diff --git a/windows/access-protection/TOC.md b/windows/access-protection/TOC.md
deleted file mode 100644
index acb2519e1d..0000000000
--- a/windows/access-protection/TOC.md
+++ /dev/null
@@ -1,182 +0,0 @@
-# [Access protection](access-control/access-control.md)
-
-## [Access Control Overview](access-control/access-control.md)
-### [Dynamic Access Control Overview](access-control/dynamic-access-control.md)
-### [Security identifiers](access-control/security-identifiers.md)
-### [Security Principals](access-control/security-principals.md)
-### [Local Accounts](access-control/local-accounts.md)
-### [Active Directory Accounts](access-control/active-directory-accounts.md)
-### [Microsoft Accounts](access-control/microsoft-accounts.md)
-### [Service Accounts](access-control/service-accounts.md)
-### [Active Directory Security Groups](access-control/active-directory-security-groups.md)
-### [Special Identities](access-control/special-identities.md)
-
-## [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md)
-
-## [Enterprise Certificate Pinning](enterprise-certificate-pinning.md)
-
-## [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md)
-
-## [Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md)
-### [How Credential Guard works](credential-guard/credential-guard-how-it-works.md)
-### [Credential Guard Requirements](credential-guard/credential-guard-requirements.md)
-### [Manage Credential Guard](credential-guard/credential-guard-manage.md)
-### [Credential Guard protection limits](credential-guard/credential-guard-protection-limits.md)
-### [Considerations when using Credential Guard](credential-guard/credential-guard-considerations.md)
-### [Credential Guard: Additional mitigations](credential-guard/additional-mitigations.md)
-### [Credential Guard: Known issues](credential-guard/credential-guard-known-issues.md)
-
-
-## [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md)
-
-## [Smart Cards](smart-cards/smart-card-windows-smart-card-technical-reference.md)
-### [How Smart Card Sign-in Works in Windows](smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md)
-#### [Smart Card Architecture](smart-cards/smart-card-architecture.md)
-#### [Certificate Requirements and Enumeration](smart-cards/smart-card-certificate-requirements-and-enumeration.md)
-#### [Smart Card and Remote Desktop Services](smart-cards/smart-card-and-remote-desktop-services.md)
-#### [Smart Cards for Windows Service](smart-cards/smart-card-smart-cards-for-windows-service.md)
-#### [Certificate Propagation Service](smart-cards/smart-card-certificate-propagation-service.md)
-#### [Smart Card Removal Policy Service](smart-cards/smart-card-removal-policy-service.md)
-### [Smart Card Tools and Settings](smart-cards/smart-card-tools-and-settings.md)
-#### [Smart Cards Debugging Information](smart-cards/smart-card-debugging-information.md)
-#### [Smart Card Group Policy and Registry Settings](smart-cards/smart-card-group-policy-and-registry-settings.md)
-#### [Smart Card Events](smart-cards/smart-card-events.md)
-
-### [User Account Control](user-account-control\user-account-control-overview.md)
-#### [How User Account Control works](user-account-control\how-user-account-control-works.md)
-#### [User Account Control security policy settings](user-account-control\user-account-control-security-policy-settings.md)
-#### [User Account Control Group Policy and registry key settings](user-account-control\user-account-control-group-policy-and-registry-key-settings.md)
-
-### [Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-overview.md)
-#### [Understanding and Evaluating Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-understanding-and-evaluating.md)
-##### [Get Started with Virtual Smart Cards: Walkthrough Guide](virtual-smart-cards\virtual-smart-card-get-started.md)
-##### [Use Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-use-virtual-smart-cards.md)
-##### [Deploy Virtual Smart Cards](virtual-smart-cards\virtual-smart-card-deploy-virtual-smart-cards.md)
-##### [Evaluate Virtual Smart Card Security](virtual-smart-cards\virtual-smart-card-evaluate-security.md)
-#### [Tpmvscmgr](virtual-smart-cards\virtual-smart-card-tpmvscmgr.md)
-
-
-## [VPN technical guide](vpn\vpn-guide.md)
-### [VPN connection types](vpn\vpn-connection-type.md)
-### [VPN routing decisions](vpn\vpn-routing.md)
-### [VPN authentication options](vpn\vpn-authentication.md)
-### [VPN and conditional access](vpn\vpn-conditional-access.md)
-### [VPN name resolution](vpn\vpn-name-resolution.md)
-### [VPN auto-triggered profile options](vpn\vpn-auto-trigger-profile.md)
-### [VPN security features](vpn\vpn-security-features.md)
-### [VPN profile options](vpn\vpn-profile-options.md)
-### [How to use single sign-on (SSO) over VPN and Wi-Fi connections](vpn\how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md)
-### [Windows 10 credential theft mitigation guide abstract](windows-credential-theft-mitigation-guide-abstract.md)
-
-## [Windows Firewall with Advanced Security](windows-firewall/windows-firewall-with-advanced-security.md)
-### [Isolating Microsoft Store Apps on Your Network](windows-firewall/isolating-apps-on-your-network.md)
-### [Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012](windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md)
-### [Windows Firewall with Advanced Security Administration with Windows PowerShell](windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md)
-### [Windows Firewall with Advanced Security Design Guide](windows-firewall/windows-firewall-with-advanced-security-design-guide.md)
