diff --git a/mdop/mbam-v25/mbam-25-supported-configurations.md b/mdop/mbam-v25/mbam-25-supported-configurations.md
index bae880c439..38cf7a85aa 100644
--- a/mdop/mbam-v25/mbam-25-supported-configurations.md
+++ b/mdop/mbam-v25/mbam-25-supported-configurations.md
@@ -283,16 +283,21 @@ MBAM supports the following versions of Configuration Manager.
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>Microsoft System Center 2012 R2 Configuration Manager</p></td>
+<td align="left"><p>Microsoft System Center Configuration Manager (Current Branch), version 1606</p></td>
 <td align="left"><p></p></td>
 <td align="left"><p>64-bit</p></td>
 </tr>
 <tr class="even">
+<td align="left"><p>Microsoft System Center 2012 R2 Configuration Manager</p></td>
+<td align="left"><p></p></td>
+<td align="left"><p>64-bit</p></td>
+</tr>
+<tr class="odd">
 <td align="left"><p>Microsoft System Center 2012 Configuration Manager</p></td>
 <td align="left"><p>SP1</p></td>
 <td align="left"><p>64-bit</p></td>
 </tr>
-<tr class="odd">
+<tr class="even">
 <td align="left"><p>Microsoft System Center Configuration Manager 2007 R2 or later</p></td>
 <td align="left"><p>SP1 or later</p></td>
 <td align="left"><p>64-bit</p>
diff --git a/windows/keep-secure/credential-guard.md b/windows/keep-secure/credential-guard.md
index 5e20aa7fff..e904eecfe4 100644
--- a/windows/keep-secure/credential-guard.md
+++ b/windows/keep-secure/credential-guard.md
@@ -101,7 +101,7 @@ The following tables describes additional hardware and firmware requirements, an
 ## Manage Credential Guard
 
 ### Enable Credential Guard
-Credential Guard can be enabled by using Group Policy, the registry, or the Device Guard and Credential Guard hardware readiness tool.   
+Credential Guard can be enabled by using [Group Policy](#turn-on-credential-guard-by-using-group-policy), the [registry](#turn-on-credential-guard-by-using-the-registry), or the Device Guard and Credential Guard [hardware readiness tool](#hardware-readiness-tool).
 
 #### Turn on Credential Guard by using Group Policy
 
@@ -124,9 +124,9 @@ If you don't use Group Policy, you can enable Credential Guard by using the regi
 
 ##### Add the virtualization-based security features
 
-Starting with Windows 10 1607 and Windows Server 2016, enabling Windows features to use virtualization-based security is not necessary and this step can be skipped.
+Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows features to use virtualization-based security is not necessary and this step can be skipped.
 
-If you are using Windows 10 1507 (RTM) or Windows 10 1511, Windows features have to be enabled to use virtualization-based security. 
+If you are using Windows 10, version 1507 (RTM) or Windows 10, version 1511, Windows features have to be enabled to use virtualization-based security. 
 You can do this by using either the Control Panel or the Deployment Image Servicing and Management tool (DISM).
 > [!NOTE]  
 > If you enable Credential Guard by using Group Policy, these steps are not required. Group Policy will install the features for you.
@@ -171,6 +171,7 @@ You can do this by using either the Control Panel or the Deployment Image Servic
 > [!NOTE]  
 > You can also turn on Credential Guard by setting the registry entries in the [FirstLogonCommands](http://msdn.microsoft.com/library/windows/hardware/dn922797.aspx) unattend setting.
 
+<span id="hardware-readiness-tool" />
 #### Turn on Credential Guard by using the Device Guard and Credential Guard hardware readiness tool
 
 You can also enable Credential Guard by using the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
diff --git a/windows/manage/change-history-for-manage-and-update-windows-10.md b/windows/manage/change-history-for-manage-and-update-windows-10.md
index 56fb55ced0..69e646a56f 100644
--- a/windows/manage/change-history-for-manage-and-update-windows-10.md
+++ b/windows/manage/change-history-for-manage-and-update-windows-10.md
@@ -19,6 +19,7 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
 | [Manage device restarts after updates](waas-restart.md) | New |
 | [Manage Windows 10 in your organization - transitioning to modern management](manage-windows-10-in-your-organization-modern-management.md)  | New |
 | [Cortana integration in your business or enterprise](manage-cortana-in-enterprise.md) |Added an important note about Cortana and Office 365 integration. |
+| [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md) | Fixed the explanation for Start behavior when the .xml file containing the layout is not available when the user signs in. | 
 | [Manage connections from Windows operating system components to Microsoft services](manage-connections-from-windows-operating-system-components-to-microsoft-services.md) | Added link to the Windows Restricted Traffic Limited Functionality Baseline. Added Teredo Group Policy. |
 
 
diff --git a/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md b/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md
index d0d6b868e6..80e8f90299 100644
--- a/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/manage/customize-windows-10-start-screens-by-using-group-policy.md
@@ -67,7 +67,7 @@ The GPO applies the Start and taskbar layout at the next user sign-in. Each time
 
 The GPO can be configured from any computer on which the necessary ADMX and ADML files (StartMenu.admx and StartMenu.adml) for Windows 10 are installed.
 
