of the bugs fixed in Update 2, you likely have ACT 6.1 Update or older. Please download the latest version in the Windows ADK.
-
- 
-
-## Related topics
-
-
-[Software Requirements for ACT](software-requirements-for-act.md)
-
-[Software Requirements for RAP](software-requirements-for-rap.md)
-
- 
-
- 
-
-
-
-
-
+redirect_url: https://technet.microsoft.com/itpro/windows/deploy/manage-windows-upgrades-with-upgrade-analytics
+---
\ No newline at end of file
diff --git a/windows/plan/windows-10-compatibility.md b/windows/plan/windows-10-compatibility.md
index 7466117367..013a715282 100644
--- a/windows/plan/windows-10-compatibility.md
+++ b/windows/plan/windows-10-compatibility.md
@@ -6,6 +6,7 @@ keywords: deploy, upgrade, update, appcompat
 ms.prod: w10
 ms.mktglfcycl: plan
 ms.pagetype: appcompat
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
@@ -19,13 +20,13 @@ author: mtniehaus
 
 Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
 
-For full system requirements, see [Windows 10 specifications](http://go.microsoft.com/fwlink/p/?LinkId=625077). Some driver updates may be required for Windows 10.
+For full system requirements, see [Windows 10 specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077). Some driver updates may be required for Windows 10.
 
 Existing desktop (Win32) application compatibility is also expected to be strong, with most existing applications working without any changes. Some applications that interface with Windows at a low level, those that use undocumented APIs, or those that do not follow recommended coding practices could experience issues.
 
 Existing Windows Store (WinRT) apps created for Windows 8 and Windows 8.1 should also continue to work, because compatibility can be validated against all the apps that have been submitted to the Windows Store.
 
-For web apps and sites, modern HTML5-based sites should also have a high degree of compatibility and excellent performance through the new Microsoft Edge browser, while older web apps and sites can continue to use Internet Explorer 11 and the Enterprise Mode features that were first introduced in Windows 7 and Windows 8.1 and are still present in Windows 10. For more information about Internet Explorer and Enterprise Mode, see the [Internet Explorer 11 Deployment Guide for IT Pros.](http://go.microsoft.com/fwlink/p/?LinkId=734031)
+For web apps and sites, modern HTML5-based sites should also have a high degree of compatibility and excellent performance through the new Microsoft Edge browser, while older web apps and sites can continue to use Internet Explorer 11 and the Enterprise Mode features that were first introduced in Windows 7 and Windows 8.1 and are still present in Windows 10. For more information about Internet Explorer and Enterprise Mode, see the [Internet Explorer 11 Deployment Guide for IT Pros.](https://go.microsoft.com/fwlink/p/?LinkId=734031)
 
 ## Recommended application testing process
 
diff --git a/windows/plan/windows-10-deployment-considerations.md b/windows/plan/windows-10-deployment-considerations.md
index cefe2e8c90..9c2cb27ef4 100644
--- a/windows/plan/windows-10-deployment-considerations.md
+++ b/windows/plan/windows-10-deployment-considerations.md
@@ -4,6 +4,7 @@ description: There are new deployment options in Windows 10 that help you simpl
 ms.assetid: A8DD6B37-1E11-4CD6-B588-92C2404219FE
 keywords: deploy, upgrade, update, in-place
 ms.prod: w10
+localizationpriority: high
 ms.mktglfcycl: plan
 ms.sitesec: library
 author: mtniehaus
@@ -80,7 +81,7 @@ Note that the original Windows 8 release is only supported until January 2016.
 
 For existing Windows PCs running Windows Vista, you can perform wipe-and-load (OS refresh) deployments when you use compatible hardware.
 
-Note that to take advantage of the limited-time free upgrade offer for PCs running Windows 7, Windows 8, or Windows 8.1, you must leverage an in-place upgrade, either from Windows Update or by using the upgrade media available from the [Windows 10 software download page](http://go.microsoft.com/fwlink/p/?LinkId=625073) to acquire a new Windows 10 license from the Windows Store. For more information, refer to the [Windows 10 FAQ](http://go.microsoft.com/fwlink/p/?LinkId=625074).
+Note that to take advantage of the limited-time free upgrade offer for PCs running Windows 7, Windows 8, or Windows 8.1, you must leverage an in-place upgrade, either from Windows Update or by using the upgrade media available from the [Windows 10 software download page](https://go.microsoft.com/fwlink/p/?LinkId=625073) to acquire a new Windows 10 license from the Windows Store. For more information, refer to the [Windows 10 FAQ](https://go.microsoft.com/fwlink/p/?LinkId=625074).
 
 For organizations with Software Assurance for Windows, both in-place upgrade or wipe-and-load can be leveraged (with in-place upgrade being the preferred method, as previously discussed).
 
@@ -91,9 +92,9 @@ For organizations that do not take advantage of the free upgrade offer and are n
 
 For new computers acquired with Windows 10 preinstalled, you can leverage dynamic provisioning scenarios to transform the device from its initial state into a fully-configured organization PC. There are two primary dynamic provisioning scenarios you can use:
 
--   **User-driven, from the cloud.** By joining a device into Azure Active Directory and leveraging the automatic mobile device management (MDM) provisioning capabilities at the same time, an end user can initiate the provisioning process themselves just by entering the Azure Active Directory account and password (called their “work or school account” within Windows 10). The MDM service can then transform the device into a fully-configured organization PC. For more information, see [Azure Active Directory integration with MDM](http://go.microsoft.com/fwlink/p/?LinkId=625075).
+-   **User-driven, from the cloud.** By joining a device into Azure Active Directory and leveraging the automatic mobile device management (MDM) provisioning capabilities at the same time, an end user can initiate the provisioning process themselves just by entering the Azure Active Directory account and password (called their “work or school account” within Windows 10). The MDM service can then transform the device into a fully-configured organization PC. For more information, see [Azure Active Directory integration with MDM](https://go.microsoft.com/fwlink/p/?LinkId=625075).
 
--   **IT admin-driven, using new tools.** Using the new Windows Imaging and Configuration Designer (ICD) tool, IT administrators can create provisioning packages that can be applied to a computer to transform it into a fully-configured organization PC. For more information, see [Windows Imaging and Configuration Designer](http://go.microsoft.com/fwlink/p/?LinkId=625076).
+-   **IT admin-driven, using new tools.** Using the new Windows Imaging and Configuration Designer (ICD) tool, IT administrators can create provisioning packages that can be applied to a computer to transform it into a fully-configured organization PC. For more information, see [Windows Imaging and Configuration Designer](https://go.microsoft.com/fwlink/p/?LinkId=625076).
 
 In either of these scenarios, you can make a variety of configuration changes to the PC:
 
diff --git a/windows/plan/windows-10-infrastructure-requirements.md b/windows/plan/windows-10-infrastructure-requirements.md
index f8a5b10095..be533cabf2 100644
--- a/windows/plan/windows-10-infrastructure-requirements.md
+++ b/windows/plan/windows-10-infrastructure-requirements.md
@@ -5,6 +5,7 @@ ms.assetid: B0FA27D9-A206-4E35-9AE6-74E70748BE64
 keywords: deploy, upgrade, update, hardware
 ms.prod: w10
 ms.mktglfcycl: plan
+localizationpriority: high
 ms.sitesec: library
 author: mtniehaus
 ---
@@ -28,11 +29,11 @@ For persistent VDI environments, carefully consider the I/O impact from upgradin
 ## Deployment tools
 
 
-A new version of the Assessment and Deployment Toolkit (ADK) has been released to support Windows 10. This new version, available for download [here](http://go.microsoft.com/fwlink/p/?LinkId=526740), is required for Windows 10; you should not use earlier versions of the ADK to deploy Windows 10. It also supports the deployment of Windows 7, Windows 8, and Windows 8.1.
+A new version of the Assessment and Deployment Toolkit (ADK) has been released to support Windows 10. This new version, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=526740), is required for Windows 10; you should not use earlier versions of the ADK to deploy Windows 10. It also supports the deployment of Windows 7, Windows 8, and Windows 8.1.
 
 Significant enhancements in the ADK for Windows 10 include new runtime provisioning capabilities, which leverage the Windows Imaging and Configuration Designer (Windows ICD), as well as updated versions of existing deployment tools (DISM, USMT, Windows PE, and more).
 
-Microsoft Deployment Toolkit 2013 Update 1, available for download [here](http://go.microsoft.com/fwlink/p/?LinkId=625079), has also been updated to support Windows 10 and the new ADK; older versions do not support Windows 10. New in this release is task sequence support for Windows 10 in-place upgrades.
+Microsoft Deployment Toolkit 2013 Update 1, available for download [here](https://go.microsoft.com/fwlink/p/?LinkId=625079), has also been updated to support Windows 10 and the new ADK; older versions do not support Windows 10. New in this release is task sequence support for Windows 10 in-place upgrades.
 
 For System Center Configuration Manager, Windows 10 support is offered with various releases:
 
@@ -49,7 +50,7 @@ For more details about System Center Configuration Manager support for Windows 
 ## Management tools
 
 
-In addition to System Center Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](http://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](http://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](http://go.microsoft.com/fwlink/p/?LinkId=625083) to update the ADMX files stored in that central store.
+In addition to System Center Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](https://go.microsoft.com/fwlink/p/?LinkId=625083) to update the ADMX files stored in that central store.
 
 No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these to support new features.
 
@@ -65,9 +66,9 @@ Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 
 
  
 
-For more information, see the [MDOP TechCenter](http://go.microsoft.com/fwlink/p/?LinkId=625090).
+For more information, see the [MDOP TechCenter](https://go.microsoft.com/fwlink/p/?LinkId=625090).
 
-For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10; new Windows 10 MDM settings and capabilities will require updates to the MDM services. See [Mobile device management](http://go.microsoft.com/fwlink/p/?LinkId=625084) for more information.
+For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10; new Windows 10 MDM settings and capabilities will require updates to the MDM services. See [Mobile device management](https://go.microsoft.com/fwlink/p/?LinkId=625084) for more information.
 
 Windows Server Update Services (WSUS) requires some additional configuration to receive updates for Windows 10. Use the Windows Server Update Services admin tool and follow these instructions:
 
@@ -81,7 +82,7 @@ Windows Server Update Services (WSUS) requires some additional configuration to
 
 Figure 1. WSUS product list with Windows 10 choices
 
-Because Windows 10 updates are cumulative in nature, each month’s new update will supersede the previous month's. Consider leveraging “express installation” packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](http://go.microsoft.com/fwlink/p/?LinkId=625086) for more information. (Note that this will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.)
+Because Windows 10 updates are cumulative in nature, each month’s new update will supersede the previous month's. Consider leveraging “express installation” packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](https://go.microsoft.com/fwlink/p/?LinkId=625086) for more information. (Note that this will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.)
 
 ## Activation
 
@@ -91,15 +92,15 @@ Windows 10 volume license editions of Windows 10 will continue to support all
 | Product                                | Required update                                                                             |
 |----------------------------------------|---------------------------------------------------------------------------------------------|
 | Windows 10                             | None                                                                                        |
-| Windows Server 2012 R2 and Windows 8.1 | [https://support.microsoft.com/kb/3058168](http://go.microsoft.com/fwlink/p/?LinkId=625087) |
-| Windows Server 2012 and Windows 8      | [https://support.microsoft.com/kb/3058168](http://go.microsoft.com/fwlink/p/?LinkId=625087) |
+| Windows Server 2012 R2 and Windows 8.1 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
+| Windows Server 2012 and Windows 8      | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
 | Windows Server 2008 R2 and Windows 7   | Available by October 2015                                                                   |
 
  
 
 Additionally, new product keys will be needed for all types of volume license activation (KMS, MAK, and AD-based Activation); these keys are available on the Volume Licensing Service Center (VLSC) for customers with rights to the Windows 10 operating system. To find the needed keys:
 
--   Sign into the [Volume Licensing Service Center (VLSC)](http://go.microsoft.com/fwlink/p/?LinkId=625088) at with a Microsoft account that has appropriate rights.
+-   Sign into the [Volume Licensing Service Center (VLSC)](https://go.microsoft.com/fwlink/p/?LinkId=625088) at with a Microsoft account that has appropriate rights.
 
 -   For KMS keys, click **Licenses** and then select **Relationship Summary**. Click the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key.
 
diff --git a/windows/plan/windows-10-servicing-options.md b/windows/plan/windows-10-servicing-options.md
index 6ac55f7ffc..83af9a41f3 100644
--- a/windows/plan/windows-10-servicing-options.md
+++ b/windows/plan/windows-10-servicing-options.md
@@ -1,5 +1,5 @@
 ---
-title: Windows 10 servicing options (Windows 10)
+title: Windows 10 servicing overview (Windows 10)
 description: Windows 10 provides a new model for organizations to deploy and upgrade Windows by providing updates to features and capabilities through a continual process.
 ms.assetid: 6EF0792C-B587-497D-8489-4A7F5848D92A
 keywords: deploy, upgrade, update, servicing
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.pagetype: servicing
 ms.sitesec: library
-author: greg-lindsay
+author: jdeckerMS
 ---
 
 # Windows 10 servicing overview
@@ -72,6 +72,7 @@ Windows 10 enables organizations to fulfill the desire to provide users with the
 
 ## Related topics
 
+[Windows 10 release information](https://technet.microsoft.com/windows/release-info)<BR>
 [Windows 10 deployment considerations](windows-10-deployment-considerations.md)<BR>
 [Windows 10 compatibility](windows-10-compatibility.md)<BR>
 [Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
\ No newline at end of file
diff --git a/windows/plan/windows-to-go-frequently-asked-questions.md b/windows/plan/windows-to-go-frequently-asked-questions.md
index a9f0dfee6c..8170500400 100644
--- a/windows/plan/windows-to-go-frequently-asked-questions.md
+++ b/windows/plan/windows-to-go-frequently-asked-questions.md
@@ -127,7 +127,7 @@ Windows To Go can be deployed using standard Windows deployment tools like Diskp
 
 -   A Windows 10 Enterprise or Windows 10 Education host PC that can be used to provision new USB keys
 
-You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you are creating a large number of drives. See the [Windows To Go Step by Step](http://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process.
+You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you are creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process.
 