-#### [Understanding the Windows Firewall with Advanced Security Design Process](windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md)
-#### [Identifying Your Windows Firewall with Advanced Security Deployment Goals](windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md)
-##### [Protect Devices from Unwanted Network Traffic](windows-firewall/protect-devices-from-unwanted-network-traffic.md)
-##### [Restrict Access to Only Trusted Devices](windows-firewall/restrict-access-to-only-trusted-devices.md)
-##### [Require Encryption When Accessing Sensitive Network Resources](windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md)
-##### [Restrict Access to Only Specified Users or Computers](windows-firewall/restrict-access-to-only-specified-users-or-devices.md)
-#### [Mapping Your Deployment Goals to a Windows Firewall with Advanced Security Design](windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md)
-##### [Basic Firewall Policy Design](windows-firewall/basic-firewall-policy-design.md)
-##### [Domain Isolation Policy Design](windows-firewall/domain-isolation-policy-design.md)
-##### [Server Isolation Policy Design](windows-firewall/server-isolation-policy-design.md)
-##### [Certificate-based Isolation Policy Design](windows-firewall/certificate-based-isolation-policy-design.md)
-#### [Evaluating Windows Firewall with Advanced Security Design Examples](windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md)
-##### [Firewall Policy Design Example](windows-firewall/firewall-policy-design-example.md)
-##### [Domain Isolation Policy Design Example](windows-firewall/domain-isolation-policy-design-example.md)
-##### [Server Isolation Policy Design Example](windows-firewall/server-isolation-policy-design-example.md)
-##### [Certificate-based Isolation Policy Design Example](windows-firewall/certificate-based-isolation-policy-design-example.md)
-#### [Designing a Windows Firewall with Advanced Security Strategy](windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md)
-##### [Gathering the Information You Need](windows-firewall/gathering-the-information-you-need.md)
-###### [Gathering Information about Your Current Network Infrastructure](windows-firewall/gathering-information-about-your-current-network-infrastructure.md)
-###### [Gathering Information about Your Active Directory Deployment](windows-firewall/gathering-information-about-your-active-directory-deployment.md)
-###### [Gathering Information about Your Computers](windows-firewall/gathering-information-about-your-devices.md)
-###### [Gathering Other Relevant Information](windows-firewall/gathering-other-relevant-information.md)
-##### [Determining the Trusted State of Your Computers](windows-firewall/determining-the-trusted-state-of-your-devices.md)
-#### [Planning Your Windows Firewall with Advanced Security Design](windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md)
-##### [Planning Settings for a Basic Firewall Policy](windows-firewall/planning-settings-for-a-basic-firewall-policy.md)
-##### [Planning Domain Isolation Zones](windows-firewall/planning-domain-isolation-zones.md)
-###### [Exemption List](windows-firewall/exemption-list.md)
-###### [Isolated Domain](windows-firewall/isolated-domain.md)
-###### [Boundary Zone](windows-firewall/boundary-zone.md)
-###### [Encryption Zone](windows-firewall/encryption-zone.md)
-##### [Planning Server Isolation Zones](windows-firewall/planning-server-isolation-zones.md)
-##### [Planning Certificate-based Authentication](windows-firewall/planning-certificate-based-authentication.md)
-###### [Documenting the Zones](windows-firewall/documenting-the-zones.md)
-###### [Planning Group Policy Deployment for Your Isolation Zones](windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md)
-####### [Planning Isolation Groups for the Zones](windows-firewall/planning-isolation-groups-for-the-zones.md)
-####### [Planning Network Access Groups](windows-firewall/planning-network-access-groups.md)
-####### [Planning the GPOs](windows-firewall/planning-the-gpos.md)
-######## [Firewall GPOs](windows-firewall/firewall-gpos.md)
-######### [GPO_DOMISO_Firewall](windows-firewall/gpo-domiso-firewall.md)
-######## [Isolated Domain GPOs](windows-firewall/isolated-domain-gpos.md)
-######### [GPO_DOMISO_IsolatedDomain_Clients](windows-firewall/gpo-domiso-isolateddomain-clients.md)
-######### [GPO_DOMISO_IsolatedDomain_Servers](windows-firewall/gpo-domiso-isolateddomain-servers.md)
-######## [Boundary Zone GPOs](windows-firewall/boundary-zone-gpos.md)
-######### [GPO_DOMISO_Boundary](windows-firewall/gpo-domiso-boundary.md)
-######## [Encryption Zone GPOs](windows-firewall/encryption-zone-gpos.md)
-######### [GPO_DOMISO_Encryption](windows-firewall/gpo-domiso-encryption.md)
-######## [Server Isolation GPOs](windows-firewall/server-isolation-gpos.md)
-####### [Planning GPO Deployment](windows-firewall/planning-gpo-deployment.md)
-#### [Appendix A: Sample GPO Template Files for Settings Used in this Guide](windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md)
-### [Windows Firewall with Advanced Security Deployment Guide](windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md)
-#### [Planning to Deploy Windows Firewall with Advanced Security](windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md)
-#### [Implementing Your Windows Firewall with Advanced Security Design Plan](windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md)