-The .xml file with the Start and taskbar layout must be located on shared network storage that is available to the users’ computers when they sign in and the users must have Read-only access to the file. If the file is not available at sign-in, Start and the taskbar are not customized during the session, and the user can make changes to Start.
+The .xml file with the Start and taskbar layout must be located on shared network storage that is available to the users’ computers when they sign in and the users must have Read-only access to the file. If the file is not available when the first user signs in, Start and the taskbar are not customized during the session, but the user will be prevented from making changes to Start. On subsequent sign-ins, if the file is available at sign-in, the layout it contains will be applied to the user's Start and taskbar.
 
 For information about deploying GPOs in a domain, see [Working with Group Policy Objects](https://go.microsoft.com/fwlink/p/?LinkId=620889).
 
diff --git a/windows/manage/images/waas-rings.png b/windows/manage/images/waas-rings.png
index a5446f3dff..041a59ce87 100644
Binary files a/windows/manage/images/waas-rings.png and b/windows/manage/images/waas-rings.png differ
diff --git a/windows/manage/images/waas-wufb-gp-cb2-settings.png b/windows/manage/images/waas-wufb-gp-cb2-settings.png
index bba58927d9..ae6ed4d856 100644
Binary files a/windows/manage/images/waas-wufb-gp-cb2-settings.png and b/windows/manage/images/waas-wufb-gp-cb2-settings.png differ
diff --git a/windows/manage/images/waas-wufb-gp-cbb2-settings.png b/windows/manage/images/waas-wufb-gp-cbb2-settings.png
index 7d8358f20b..e5aff1cc89 100644
Binary files a/windows/manage/images/waas-wufb-gp-cbb2-settings.png and b/windows/manage/images/waas-wufb-gp-cbb2-settings.png differ
diff --git a/windows/manage/images/waas-wufb-gp-scope.png b/windows/manage/images/waas-wufb-gp-scope.png
index e6fe366c29..a04d8194df 100644
Binary files a/windows/manage/images/waas-wufb-gp-scope.png and b/windows/manage/images/waas-wufb-gp-scope.png differ
diff --git a/windows/manage/images/waas-wufb-intune-cbb2a.png b/windows/manage/images/waas-wufb-intune-cbb2a.png
index 23276c4659..a980e0e43a 100644
Binary files a/windows/manage/images/waas-wufb-intune-cbb2a.png and b/windows/manage/images/waas-wufb-intune-cbb2a.png differ
diff --git a/windows/manage/images/waas-wufb-intune-step11a.png b/windows/manage/images/waas-wufb-intune-step11a.png
index 48db2f63af..7291484c93 100644
Binary files a/windows/manage/images/waas-wufb-intune-step11a.png and b/windows/manage/images/waas-wufb-intune-step11a.png differ
diff --git a/windows/manage/waas-deployment-rings-windows-10-updates.md b/windows/manage/waas-deployment-rings-windows-10-updates.md
index e355fc1fac..794c09c2e9 100644
--- a/windows/manage/waas-deployment-rings-windows-10-updates.md
+++ b/windows/manage/waas-deployment-rings-windows-10-updates.md
@@ -30,10 +30,10 @@ Table 1 provides an example of the deployment rings you might use.
 | --- | --- | --- |
 | Preview | Windows Insider | Pre-CB |
 | Ring 1 Pilot IT | CB | CB + 0 weeks |
-| Ring 2 Pilot business users | CB | CB + 2 weeks |
-| Ring 3 Broad IT | CBB | CBB + 0 weeks |
-| Ring 4 Broad business users | CBB | CBB + 4 weeks |
-| Ring 5 Broad business users #2 | CBB | CBB + 8 weeks |
+| Ring 2 Pilot business users | CB | CB + 4 weeks |
+| Ring 3 Broad IT | CB | CB + 6 weeks |
+| Ring 4 Broad business users | CBB | CBB + 0 weeks |
+| Ring 5 Broad business users #2 | CBB | CBB + 2 weeks as required by capacity or other constraints |
 