 ## <a href="" id="wtg-faq-usbvs"></a>Is Windows To Go supported on both USB 2.0 and USB 3.0 drives?
 
@@ -152,7 +152,7 @@ Yes. Because USB 3.0 offers significantly faster speeds than USB 2.0, a Windows
 ## <a href="" id="wtg-faq-selfpro"></a>Can the user self-provision Windows To Go?
 
 
-Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise and Windows 10 Education. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](http://go.microsoft.com/fwlink/p/?LinkID=618746).
+Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise and Windows 10 Education. Additionally, System Center 2012 Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746).
 
 ## <a href="" id="wtg-faq-mng"></a>How can Windows To Go be managed in an organization?
 
@@ -186,7 +186,7 @@ After you have entered firmware setup, make sure that boot from USB is enabled.
 
 Alternatively, if your computer supports it, you can try to use the one-time boot menu (often F12), to select USB boot on a per-boot basis.
 
-For more detailed instructions, see the wiki article, [Tips for configuring your BIOS settings to work with Windows To Go](http://go.microsoft.com/fwlink/p/?LinkID=618951).
+For more detailed instructions, see the wiki article, [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
 
 **Warning**  
 Configuring a computer to boot from USB will cause your computer to attempt to boot from any bootable USB device connected to your computer. This potentially includes malicious devices. Users should be informed of this risk and instructed to not have any bootable USB storage devices plugged in to their computers except for their Windows To Go drive.
@@ -312,7 +312,7 @@ The size constraints are the same as full Windows. To ensure that you have enoug
 ## <a href="" id="wtg-faq-roamact"></a>Do I need to activate Windows To Go every time I roam?
 
 
-No, Windows To Go requires volume activation; either using the [Key Management Service](http://go.microsoft.com/fwlink/p/?LinkId=619051) (KMS) server in your organization or using [Active Directory](http://go.microsoft.com/fwlink/p/?LinkId=619053) based volume activation. The Windows To Go workspace will not need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or a through remote connection using DirectAccess or a virtual private network connection), once activated the machine will not need to be activated again until the activation validity interval has passed. In a KMS configuration the activation validity interval is 180 days.
+No, Windows To Go requires volume activation; either using the [Key Management Service](https://go.microsoft.com/fwlink/p/?LinkId=619051) (KMS) server in your organization or using [Active Directory](https://go.microsoft.com/fwlink/p/?LinkId=619053) based volume activation. The Windows To Go workspace will not need to be reactivated every time you roam. KMS activates Windows on a local network, eliminating the need for individual computers to connect to Microsoft. To remain activated, KMS client computers must renew their activation by connecting to the KMS host on periodic basis. This typically occurs as soon as the user has access to the corporate network (either through a direct connection on-premises or a through remote connection using DirectAccess or a virtual private network connection), once activated the machine will not need to be activated again until the activation validity interval has passed. In a KMS configuration the activation validity interval is 180 days.
 
 ## <a href="" id="wtg-faq-features"></a>Can I use all Windows features on Windows To Go?
 
@@ -346,12 +346,12 @@ Yes. You can use a combination of identifiers to determine if the currently runn
 
 Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment.
 
-For more information, see the MSDN article on the [Win32\_OperatingSystem class](http://go.microsoft.com/fwlink/p/?LinkId=619059).
+For more information, see the MSDN article on the [Win32\_OperatingSystem class](https://go.microsoft.com/fwlink/p/?LinkId=619059).
 
 ## <a href="" id="wtg-faq-lic"></a>How is Windows To Go licensed?
 
 
-Windows To Go allows organization to support the use of privately owned PCs at the home or office with more secure access to their organizational resources. With Windows To Go use rights under [Software Assurance](http://go.microsoft.com/fwlink/p/?LinkId=619062), an employee will be able to use Windows To Go on any company PC licensed with Software Assurance as well as from their home PC.
+Windows To Go allows organization to support the use of privately owned PCs at the home or office with more secure access to their organizational resources. With Windows To Go use rights under [Software Assurance](https://go.microsoft.com/fwlink/p/?LinkId=619062), an employee will be able to use Windows To Go on any company PC licensed with Software Assurance as well as from their home PC.
 
 ## <a href="" id="wtg-faq-recovery"></a>Does Windows Recovery Environment work with Windows To Go? What’s the guidance for recovering a Windows To Go drive?
 
@@ -383,7 +383,7 @@ You can reset the BitLocker system measurements to incorporate the new boot orde
 
     A message is displayed, informing you that your data will not be protected while BitLocker is suspended and asking if you want to suspend BitLocker Drive Encryption. Click **Yes** to continue and suspend BitLocker on the drive.
 
-4.  Restart the computer and enter the firmware settings to reset the boot order to boot from USB first. For more information on changing the boot order in the BIOS, see [Tips for configuring your BIOS settings to work with Windows To Go](http://go.microsoft.com/fwlink/p/?LinkId=618951) on the TechNet wiki.
+4.  Restart the computer and enter the firmware settings to reset the boot order to boot from USB first. For more information on changing the boot order in the BIOS, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) on the TechNet wiki.
 
 5.  Restart the computer again and then log on to the host computer using an account with administrator privileges. (Neither your Windows To Go drive nor any other USB drive should be inserted.)
 
@@ -410,7 +410,7 @@ Reformatting the drive erases the data on the drive, but doesn’t reconfigure t
 
      
 
-2.  Start the [diskpart](http://go.microsoft.com/fwlink/p/?LinkId=619070) command interpreter, by typing `diskpart` at the command prompt.
+2.  Start the [diskpart](https://go.microsoft.com/fwlink/p/?LinkId=619070) command interpreter, by typing `diskpart` at the command prompt.
 
 3.  Use the `select disk` command to identify the drive. If you do not know the drive number, use the `list` command to display the list of disks available.
 
@@ -433,9 +433,9 @@ There is no support in Windows for upgrading a Windows To Go drive. Deployed Win
 ## Additional resources
 
 
--   [Windows 10 forums](http://go.microsoft.com/fwlink/p/?LinkId=618949)
+-   [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
 
--   [Windows To Go Step by Step Wiki](http://go.microsoft.com/fwlink/p/?LinkId=618950)
+-   [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950)
 
 -   [Windows To Go: feature overview](windows-to-go-overview.md)
 
diff --git a/windows/plan/windows-to-go-overview.md b/windows/plan/windows-to-go-overview.md
index f00dfb55ea..4b1d981e94 100644
--- a/windows/plan/windows-to-go-overview.md
+++ b/windows/plan/windows-to-go-overview.md
@@ -19,7 +19,7 @@ author: mtniehaus
 
 Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs.
 
-PCs that meet the Windows 7 or later [certification requirements](http://go.microsoft.com/fwlink/p/?LinkId=618711) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go:
+PCs that meet the Windows 7 or later [certification requirements](https://go.microsoft.com/fwlink/p/?LinkId=618711) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go:
 
 -   [Differences between Windows To Go and a typical installation of Windows](#bkmk-wtgdif)
 
@@ -63,7 +63,7 @@ The applications that you want to use from the Windows To Go workspace should be
 
 Enterprises install Windows on a large group of computers either by using configuration management software (such as System Center Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool.
 
-These same tools can be used to provision Windows To Go drive, just as you would if you were planning for provisioning a new class of mobile PCs. You can use the [Windows Assessment and Deployment Kit](http://go.microsoft.com/fwlink/p/?LinkId=526803) to review deployment tools available.
+These same tools can be used to provision Windows To Go drive, just as you would if you were planning for provisioning a new class of mobile PCs. You can use the [Windows Assessment and Deployment Kit](https://go.microsoft.com/fwlink/p/?LinkId=526803) to review deployment tools available.
 
 **Important**  
 Make sure you use the versions of the deployment tools provided for the version of Windows you are deploying. There have been many enhancements made to support Windows To Go. Using versions of the deployment tools released for earlier versions of Windows to provision a Windows To Go drive is not supported.
@@ -104,26 +104,26 @@ Using a USB drive that has not been certified is not supported
 
  
 
--   IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](http://go.microsoft.com/fwlink/p/?LinkId=618714))
+-   IronKey Workspace W700 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w700.html](https://go.microsoft.com/fwlink/p/?LinkId=618714))
 
--   IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](http://go.microsoft.com/fwlink/p/?LinkId=618717))
+-   IronKey Workspace W500 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w500.html](https://go.microsoft.com/fwlink/p/?LinkId=618717))
 
--   IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](http://go.microsoft.com/fwlink/p/?LinkId=618718))
+-   IronKey Workspace W300 ([http://www.ironkey.com/windows-to-go-drives/ironkey-workspace-w300.html](https://go.microsoft.com/fwlink/p/?LinkId=618718))
 
--   Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](http://go.microsoft.com/fwlink/p/?LinkId=618719))
+-   Kingston DataTraveler Workspace for Windows To Go ([http://www.kingston.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618719))
 
--   Spyrus Portable Workplace ([http://www.spyruswtg.com/](http://go.microsoft.com/fwlink/p/?LinkId=618720))
+-   Spyrus Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
 
     We recommend that you run the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Portable Workplace.
 
--   Spyrus Secure Portable Workplace ([http://www.spyruswtg.com/](http://go.microsoft.com/fwlink/p/?LinkId=618720))
+-   Spyrus Secure Portable Workplace ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
 
     **Important**  
-    You must use the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Secure Portable Workplace. For more information about the Spyrus Deployment Suite for Windows To Go please refer to [http://www.spyruswtg.com/](http://go.microsoft.com/fwlink/p/?LinkId=618720).
+    You must use the Spyrus Deployment Suite for Windows To Go to provision the Spyrus Secure Portable Workplace. For more information about the Spyrus Deployment Suite for Windows To Go please refer to [http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720).
 
      
 
--   Spyrus Worksafe ([http://www.spyruswtg.com/](http://go.microsoft.com/fwlink/p/?LinkId=618720))
+-   Spyrus Worksafe ([http://www.spyruswtg.com/](https://go.microsoft.com/fwlink/p/?LinkId=618720))
 
     **Tip**  
     This device contains an embedded smart card.
@@ -136,11 +136,11 @@ Using a USB drive that has not been certified is not supported
 
     Super Talent Express RC8 for Windows To Go
 
-    ([http://www.supertalent.com/wtg/](http://go.microsoft.com/fwlink/p/?LinkId=618721))
+    ([http://www.supertalent.com/wtg/](https://go.microsoft.com/fwlink/p/?LinkId=618721))
 
--   Western Digital My Passport Enterprise ([http://www.wd.com/wtg](http://go.microsoft.com/fwlink/p/?LinkId=618722))
+-   Western Digital My Passport Enterprise ([http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722))
 
-    We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go.  For more information about the WD Compass utility please refer to [http://www.wd.com/wtg](http://go.microsoft.com/fwlink/p/?LinkId=618722)
+    We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go.  For more information about the WD Compass utility please refer to [http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722)
 
 **For host computers**
 
@@ -249,16 +249,16 @@ In addition to the USB boot support in the BIOS, the Windows 10 image on your W
 ## Additional resources
 
 
--   [Windows 10 forums](http://go.microsoft.com/fwlink/p/?LinkId=618949)
+-   [Windows 10 forums](https://go.microsoft.com/fwlink/p/?LinkId=618949)
 
--   [Windows To Go Step by Step Wiki](http://go.microsoft.com/fwlink/p/?LinkId=618950)
+-   [Windows To Go Step by Step Wiki](https://go.microsoft.com/fwlink/p/?LinkId=618950)
 
--   [Tips for configuring your BIOS settings to work with Windows To Go](http://go.microsoft.com/fwlink/p/?LinkId=618951)
+-   [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951)
 
 ## Related topics
 
 
--   [Deploy Windows To Go in your organization](http://go.microsoft.com/fwlink/p/?LinkId=619975)
+-   [Deploy Windows To Go in your organization](https://go.microsoft.com/fwlink/p/?LinkId=619975)
 
 -   [Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.md)
 
diff --git a/windows/plan/windows-update-for-business.md b/windows/plan/windows-update-for-business.md
index 67c4200203..93dcee04ac 100644
--- a/windows/plan/windows-update-for-business.md
+++ b/windows/plan/windows-update-for-business.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: servicing; devices
-author: TrudyHa
+author: jdeckerMS
 ---
 
 # Windows Update for Business
@@ -19,12 +19,12 @@ Get an overview of how you can implement and deploy a Windows Update for Busines
 
 ## Introduction
 
-Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft’s Windows Update service. By using [Group Policy Objects](http://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
+Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft’s Windows Update service. By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
 -   **Deployment and validation groups**; where administrators can specify which devices go first in an update wave, and which devices will come later (to ensure any quality bars are met).
 -   **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient.
--   **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](http://go.microsoft.com/fwlink/p/?LinkId=699281).
+-   **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281).
 
-Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](http://go.microsoft.com/fwlink/p/?LinkId=734043) and [System Center Configuration Manager](http://go.microsoft.com/fwlink/p/?LinkId=734044).
+Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](https://go.microsoft.com/fwlink/p/?LinkId=734043) and [System Center Configuration Manager](https://go.microsoft.com/fwlink/p/?LinkId=734044).
 
 ## Deploy Windows Update for Business in your organization
 
diff --git a/windows/whats-new/applocker.md b/windows/whats-new/applocker.md
index eded8c7862..2e082cd98c 100644
--- a/windows/whats-new/applocker.md
+++ b/windows/whats-new/applocker.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: brianlic-msft
-redirect_url: whats-new-windows-10-version-1507-and-1511.md
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---
 
 # What's new in AppLocker?
diff --git a/windows/whats-new/bitlocker.md b/windows/whats-new/bitlocker.md
index 0176decb20..9f0df242bf 100644
--- a/windows/whats-new/bitlocker.md
+++ b/windows/whats-new/bitlocker.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security, mobile
 author: brianlic-msft
-redirect_url: whats-new-windows-10-version-1507-and-1511.md
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---
 
 # What's new in BitLocker?
diff --git a/windows/whats-new/change-history-for-what-s-new-in-windows-10.md b/windows/whats-new/change-history-for-what-s-new-in-windows-10.md
index 750a878d7d..a38cbf4702 100644
--- a/windows/whats-new/change-history-for-what-s-new-in-windows-10.md
+++ b/windows/whats-new/change-history-for-what-s-new-in-windows-10.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: TrudyHa
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/whats-new/index
 ---
 
 # Change history for What's new in Windows 10
diff --git a/windows/whats-new/contribute-to-a-topic.md b/windows/whats-new/contribute-to-a-topic.md
new file mode 100644
index 0000000000..df040f8573
--- /dev/null
+++ b/windows/whats-new/contribute-to-a-topic.md
@@ -0,0 +1,71 @@
+---
+title: Edit an existing topic using the Contribute link
+description: Instructions about how to edit an existing topic by using the Contribute link.
+keywords: contribute, edit a topic
+ms.prod: w10
+ms.mktglfcycl: explore
+ms.sitesec: library
+---
+
+# Edit an existing topic using the Contribute link
+You can now make suggestions and update existing, public content with a GitHub account and a simple click of a link.
+
+>**Note**<br>
+>At this time, only the English (en-us) content is available for editing.
+
+**To edit a topic**
+
+1. All contributors who are ***not*** a Microsoft employee must [sign a Microsoft Contribution Licensing Agreement (CLA)](https://cla.microsoft.com/) before contributing to any Microsoft repositories. 
+If you've already contributed to Microsoft repositories in the past, congratulations! 
+You've already completed this step.
+
+2. Go to the page on TechNet that you want to update, and then click **Contribute**.
+
+    ![GitHub Web, showing the Contribute link](images/contribute-link.png)
+
+3. Log into (or sign up for) a GitHub account.
+    
+    You must have a GitHub account to get to the page that lets you edit a topic.
+
+4. Click the **Pencil** icon (in the red box) to edit the content.
+
+    ![GitHub Web, showing the Pencil icon in the red box](images/pencil-icon.png)
+
+5.	Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see:
+    - **If you're linked to the Microsoft organization in GitHub:** [Windows Open Publishing Guide Home](http://aka.ms/windows-op-guide)
+    
+    - **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) 
+
+6.	Make your suggested change, and then click **Preview Changes** to make sure it looks correct.
+
+       ![GitHub Web, showing the Preview Changes tab](images/preview-changes.png)
+
+7. When you’re done editing the topic, scroll to the bottom of the page, and then click **Propose file change** to create a fork in your personal GitHub account.
+
+    ![GitHub Web, showing the Propose file change button](images/propose-file-change.png)
+
+    The **Comparing changes** screen appears to see what the changes are between your fork and the original content.
+
+8.	On the **Comparing changes** screen, you’ll see if there are any problems with the file you’re checking in.
+
+    If there are no problems, you’ll see the message, **Able to merge**.
+
+    ![GitHub Web, showing the Comparing changes screen](images/compare-changes.png)
+
+9.	Click **Create pull request**.
+
+10.	Enter a title and description to give the approver the appropriate context about what’s in the request.
+
+11.	Scroll to the bottom of the page, making sure that only your changed files are in this pull request. Otherwise, you could overwrite changes from other people.
+
+12.	Click **Create pull request** again to actually submit the pull request.
+
+    The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to one of the following places:
+
+    - [Windows 10](https://technet.microsoft.com/itpro/windows)
+    - [Internet Explorer 11](https://technet.microsoft.com/itpro/internet-explorer)
+    - [Microsoft Edge](https://technet.microsoft.com/itpro/microsoft-edge)
+    - [Surface](https://technet.microsoft.com/itpro/surface)
+    - [Surface Hub](https://technet.microsoft.com/itpro/surface-hub)
+    - [Windows 10 for Education](https://technet.microsoft.com/edu/windows)
+    - [Microsoft Desktop Optimization Pack](https://technet.microsoft.com/itpro/mdop)
diff --git a/windows/whats-new/credential-guard.md b/windows/whats-new/credential-guard.md
index 02ff200227..3edfe53458 100644
--- a/windows/whats-new/credential-guard.md
+++ b/windows/whats-new/credential-guard.md
@@ -7,7 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: brianlic-msft
-redirect_url: whats-new-windows-10-version-1507-and-1511.md
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---
 
 # What's new in Credential Guard?
diff --git a/windows/whats-new/device-guard-overview.md b/windows/whats-new/device-guard-overview.md
index 28e92f028b..e42271af40 100644
--- a/windows/whats-new/device-guard-overview.md
+++ b/windows/whats-new/device-guard-overview.md
@@ -8,6 +8,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: brianlic-msft
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---
 
 # Device Guard overview
@@ -25,7 +26,7 @@ For details on how to implement Device Guard, see [Device Guard deployment guide
 
 ## Why use Device Guard
 With thousands of new malicious files created every day, using traditional methods like signature-based detection to fight against malware provides an inadequate defense against new attacks. Device Guard on Windows 10 Enterprise changes from a mode where apps are trusted unless blocked by an antivirus or other security solutions, to a mode where the operating system trusts only apps authorized by your enterprise.
-Device Guard also helps protect against [zero day attacks](http://go.microsoft.com/fwlink/p/?linkid=534209) and works to combat the challenges of [polymorphic viruses](http://go.microsoft.com/fwlink/p/?LinkId=534210).
+Device Guard also helps protect against [zero day attacks](https://go.microsoft.com/fwlink/p/?linkid=534209) and works to combat the challenges of [polymorphic viruses](https://go.microsoft.com/fwlink/p/?LinkId=534210).
 ## Virtualization-based security using Windows 10 Enterprise Hypervisor
 
 Windows 10 Enterprise Hypervisor introduces new capabilities around virtual trust levels, which helps Windows 10 Enterprise services to run in a protected environment, in isolation from the running operating system. Windows 10 Enterprise virtualization-based security helps protect kernel code integrity and helps to provide credential isolation for the local security authority (LSA). Letting the Kernel Code Integrity service run as a hypervisor-hosted service increases the level of protection around the root operating system, adding additional protections against any malware that compromises the kernel layer. 
diff --git a/windows/whats-new/device-management.md b/windows/whats-new/device-management.md
index 55051d9fd0..79260f0f69 100644
--- a/windows/whats-new/device-management.md
+++ b/windows/whats-new/device-management.md
@@ -7,118 +7,11 @@ ms.pagetype: devices, mobile
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: jdeckerMS
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/manage-corporate-devices
 ---
 
 # Enterprise management for Windows 10 devices
 
-
-**Applies to**
-
--   Windows 10
--   Windows 10 Mobile
-
-Windows 10 provides mobile device management (MDM) capabilities for PCs, laptops, tablets, and phones that enable enterprise-level management of corporate-owned and personal devices.
-
-## MDM support
-
-
-MDM policies for Windows 10 align with the policies supported in Windows 8.1 and are expanded to address even more enterprise scenarios, such as managing multiple users who have Microsoft Azure Active Directory (Azure AD) accounts, full control over the Windows Store, VPN configuration, and more. To learn more about the changes in MDM policies for Windows 10, version 1607, see [What's new in MDM enrollment and management](https://msdn.microsoft.com/en-us/library/windows/hardware/mt299056%28v=vs.85%29.aspx#whatsnew_1607).
-
-MDM support in Windows 10 is based on [Open Mobile Alliance (OMA)](http://go.microsoft.com/fwlink/p/?LinkId=533885) Device Management (DM) protocol 1.2.1 specification.
-
-Corporate-owned devices can be enrolled automatically for enterprises using Azure AD.
-
-## Unenrollment
-
-
-When a person leaves your organization and you unenroll the user account or device from management, the enterprise-controlled configurations and apps are removed from the device. You can unenroll the device remotely or the person can unenroll by manually removing the account from the device.
-
-When a personal device is unenrolled, the user's data and apps are untouched, while enterprise information such as certificates, VPN profiles, and enterprise apps are removed.
-
-## Infrastructure
-
-
-Enterprises have the following identity and management choices.
-
-| Area | Choices |
-|---|---|                                                                                                                                                                            
-| Identity          | Active Directory; Azure AD                                                                                                                                                  |
-| Grouping          | Domain join; Workgroup; Azure AD join                                                                                                                                       |
-| Device management | Group Policy; System Center Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) |
-
- 
-
-**Note**  
-With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](http://go.microsoft.com/fwlink/p/?LinkID=613512).
-
- 
-
-## Device lockdown
-
-
-Do you need a computer that can only do one thing? For example:
-
--   A device in the lobby that customers can use to view your product catalog.
-
--   A portable device that drivers can use to check a route on a map.
-
--   A device that a temporary worker uses to enter data.
-
-You can configure a persistent locked down state to [create a kiosk-type device](https://technet.microsoft.com/en-us/itpro/windows/manage/set-up-a-device-for-anyone-to-use). When the locked-down account is logged on, the device displays only the app that you select.
-
-You can also [configure a lockdown state](https://technet.microsoft.com/en-us/itpro/windows/manage/lock-down-windows-10-to-specific-apps) that takes effect when a given user account logs on. The lockdown restricts the user to only the apps that you specify.
-
-Lockdown settings can also be configured for device look and feel, such as a theme or a [custom layout on the Start screen](https://technet.microsoft.com/en-us/itpro/windows/manage/windows-10-start-layout-options-and-policies).
-
-## Updates
-
-
-With Windows 10, your enterprise will have more choice and flexibility in applying operating system updates. You can manage and control updates to devices running Windows 10 Pro and Windows 10 Enterprise using MDM policies.
-
-While Windows Update provides updates to unmanaged devices, most enterprises prefer to manage and control the flow of updates using their device management solution. You can choose to apply the latest updates as soon as they are available, or you can set a source and schedule for updates that works for your specific requirements.
-
-For more information about updating Windows 10, see [Windows 10 servicing options for updates and upgrades](../manage/introduction-to-windows-10-servicing.md).
-
-## Easier certificate management
-
-
-For Windows 10-based devices, you can use your MDM server to directly deploy client authentication certificates using Personal Information Exchange (PFX), in addition to enrolling using Simple Certificate Enrollment Protocol (SCEP), including certificates to enable Windows Hello for Business in your enterprise. You'll be able to use MDM to enroll, renew, and delete certificates. As in Windows Phone 8.1, you can use the [Certificates app](http://go.microsoft.com/fwlink/p/?LinkId=615824) to review the details of certificates on your device. [Learn how to install digital certificates on Windows 10 Mobile.](https://tnstage.redmond.corp.microsoft.com/en-us/itpro/windows/keep-secure/installing-digital-certificates-on-windows-10-mobile)
-
-## Learn more
-
-
-[Windows 10: Manageability Choices](http://go.microsoft.com/fwlink/p/?LinkId=533886)
-
-[Windows 10: Management](http://go.microsoft.com/fwlink/p/?LinkId=533887)
-
-[Windows 10 Technical Preview Fundamentals for IT Pros: Windows 10 Management and Deployment](http://go.microsoft.com/fwlink/p/?LinkId=533888)
-
-[Reference for Mobile device management for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=533172)
-
-Active Directory blog posts on Azure AD and Windows 10:
-
--   [Azure AD, Microsoft Intune and Windows 10 - Using the cloud to modernize enterprise mobility!](http://go.microsoft.com/fwlink/p/?LinkId=619025)
-
--   [Azure AD Join on Windows 10 devices](http://go.microsoft.com/fwlink/p/?LinkID=616791)
-
--   [Azure AD on Windows 10 Personal Devices]( http://go.microsoft.com/fwlink/p/?LinkId=619028)
-
--   [Azure Active Directory and Windows 10: Bringing the cloud to enterprise desktops!](http://go.microsoft.com/fwlink/p/?LinkID=615765)
-
-## Related topics
-
-
-[Manage corporate devices](../manage/manage-corporate-devices.md)
-
-[Windows Hello](microsoft-passport.md)
-
-[Enterprise Data Protection Overview](edp-whats-new-overview.md)
-
- 
-
- 
-
-
-
+This page has been redirected to **What's new in Windows 10, versions 1507 and 1511**.
 
