From cfbc2094b4fcdb999f3183a579776080ebcae449 Mon Sep 17 00:00:00 2001
From: Justin Hall <justinha@microsoft.com>
Date: Thu, 15 Nov 2018 10:30:07 -0800
Subject: [PATCH] edits

---
 ...compliant-algorithms-for-encryption-hashing-and-signing.md | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
index bba7a2624e..ae91d8d14b 100644
--- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
+++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: brianlic-msft
-ms.date: 08/29/2017
+ms.date: 11/16/2018
 ---
 
 # System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
@@ -50,7 +50,7 @@ Additionally, if a data drive is password-protected, it can be accessed by a FIP
 
 ### Best practices
 
--   For use with TLS, set this policy to **Enabled**. Client devices with this policy setting enabled will be unable to communicate through digitally encrypted or signed protocols with servers that do not support these algorithms. Client devices that are connected to the network and do not support these algorithms cannot use servers that require the algorithms for network communications. If you enable this policy setting, you must also configure Internet Explorer to use TLS.
+There are no best practices for this setting. Our previous guidance had recommended a setting of **Enabled**, primarily to align with US Federal government recommendations. [Windows security baselines](https://docs.microsoft.com/windows/security/threat-protection/windows-security-baselines) recommend this setting be **Not Defined**, meaning that we leave the decision to customers. For a deeper explanation, see [Why We’re Not Recommending “FIPS Mode” Anymore](https://blogs.technet.microsoft.com/secguide/2014/04/07/why-were-not-recommending-fips-mode-anymore/).
 
 ### Location