 >[!NOTE]
 >In this example, there are no rings made up of the long-term servicing branch (LTSB). The LTSB servicing branch does not receive feature updates. 
diff --git a/windows/manage/waas-manage-updates-configuration-manager.md b/windows/manage/waas-manage-updates-configuration-manager.md
index 1333b461a4..7f3b784c8b 100644
--- a/windows/manage/waas-manage-updates-configuration-manager.md
+++ b/windows/manage/waas-manage-updates-configuration-manager.md
@@ -126,7 +126,7 @@ This policy will now be deployed to every device in the **Windows 10 – Current
 
 ## Create collections for deployment rings
 
-Regardless of the method by which you deploy Windows 10 feature updates to your environment, you must start the Windows 10 servicing process by creating collections of computers that represent your deployment rings. In this example, you create two collections: **Windows 10 – All Current Branch for Business** and **Ring 3 Broad IT**. You’ll use the **Windows 10 – All Current Branch for Business** collection for reporting and deployments that should go to all CBB clients. You’ll use the **Ring 3 Broad IT** collection as a deployment ring for the first CBB users, IT pros.
+Regardless of the method by which you deploy Windows 10 feature updates to your environment, you must start the Windows 10 servicing process by creating collections of computers that represent your deployment rings. In this example, you create two collections: **Windows 10 – All Current Branch for Business** and **Ring 4 Broad business users**. You’ll use the **Windows 10 – All Current Branch for Business** collection for reporting and deployments that should go to all CBB clients. You’ll use the **Ring 4 Broad business users** collection as a deployment ring for the first CBB users.
 
 >[!NOTE]
 >The following procedures use the groups from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) as examples.
@@ -185,13 +185,13 @@ Regardless of the method by which you deploy Windows 10 feature updates to your
 >[!IMPORTANT]
 >Windows Insider PCs are discovered the same way as CB or CBB devices. If you have Windows Insider PCs that you use Configuration Manager to manage, then you should create a collection of those PCs and exclude them from this collection. You can create the membership for the Windows Insider collection either manually or by using a query where the operating system build doesn’t equal any of the current CB or CBB build numbers. You would have to update each periodically to include new devices or new operating system builds.
 
-After you have updated the membership, this new collection will contain all managed clients on the CBB servicing branch. You will use this collection as a limiting collection for future CBB-based collections and the **Ring 3 Broad IT** collection. Complete the following steps to create the Ring 3 Broad IT device collection, which you’ll use as a CBB deployment ring for servicing plans or task sequences.
+After you have updated the membership, this new collection will contain all managed clients on the CBB servicing branch. You will use this collection as a limiting collection for future CBB-based collections and the **Ring 4 Broad broad business users** collection. Complete the following steps to create the **Ring 4 Broad business users** device collection, which you’ll use as a CBB deployment ring for servicing plans or task sequences.
 
 1.	In the Configuration Manager console, go to Assets and Compliance\Overview\Device Collections.
 
 2.	On the Ribbon, in the **Create** group, click **Create Device Collection**.
 
-3.	In the Create Device Collection Wizard, in the **name** box, type **Ring 3 Broad IT**.
+3.	In the Create Device Collection Wizard, in the **name** box, type **Ring 4 Broad business users**.
 
 4.	Click **Browse** to select the limiting collection, and then click **Windows 10 – All Current Branch for Business**.
 
@@ -201,7 +201,7 @@ After you have updated the membership, this new collection will contain all mana
 
 7.	In the **Value** field, type all or part of the name of a device to add, and then click **Next**.
 
-8.	Select the computer that will be part of the **Ring 3 Broad IT** deployment ring, and then click **Next**.
+8.	Select the computer that will be part of the **Ring 4 Broad business users** deployment ring, and then click **Next**.
 
 9.	Click **Next**, and then click **Close**.
 
@@ -212,17 +212,17 @@ After you have updated the membership, this new collection will contain all mana
 
 ## Use Windows 10 servicing plans to deploy Windows 10 feature updates
 
-There are two ways to deploy Windows 10 feature updates with System Center onfiguration Manager. The first is to use servicing plans, which provide an automated method to update devices consistently in their respective deployment rings, similar to Automatic Deployment Rules for software updates. 
+There are two ways to deploy Windows 10 feature updates with System Center Configuration Manager. The first is to use servicing plans, which provide an automated method to update devices consistently in their respective deployment rings, similar to Automatic Deployment Rules for software updates. 
 
-**To configure Windows feature updates for CBB clients in the Ring 3 Broad IT deployment ring using a servicing plan**
+**To configure Windows feature updates for CBB clients in the Ring 4 Broad business users deployment ring using a servicing plan**
 
 1.	In the Configuration Manager console, go to Software Library\Overview\Windows 10 Servicing, and then click **Servicing Plans**.
 