-#### [Checklist: Creating Group Policy Objects](windows-firewall/checklist-creating-group-policy-objects.md)
-#### [Checklist: Implementing a Basic Firewall Policy Design](windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md)
-#### [Checklist: Configuring Basic Firewall Settings](windows-firewall/checklist-configuring-basic-firewall-settings.md)
-#### [Checklist: Creating Inbound Firewall Rules](windows-firewall/checklist-creating-inbound-firewall-rules.md)
-#### [Checklist: Creating Outbound Firewall Rules](windows-firewall/checklist-creating-outbound-firewall-rules.md)
-#### [Checklist: Implementing a Domain Isolation Policy Design](windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md)
-##### [Checklist: Configuring Rules for the Isolated Domain](windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md)
-##### [Checklist: Configuring Rules for the Boundary Zone](windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md)
-##### [Checklist: Configuring Rules for the Encryption Zone](windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md)
-##### [Checklist: Configuring Rules for an Isolated Server Zone](windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md)
-#### [Checklist: Implementing a Standalone Server Isolation Policy Design](windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md)
-##### [Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone](windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md)
-##### [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md)
-#### [Checklist: Implementing a Certificate-based Isolation Policy Design](windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md)
-#### [Procedures Used in This Guide](windows-firewall/procedures-used-in-this-guide.md)
-##### [Add Production Devices to the Membership Group for a Zone](windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md)
-##### [Add Test Devices to the Membership Group for a Zone](windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md)
-##### [Assign Security Group Filters to the GPO](windows-firewall/assign-security-group-filters-to-the-gpo.md)
-##### [Change Rules from Request to Require Mode](windows-firewall/change-rules-from-request-to-require-mode.md)
-##### [Configure Authentication Methods](windows-firewall/configure-authentication-methods.md)
-##### [Configure Data Protection (Quick Mode) Settings](windows-firewall/configure-data-protection-quick-mode-settings.md)
-##### [Configure Group Policy to Autoenroll and Deploy Certificates](windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md)
-##### [Configure Key Exchange (Main Mode) Settings](windows-firewall/configure-key-exchange-main-mode-settings.md)
-##### [Configure the Rules to Require Encryption](windows-firewall/configure-the-rules-to-require-encryption.md)
-##### [Configure the Windows Firewall Log](windows-firewall/configure-the-windows-firewall-log.md)
-##### [Configure the Workstation Authentication Certificate Template](windows-firewall/configure-the-workstation-authentication-certificate-template.md)
-##### [Configure Windows Firewall to Suppress Notifications When a Program Is Blocked](windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md)
-##### [Confirm That Certificates Are Deployed Correctly](windows-firewall/confirm-that-certificates-are-deployed-correctly.md)
-##### [Copy a GPO to Create a New GPO](windows-firewall/copy-a-gpo-to-create-a-new-gpo.md)
-##### [Create a Group Account in Active Directory](windows-firewall/create-a-group-account-in-active-directory.md)
-##### [Create a Group Policy Object](windows-firewall/create-a-group-policy-object.md)
-##### [Create an Authentication Exemption List Rule](windows-firewall/create-an-authentication-exemption-list-rule.md)
-##### [Create an Authentication Request Rule](windows-firewall/create-an-authentication-request-rule.md)
-##### [Create an Inbound ICMP Rule](windows-firewall/create-an-inbound-icmp-rule.md)
-##### [Create an Inbound Port Rule](windows-firewall/create-an-inbound-port-rule.md)
-##### [Create an Inbound Program or Service Rule](windows-firewall/create-an-inbound-program-or-service-rule.md)
-##### [Create an Outbound Port Rule](windows-firewall/create-an-outbound-port-rule.md)
-##### [Create an Outbound Program or Service Rule](windows-firewall/create-an-outbound-program-or-service-rule.md)
-##### [Create Inbound Rules to Support RPC](windows-firewall/create-inbound-rules-to-support-rpc.md)
-##### [Create WMI Filters for the GPO](windows-firewall/create-wmi-filters-for-the-gpo.md)
-##### [Enable Predefined Inbound Rules](windows-firewall/enable-predefined-inbound-rules.md)
-##### [Enable Predefined Outbound Rules](windows-firewall/enable-predefined-outbound-rules.md)
-##### [Exempt ICMP from Authentication](windows-firewall/exempt-icmp-from-authentication.md)
-##### [Link the GPO to the Domain](windows-firewall/link-the-gpo-to-the-domain.md)
-##### [Modify GPO Filters to Apply to a Different Zone or Version of Windows](windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md)
-##### [Open the Group Policy Management Console to IP Security Policies](windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md)
-##### [Open the Group Policy Management Console to Windows Firewall](windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md)
-##### [Open the Group Policy Management Console to Windows Firewall with Advanced Security](windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md)
-##### [Open Windows Firewall with Advanced Security](windows-firewall/open-windows-firewall-with-advanced-security.md)
