Merge branch 'master' of https://github.com/Microsoft/win-cpub-itpro-docs into v-jak-sec01

README.md

@@ -8,6 +8,7 @@ Welcome! This repository houses the docs that are written for IT professionals f
 - [Surface](https://technet.microsoft.com/itpro/surface)
 - [Surface Hub](https://technet.microsoft.com/itpro/surface-hub)
 - [Windows 10 for Education](https://technet.microsoft.com/edu/windows)
+- [HoloLens](https://technet.microsoft.com/itpro/hololens)
 - [Microsoft Desktop Optimization Pack](https://technet.microsoft.com/itpro/mdop) 
 
 ## Contributing

windows/deploy/provisioning-multivariant.md

@@ -89,7 +89,7 @@ A variant setting that matches a **TargetState** with a lower priority is applie
 
 The **TargetState** priority is assigned based on the conditions priority and the priority evaluation rules are as followed:
 
-1. T**TargetState** with P0 conditions is higher than **TargetState** without P0 conditions.
+1. **TargetState** with P0 conditions is higher than **TargetState** without P0 conditions.
 
 
 2. **TargetState** with P1 conditions is higher than **TargetState** without P0 and P1 conditions.

windows/keep-secure/bitlocker-countermeasures.md

@@ -23,9 +23,9 @@ The sections that follow provide more detailed information about the different t
 
 ### Protection before startup
 
-Before Windows starts, you must rely on security features implemented as part of the device hardware, including TPM andSecure Boot. Fortunately, many modern computers feature TPM.
+Before Windows starts, you must rely on security features implemented as part of the device hardware, including TPM and Secure Boot. Fortunately, many modern computers feature TPM.
 
-**Trusted Platform Module**
+#### Trusted Platform Module
 
 Software alone isn’t sufficient to protect a system. After an attacker has compromised software, the software might be unable to detect the compromise. Therefore, a single successful software compromise results in an untrusted system that might never be detected. Hardware, however, is much more difficult to modify.
 
@@ -33,7 +33,7 @@ A TPM is a microchip designed to provide basic security-related functions, prima
 By binding the BitLocker encryption key with the TPM and properly configuring the device, it’s nearly impossible for an attacker to gain access to the BitLocker-encrypted data without obtaining an authorized user’s credentials. Therefore, computers with a TPM can provide a high level of protection against attacks that attempt to directly retrieve the BitLocker encryption key.
 For more info about TPM, see [Trusted Platform Module](trusted-platform-module-overview.md).
 
-**UEFI and Secure Boot**
+#### UEFI and Secure Boot
 
 No operating system can protect a device when the operating system is offline. For that reason, Microsoft worked closely with hardware vendors to require firmware-level protection against boot and rootkits that might compromise an encryption solution’s encryption keys.
 

windows/keep-secure/credential-guard.md

@@ -61,7 +61,7 @@ The following tables provide more information about the hardware, firmware, and
 | Hardware: **Trusted Platform Module (TPM)**  |  **Requirement**: TPM 1.2 or TPM 2.0, either discrete or firmware.<br><br>**Security benefits**: A TPM provides protection for VBS encryption keys that are stored in the firmware. This helps protect against attacks involving a physically present user with BIOS access. |
 | Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)<br><br>**Security benefits**: UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.  |
 | Firmware: **Secure firmware update process**      | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).<br><br>**Security benefits**: UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
-| Software: Qualified **Windows operating system**  | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT<br>**Important**:  Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.<br>**Security benefits**: Support for VBS and for management features that simplify configuration of Credential Guard. |
+| Software: Qualified **Windows operating system**  | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT<br><br>**! Important**:<br>Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.<br><br>**Security benefits**: Support for VBS and for management features that simplify configuration of Credential Guard. |
 
 > [!IMPORTANT]
 > The preceding table lists requirements for baseline protections. The following tables list requirements for improved security. You can use Credential Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting the requirements for improved security, to significantly strengthen the level of security that Credential Guard can provide.

windows/keep-secure/manage-identity-verification-using-microsoft-passport.md

@@ -93,7 +93,7 @@ When identity providers such as Active Directory or Azure AD enroll a certificat
 
 [Introduction to Windows Hello](https://go.microsoft.com/fwlink/p/?LinkId=786649), video presentation on Microsoft Virtual Academy
 
-[What's new in Active Directory Domain Services (AD DS) in Windows Server Technical Preview](https://go.microsoft.com/fwlink/p/?LinkId=708533)
+[What's new in Active Directory Domain Services for Windows Server 2016](https://go.microsoft.com/fwlink/p/?LinkId=708533)
 
 [Windows Hello face authentication](https://go.microsoft.com/fwlink/p/?LinkId=626024)
 

windows/keep-secure/requirements-and-deployment-planning-guidelines-for-device-guard.md