 2.	On the Ribbon, in the **Create** group, click **Create Servicing Plan**.
 
-3.	Name the plan **Ring 3 Broad IT Servicing Plan**, and then click **Next**.
+3.	Name the plan **Ring 4 Broad business users Servicing Plan**, and then click **Next**.
 
-4.	On the **Servicing Plan page**, click **Browse**. Select the **Ring 3 Broad IT** collection, which you created in the [Create collections for deployment rings](#create-collections-for-deployment-rings) section, click **OK**, and then click **Next**.
+4.	On the **Servicing Plan page**, click **Browse**. Select the **Ring 4 Broad business users** collection, which you created in the [Create collections for deployment rings](#create-collections-for-deployment-rings) section, click **OK**, and then click **Next**.
 
     >[!IMPORTANT]
     >Microsoft added a new protection feature to Configuration Manager that prevents accidental installation of high-risk deployments such as operating system upgrades on site systems. If you select a collection (All Systems in this example) that has a site system in it, you may receive the following message.
@@ -233,7 +233,7 @@ There are two ways to deploy Windows 10 feature updates with System Center onfig
 
 5.	On the **Deployment Ring** page, select the **Business Ready (Current Branch for Business)** readiness state, leave the delay at **0 days**, and then click **Next**.
 
-    Doing so deploys CBB feature updates to the IT deployment ring immediately after they are released to CBB.
+    Doing so deploys CBB feature updates to the broad business users deployment ring immediately after they are released to CBB.
 
     On the Upgrades page, you specify filters for the feature updates to which this servicing plan is applicable. For example, if you wanted this plan to be only for Windows 10 Enterprise, you could select **Title**, and then type **Enterprise**.
     
@@ -260,7 +260,7 @@ There are two ways to deploy Windows 10 feature updates with System Center onfig
 11.	Click **Summary**, click **Next** to complete the servicing plan, and then click **Close**.
 
 
-You have now created a servicing plan for the **Ring 3 Broad IT** deployment ring. By default, this rule is evaluated each time the software update point is synchronized, but you can modify this schedule by viewing the service plan’s properties on the **Evaluation Schedule** tab.
+You have now created a servicing plan for the **Ring 4 Broad business users** deployment ring. By default, this rule is evaluated each time the software update point is synchronized, but you can modify this schedule by viewing the service plan’s properties on the **Evaluation Schedule** tab.
 
 ![Example of UI](images/waas-sccm-fig12.png) 
 
@@ -331,7 +331,7 @@ Now that the upgrade package has been created and its contents distributed, crea
 
 10.	On the **Completion** page, click **Close**.
 
-With the task sequence created, you’re ready to deploy it. If you’re using this method to deploy most of your Windows 10 feature updates, you may want to create deployment rings to stage the deployment of this task sequence, with delays appropriate for the respective deployment ring. In this example, you deploy the task sequence to the **Ring 3 Broad IT collection**.
+With the task sequence created, you’re ready to deploy it. If you’re using this method to deploy most of your Windows 10 feature updates, you may want to create deployment rings to stage the deployment of this task sequence, with delays appropriate for the respective deployment ring. In this example, you deploy the task sequence to the **Ring 4 Broad business users collection**.
 
 >[!IMPORTANT]
 >This process deploys a Windows 10 operating system feature update to the affected devices. If you’re testing, be sure to select the collection to which you deploy this task sequence carefully.
diff --git a/windows/manage/waas-wufb-group-policy.md b/windows/manage/waas-wufb-group-policy.md
index 952e283c6a..4199170a09 100644
--- a/windows/manage/waas-wufb-group-policy.md
+++ b/windows/manage/waas-wufb-group-policy.md
@@ -27,17 +27,19 @@ To use Group Policy to manage quality and feature updates in your environment, y
 
 ## Configure Windows Update for Business in Windows 10 version 1511
 
-In this example, you use two security groups to manage your updates: **Ring 3 Broad IT** and **Ring 4 Broad Business Users** from  Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md). 
+In this example, you use two security groups to manage your updates: **Ring 4 Broad business users** and **Ring 5 Broad business users #2** from  Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md). 
 
-- The **Ring 3 Broad IT** group contains PCs of IT members who test the updates as soon as they’re released for Windows clients in the Current Branch for Business (CBB) servicing branch. This phase typically occurs after testing on Current Branch (CB) devices.
-- The **Ring 4 Broad Business Users** group consists of the first line-of-business (LOB) users, who consume quality updates after 1 week and feature updates 1 month after the CBB release.
+- The **Ring 4 Broad business users** group contains PCs of IT members who test the updates as soon as they’re released for Windows clients in the Current Branch for Business (CBB) servicing branch. This phase typically occurs after testing on Current Branch (CB) devices.
+- The **Ring 5 Broad business users #2** group consists of the first line-of-business (LOB) users, who consume quality updates after 1 week and feature updates 1 month after the CBB release.
 