 
diff --git a/windows/whats-new/edge-ie11-whats-new-overview.md b/windows/whats-new/edge-ie11-whats-new-overview.md
index 9370b6beb5..8c053fd990 100644
--- a/windows/whats-new/edge-ie11-whats-new-overview.md
+++ b/windows/whats-new/edge-ie11-whats-new-overview.md
@@ -1,56 +1,6 @@
 ---
 title: Browser Microsoft Edge and Internet Explorer 11 (Windows 10)
 description: Resources to help you explore the Windows 10 browsing options for your enterprise.
-ms.assetid: e986f903-69ad-4145-9d24-0c6d04b3e489
-ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: mobile
-author: eross-msft
+redirect_url: https://technet.microsoft.com/itpro/microsoft-edge/enterprise-guidance-using-microsoft-edge-and-ie11
 ---
 
-# Browser: Microsoft Edge and Internet Explorer 11
-**Microsoft Edge content applies to:**
-
--   Windows 10
--   Windows 10 Mobile
-
-**Internet Explorer 11 content applies to:**
-
--   Windows 10
-
-## Enterprise guidance
-Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](http://go.microsoft.com/fwlink/p/?linkid=290956).
-
-We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10.
-
-### Microsoft Edge
-Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.
-
--   **Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on webpages.
--   **Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout that's optimized for your screen size. While in reading view, you can also save webpages or PDF files to your reading list, for later viewing.
--   **Cortana.** Cortana is automatically enabled on Microsoft Edge. Microsoft Edge lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
--   **Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
-
-### IE11
-IE11 offers enterprises additional security, manageability, performance, backward compatibility, and modern standards support.
-
--   **Backward compatibility.** IE11 supports 9 document modes that include high-fidelity emulations for older versions of IE.
--   **Modern web standards.** IE11 supports modern web technologies like HTML5, CSS3, and WebGL, which help to ensure today's modern websites and apps work just as well as your old, legacy websites and apps.
--   **More secure.** IE11 was designed with security in mind and is more secure than older versions. Using security features like SmartScreen and Enhanced Protected Mode can help IE11 reduce your risk.
--   **Faster.** IE11 is significantly faster than previous versions of Internet Explorer, taking advantage of network optimization and hardware-accelerated text, graphics, and JavaScript rendering.
--   **Easier migration to Windows 10.** IE11 is the only version of IE that runs on Windows 7, Windows 8.1, and Windows 10. Upgrading to IE11 on Windows 7 can also help your organization support the next generation of software, services, and devices.
--   **Administration.** IE11 can use the Internet Explorer Administration Kit (IEAK) 11 or MSIs for deployment, and includes more than 1,600 Group Policies and preferences for granular control.
-
-## Related topics
-- [Web Application Compatibility Lab Kit for Internet Explorer 11](https://technet.microsoft.com/en-us/browser/mt612809.aspx)
-- [Download Internet Explorer 11](http://windows.microsoft.com/en-US/internet-explorer/download-ie)
-- [Microsoft Edge - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/microsoft-edge/index)
-- [Internet Explorer 11 - Deployment Guide for IT Pros](https://technet.microsoft.com/itpro/internet-explorer/ie11-deploy-guide/index)
-- [IEAK 11 - Internet Explorer Administration Kit 11 Users Guide](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-ieak/index)
-- [Internet Explorer 11 - FAQ for IT Pros](https://technet.microsoft.com/en-us/itpro/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
-
-
-
-
-
diff --git a/windows/whats-new/edp-whats-new-overview.md b/windows/whats-new/edp-whats-new-overview.md
index 4b157c50e8..a6816c161f 100644
--- a/windows/whats-new/edp-whats-new-overview.md
+++ b/windows/whats-new/edp-whats-new-overview.md
@@ -1,81 +1,5 @@
 ---
 title: Enterprise data protection (EDP) overview (Windows 10)
 description: With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data disclosure through apps and services that are outside of the enterprise’s control like email, social media, and the public cloud.
-ms.assetid: 428A3135-CB5E-478B-B1FF-B6EB76F0DF14
-keywords: EDP Overview, EDP
-ms.prod: w10
-ms.mktglfcycl: explore
-ms.sitesec: library
-ms.pagetype: mobile, security
-author: eross-msft
----
-
-# Enterprise data protection (EDP) overview
-
-**Applies to:**
--   Windows 10 Insider Preview
--   Windows 10 Mobile Preview
-
-<span style="color:#ED1C24;">[Some information relates to pre-released product, which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.]</span>
-
-With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
-
-Enterprise data protection (EDP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. EDP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.
-
-## Benefits of EDP
-
-EDP provides:
-- Obvious separation between personal and corporate data, without requiring employees to switch environments or apps.
-
-- Additional data protection for existing line-of-business apps without a need to update the apps.
-
-- Ability to wipe corporate data from devices while leaving personal data alone.
-
-- Use of audit reports for tracking issues and remedial actions.
-
-- Integration with your existing management system (Microsoft Intune, System Center Configuration Manager (version 1511 or later), or your current mobile device management (MDM) system) to configure, deploy, and manage EDP for your company.
-
-## Enterprise scenarios
-EDP currently addresses these enterprise scenarios:
-- You can encrypt enterprise data on employee-owned and corporate-owned devices.
-
-- You can remotely wipe enterprise data off managed computers, including employee-owned computers, without affecting the personal data.
-
-- You can select specific apps that can access enterprise data, called "allowed apps" that are clearly recognizable to employees. You can also block non-protected apps from accessing enterprise data.
-
-- Your employees won't have their work otherwise interrupted while switching between personal and enterprise apps while the enterprise policies are in place. Switching environments or signing in multiple times isn’t required.
-
-## Why use EDP?
-EDP gives you a new way to manage data policy enforcement for apps and documents, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune).
-
-- **Change the way you think about data policy enforcement.** As an enterprise admin, you need to maintain compliance in your data policy and data access. EDP helps make sure that your enterprise data is protected on both corporate and employee-owned devices, even when the employee isn’t using the device. When employees create content on an enterprise-protected device, they can choose to save it as a work document. If it's a work document, it becomes locally-maintained as enterprise data.
-
-- **Manage your enterprise documents, apps, and encryption modes.**
-
-    - **Copying or downloading enterprise data.** When an employee or an app downloads content from a location like SharePoint, a network share, or an enterprise web location, while using an EDP-protected device, EDP encrypts the data on the device.
-
-    - **Using allowed apps.** Managed apps (apps that you've included on the allowed apps list in your EDP policy) are allowed to access your enterprise data and will interact differently when used with unallowed, non-enterprise aware, or personal-only apps. For example, if EDP management is set to **Block**, your employees can copy and paste from one protected app to another protected app, but not to personal apps. Imagine an HR person wants to copy a job description from a protected app to the internal career website, an enterprise-protected location, but goofs and tries to paste into a personal app instead. The paste action fails and a notification pops up, saying that the app couldn’t paste because of a policy restriction. The HR person then correctly pastes to the career website without a problem.
-
-    - **Managed apps and restrictions.** With EDP you can control which apps can access and use your enterprise data. After adding an app to your protected apps list, the app is trusted with enterprise data. All apps not on this list are blocked from accessing your enterprise data, depending on your EDP management-mode.
-    
-    You don’t have to modify line-of-business apps that never touch personal data to list them as protected apps; just include them in your protected apps list.
-
-    - **Deciding your level of data access.** EDP lets you block, allow overrides, or audit employees' data sharing actions. Blocking the action stops it immediately. Allowing overrides let the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without blocking anything that the employee could've overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your protected apps list.
-
-    - **Data encryption at rest.** EDP helps protect enterprise data on local files and on removable media.
-    
-    Apps such as Microsoft Word work with EDP to help continue your data protection across local files and removable media. These apps are being referred to as, enterprise aware. For example, if an employee opens EDP-encrypted content from Word, edits the content, and then tries to save the edited version with a different name, Word automatically applies EDP to the new document.
-
-    - **Helping prevent accidental data disclosure to public spaces.** EDP helps protect your enterprise data from being accidentally shared to public spaces, such as public cloud storage. For example, if Dropbox™ isn’t on your protected apps list, employees won’t be able to sync encrypted files to their personal cloud storage. Instead, if the employee stores the content to an app on your protected apps list, like Microsoft OneDrive for Business, the encrypted files can sync freely to the business cloud, while maintaining the encryption locally.
-
-    - **Helping prevent accidental data disclosure to removable media.** EDP helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn’t.
-
-    - **Remove access to enterprise data from enterprise-protected devices.** EDP gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.
-
-## Turn off EDP
-
-You can turn off all enterprise data protection and restrictions, reverting to where you were pre-EDP, with no data loss. However, turning off EDP isn't recommended. If you choose to turn it off, you can always turn it back on, but EDP won't retain your decryption and policies info.
-
-## Related topics
-- [Protect your enterprise data using enterprise data protection (EDP)](../keep-secure/protect-enterprise-data-using-edp.md)
- 
\ No newline at end of file
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/protect-enterprise-data-using-wip
+---
\ No newline at end of file
diff --git a/windows/whats-new/images/compare-changes.png b/windows/whats-new/images/compare-changes.png
new file mode 100644
index 0000000000..0d86db70f5
Binary files /dev/null and b/windows/whats-new/images/compare-changes.png differ
diff --git a/windows/whats-new/images/contribute-link.png b/windows/whats-new/images/contribute-link.png
new file mode 100644
index 0000000000..6b17e6dd56
Binary files /dev/null and b/windows/whats-new/images/contribute-link.png differ
diff --git a/windows/whats-new/images/pencil-icon.png b/windows/whats-new/images/pencil-icon.png
new file mode 100644
index 0000000000..82fe7852dd
Binary files /dev/null and b/windows/whats-new/images/pencil-icon.png differ
diff --git a/windows/whats-new/images/preview-changes.png b/windows/whats-new/images/preview-changes.png
new file mode 100644
index 0000000000..f98b2c6443
Binary files /dev/null and b/windows/whats-new/images/preview-changes.png differ
diff --git a/windows/whats-new/images/propose-file-change.png b/windows/whats-new/images/propose-file-change.png
new file mode 100644
index 0000000000..aedbc07b16
Binary files /dev/null and b/windows/whats-new/images/propose-file-change.png differ
diff --git a/windows/whats-new/index.md b/windows/whats-new/index.md
index c83ad18429..ff170bce3b 100644
--- a/windows/whats-new/index.md
+++ b/windows/whats-new/index.md
@@ -2,15 +2,16 @@
 title: What's new in Windows 10 (Windows 10)
 description: Learn about new features in Windows 10 for IT professionals, such as Enterprise Data Protection, Microsoft Passport, Device Guard, and more.
 ms.assetid: F1867017-76A1-4761-A200-7450B96AEF44
-keywords: ["What's new in Windows 10", "Windows 10", "anniversary update"]
+keywords: ["What's new in Windows 10", "Windows 10", "anniversary update", "contribute", "edit topic"]
 ms.prod: w10
 author: TrudyHa
+localizationpriority: high
 ---
 
 # What's new in Windows 10
 
 
-Windows 10 provides IT professionals with advanced protection against modern security threats and comprehensive management and control over devices and apps, as well as flexible deployment, update, and support options. Learn about new features in Windows 10 for IT professionals, such as Enterprise Data Protection, Windows Hello, Device Guard, and more. 
+Windows 10 provides IT professionals with advanced protection against modern security threats and comprehensive management and control over devices and apps, as well as flexible deployment, update, and support options. Learn about new features in Windows 10 for IT professionals, such as Windows Information Protection, Windows Hello, Device Guard, and more. 
 