-##### [Restrict Server Access to Members of a Group Only](windows-firewall/restrict-server-access-to-members-of-a-group-only.md)
-##### [Turn on Windows Firewall and Configure Default Behavior](windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md)
-##### [Verify That Network Traffic Is Authenticated](windows-firewall/verify-that-network-traffic-is-authenticated.md)
-
-## [Windows Hello for Business](hello-for-business/hello-identity-verification.md)
-
diff --git a/windows/access-protection/index.md b/windows/access-protection/index.md
index e3b438214a..6f99c4db34 100644
--- a/windows/access-protection/index.md
+++ b/windows/access-protection/index.md
@@ -1,29 +1,3 @@
 ---
-title: Access protection (Windows 10)
-description: Learn more about access protection technologies in Windows 10 and Windows 10 Mobile.
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: brianlic-msft
-ms.date: 04/24/2017
----
-
-# Access protection
-
-Learn more about access protection technologies in Windows 10 and Windows 10 Mobile.
-
-| Section | Description |
-|-|-|
-| [Access control](access-control/access-control.md) | Describes access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer. Key concepts that make up access control are permissions, ownership of objects, inheritance of permissions, user rights, and object auditing. |
-| [Configure S/MIME for Windows 10 and Windows 10 Mobile](configure-s-mime.md) | In Windows 10, S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients who have a digital identification (ID), also known as a certificate, can read them. Users can digitally sign a message, which provides the recipients with a way to verify the identity of the sender and that the message hasn't been tampered with. |
-| [Install digital certificates on Windows 10 Mobile](installing-digital-certificates-on-windows-10-mobile.md) | Digital certificates bind the identity of a user or computer to a pair of keys that can be used to encrypt and sign digital information. Certificates are issued by a certification authority (CA) that vouches for the identity of the certificate holder, and they enable secure client communications with websites and services. |
-| [Protect derived domain credentials with Credential Guard](credential-guard/credential-guard.md) | Introduced in Windows 10 Enterprise, Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Credential Guard helps prevent these attacks by protecting NTLM password hashes and Kerberos Ticket Granting Tickets. |
-| [Protect Remote Desktop credentials with Remote Credential Guard](remote-credential-guard.md) | Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting the Kerberos requests back to the device that's requesting the connection. |
-| [User Account Control](user-account-control/user-account-control-overview.md)| Provides information about User Account Control (UAC), which helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. UAC can help block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.|
-| [Virtual Smart Cards](virtual-smart-cards/virtual-smart-card-overview.md) | Provides information about deploying and managing virtual smart cards, which are functionally similar to physical smart cards and appear in Windows as smart cards that are always-inserted. Virtual smart cards use the Trusted Platform Module (TPM) chip that is available on computers in many organizations, rather than requiring the use of a separate physical smart card and reader. |
-| [VPN technical guide](vpn/vpn-guide.md) | Virtual private networks (VPN) let you give your users secure remote access to your company network. Windows 10 adds useful new VPN profile options to help you manage how users connect. |
-| [Smart Cards](smart-cards/smart-card-windows-smart-card-technical-reference.md) | Provides a collection of references topics about smart cards, which are tamper-resistant portable storage devices that can enhance the security of tasks such as authenticating clients, signing code, securing e-mail, and signing in with a Windows domain account. |
-| [Windows Hello for Business](hello-for-business/hello-identity-verification.md) | In Windows 10, Windows Hello replaces passwords with strong two-factor authentication on PCs and mobile devices. This authentication consists of a new type of user credential that is tied to a device and a biometric or PIN. |
-| [Windows Firewall with Advanced Security](windows-firewall/windows-firewall-with-advanced-security.md) | Provides information about Windows Firewall with Advanced Security, which is an important part of a layered security model. By providing host-based, two-way network traffic filtering for a device, Windows Firewall with Advanced Security blocks unauthorized network traffic flowing into or out of the local device. |
-| [Windows 10 Credential Theft Mitigation Guide Abstract](windows-credential-theft-mitigation-guide-abstract.md) | Learn more about credential theft mitigation in Windows 10. |
+redirect_url: https://docs.microsoft.com/windows/security/identity-protection/
+---
\ No newline at end of file
diff --git a/windows/configuration/change-history-for-configure-windows-10.md b/windows/configuration/change-history-for-configure-windows-10.md
index a12a531608..4341c2671b 100644
--- a/windows/configuration/change-history-for-configure-windows-10.md
+++ b/windows/configuration/change-history-for-configure-windows-10.md
@@ -8,13 +8,19 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: high
 author: jdeckerms
-ms.date: 01/31/2018
+ms.date: 02/08/2018
 ---
 