 >[!NOTE]
+>Although the [sample deployment rings](waas-deployment-rings-windows-10-updates.md) specify a feature update deferral of 2 weeks for Ring 5, deferrals in Windows 10, version 1511 are in increments of months only.
+> 
 >Windows 10 version 1511 does not support deferment of CB builds of Windows 10, so you can establish only one CB deployment ring. In version 1607 and later, CB builds can be delayed, making it possible to have multiple CB deployment rings.
 
  Complete the following steps on a PC running the Remote Server Administration Tools or on a domain controller. 
  
- ### Configure the Ring 3 Broad IT deployment ring for CBB with no deferral
+ ### Configure the Ring 4 Broad business users deployment ring for CBB with no deferral
 
 1. Open GPMC (gpmc.msc).
 
@@ -111,27 +113,27 @@ In this example, you use two security groups to manage your updates: **Ring 3 Br
     </tr>
     </table> 
 
-    Simply enabling the **Defer Upgrades and Updates** policy sets the receiving client to the CBB servicing branch, which is what you want for your first deployment ring, **Ring 3 Broad IT**.
+    Simply enabling the **Defer Upgrades and Updates** policy sets the receiving client to the CBB servicing branch, which is what you want for your first deployment ring, **Ring 4 Broad business users**.
     
 8. Enable the **Defer Updates and Upgrades** setting, and then click **OK**.
 
 9. Close the Group Policy Management Editor.
 
-Because the **Windows Update for Business - CBB1** GPO contains a computer policy and you only want to apply it to computers in the **Ring 3 Broad IT** group, use **Security Filtering** to scope the policy’s effect.
+Because the **Windows Update for Business - CBB1** GPO contains a computer policy and you only want to apply it to computers in the **Ring 4 Broad business users** group, use **Security Filtering** to scope the policy’s effect.
 
-### Scope the policy to the Ring 3 Broad IT group
+### Scope the policy to the Ring 4 Broad business users group
 
 1.  In the GPMC, select the **Windows Update for Business - CBB1** policy.
 
-2. In **Security Filtering** on the **Scope** tab, remove the default **AUTHENTICATED USERS** security group, and add the **Ring 3 Broad IT** group. 
+2. In **Security Filtering** on the **Scope** tab, remove the default **AUTHENTICATED USERS** security group, and add the **Ring 4 Broad business users** group. 
 
     ![Scope policy to group](images/waas-wufb-gp-scope.png)
     
 
-The **Ring 3 Broad IT** deployment ring has now been configured. Next, configure **Ring 4 Broad Business Users** to accommodate a 1-week delay for quality updates and a 1-month delay for feature updates. 
+The **Ring 4 Broad business users** deployment ring has now been configured. Next, configure **Ring 5 Broad business users #2** to accommodate a 1-week delay for quality updates and a 2-week delay for feature updates. 
 
 
-### Configure the Ring 4 Broad Business Users deployment ring for CBB with deferrals
+### Configure the Ring 5 Broad business users \#2 deployment ring for CBB with deferrals
 
 1. Open GPMC (gpmc.msc).
 
@@ -158,11 +160,11 @@ The **Ring 3 Broad IT** deployment ring has now been configured. Next, configure
 9. Click **OK** and close the Group Policy Management Editor.
 
 
-### Scope the policy to the Ring 4 Broad Business Users group
+### Scope the policy to the Ring 5 Broad business users \#2 group
 
 1.  In the GPMC, select the **Windows Update for Business - CBB2** policy.
 
-2. In **Security Filtering** on the **Scope** tab, remove the default **AUTHENTICATED USERS** security group, and add the **Ring 4 Broad Business Users** group. 
+2. In **Security Filtering** on the **Scope** tab, remove the default **AUTHENTICATED USERS** security group, and add the **Ring 5 Broad business users \#2** group. 
 
 ## Configure Windows Update for Business in Windows 10 version 1607
 
@@ -170,9 +172,9 @@ To use Group Policy to manage quality and feature updates in your environment, y
 
 In this example, you use three security groups from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to manage your updates: 
 
-- **Ring 2 Pilot Business Users** contains the PCs of business users which are part of the pilot testing process, receiving CB builds just 14 days after they are released.
-- **Ring 3 Broad IT** consists of IT members who receive updates after Microsoft releases a Windows 10 build to the CBB servicing branch.
-- **Ring 4 Broad Business Users** consists of LOB users on CBB, who receive quality updates after 7 days and feature updates after 30 days. 
+- **Ring 2 Pilot Business Users** contains the PCs of business users which are part of the pilot testing process, receiving CB builds 4 weeks after they are released.
+- **Ring 4 Broad business users** consists of IT members who receive updates after Microsoft releases a Windows 10 build to the CBB servicing branch.
+- **Ring 5 Broad business users #2** consists of LOB users on CBB, who receive quality updates after 7 days and feature updates after 14 days. 
 