 ## In this section
 
@@ -18,16 +19,15 @@ Windows 10 provides IT professionals with advanced protection against modern sec
 - [What's new in Windows 10, versions 1507 and 1511](whats-new-windows-10-version-1507-and-1511.md)
 
 
-
- 
+- [Edit an existing topic using the Contribute link](contribute-to-a-topic.md)
 
 ## Learn more
 
 - [Windows 10 roadmap](https://www.microsoft.com/en-us/WindowsForBusiness/windows-roadmap)
 - [Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info)
 - [Windows 10 update history](https://support.microsoft.com/en-us/help/12387/windows-10-update-history)
-- [Windows 10 content from Microsoft Ignite](http://go.microsoft.com/fwlink/p/?LinkId=613210)
-- [Compare Windows 10 Editions](http://go.microsoft.com/fwlink/p/?LinkId=690485)
+- [Windows 10 content from Microsoft Ignite](https://go.microsoft.com/fwlink/p/?LinkId=613210)
+- [Compare Windows 10 Editions](https://go.microsoft.com/fwlink/p/?LinkId=690485)
 
 
 
diff --git a/windows/whats-new/lockdown-features-windows-10.md b/windows/whats-new/lockdown-features-windows-10.md
index 0acfd3723a..67a759be13 100644
--- a/windows/whats-new/lockdown-features-windows-10.md
+++ b/windows/whats-new/lockdown-features-windows-10.md
@@ -8,108 +8,9 @@ ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 author: jdeckerMS
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/lockdown-features-windows-10
 ---
 
 # Lockdown features from Windows Embedded 8.1 Industry
 
-**Applies to**
--   Windows 10
--   Windows 10 Mobile
-
-Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10. This table maps Windows Embedded Industry 8.1 features to Windows 10 Enterprise features, along with links to documentation.
-
-<table>
-<colgroup>
-<col width="33%" />
-<col width="33%" />
-<col width="33%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Windows Embedded 8.1 Industry lockdown feature</th>
-<th align="left">Windows 10 feature</th>
-<th align="left">Changes</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>[Hibernate Once/Resume Many (HORM)](http://go.microsoft.com/fwlink/p/?LinkId=626758): Quick boot to device</p></td>
-<td align="left">N/A</td>
-<td align="left"><p>HORM is supported in Windows 10, version 1607. </p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Unified Write Filter](http://go.microsoft.com/fwlink/p/?LinkId=626757): protect a device's physical storage media</p></td>
-<td align="left">[Unified Writer Filter](http://go.microsoft.com/fwlink/p/?LinkId=626607)</td>
-<td align="left"><p>The Unified Write Filter is continued in Windows 10, with the exception of HORM which has been deprecated.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Keyboard Filter]( http://go.microsoft.com/fwlink/p/?LinkId=626761): block hotkeys and other key combinations</p></td>
-<td align="left">[Keyboard Filter](http://go.microsoft.com/fwlink/p/?LinkId=708391)</td>
-<td align="left"><p>Keyboard filter is added in Windows 10, version 1511. As in Windows Embedded Industry 8.1, Keyboard Filter is an optional component that can be turned on via <strong>Turn Windows Features On/Off</strong>. Keyboard Filter (in addition to the WMI configuration previously available) will be configurable through Windows Imaging and Configuration Designer (ICD) in the SMISettings path.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Shell Launcher](http://go.microsoft.com/fwlink/p/?LinkId=626676): launch a Classic Windows application on sign-on</p></td>
-<td align="left">[Shell Launcher](http://go.microsoft.com/fwlink/p/?LinkId=618603)</td>
-<td align="left"><p>Shell Launcher continues in Windows 10. It is now configurable in Windows ICD under the <strong>SMISettings</strong> category.</p>
-<p>Learn [how to use Shell Launcher to create a kiosk device](http://go.microsoft.com/fwlink/p/?LinkId=626922) that runs a Classic Windows application.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Application Launcher]( http://go.microsoft.com/fwlink/p/?LinkId=626675): launch a Universal Windows Platform (UWP) app on sign-on</p></td>
-<td align="left">[Assigned Access](http://go.microsoft.com/fwlink/p/?LinkId=626608)</td>
-<td align="left"><p>The Windows 8 Application Launcher has been consolidated into Assigned Access. Application Launcher enabled launching a Windows 8 app and holding focus on that app. Assigned Access offers a more robust solution for ensuring that apps retain focus.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Dialog Filter](http://go.microsoft.com/fwlink/p/?LinkId=626762): suppress system dialogs and control which processes can run</p></td>
-<td align="left">[AppLocker](../keep-secure/applocker-overview.md)</td>
-<td align="left"><p>Dialog Filter has been deprecated for Windows 10. Dialog Filter provided two capabilities; the ability to control which processes were able to run, and the ability to prevent dialogs (in practice, system dialogs) from appearing.</p>
-<ul>
-<li><p>Control over which processes are able to run will now be provided by AppLocker.</p></li>
-<li><p>System dialogs in Windows 10 have been replaced with system toasts. To see more on blocking system toasts, see Toast Notification Filter below.</p></li>
-</ul></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Toast Notification Filter]( http://go.microsoft.com/fwlink/p/?LinkId=626673): suppress toast notifications</p></td>
-<td align="left">Mobile device management (MDM) and Group Policy</td>
-<td align="left"><p>Toast Notification Filter has been replaced by MDM and Group Policy settings for blocking the individual components of non-critical system toasts that may appear. For example, to prevent a toast from appearing when a USB drive is connected, ensure that USB connections have been blocked using the USB-related policies, and turn off notifications from apps.</p>
-<p>Group Policy: <strong>User Configuration</strong> &gt; <strong>Administrative Templates</strong> &gt; <strong>Start Menu and Taskbar</strong> &gt; <strong>Notifications</strong></p>
-<p>MDM policy name may vary depending on your MDM service. In Microsoft Intune, use <strong>Allow action center notifications</strong> and a [custom OMA-URI setting](http://go.microsoft.com/fwlink/p/?LinkID=616317) for <strong>AboveLock/AllowActionCenterNotifications</strong>.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Embedded Lockdown Manager](http://go.microsoft.com/fwlink/p/?LinkId=626763): configure lockdown features</p></td>
-<td align="left">[Windows Imaging and Configuration Designer (ICD)](http://go.microsoft.com/fwlink/p/?LinkID=525483)</td>
-<td align="left"><p>The Embedded Lockdown Manager has been deprecated for Windows 10 and replaced by the Windows ICD. Windows ICD is the consolidated tool for Windows imaging and provisioning scenarios and enables configuration of all Windows settings, including the lockdown features previously configurable through Embedded Lockdown Manager.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[USB Filter](http://go.microsoft.com/fwlink/p/?LinkId=626674): restrict USB devices and peripherals on system</p></td>
-<td align="left">MDM and Group Policy</td>
-<td align="left"><p>The USB Filter driver has been replaced by MDM and Group Policy settings for blocking the connection of USB devices.</p>
-<p>Group Policy: <strong>Computer Configuration</strong> &gt; <strong>Administrative Templates</strong> &gt; <strong>System</strong> &gt; <strong>Device Installation</strong> &gt; <strong>Device Installation Restrictions</strong></p>
-<p>MDM policy name may vary depending on your MDM service. In Microsoft Intune, use <strong>Allow removable storage</strong> or <strong>Allow USB connection (Windows 10 Mobile only)</strong>.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Assigned Access](http://go.microsoft.com/fwlink/p/?LinkID=613653): launch a UWP app on sign-in and lock access to system</p></td>
-<td align="left">[Assigned Access](http://go.microsoft.com/fwlink/p/?LinkId=626608)</td>
-<td align="left"><p>Assigned Access has undergone significant improvement for Windows 10. In Windows 8.1, Assigned Access blocked system hotkeys and edge gestures, and non-critical system notifications, but it also applied some of these limitations to other accounts on the device.</p>
-<p>In Windows 10, Assigned Access no longer affects accounts other than the one being locked down. Assigned Access now restricts access to other apps or system components by locking the device when the selected user account logs in and launching the designated app above the lock screen, ensuring that no unintended functionality can be accessed.</p>
-<p>Learn [how to use Assigned Access to create a kiosk device](http://go.microsoft.com/fwlink/p/?LinkId=626922) that runs a Universal Windows app.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Gesture Filter](http://go.microsoft.com/fwlink/p/?LinkId=626672): block swipes from top, left, and right edges of screen</p></td>
-<td align="left">[Assigned Access](http://go.microsoft.com/fwlink/p/?LinkId=626608)</td>
-<td align="left"><p>The capabilities of Gesture Filter have been consolidated into Assigned Access for Windows 10. In Windows 8.1, gestures provided the ability to close an app, to switch apps, and to reach the Charms. For Windows 10, Charms have been removed, and blocking the closing or switching of apps is part of Assigned Access.</p></td>
-</tr>
-<tr class="even">
-<td align="left"><p>[Custom Logon]( http://go.microsoft.com/fwlink/p/?LinkId=626759): suppress Windows UI elements during Windows sign-on, sign-off, and shutdown</p></td>
-<td align="left">[Embedded Logon](http://go.microsoft.com/fwlink/p/?LinkId=626760)</td>
-<td align="left"><p>No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.</p></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>[Unbranded Boot](http://go.microsoft.com/fwlink/p/?LinkId=626872): custom brand a device by removing or replacing Windows boot UI elements</p></td>
-<td align="left">[Unbranded Boot](http://go.microsoft.com/fwlink/p/?LinkId=626873)</td>
-<td align="left"><p>No changes. Applies only to Windows 10 Enterprise and Windows 10 Education.</p></td>
-</tr>
-</tbody>
-</table>
- 
- 
- 
+This topic has been redirected.
\ No newline at end of file
diff --git a/windows/whats-new/microsoft-passport.md b/windows/whats-new/microsoft-passport.md
index a132b19ad6..e8b4935152 100644
--- a/windows/whats-new/microsoft-passport.md
+++ b/windows/whats-new/microsoft-passport.md
@@ -8,35 +8,9 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: mobile, security
 author: jdeckerMS
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/keep-secure/manage-identity-verification-using-microsoft-passport
 ---
 
 # Windows Hello overview
-**Applies to**
--   Windows 10
--   Windows 10 Mobile
 
-> **Note:** When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name in Windows 10, version 1607. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
-
-In Windows 10, Windows Hello replaces passwords with strong two-factor authentication that consists of an enrolled device and a Windows Hello (biometric) or PIN.
-
-Windows Hello lets users authenticate to a Microsoft account, an Active Directory account, a Microsoft Azure Active Directory (AD) account, or non-Microsoft service that supports [Fast ID Online (FIDO)](http://go.microsoft.com/fwlink/p/?LinkId=533889) authentication. After an initial two-step verification during Hello enrollment, Hello is set up on the user's device and the user sets a gesture, which can be biometric such as a fingerprint or a PIN. The user provides the gesture to verify identity; Windows then uses Hello to authenticate users and help them to access protected resources and services.
-Hello also enables Windows 10 Mobile devices to be used as a remote credential when signing into Windows 10 PCs. During the sign-in process, the Windows 10 PC can connect using Bluetooth to access Hello on the user’s Windows 10 Mobile device. Because users carry their phone with them, Hello makes implementing two-factor authentication across the enterprise less costly and complex than other solutions
-
-## Benefits of Windows Hello
-
--   **User convenience**. The employee provides credentials (such as account and password, or other credentials), and is then guided to set up Windows Hello. From that point on, the employee can access enterprise resources by providing a gesture.
--   **Security**. Hello helps protect user identities and user credentials. Because no passwords are used, it helps circumvent phishing and brute force attacks. It also helps prevent server breaches because Microsoft 
-
-Passport credentials are an asymmetric key pair, which helps prevent replay attacks when these keys are generated within isolated environments of Trusted Platform Modules (TPMs).
-[Learn how to implement and manage Windows Hello for Business in your organization.](../keep-secure/implement-microsoft-passport-in-your-organization.md)
-
-## Learn more
-
-[Why a PIN is better than a password](../keep-secure/why-a-pin-is-better-than-a-password.md)
-[Windows 10: Disrupting the Revolution of Cyber-Threats with Revolutionary Security!](http://go.microsoft.com/fwlink/p/?LinkId=533890)
-[Windows 10: The End Game for Passwords and Credential Theft?](http://go.microsoft.com/fwlink/p/?LinkId=533891)
-
-## Related topics
-[Device management](device-management.md)
- 
- 
+This topic has been redirected.
\ No newline at end of file
diff --git a/windows/whats-new/new-provisioning-packages.md b/windows/whats-new/new-provisioning-packages.md
index 62900c57c8..18725fae2a 100644
--- a/windows/whats-new/new-provisioning-packages.md
+++ b/windows/whats-new/new-provisioning-packages.md
@@ -7,124 +7,10 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: mobile
 author: jdeckerMS
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/deploy/provisioning-packages
 ---
 