@@ -54,7 +54,7 @@ The following tables provide more information about the hardware, firmware, and
 | Firmware: **UEFI firmware version 2.3.1.c or higher with UEFI Secure Boot** | **Requirements**: See the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot)<br><br>**Security benefits**: UEFI Secure Boot helps ensure that the device boots only authorized code. This can prevent boot kits and root kits from installing and persisting across reboots.  |
 | Firmware: **Secure firmware update process**      | **Requirements**: UEFI firmware must support secure firmware update found under the following Windows Hardware Compatibility Program requirement: [System.Fundamentals.Firmware.UEFISecureBoot](http://msdn.microsoft.com/library/windows/hardware/dn932805.aspx#system-fundamentals-firmware-uefisecureboot).<br><br>**Security benefits**: UEFI firmware just like software can have security vulnerabilities that, when found, need to be patched through firmware updates. Patching helps prevent root kits from getting installed. |
 | Software: **HVCI compatible drivers**       | **Requirements**: See the Windows Hardware Compatibility Program requirements under [Filter.Driver.DeviceGuard.DriverCompatibility](https://msdn.microsoft.com/library/windows/hardware/mt589732(v=vs.85).aspx).<br><br>**Security benefits**: [HVCI Compatible](https://blogs.msdn.microsoft.com/windows_hardware_certification/2015/05/22/driver-compatibility-with-device-guard-in-windows-10/) drivers help ensure that VBS can maintain appropriate memory permissions. This increases resistance to bypassing vulnerable kernel drivers and helps ensure that malware cannot run in kernel. Only code verified through code integrity can run in kernel mode. |
-| Software: Qualified **Windows operating system**  | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT<br>**Important**:  Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.<br>**Security benefits**: Support for VBS and for management features that simplify configuration of Device Guard. |
+| Software: Qualified **Windows operating system**  | **Requirement**: Windows 10 Enterprise, Windows 10 Education, Windows 2016 Server, or Windows Enterprise IoT<br><br>**! Important*:*<br>Windows Server 2016 running as a domain controller does not support Credential Guard. Only Device Guard is supported in this configuration.<br><br>**Security benefits**: Support for VBS and for management features that simplify configuration of Device Guard. |
 
 > **Important**&nbsp;&nbsp;The preceding table lists requirements for baseline protections. The following tables list requirements for improved security. You can use Device Guard with hardware, firmware, and software that support baseline protections, even if they do not support protections for improved security. However, we strongly recommend meeting the requirements for improved security, to significantly strengthen the level of security that Device Guard can provide.
 

windows/manage/change-history-for-manage-and-update-windows-10.md

@@ -15,7 +15,6 @@ This topic lists new and updated topics in the [Manage and update Windows 10](in
 >If you're looking for **update history** for Windows 10, see [Windows 10 and Windows Server 2016 update history](https://support.microsoft.com/help/12387/windows-10-update-history).
 
 ## January 2017
-<<<<<<< HEAD
 
 | New or changed topic | Description |
 | --- | --- |

windows/manage/troubleshoot-windows-store-for-business.md

@@ -53,7 +53,7 @@ The private store for your organization is a page in the Windows Store app that
 
 ## Still having trouble?
 
-If you are still having trouble using WSfB or installing the app, you can get more help on our [Support page](https://go.microsoft.com/fwlink/?LinkID=799757).
+If you are still having trouble using WSfB or installing the app, you can get more help on our [Support page](https://go.microsoft.com/fwlink/?LinkID=799386).
                                 
  
 

windows/manage/waas-configure-wufb.md

@@ -115,7 +115,7 @@ You can set your system to receive updates for other Microsoft products—known
 | --- | --- |
 | GPO for version 1607: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > Defer Windows Updates > **Select when Quality Updates are received** | \Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdates</br>\Policies\Microsoft\Windows\WindowsUpdate\DeferQualityUpdatesPeriodInDays  |
 | GPO for version 1511: </br>Computer Configuration > Administrative Templates > Windows Components > Windows Update > **Defer Upgrades and Updates** | \Policies\Microsoft\Windows\WindowsUpdate\DeferUpdatePeriod |
-| MDM for version 1607: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferQualityUpdates** | \Microsoft\PolicyManager\default\Update\DeferQualityUpdatesPeriodInDays |
+| MDM for version 1607: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferQualityUpdatesPeriodInDays** | \Microsoft\PolicyManager\default\Update\DeferQualityUpdatesPeriodInDays |
 | MDM for version 1511: </br>../Vendor/MSFT/Policy/Config/Update/</br>**DeferUpgrade** | \Microsoft\PolicyManager\default\Update\RequireDeferUpdate  |