 # Change history for Configure Windows 10
 
 This topic lists new and updated topics in the [Configure Windows 10](index.md) documentation for Windows 10 and Windows 10 Mobile.
 
+## February 2018
+
+New or changed topic | Description
+--- | ---
+[Create a Windows 10 kiosk that runs multiple apps](lock-down-windows-10-to-specific-apps.md) | Added steps for configuring a kiosk in Microsoft Intune.
+
 ## January 2018
 
 New or changed topic | Description
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index ea121c6820..94ac63a7a7 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -9,7 +9,7 @@ ms.sitesec: library
 ms.pagetype: edu, security
 author: jdeckerms
 ms.localizationpriority: high
-ms.date: 01/31/2018
+ms.date: 02/08/2018
 ms.author: jdecker
 ---
 
@@ -20,21 +20,49 @@ ms.author: jdecker
 
 -   Windows 10
 
-A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. You can configure multi-app kiosks using Microsoft Intune or a provisioning package.
+A [kiosk device](set-up-a-kiosk-for-windows-10-for-desktop-editions.md) typically runs a single app, and users are prevented from accessing any features or functions on the device outside of the kiosk app. In Windows 10, version 1709, the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) has been expanded to make it easy for administrators to create kiosks that run more than one app. 
+
+The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. 
+
+>[!WARNING]
+>The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, [certain policies](#policies-set-by-multi-app-kiosk-configuration) are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
+
+You can configure multi-app kiosks using [Microsoft Intune](#intune) or a [provisioning package](#provision).
+
+<span id="intune"/>
+## Configure a kiosk in Microsoft Intune
 
 Watch how to use Intune to configure a multi-app kiosk.
 