 # Provisioning packages
 
 
-**Applies to**
-
--   Windows 10
--   Windows 10 Mobile
-
-Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows Provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management (through a wizard-driven user interface) and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers. 
-
-With Windows 10, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
-
-Provisioning packages are simple enough that with a short set of written instructions, a student or non-technical employee can use them to configure their device. This can result in a significant reduction in the time required to configure multiple devices in your organization.
-
-## New in Windows 10, Version 1607
-
-The Windows Assessment and Deployment Kit (ADK) for Windows 10 includes the Imaging and Configuration Designer (ICD), a tool for configuring images and runtime settings which are then built into provisioning packages. Windows ICD for Windows 10, Version 1607, simplifies common provisioning scenarios. 
-
-![Configuration Designer options](images/icd.png)
-
-Windows ICD in Windows 10, Version 1607, supports the following scenarios for IT administrators:
-
-* **Simple provisioning** – Enables IT administrators to define a desired configuration in Windows ICD and then apply that configuration on target devices. The simple provisioning wizard makes the entire process quick and easy by guiding an IT administrator through common configuration settings in a step-by-step manner. 
-
-    > [Learn how to use simple provisioning to configure Windows 10 computers.](../deploy/provision-pcs-for-initial-deployment.md)
-
-* **Advanced provisioning (deployment of classic (Win32) and Universal Windows Platform (UWP) apps, and certificates)** – Allows an IT administrator to use Windows ICD to open provisioning packages in the advanced settings editor and include apps for deployment on end-user devices. 
-
-    > [Learn how to use advanced provisioning to configure Windows 10 computers with apps and certificates.](../deploy/provision-pcs-with-apps-and-certificates.md)
-
-* **Mobile device enrollment into management** - Enables IT administrators to purchase off-the-shelf retail Windows 10 Mobile devices and enroll them into mobile device management (MDM) before handing them to end-users in the organization. IT administrators can use Windows ICD to specify the management end-point and apply the configuration on target devices by connecting them to a Windows PC (tethered deployment) or through an SD card. Supported management end-points include: 
-
-    * System Center Configuration Manager and Microsoft Intune hybrid (certificate-based enrollment) 
-    * AirWatch (password-string based enrollment) 
-    * Mobile Iron (password-string based enrollment) 
-    * Other MDMs (cert-based enrollment) 
-
-> **Note:** Windows ICD in Windows 10, Version 1607, also provides a wizard to create provisioning packages for school PCs. To learn more, see [Set up students' PCs to join domain](https://technet.microsoft.com/edu/windows/index).
-
-## Benefits of provisioning packages
-
-
-Provisioning packages let you:
-
--   Quickly configure a new device without going through the process of installing a new image.
-
--   Save time by configuring multiple devices using one provisioning package.
-
--   Quickly configure employee-owned devices in an organization without a mobile device management (MDM) infrastructure.
-
--   Set up a device without the device having network connectivity.
-
-Provisioning packages can be:
-
--   Installed using removable media such as an SD card or USB flash drive.
-
--   Attached to an email.
-
--   Downloaded from a network share.
-
-## What you can configure
-
-
-The following table provides some examples of what can be configured using provisioning packages.
-
-| Customization options    | Examples                                                                                      |
-|--------------------------|-----------------------------------------------------------------------------------------------|
-| Bulk Active Directory join and device name | Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters |
-| Applications             | Windows apps, line-of-business applications                                                   |
-| Bulk enrollment into MDM | Automatic enrollment into a third-party MDM service\*                       |
-| Certificates             | Root certification authority (CA), client certificates                                        |
-| Connectivity profiles    | Wi-Fi, proxy settings, Email                                                                  |
-| Enterprise policies      | Security restrictions (password, device lock, camera, and so on), encryption, update settings |
-| Data assets              | Documents, music, videos, pictures                                                            |
-| Start menu customization | Start menu layout, application pinning                                                        |
-| Other                    | Home and lock screen wallpaper, computer name, domain join, DNS settings, and so on           |
-\* Using a provisioning package for auto-enrollment to System Center Configuration Manager or Configuration Manager/Intune hybrid is not supported. Use the Configuration Manager console to enroll devices.
- 
-
-For details about the settings you can customize in provisioning packages, see [Windows Provisioning settings reference]( http://go.microsoft.com/fwlink/p/?LinkId=619012).
-
-## Creating a provisioning package
-
-
-With Windows 10, you can use the Windows Imaging and Configuration Designer (ICD) tool to create provisioning packages. To install Windows ICD and create provisioning packages, you must install the Windows Assessment and Deployment Kit (ADK) for Windows 10 [from the Windows Insider Program site](http://go.microsoft.com/fwlink/p/?linkid=533700).
-
-While running ADKsetup.exe for Windows 10, version 1607, select the following feature from the **Select the features you want to install** dialog box:
-
--   Windows Imaging and Configuration Designer (ICD)
-
-> **Note:** In previous versions of the Windows 10 ADK, you had to install additional features for Windows ICD to run. Starting in version 1607, you can install Windows ICD without other ADK features.
-
-After you install Windows ICD, you can use it to create a provisioning package. For detailed instructions on how to create a provisioning package, see [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=629651).
-
-## Applying a provisioning package to a device
-
-
-Provisioning packages can be applied both during image deployment and during runtime. For information on how to apply a provisioning package to a Windows 10-based device, see [Build and apply a provisioning package](http://go.microsoft.com/fwlink/p/?LinkID=629651).
-
-## Learn more
-
-
-[Windows 10: Deployment](http://go.microsoft.com/fwlink/p/?LinkId=533708)
-
-## Related topics
-
-
-
-
-[Configure devices without MDM](../manage/configure-devices-without-mdm.md)
-
- 
-
- 
-
-
-
-
-
+This topic has been redirected.
\ No newline at end of file
diff --git a/windows/whats-new/security-auditing.md b/windows/whats-new/security-auditing.md
index c597c177b0..8683fc520d 100644
--- a/windows/whats-new/security-auditing.md
+++ b/windows/whats-new/security-auditing.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 author: brianlic-msft
 ms.pagetype: security, mobile
-redirect_url: whats-new-windows-10-version-1507-and-1511.md
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---
 
 # What's new in security auditing?
@@ -21,7 +21,7 @@ Security auditing is one of the most powerful tools that you can use to maintain
 
 ## New features in Windows 10, version 1511
 
--   The [WindowsSecurityAuditing](http://go.microsoft.com/fwlink/p/?LinkId=690517) and [Reporting](http://go.microsoft.com/fwlink/p/?LinkId=690525) configuration service providers allow you to add security audit policies to mobile devices.
+-   The [WindowsSecurityAuditing](https://go.microsoft.com/fwlink/p/?LinkId=690517) and [Reporting](https://go.microsoft.com/fwlink/p/?LinkId=690525) configuration service providers allow you to add security audit policies to mobile devices.
 
 ## New features in Windows 10
 
diff --git a/windows/whats-new/security.md b/windows/whats-new/security.md
index ae44b5893e..f2d45edd95 100644
--- a/windows/whats-new/security.md
+++ b/windows/whats-new/security.md
@@ -190,8 +190,8 @@ Table 1. Windows 10 hardware requirements
 In this table, **R** stands for *recommended*, **Y** means that the hardware component is *required* for that Windows 10 feature, and **N** means that the hardware component is *not used* with that Windows 10 feature.
  
 ## Related topics
-[Windows 10 Specifications](http://go.microsoft.com/fwlink/p/?LinkId=717550)
-[Making Windows 10 More Personal and More Secure with Windows Hello](http://go.microsoft.com/fwlink/p/?LinkId=717551)
+[Windows 10 Specifications](https://go.microsoft.com/fwlink/p/?LinkId=717550)
+[Making Windows 10 More Personal and More Secure with Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=717551)
 [Protect BitLocker from pre-boot attacks](../keep-secure/protect-bitlocker-from-pre-boot-attacks.md)
 [BitLocker Countermeasures](../keep-secure/bitlocker-countermeasures.md)
 [Device Guard deployment guide](../keep-secure/device-guard-deployment-guide.md)
diff --git a/windows/whats-new/trusted-platform-module.md b/windows/whats-new/trusted-platform-module.md
index 91f4646825..e4a2614653 100644
--- a/windows/whats-new/trusted-platform-module.md
+++ b/windows/whats-new/trusted-platform-module.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security, mobile
 author: brianlic-msft
-redirect_url: whats-new-windows-10-version-1507-and-1511.md
+redirect_url: https://technet.microsoft.com/itpro/windows/keep-secure/trusted-platform-module-overview
 ---
 
 # What's new in Trusted Platform Module?
diff --git a/windows/whats-new/user-account-control.md b/windows/whats-new/user-account-control.md
index 7933086c5d..4a670324d3 100644
--- a/windows/whats-new/user-account-control.md
+++ b/windows/whats-new/user-account-control.md
@@ -7,7 +7,7 @@ ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 author: brianlic-msft
-redirect_url: whats-new-windows-10-version-1507-and-1511.md
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---
 
 # What's new in User Account Control?
diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
index c304d8acb2..4dcad74254 100644
--- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
+++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: TrudyHa
+localizationpriority: high
 ---
 
 # What's new in Windows 10, versions 1507 and 1511
@@ -69,7 +70,7 @@ With Windows 10, you can create provisioning packages that let you quickly and e
 ### Easier certificate management
 
 
-For Windows 10-based devices, you can use your MDM server to directly deploy client authentication certificates using Personal Information Exchange (PFX), in addition to enrolling using Simple Certificate Enrollment Protocol (SCEP), including certificates to enable Windows Hello for Business in your enterprise. You'll be able to use MDM to enroll, renew, and delete certificates. As in Windows Phone 8.1, you can use the [Certificates app](http://go.microsoft.com/fwlink/p/?LinkId=615824) to review the details of certificates on your device. [Learn how to install digital certificates on Windows 10 Mobile.](~/keep-secure/installing-digital-certificates-on-windows-10-mobile.md)
+For Windows 10-based devices, you can use your MDM server to directly deploy client authentication certificates using Personal Information Exchange (PFX), in addition to enrolling using Simple Certificate Enrollment Protocol (SCEP), including certificates to enable Windows Hello for Business in your enterprise. You'll be able to use MDM to enroll, renew, and delete certificates. As in Windows Phone 8.1, you can use the [Certificates app](https://go.microsoft.com/fwlink/p/?LinkId=615824) to review the details of certificates on your device. [Learn how to install digital certificates on Windows 10 Mobile.](~/keep-secure/installing-digital-certificates-on-windows-10-mobile.md)
 
 ### Microsoft Passport
 
@@ -81,7 +82,7 @@ Microsoft Passport lets users authenticate to a Microsoft account, an Active Dir
 
 #### New Security auditing features in Windows 10, version 1511
 
--   The [WindowsSecurityAuditing](http://go.microsoft.com/fwlink/p/?LinkId=690517) and [Reporting](http://go.microsoft.com/fwlink/p/?LinkId=690525) configuration service providers allow you to add security audit policies to mobile devices.
+-   The [WindowsSecurityAuditing](https://go.microsoft.com/fwlink/p/?LinkId=690517) and [Reporting](https://go.microsoft.com/fwlink/p/?LinkId=690525) configuration service providers allow you to add security audit policies to mobile devices.
 
 #### New features in Windows 10, version 1507
 
@@ -248,9 +249,9 @@ Windows 10 provides mobile device management (MDM) capabilities for PCs, laptop
 
 MDM policies for Windows 10 align with the policies supported in Windows 8.1 and are expanded to address even more enterprise scenarios, such as managing multiple users who have Microsoft Azure Active Directory (Azure AD) accounts, full control over the Windows Store, VPN configuration, and more. 
 
-MDM support in Windows 10 is based on [Open Mobile Alliance (OMA)](http://go.microsoft.com/fwlink/p/?LinkId=533885) Device Management (DM) protocol 1.2.1 specification.
+MDM support in Windows 10 is based on [Open Mobile Alliance (OMA)](https://go.microsoft.com/fwlink/p/?LinkId=533885) Device Management (DM) protocol 1.2.1 specification.
 
-Corporate-owned devices can be enrolled automatically for enterprises using Azure AD. [Reference for Mobile device management for Windows 10](http://go.microsoft.com/fwlink/p/?LinkId=533172)
+Corporate-owned devices can be enrolled automatically for enterprises using Azure AD. [Reference for Mobile device management for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=533172)
 
 ### Unenrollment
 
@@ -271,7 +272,7 @@ Enterprises have the following identity and management choices.
 | Device management | Group Policy; System Center Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) |
 
  > **Note**  
-With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](http://go.microsoft.com/fwlink/p/?LinkID=613512).
+With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](https://go.microsoft.com/fwlink/p/?LinkID=613512).
 
  
 ### Device lockdown
@@ -297,15 +298,49 @@ A standard, customized Start layout can be useful on devices that are common to
 
 Administrators can also use mobile device management (MDM) or Group Policy to disable the use of [Windows Spotlight on the lock screen](../manage/windows-spotlight.md).
 
+### Windows Store for Business
+**New in Windows 10, version 1511**
+
+With the Windows Store for Business, organizations can make volume purchases of Windows apps. The Store for Business provides app purchases based on organizational identity, flexible distribution options, and the ability to reclaim or re-use licenses. Organizations can also use the Store for Business to create a private store for their employees that includes apps from the Store, as well private Line-of-Business (LOB) apps. 
+
+For more information, see [Windows Store for Business overview](../manage/windows-store-for-business-overview.md).
+
+
 ## Updates
 
+Windows Update for Business enables information technology administrators to keep the Windows 10-based devices in their organization always up to date with the latest security defenses and Windows features by directly connecting these systems to Microsoft’s Windows Update service.
 
-With Windows 10, your enterprise will have more choice and flexibility in applying operating system updates. You can manage and control updates to devices running Windows 10 Pro and Windows 10 Enterprise using MDM policies.
+By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
 
-While Windows Update provides updates to unmanaged devices, most enterprises prefer to manage and control the flow of updates using their device management solution. You can choose to apply the latest updates as soon as they are available, or you can set a source and schedule for updates that works for your specific requirements.
+-   **Deployment and validation groups**; where administrators can specify which devices go first in an update wave, and which devices will come later (to ensure any quality bars are met).
+
+-   **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient.
+
+-   **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281).
+
+Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](http://technet.microsoft.com/library/hh852345.aspx) and [System Center Configuration Manager](http://technet.microsoft.com/library/gg682129.aspx).
+
+
+Learn more about [Windows Update for Business](../plan/windows-update-for-business.md).
 
 For more information about updating Windows 10, see [Windows 10 servicing options for updates and upgrades](../manage/introduction-to-windows-10-servicing.md).
 