 In this example, you configure and scope the update schedules for all three groups. 
 
@@ -199,7 +201,7 @@ In this example, you configure and scope the update schedules for all three grou
 
 7. Right-click **Select when Feature Updates are received**, and then click **Edit**.
 
-8. In the **Select when Feature Updates are received** policy, enable it, select a branch readiness level of **CB**, set the feature update delay to **14** days, and then click **OK**.
+8. In the **Select when Feature Updates are received** policy, enable it, select a branch readiness level of **CB**, set the feature update delay to **28** days, and then click **OK**.
 
     ![Settings for this GPO](images/waas-wufb-gp-cb2-settings.png)
     
@@ -258,9 +260,9 @@ Because the **Windows Update for Business – CB2** GPO contains a computer poli
 
     ![Scope policy to group](images/waas-wufb-gp-scope-cb2.png) 
 
-The **Ring 2 Pilot Business Users** deployment ring has now been configured. Next, configure **Ring 3 Broad IT** to set those clients into the CBB servicing branch so that they receive feature updates as soon as they’re made available for the CB servicing branch.
+The **Ring 2 Pilot Business Users** deployment ring has now been configured. Next, configure **Ring 4 Broad business users** to set those clients into the CBB servicing branch so that they receive feature updates as soon as they’re made available for the CBB servicing branch.
 
-### Configure Ring 3 Broad IT policy
+### Configure Ring 4 Broad business users policy
 
 1. Open GPMC (gpmc.msc).
 
@@ -284,16 +286,16 @@ The **Ring 2 Pilot Business Users** deployment ring has now been configured. Nex
 
 
 
-### Scope the policy to the Ring 3 Broad IT group
+### Scope the policy to the Ring 4 Broad business users group
 
 1.  In the GPMC, select the **Windows Update for Business - CBB1** policy.
 
-2. In **Security Filtering** on the **Scope** tab, remove the default **AUTHENTICATED USERS** security group, and add the **Ring 3 Broad IT** group.
+2. In **Security Filtering** on the **Scope** tab, remove the default **AUTHENTICATED USERS** security group, and add the **Ring 4 Broad business users** group.
 
 
-The **Ring 3 Broad IT** deployment ring has now been configured. Finally, configure **Ring 4 Broad Business Users** to accommodate a 7-day delay for quality updates and a 30-day delay for feature updates
+The **Ring 4 Broad business users** deployment ring has now been configured. Finally, configure **Ring 5 Broad business users #2** to accommodate a 7-day delay for quality updates and a 14-day delay for feature updates
 
-### Configure Ring 4 Broad Business Users policy
+### Configure Ring 5 Broad business users \#2 policy
 
 1. Open GPMC (gpmc.msc).
 
@@ -309,7 +311,7 @@ The **Ring 3 Broad IT** deployment ring has now been configured. Finally, config
 
 7. Right-click **Select when Feature Updates are received**, and then click **Edit**.
 
-8. In the **Select when Feature Updates are received** policy, enable it, select a branch readiness level of **CBB**, set the feature update delay to **30** days, and then click **OK**.
+8. In the **Select when Feature Updates are received** policy, enable it, select a branch readiness level of **CBB**, set the feature update delay to **14** days, and then click **OK**.
 
     ![Settings for this GPO](images/waas-wufb-gp-cbb2-settings.png)
 
@@ -323,11 +325,11 @@ The **Ring 3 Broad IT** deployment ring has now been configured. Finally, config
 
 
 
-### Scope the policy to the Ring 4 Broad IT group
+### Scope the policy to the Ring 5 Broad business users \#2 group
 
 1.  In the GPMC, select the **Windows Update for Business - CBB2** policy.
 
-2. In **Security Filtering** on the **Scope** tab, remove the default **AUTHENTICATED USERS** security group, and add the **Ring 4 Broad Business Users** group.
+2. In **Security Filtering** on the **Scope** tab, remove the default **AUTHENTICATED USERS** security group, and add the **Ring 5 Broad business users #2** group.
 
 ## Related topics
 
diff --git a/windows/manage/waas-wufb-intune.md b/windows/manage/waas-wufb-intune.md
index be4b721572..69638ec07c 100644
--- a/windows/manage/waas-wufb-intune.md
+++ b/windows/manage/waas-wufb-intune.md
@@ -28,12 +28,15 @@ To use Intune to manage quality and feature updates in your environment, you mus
 
 ## Configure Windows Update for Business in Windows 10, version 1511
 
-In this example, you use two security groups to manage your updates: **Ring 3 Broad IT** and **Ring 4 Broad Business Users** from  Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md). 
+In this example, you use two security groups to manage your updates: **Ring 4 Broad business users** and **Ring 5 Broad business users #2** from  Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md). 
 