 >[!VIDEO https://www.microsoft.com/videoplayer/embed/ce9992ab-9fea-465d-b773-ee960b990c4a?autoplay=false]
 
->[!NOTE]
->For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk. 
+1. [Generate the Start layout for the kiosk device.](#startlayout)
+2. In the Microsoft Azure portal, search for **Intune** or go to **More services** > **Intune**.
+3. Select **Device configuration**.
+4. Select **Profiles**.
+5. Select **Create profile**.
+6. Enter a friendly name for the profile.
+7. Select **Windows 10 and later** for the platform.
+8. Select **Device restrictions** for the profile type.
+9. Select **Kiosk**.
+10. In **Kiosk Mode**, select **Multi app kiosk**.
+11. Select **Add** to define a configuration, which specifies the apps that will run and the layout for the Start menu.
+12. Enter a friendly name for the configuration.
+13. Select an app type, either **Win32 App** for a classic desktop application or **UWP App** for a Universal Windows Platform app.
+  - For **Win32 App**, enter the fully qualified pathname of the executable, with respect to the device.
+  - For **UWP App**, enter the Application User Model ID for an installed app.
+14. Select whether to enable the taskbar.
+15. Browse to and select the Start layout XML file that you generated in step 1.
+16. Add one or more accounts. When the account signs in, only the apps defined in the configuration will be available.
+17. Select **OK**. You can add additional configurations or finish.
+18. Assign the profile to a device group to configure the devices in that group as kiosks.
 
-The benefit of a multi-app kiosk, or fixed-purpose device, is to provide an easy-to-understand experience for individuals by putting in front of them only the things they need to use, and removing from their view the things they don’t need to access. 
 
->[!WARNING]
->The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device. Deleting the multi-app configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
 
 
+
+## Configure a kiosk using a provisioning package
+
 Process:
 1. [Create XML file](#create-xml-file)
 2. [Add XML file to provisioning package](#add-xml)
@@ -46,14 +74,15 @@ Watch how to use a provisioning package to configure a multi-app kiosk.
 
 If you don't want to use a provisioning package, you can deploy the configuration XML file using [mobile device management (MDM)](#alternate-methods) or you can configure assigned access using the [MDM Bridge WMI Provider](#bridge).
 
-## Prerequisites
+### Prerequisites
 
 - Windows Configuration Designer (Windows 10, version 1709)
 - The kiosk device must be running Windows 10 (S, Pro, Enterprise, or Education), version 1709
 
+>[!NOTE]
+>For devices running versions of Windows 10 earlier than version 1709, you can [create AppLocker rules](lock-down-windows-10-applocker.md) to configure a multi-app kiosk. 
 
-
-## Create XML file
+### Create XML file
 
 Let's start by looking at the basic structure of the XML file. 
 
@@ -90,7 +119,7 @@ You can start your file by pasting the following XML (or any other examples in t
 </AssignedAccessConfiguration>
 ```
 
-### Profile
+#### Profile
 
 A profile section in the XML has the following entries: 
 
@@ -103,7 +132,7 @@ A profile section in the XML has the following entries:
 - [**Taskbar**](#taskbar)
 
 
-#### Id
+##### Id
 
 The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file. 
 
@@ -113,7 +142,7 @@ The profile **Id** is a GUID attribute to uniquely identify the profile. You can
 </Profiles>
 ```
 