+## Microsoft Edge
+Microsoft Edge takes you beyond just browsing to actively engaging with the web through features like Web Note, Reading View, and Cortana.
+
+-   **Web Note.** Microsoft Edge lets you annotate, highlight, and call things out directly on webpages.
+-   **Reading view.** Microsoft Edge lets you enjoy and print online articles in a distraction-free layout that's optimized for your screen size. While in reading view, you can also save webpages or PDF files to your reading list, for later viewing.
+-   **Cortana.** Cortana is automatically enabled on Microsoft Edge. Microsoft Edge lets you highlight words for more info and gives you one-click access to things like restaurant reservations and reviews, without leaving the webpage.
+-   **Compatibility and security.** Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or that are included on your Enterprise Mode Site List. You must use IE11 to run older, less secure technology, such as ActiveX controls.
+
+### Enterprise guidance
+Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, if you're running web apps that need ActiveX controls, we recommend that you continue to use Internet Explorer 11 for them. If you don't have IE11 installed anymore, you can download it from the Windows Store or from the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956).
+
+We also recommend that you upgrade to IE11 if you're running any earlier versions of Internet Explorer. IE11 is supported on Windows 7, Windows 8.1, and Windows 10. So any legacy apps that work with IE11 will continue to work even as you migrate to Windows 10.
+
+[Learn more about using Microsoft Edge in the enterprise](https://technet.microsoft.com/itpro/microsoft-edge/enterprise-guidance-using-microsoft-edge-and-ie11)
+
+
 ## Learn more
 
 - [Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info)
diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md
index 187e1aafba..7eb664abab 100644
--- a/windows/whats-new/whats-new-windows-10-version-1607.md
+++ b/windows/whats-new/whats-new-windows-10-version-1607.md
@@ -7,6 +7,7 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 author: TrudyHa
+localizationpriority: high
 ---
 
 # What's new in Windows 10, version 1607
@@ -19,7 +20,7 @@ Below is a list of some of the new and updated features in Windows 10, version 1
 
 ### Windows Imaging and Configuration Designer (ICD)
 
-In previous versions of the Windows 10 ADK, you had to install additional features for Windows ICD to run. Starting in version 1607, you can install Windows ICD without other ADK features. [Install the ADK.](http://go.microsoft.com/fwlink/p/?LinkId=526740)
+In previous versions of the Windows 10 Assessment and Deployment Kit (ADK), you had to install additional features for Windows ICD to run. Starting in version 1607, you can install just the configuration designer component independent of the rest of the imaging components. [Install the ADK.](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit)
 
 Windows ICD now includes simplified workflows for creating provisioning packages:
 
@@ -29,21 +30,54 @@ Windows ICD now includes simplified workflows for creating provisioning packages
 
 [Learn more about using provisioning packages in Windows 10.](../deploy/provisioning-packages.md)
 
+### Windows Upgrade Analytics
+
+Microsoft developed Upgrade Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Upgrade Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. 
+
+With Windows telemetry enabled, Upgrade Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft.
+
+Use Upgrade Analytics to get:
+
+- A visual workflow that guides you from pilot to production
+- Detailed computer and application inventory
+- Powerful computer level search and drill-downs
+- Guidance and insights into application and driver compatibility issues, with suggested fixes
+- Data driven application rationalization tools
+- Application usage information, allowing targeted validation; workflow to track validation progress and decisions
+- Data export to commonly used software deployment tools
+
+The Upgrade Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are upgrade-ready.
+
+[Learn more about planning and managing Windows upgrades with Windows Upgrade Analytics.](../deploy/manage-windows-upgrades-with-upgrade-analytics.md)
+
+## Windows updates
+
+Windows 10, version 1607, provides administrators with increased control over updates by changing the update deferral increment from weeks to days. Other changes:
+ 
+- Quality Updates can be deferred up to 30 days and paused for 35 days
+- Feature Updates can be deferred up to 180 days and paused for 60 days
+- Update deferrals can be applied to both Current Branch (CB) and Current Branch for Business (CBB)
+- Drivers can be excluded from udpates
+
 ## Security
 
+### Credential Guard and Device Guard
+
+Isolated User Mode is now included with Hyper-V so you don't have to install it separately.
+
 ### Windows Hello for Business
 
-When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name in Windows 10, version 1607. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics. 
+When Windows 10 first shipped, it included Microsoft Passport and Windows Hello, which worked together to provide multi-factor authentication. To simplify deployment and improve supportability, Microsoft has combined these technologies into a single solution under the Windows Hello name in Windows 10, version 1607. Customers who have already deployed these technologies will not experience any change in functionality. Customers who have yet to evaluate Windows Hello will find it easier to deploy due to simplified policies, documentation, and semantics.
 
 Additional changes for Windows Hello in Windows 10, version 1607:
 
-- Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys. 
-- Group Policy for managing Windows Hello for Business are now available for both **User Configuration** and **Computer Configuration**. 
-- Users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser.
+- Personal (Microsoft account) and corporate (Active Directory or Azure AD) accounts use a single container for keys.
+- Group Policy settings for managing Windows Hello for Business are now available for both **User Configuration** and **Computer Configuration**.
+<!--- Users can use Windows Phone with Windows Hello to sign in to a PC, connect to VPN, and sign in to Office 365 in a browser.-->
 
 [Learn more about Windows Hello for Business.](../keep-secure/manage-identity-verification-using-microsoft-passport.md)
 
-### VPN 
+### VPN
 
 - The VPN client can integrate with the Conditional Access Framework, a cloud-pased policy engine built into Azure Active Directory, to provide a device compliance option for remote clients.
 - The VPN client can integrate with Windows Information Protection (WIP) policy to provide additional security. [Learn more about Windows Information Protection](../keep-secure/protect-enterprise-data-using-edp.md), previously known as Enterprise Data Protection.
@@ -51,7 +85,31 @@ Additional changes for Windows Hello in Windows 10, version 1607:
 - Microsoft Intune: *VPN Profile (Windows 10 Desktop and Mobile and later)* policy template includes support for native VPN plug-ins.
 
 
- 
+### Windows Information Protection (WIP), formerly known as enterprise data protection (EDP)
+With the increase of employee-owned devices in the enterprise, there’s also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise’s control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
+
+Windows Information Protection (WIP) helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps.
+
+- [Create a Windows Information Protection (WIP) policy](https://technet.microsoft.com/itpro/windows/keep-secure/overview-create-wip-policy)
+- [General guidance and best practices for Windows Information Protection (WIP)](https://technet.microsoft.com/itpro/windows/keep-secure/guidance-and-best-practices-wip)
+
+[Learn more about Windows Information Protection (WIP)](https://technet.microsoft.com/itpro/windows/keep-secure/protect-enterprise-data-using-wip)
+
+### Windows Defender
+Several new features and management options have been added to Windows Defender in Windows 10, version 1607.
+
+- [Windows Defender Offline in Windows 10](../keep-secure/windows-defender-offline.md) can be run directly from within Windows, without having to create bootable media.
+- [Use PowerShell cmdlets for Windows Defender](../keep-secure/use-powershell-cmdlets-windows-defender-for-windows-10.md) to configure options and run scans.
+- [Enable the Block at First Sight feature in Windows 10](../keep-secure/windows-defender-block-at-first-sight.md) to leverage the Windows Defender cloud for near-instant protection against new malware.
+- [Configure enhanced notifications for Windows Defender in Windows 10](../keep-secure/windows-defender-enhanced-notifications.md) to see more informaiton about threat detections and removal.
+- [Run a Windows Defender scan from the command line](../keep-secure/run-cmd-scan-windows-defender-for-windows-10.md).
+- [Detect and block Potentially Unwanted Applications with Windows Defender](../keep-secure/enable-pua-windows-defender-for-windows-10.md) during download and install times.
+
+### Windows Defender Advanced Threat Protection (ATP)
+With the growing threat from more sophisticated targeted attacks, a new security solution is imperative in securing an increasingly complex network ecosystem. Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service, built into Windows 10 that enables enterprise customers detect, investigate, and respond to advanced threats on their networks.
+
+[Learn more about Windows Defender Advanced Threat Protection (ATP)](../keep-secure/windows-defender-advanced-threat-protection.md).
+
 ## Management
 
 ### Use Remote Desktop Connection for PCs joined to Azure Active Directory
@@ -71,6 +129,23 @@ Numerous settings have been added to the Windows 10 CSPs to expand MDM capabilit
 
 Windows 10, Version 1607, introduces shared PC mode, which optimizes Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows 10 Pro, Education, and Enterprise. [Learn how to set up a shared or guest PC.](../manage/set-up-shared-or-guest-pc.md)
 
+### Application Virtualization (App-V) for Windows 10
+
+Application Virtualization (App-V) enables organizations to deliver Win32 applications to users as virtual applications. Virtual applications are installed on centrally managed servers and delivered to users as a service – in real time and on as as-needed basis. Users launch virtual applications from familiar access points, including the Windows Store, and interact with them as if they were installed locally.
+
+With the release of Windows 10, version 1607, App-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and App-V or if you're upgrading from a previous version of App-V, you’ll need to download, activate, and install server- and client-side components to start delivering virtual applications to users. 
+
+[Learn how to deliver virtual applications with App-V.](../manage/appv-getting-started.md)
+
+### User Experience Virtualization (UE-V) for Windows 10
+
+Many users customize their settings for Windows and for specific applications. Customizable Windows settings include Windows Store appearance, language, background picture, font size, and accent colors. Customizable application settings include language, appearance, behavior, and user interface options. 
+
+With User Experience Virtualization (UE-V), you can capture user-customized Windows and application settings and store them on a centrally managed network file share. When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.
+
+With the release of Windows 10, version 1607, UE-V is included with the Windows 10 for Enterprise edition. If you are new to Windows 10 and EU-V or upgrading from a previous version of UE-V, you’ll need to download, activate, and install server- and client-side components to start synchronizing user-customized settings across devices. 
+
+[Learn how to synchronize user-customized settings with UE-V.](../manage/uev-for-windows.md)
 
 ## Learn more
 
diff --git a/windows/whats-new/windows-spotlight.md b/windows/whats-new/windows-spotlight.md
index af6bd8ed19..15caeeb2a9 100644
--- a/windows/whats-new/windows-spotlight.md
+++ b/windows/whats-new/windows-spotlight.md
@@ -7,71 +7,10 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: jdeckerMS
+redirect_url: https://technet.microsoft.com/en-us/itpro/windows/manage/windows-spotlight
 ---
 