-- The **Ring 3 Broad IT** group contains PCs of IT members who test the updates as soon as they’re released for Windows clients in the Current Branch for Business (CBB) servicing branch. This phase typically occurs after testing on Current Branch (CB) devices.
-- The **Ring 4 Broad Business Users** group consists of the first line-of-business (LOB) users, who consume quality updates after 1 week and feature updates 1 month after the CBB release.
+- The **Ring 4 Broad business users** group contains PCs of IT members who test the updates as soon as they’re released for Windows clients in the Current Branch for Business (CBB) servicing branch. This phase typically occurs after testing on Current Branch (CB) devices.
+- The **Ring 5 Broad business users #2** group consists of the first line-of-business (LOB) users, who consume quality updates after 1 week and feature updates 1 month after the CBB release.
 
-### Configure the Ring 3 Broad IT deployment ring for CBB with no deferral
+>[!NOTE]
+>Although the [sample deployment rings](waas-deployment-rings-windows-10-updates.md) specify a feature update deferral of 2 weeks for Ring 5, deferrals in Windows 10, version 1511 are in increments of months only. 
+
+### Configure the Ring 4 Broad business users deployment ring for CBB with no deferral
 
 1. Sign in to [https://manage.microsoft.com](https://manage.microsoft.com) with your Intune administrator credentials.
 
@@ -63,11 +66,11 @@ In this example, you use two security groups to manage your updates: **Ring 3 Br
     >[!NOTE]
     >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**.
     
-10. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 3 Broad IT** group, click **Add**, and then click **OK**.
+10. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 4 Broad business users** group, click **Add**, and then click **OK**.
 
-You have now configured the **Ring 3 Broad IT** deployment ring to enable the CBB servicing branch. Now, you must configure **Ring 4 Broad Business Users** to accommodate a 1-week delay for quality updates and a 1-month delay for feature updates. 
+You have now configured the **Ring 4 Broad business users** deployment ring to enable the CBB servicing branch. Now, you must configure **Ring 5 Broad business users #2** to accommodate a 1-week delay for quality updates and a 1-month delay for feature updates. 
 
-### Configure the Ring 4 Broad Business Users deployment ring for CBB with deferrals
+### Configure the Ring 5 Broad business users \#2 deployment ring for CBB with deferrals
 
 1.	In the Policy workspace, click **Configuration Policies**, and then click **Add**.
 
@@ -108,7 +111,7 @@ You have now configured the **Ring 3 Broad IT** deployment ring to enable the CB
     
 20. Click **Save Policy**, and then click **Yes** at the **Deploy Policy** prompt.
 
-21.	In the **Manage Deployment** dialog box, select the **Ring 4 Broad Business Users** computer group, click **Add**, and then click **OK**.
+21.	In the **Manage Deployment** dialog box, select the **Ring 5 Broad business users #2** computer group, click **Add**, and then click **OK**.
 
 ## Configure Windows Update for Business in Windows 10 version 1607
 
@@ -116,9 +119,9 @@ To use Intune to manage quality and feature updates in your environment, you mus
 
 In this example, you use three security groups from Table 1 in [Build deployment rings for Windows 10 updates](waas-deployment-rings-windows-10-updates.md) to manage your updates: 
 
-- **Ring 2 Pilot Business Users** contains the PCs of business users which are part of the pilot testing process, receiving CB builds just 14 days after they are released.
-- **Ring 3 Broad IT** consists of IT members who receive updates after Microsoft releases a Windows 10 build to the CBB servicing branch.
-- **Ring 4 Broad Business Users** consists of LOB users on CBB, who receive quality updates after 7 days and feature updates after 30 days. 
+- **Ring 2 Pilot Business Users** contains the PCs of business users which are part of the pilot testing process, receiving CB builds 28 days after they are released.
+- **Ring 4 Broad business users** consists of IT members who receive updates after Microsoft releases a Windows 10 build to the CBB servicing branch.
+- **Ring 5 Broad business users #2** consists of LOB users on CBB, who receive quality updates after 7 days and feature updates after 14 days. 
 
 ### Configure Ring 2 Pilot Business Users policy
 
@@ -143,11 +146,11 @@ In this example, you use three security groups from Table 1 in [Build deployment
 
     ![Settings for this policy](images/waas-wufb-intune-cb2a.png)
     
-8. Because the **Ring 2 Pilot Business Users** deployment ring receives the CB feature updates after 14 days, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. 
+8. Because the **Ring 2 Pilot Business Users** deployment ring receives the CB feature updates after 28 days, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. 
 