-#### AllowedApps
+##### AllowedApps
 
 **AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Classic Windows desktop apps. 
 
@@ -155,7 +184,7 @@ The following example allows Groove Music, Movies & TV, Photos, Weather, Calcula
 </AllAppsList>
 ```
 
-#### StartLayout
+##### StartLayout
 
 After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. You can choose to pin all the allowed apps on the Start screen or just a subset, depending on whether you want the end user to directly access them on the Start screen. 
 
@@ -202,7 +231,7 @@ This example pins Groove Music, Movies & TV, Photos, Weather, Calculator, Paint,
 
 ![What the Start screen looks like when the XML sample is applied](images/sample-start.png)
 
-#### Taskbar
+##### Taskbar
 
 Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don’t attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want. 
 
@@ -221,7 +250,7 @@ The following example hides the taskbar:
 >[!NOTE]
 >This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden. 
 
-### Configs
+#### Configs
 
 Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced, including the allowed apps, Start layout, and taskbar configuration, as well as other local group policies or mobile device management (MDM) policies set as part of the multi-app experience. 
 
@@ -256,7 +285,7 @@ Before applying the multi-app configuration, make sure the specified user accoun
 
 
 <span id="add-xml" />
-## Add XML file to provisioning package
+### Add XML file to provisioning package
 
 Before you add the XML file to a provisioning package, you can [validate your configuration XML against the XSD](multi-app-kiosk-xml.md#xsd-for-assignedaccess-configuration-xml).
 
@@ -317,12 +346,12 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 15. Copy the provisioning package to the root directory of a USB drive.
 
 <span id="apply-ppkg" />
-## Apply provisioning package to device
+### Apply provisioning package to device
 
 Provisioning packages can be applied to a device during the first-run experience (out-of-box experience or "OOBE") and after ("runtime").
 
 
-### During initial setup, from a USB drive
+#### During initial setup, from a USB drive
 
 1. Start with a computer on the first-run setup screen. If the PC has gone past this screen, reset the PC to start over. To reset the PC, go to **Settings** > **Update & security** > **Recovery** > **Reset this PC**.
 
@@ -346,7 +375,7 @@ Provisioning packages can be applied to a device during the first-run experience
     
 
     
-### After setup, from a USB drive, network folder, or SharePoint site
+#### After setup, from a USB drive, network folder, or SharePoint site
 
 1. Sign in with an admin account.
 2. Insert the USB drive to a desktop computer, navigate to **Settings** > **Accounts** > **Access work or school** > **Add or remove a provisioning package** > **Add a package**, and select the package to install. 
@@ -365,7 +394,7 @@ Provisioning packages can be applied to a device during the first-run experience
 
 
 <span id="alternate-methods" />
-## Use MDM to deploy the multi-app configuration 
+### Use MDM to deploy the multi-app configuration 
 
 
 Multi-app kiosk mode is enabled by the [AssignedAccess configuration service provider (CSP)](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp). Your MDM policy can contain the assigned access configuration XML. 
diff --git a/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md b/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
index 0fe1c5b458..d68048c98d 100644
--- a/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
+++ b/windows/configuration/set-up-a-kiosk-for-windows-10-for-desktop-editions.md
@@ -32,7 +32,8 @@ A single-use or *kiosk* device is easy to set up in Windows 10 for desktop edit
     
 - For a kiosk device to run a Classic Windows application, use [Shell Launcher](#shell-launcher) to set a custom user interface as the shell (Windows 10 Enterprise or Education only). 
 
-To return the device to the regular shell, see [Sign out of assigned access](#sign-out-of-assigned-access).
+>[!TIP]
+>To return the device to the regular shell, see [Sign out of assigned access](#sign-out-of-assigned-access).
 
 >[!NOTE]
 >A Universal Windows app is built on the Universal Windows Platform (UWP), which was first introduced in Windows 8 as the Windows Runtime. A Classic Windows application uses the Classic Windows Platform (CWP) (e.g., COM, Win32, WPF, WinForms, etc.) and is typically launched using an .EXE or .DLL file.
diff --git a/windows/device-security/device-guard/images/wdac-edit-gp.png b/windows/device-security/device-guard/images/wdac-edit-gp.png
deleted file mode 100644
index 17c990ac10..0000000000
Binary files a/windows/device-security/device-guard/images/wdac-edit-gp.png and /dev/null differ
diff --git a/windows/device-security/index.md b/windows/device-security/index.md
new file mode 100644
index 0000000000..be91262028
--- /dev/null
+++ b/windows/device-security/index.md
@@ -0,0 +1,3 @@
+---
+redirect_url: https://docs.microsoft.com/windows/security/threat-protection/
+---
\ No newline at end of file
diff --git a/windows/security/images/fall-creators-update-next-gen-security.png b/windows/security/images/fall-creators-update-next-gen-security.png