 # Windows Spotlight on the lock screen
 
 
-**Applies to**
-
--   Windows 10
-
-Windows Spotlight is an option for the lock screen background that displays different background images and occasionally offers suggestions on the lock screen. Windows Spotlight is available in all desktop editions of Windows 10. 
-
-For managed devices running Windows 10 Enterprise and Windows 10 Education, enterprise administrators can configure a mobile device management (MDM) or Group Policy setting to prevent users from using the Windows Spotlight background. For managed devices running Windows 10 Pro, version 1607, administrators can disable suggestions for third party apps.
-
-## What does Windows Spotlight include?
-
-
--   **Background image**
-
-    The Windows Spotlight displays a new image on the lock screen each day. The initial background image is included during installation. Additional images are downloaded on ongoing basis.
-
-    ![lock screen image](images/lockscreen.png)
-
--   **Feature suggestions, fun facts, tips**
-
-    The lock screen background will occasionally suggest Windows 10 features that the user hasn't tried yet, such as **Snap assist**.
-
-## How do you turn off Windows spotlight locally?
-
-
-To turn off Windows Spotlight locally, go to **Settings** &gt; **Personalization** &gt; **Lock screen** &gt; **Background** &gt; **Windows spotlight** &gt; select a different lock screen background
-
-![personalization background](images/spotlight.png)
-
-## How do you disable Windows Spotlight for managed devices?
-
-
-Windows 10, version 1607, provides three new Group Policy settings to help you manage Spotlight on employees' computers.
-
-**Windows 10 Pro, Enterprise, and Education**
-
-- **User Configuration\Administrative Templates\Windows Components\Cloud Content\Do not suggest third-party content in Windows spotlight** enables enterprises to restrict suggestions to Microsoft apps and services.
-
-**Windows 10 Enterprise and Education**
-
-* **User Configuration\Administrative Templates\Windows Components\Cloud Content\Turn off all Windows Spotlight features** enables enterprises to completely disable all Spotlight features in a single setting.
-* **User Configuration\Administrative Templates\Windows Components\Cloud Content\Configure Spotlight on lock screen** specifically controls the use of the dynamic Spotlight image on the lock screen, and can be enabled or disabled. (The Group Policy setting **Enterprise Spotlight** does not work in Windows 10, version 1607.)
-
-Windows Spotlight is enabled by default. Administrators can replace Windows Spotlight with a selected image using the Group Policy setting **Computer Configuration** &gt; **Administrative Templates** &gt; **Control Panel** &gt; **Personalization** &gt; **Force a specific default lock screen image**.
-
-![lockscreen policy details](images/lockscreenpolicy.png)
-
-Pay attention to the checkbox in **Options**. In addition to providing the path to the lock screen image, administrators can choose to allow or **Turn off fun facts, tips, tricks, and more on lock screen**. If the checkbox is not selected, users will see the lock screen image that is defined in the policy setting, and will also see occasional messages, such as the example in the following image.
-
-![fun facts](images/funfacts.png)
-
-## Related topics
-
-
-[Manage Windows 10 Start layout options](../manage/windows-10-start-layout-options-and-policies.md)
-
- 
-
- 
-
-
-
-
-
+This topic has been redirected.
\ No newline at end of file
diff --git a/windows/whats-new/windows-store-for-business-overview.md b/windows/whats-new/windows-store-for-business-overview.md
index e1934201c2..abb7c7f8f3 100644
--- a/windows/whats-new/windows-store-for-business-overview.md
+++ b/windows/whats-new/windows-store-for-business-overview.md
@@ -6,281 +6,6 @@ ms.prod: w10
 ms.pagetype: store, mobile
 ms.mktglfcycl: manage
 ms.sitesec: library
+redirect_url: https://technet.microsoft.com/itpro/windows/manage/windows-store-for-business-overview
 author: TrudyHa
 ---
-
-# Windows Store for Business overview
-
-
-**Applies to**
-
--   Windows 10
--   Windows 10 Mobile
-
-With the new Windows Store for Business, organizations can make volume purchases of Windows apps. The Store for Business provides app purchases based on organizational identity, flexible distribution options, and the ability to reclaim or re-use licenses. Organizations can also use the Store for Business to create a private store for their employees that includes apps from the Store, as well private Line-of-Business (LOB) apps.
-
-## Features
-
-
-Organizations of any size can benefit from using the Store for Business provides:
-
--   **Scales to fit the size of your business** - For smaller businesses, with Azure AD accounts and Windows 10 devices, you can quickly have an end-to-end process for acquiring and distributing content using the Store for Business. For larger businesses, all the capabilities of the Store for Businessare available to you, or you can integrate the Store for Businesswith management tools, for greater control over access to apps and app updates. You can use existing work or school accounts.
-
--   **Bulk app acquisition** - Acquire apps in volume from the Store for Business.
-
--   **Private store** - Curate a private store for your business that’s easily available from any Windows 10 device.
-
--   **Flexible distribution options** - Flexible options for distributing content and apps to your employee devices:
-
-    -   Distribute through Store for Business services. You can assign apps to individual employees, or make apps available to all employees in your private store.
-
-    -   Use a management tool from Microsoft, or a 3rd-party tool for advanced distribution and management functions, or for managing images.
-
-    -   Offline licensing model allows you to distribute apps without connecting to Store services, and for managing images.
-
--   **Line-of-business apps** - Privately add and distribute your internal line-of-business apps using any of the distribution options.
-
--   **App license management**: Admins can reclaim and reuse app licenses. Online and offline licenses allow you to customize how you decide to deploy apps.
-
--   **Up-to-date apps** - The Store for Business manages the update process for apps with online licenses. Apps are automatically updated so you are always current with the most recent software updates and product features. Store for Business apps also uninstall cleanly, without leaving behind extra files, for times when you need to switch apps for specific employees.
-
-## Prerequisites
-
-
-You'll need this software to work with the Store for Business.
-
-### Required
-
--   IT Pros that are administering Store for Business need a browser compatible with Store for Business running on a PC or mobile device. Supported browsers include: Internet Explorer 10 or later, Microsoft Edge, or current versions of Chrome or Firefox.
-
--   Employees using apps from Store for Business need Windows 10, version 1511 running on a PC or mobile device.
-
-Microsoft Azure Active Directory (AD) accounts for your employees:
-
--   Admins need Azure AD accounts to sign up for the Store for Business, and then to sign in, get apps, distribute apps, and manage app licenses.
-
--   Employees need Azure AD account when they access Store for Business content from Windows devices.
-
--   If you use a management tool to distribute and manage online-licensed apps, all employees will need an Azure AD account
-
--   For offline-licensed apps, Azure AD accounts are not required for employees.
-
-For more information on Azure AD, see [About Office 365 and Azure Active Directory](http://go.microsoft.com/fwlink/p/?LinkId=708612), and [Intro to Azure: identity and access](http://go.microsoft.com/fwlink/p/?LinkId=708611).
-
-### Optional
-
-While not required, you can use a management tool to distribute and manage apps. Using a management tool allows you to distribute content, scope app availability, and control when app updates are installed. This might make sense for larger organizations that already use a management tool. A couple of things to note about management tools:
-
--   Need to integrate with Windows 10 management framework and Azure AD.
-
--   Need to sync with the Store for Business inventory to distribute apps.
-
-## How does the Store for Business work?
-
-
-### Sign up!
-
-The first step for getting your organization started with the Store for Business is signing up. To sign up for the Business store, you need an Azure AD account and you must be a Global Administrator for your organization.
-
-For more information, see [Sign up for the Store for Business](../manage/sign-up-windows-store-for-business.md).
-
-### Set up
-
-After your admin signs up for the Store for Business, they can assign roles to other employees in your company. The admin needs Azure AD User Admin permissions to assign WSFB roles. These are the roles and their permissions.
-
-<table>
-<colgroup>
-<col width="20%" />
-<col width="20%" />
-<col width="20%" />
-<col width="20%" />
-<col width="20%" />
-</colgroup>
-<thead>
-<tr class="header">
-<th align="left">Permission</th>
-<th align="left">Account settings</th>
-<th align="left">Acquire apps</th>
-<th align="left">Distribute apps</th>
-<th align="left">Device Guard signing</th>
-</tr>
-</thead>
-<tbody>
-<tr class="odd">
-<td align="left"><p>Admin</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"></td>
-</tr>
-<tr class="even">
-<td align="left"><p>Purchaser</p></td>
-<td align="left"></td>
-<td align="left"><p>X</p></td>
-<td align="left"><p>X</p></td>
-<td align="left"></td>
-</tr>
-<tr class="odd">
-<td align="left"><p>Device Guard signer</p></td>
-<td align="left"></td>
-<td align="left"></td>
-<td align="left"></td>
-<td align="left"><p>X</p></td>
-</tr>
-</tbody>
-</table>
-
- 
-
-In some cases, admins will need to add Azure Active Directory (AD) accounts for their employees. For more information, see [Manage user accounts and groups](../manage/manage-users-and-groups-windows-store-for-business.md).
-
-Also, if your organization plans to use a management tool, you’ll need to configure your management tool to sync with the Store for Business.
-
-### Get apps and content
-
-Once signed in to the Store for Business, you can browse and search for all products in the Store for Business catalog. Some apps are free, and some apps charge a price. We're continuing to add more paid apps to the Store for Business. Check back if you don't see the app that you're looking for. Currently, you can pay for apps with a credit card. We'll be adding more payment options over time. 
-
-**App types** -- These app types are supported in the Store for Business:
-
--   Universal Windows Platform apps
-
--   Universal Windows apps, by device: Phone, Surface Hub, IOT devices , HoloLens
-
-Apps purchased from the Store for Business only work on Windows 10 devices.
-
-Line-of-business (LOB) apps are also supported via the Business store. You can invite IT developers or ISVs to be LOB publishers for your organization. This allows them to submit apps via the developer center that are only available to your organization. These apps can be distributed using the distribution methods discussed in this topic. For more information, see Working with Line-of-Business apps.
-
-**App licensing model**
-
-The Business store supports two options to license apps: online and offline. **Online** licensing is the default licensing model and is similar to the Windows Store. Online licensed apps require users and devices to connect to the Store for Business service to acquire an app and its license. **Offline** licensing is a new licensing option for Windows 10. With offline licenses, organizations can cache apps and their licenses to deploy within their network. ISVs or devs can opt-in their apps for offline licensing when they submit them to the developer center.
-
-For more information, see [Apps in the Store for Business](../manage/apps-in-windows-store-for-business.md#licensing-model).
-
-### Distribute apps and content
-
-App distribution is handled through two channels, either through the Store for Business, or using a management tool. You can use either or both distribution methods in your organization.
-
-**Using the Store for Business** – Distribution options for the Store for Business:
-
--   Email link – After purchasing an app, admins can send employees a link in an email message. Employees can click the link to install the app.
-
--   Curate private store for all employees – A private store can include content you’ve purchased from the Store, and your line-of-business apps that you’ve submitted to the Store for Business. Apps in your private store are available to all of your employees. They can browse the private store and install apps when needed.
-
--   To use the options above users must be signed in with an Azure AD account on a Windows 10 device.
-
-**Using a management tool** – For larger organizations that might want a greater level of control over how apps are distributed and managed, a management tools provides other distribution options:
-
--   Scoped content distribution – Ability to scope content distribution to specific groups of employees.
-
--   Install apps for employees – Employees are not responsible for installing apps. Management tool installs apps for employees.
-
-Management tools can synchronize content that has been acquired in the Store for Business. If an offline application has been purchased this will also include the app package, license and metadata for the app (like, icons, count, or localized product descriptions). Using the metadata, management tools can enable portals or apps as a destination for employees to acquire apps.
-
-For more information, see [Distribute apps to your employees from the Store for Business](../manage/distribute-apps-to-your-employees-windows-store-for-business.md).
-
-### Manage Store for Business settings and content
-
-Once you are signed up with the Business store and have purchased apps, Admins can manage Store for Business settings and inventory.
-
-**Manage Store for Business settings**
-
--   Assign and change roles for employees or groups
-
--   Device Guard signing
-
--   Register a management server to deploy and install content
-
--   Manage relationships with LOB publishers
-
--   Manage offline licenses
-
--   Update the name of your private store
-
-**Manage inventory**
-
--   Assign app licenses to employees
-
--   Reclaim and reassign app licenses
-
--   Manage app updates for all apps, or customize updates for each app. Online apps will automatically update from the Store. Offline apps can be updated using a management server.
-
--   Download apps for offline installs
-
-For more information, see [Manage settings in the Store for Business](../manage/manage-settings-windows-store-for-business.md) and [Manage apps](../manage/manage-apps-windows-store-for-business-overview.md).
-
-## Supported markets
-
-
-Store for Business is currently available in these markets.
-
-|Country or locale|Paid apps|Free apps|
-|-----------------|---------|---------|
-|Argentina|X|X|
-|Australia|X|X|
-|Austria|X|X|
-|Belgium (Dutch, French)|X|X|
-|Brazil| |X|
-|Canada (English, French)|X|X|
-|Chile|X|X|
-|Columbia|X|X|
-|Croatia|X|X|
-|Czech Republic|X|X|
-|Denmark|X|X|
-|Finland|X|X|
-|France|X|X|
-|Germany|X|X|
-|Greece|X|X|
-|Hong Kong SAR|X|X|
-|Hungary|X|X|
-|India| |X|
-|Indonesia|X|X|
-|Ireland|X|X|
-|Italy|X|X|
-|Japan|X|X|
-|Malaysia|X|X|
-|Mexico|X|X|
-|Netherlands|X|X|
-|New Zealand|X|X|
-|Norway|X|X|
-|Philippines|X|X|
-|Poland|X|X|
-|Portugal|X|X|
-|Romania|X|X|
-|Russia| |X|
-|Singapore|X|X|
-|Slovakia|X|X|
-|South Africa|X|X|
-|Spain|X|X|
-|Sweden|X|X|
-|Switzerland (French, German)|X|X|
-|Taiwan| |X|
-|Thailand|X|X|
-|Turkey|X|X|
-|Ukraine| |X|
-|United Kingdom|X|X|
-|United States|X|X|
-|Vietnam|X|X|
-  
-## <a href="" id="isv-wsfb"></a>ISVs and the Store for Business
-
-
-Developers in your organization, or ISVs can create content specific to your organization. In the Store for Business, we call these app line-of-business (LOB) apps, and the devs that create them are LOB publishers. The process looks like this:
-
--   Admin invites devs to be LOB publishers for your organization. These devs can be internal devs, or external ISVs.
-
--   LOB publishers accept the invitation, develop apps, and submits the app to the Windows Dev Center. LOB publishers use Enterprise associations when submitting the app to make the app exclusive to your organization.
-
--   Admin adds the app to Store for Business inventory.
-
-Once the app is in inventory, admins can choose how to distribute the app. ISVs creating apps through the dev center can make their apps available in the Store for Business. ISVs can opt-in their apps to make them available for offline licensing. Apps purchased in the Store for Business will work only on Windows 10.
-
-For more information on line-of-business apps, see [Working with Line-of-Business apps](../manage/working-with-line-of-business-apps.md).
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/whats-new/windows-update-for-business.md b/windows/whats-new/windows-update-for-business.md
index 24ae371549..4b69cf6ecd 100644
--- a/windows/whats-new/windows-update-for-business.md
+++ b/windows/whats-new/windows-update-for-business.md
@@ -6,6 +6,7 @@ ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 author: TrudyHa
+redirect_url: https://technet.microsoft.com/itpro/windows/whats-new/whats-new-windows-10-version-1507-and-1511
 ---
 
 # What's new in Windows Update for Business?
@@ -20,13 +21,13 @@ Windows Update for Business enables information technology administrators to kee
 ## Benefits of Windows Update for Business
 
 
-By using [Group Policy Objects](http://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
+By using [Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=699279), Windows Update for Business is an easily established and implemented system which enables organizations and administrators to exercise control on how their Windows 10-based devices are updated, by allowing:
 
 -   **Deployment and validation groups**; where administrators can specify which devices go first in an update wave, and which devices will come later (to ensure any quality bars are met).
 
 -   **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth very efficient.
 
--   **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](http://go.microsoft.com/fwlink/p/?LinkId=699281).
+-   **Use with existing tools** such as System Center Configuration Manager and the [Enterprise Mobility Suite](https://go.microsoft.com/fwlink/p/?LinkId=699281).
 
 Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, as well as provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](http://technet.microsoft.com/library/hh852345.aspx) and [System Center Configuration Manager](http://technet.microsoft.com/library/gg682129.aspx).