-8. In **Setting name**, type **Defer feature updates for 14 days**, and then select **Integer** from the **Data type** list.
+8. In **Setting name**, type **Defer feature updates for 28 days**, and then select **Integer** from the **Data type** list.
 10.	In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**.
-11.	In the **Value** box, type **14**, and then click **OK**.
+11.	In the **Value** box, type **28**, and then click **OK**.
 
     ![Settings for this policy](images/waas-wufb-intune-step11a.png)
 
@@ -160,9 +163,9 @@ In this example, you use three security groups from Table 1 in [Build deployment
     
 10. In the **Manage Deployment: Windows Update for Business – CB2** dialog box, select the **Ring 2 Pilot Business Users** group, click **Add**, and then click **OK**.
 
-You have now configured the **Ring 2 Pilot Business Users** deployment ring to enable CB feature update deferment for 14 days. Now, you must configure **Ring 3 Broad IT** to receive CBB features updates as soon as they’re available.
+You have now configured the **Ring 2 Pilot Business Users** deployment ring to enable CB feature update deferment for 14 days. Now, you must configure **Ring 4 Broad business users** to receive CBB features updates as soon as they’re available.
 
-### Configure Ring 3 Broad IT policy
+### Configure Ring 4 Broad business users policy
 
 2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane.
 
@@ -182,7 +185,7 @@ You have now configured the **Ring 2 Pilot Business Users** deployment ring to e
     >The OMA-URI settings are case sensitive, so be sure to review [Policy CSP](https://msdn.microsoft.com/library/windows/hardware/dn904962.aspx) for the proper syntax.
 
     
-8. Because the **Ring 3 Broad IT** deployment ring receives the CBB feature updates immediately, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. 
+8. Because the **Ring 4 Broad business users** deployment ring receives the CBB feature updates immediately, in the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. 
 
 8. In **Setting name**, type **Defer feature updates for 0 days**, and then select **Integer** from the **Data type** list.
 
@@ -199,12 +202,12 @@ You have now configured the **Ring 2 Pilot Business Users** deployment ring to e
     >[!NOTE]
     >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**.
     
-10. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 3 Broad IT** group, click **Add**, and then click **OK**.
+10. In the **Manage Deployment: Windows Update for Business – CBB1** dialog box, select the **Ring 4 Broad business users** group, click **Add**, and then click **OK**.
 
-You have now configured the **Ring 3 Broad IT** deployment ring to receive CBB feature updates as soon as they’re available. Finally, configure **Ring 4 Broad Business Users** to accommodate a 7-day delay for quality updates and a 30-day delay for feature updates. 
+You have now configured the **Ring 4 Broad business users** deployment ring to receive CBB feature updates as soon as they’re available. Finally, configure **Ring 5 Broad business users #2** to accommodate a 7-day delay for quality updates and a 14-day delay for feature updates. 
 
 
-### Configure Ring 4 Broad Business Users policy
+### Configure Ring 5 Broad business users \#2 policy
 
 2. Click the **Policy** workspace. In the middle pane, click **Configuration Policies**, and then click **Add** in the details pane.
 
@@ -234,11 +237,11 @@ You have now configured the **Ring 3 Broad IT** deployment ring to receive CBB f
 
 8. In the **OMA-URI Settings** section, click **Add** to add another OMA-URI setting. 
 
-8. In **Setting name**, type **Defer feature updates for 30 days**, and then select **Integer** from the **Data type** list.
+8. In **Setting name**, type **Defer feature updates for 14 days**, and then select **Integer** from the **Data type** list.
 
 10.	In the **OMA-URI** box, type **./Vendor/MSFT/Policy/Config/Update/DeferFeatureUpdatesPeriodInDays**.
 
-11.	In the **Value** box, type **30**, and then click **OK**.
+11.	In the **Value** box, type **14**, and then click **OK**.
 
     ![Settings for this policy](images/waas-wufb-intune-cbb2a.png)
 
@@ -249,7 +252,7 @@ You have now configured the **Ring 3 Broad IT** deployment ring to receive CBB f
     >[!NOTE]
     >If this dialog box doesn't appear, select the policy, and then click **Manage Deployment**.
     
-10. In the **Manage Deployment: Windows Update for Business – CBB2** dialog box, select the **Ring 3 Broad Business Users** group, click **Add**, and then click **OK**.
+10. In the **Manage Deployment: Windows Update for Business – CBB2** dialog box, select the **Ring 5 Broad Business Users #2** group, click **Add**, and then click **OK**.
 
 ## Related topics