index 4dbd78b498..62aaa46f8d 100644
Binary files a/windows/security/images/fall-creators-update-next-gen-security.png and b/windows/security/images/fall-creators-update-next-gen-security.png differ
diff --git a/windows/security/images/next-generation-windows-security-vision.png b/windows/security/images/next-generation-windows-security-vision.png
index 236037fb4b..a598365cb7 100644
Binary files a/windows/security/images/next-generation-windows-security-vision.png and b/windows/security/images/next-generation-windows-security-vision.png differ
diff --git a/windows/security/index.yml b/windows/security/index.yml
index 8cd8217ca4..8999a8a950 100644
--- a/windows/security/index.yml
+++ b/windows/security/index.yml
@@ -220,6 +220,18 @@ sections:
       
       title: Azure Information Protection P2
 
+- title: Videos
+
+  items:
+
+  - type: markdown
+
+    text: ">[![VIDEO](images/next-generation-windows-security-vision.png)](https://www.youtube.com/watch?v=IvZySDNfNpo)"
+
+  - type: markdown
+
+    text: ">[![VIDEO](images/fall-creators-update-next-gen-security.png)](https://www.youtube.com/watch?v=JDGMNFwyUg8)"
+    
 - title: Additional security features in Windows 10 
 
   items:
diff --git a/windows/threat-protection/TOC.md b/windows/threat-protection/TOC.md
deleted file mode 100644
index 2cd6908619..0000000000
--- a/windows/threat-protection/TOC.md
+++ /dev/null
@@ -1,2 +0,0 @@
-# [Threat protection](index.md)
-
diff --git a/windows/threat-protection/index.md b/windows/threat-protection/index.md
index e33a61e7c8..1417ec0534 100644
--- a/windows/threat-protection/index.md
+++ b/windows/threat-protection/index.md
@@ -1,29 +1,3 @@
 ---
-title: Threat Protection (Windows 10)
-description: Learn more about how to help protect against threats in Windows 10 and Windows 10 Mobile.
-ms.prod: w10
-ms.mktglfcycl: deploy
-ms.sitesec: library
-ms.pagetype: security
-author: brianlic-msft
-ms.date: 08/11/2017
+redirect_url: https://docs.microsoft.com/windows/security/threat-protection/
 ---
-
-# Threat Protection
-
-Learn more about how to help protect against threats in Windows 10 and Windows 10 Mobile.
-
-| Section | Description |
-|-|-|
-|[Windows Defender Security Center](windows-defender-security-center/windows-defender-security-center.md)|Learn about the easy-to-use app that brings together common Windows security features.|
-|[Windows Defender Advanced Threat Protection](windows-defender-atp/windows-defender-advanced-threat-protection.md)|Provides info about Windows Defender Advanced Threat Protection (Windows Defender ATP), an out-of-the-box Windows enterprise security service that enables enterprise cybersecurity teams to detect and respond to advanced threats on their networks.|
-|[Windows Defender Antivirus in Windows 10](windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md)|Provides info about Windows Defender, a built-in antimalware solution that helps provide security and antimalware management for desktops, portable computers, and servers. Includes a list of system requirements and new features.|
-|[Windows Defender Application Guard](windows-defender-application-guard/wd-app-guard-overview.md)|Provides info about Windows Defender Application Guard, the hardware-based virtualization solution that helps to isolate a device and operating system from an untrusted browser session.|
-|[Windows Defender Smart​Screen](windows-defender-smartscreen/windows-defender-smartscreen-overview.md) |Learn more about Windows Defender SmartScreen.|
-|[Protect your enterprise data using Windows Information Protection (WIP)](windows-information-protection/protect-enterprise-data-using-wip.md)|Provides info about how to create a Windows Information Protection policy that can help protect against potential corporate data leakage.|
-|[Mitigate threats by using Windows 10 security features](overview-of-threat-mitigations-in-windows-10.md) |Learn more about mitigating threats in Windows 10.|
-|[Override Process Mitigation Options to help enforce app-related security policies](override-mitigation-options-for-app-related-security-policies.md) |Use Group Policy to override individual **Process Mitigation Options** settings and help to enforce specific app-related security policies.|
-|[How hardware-based containers help protect Windows 10](how-hardware-based-containers-help-protect-windows.md) |Learn about how hardware-based containers can isolate sensitive system services and data, enabling them to remain secure even when the operating system has been compromised.|
-|[Secure the Windows 10 boot process](secure-the-windows-10-boot-process.md) |Learn about the Windows 10 security features that help to protect your PC from malware, including rootkits and other applications.|
-|[Use Windows Event Forwarding to help with intrusion detection](use-windows-event-forwarding-to-assist-in-instrusion-detection.md) |Learn about an approach to collect events from devices in your organization. This article talks about events in both normal operations and when an intrusion is suspected. |
-|[Block untrusted fonts in an enterprise](block-untrusted-fonts-in-enterprise.md) |Provides info about how to help protect your company from attacks which may originate from untrusted or attacker controlled font files. |