diff --git a/windows/deploy/mbr-to-gpt.md b/windows/deploy/mbr-to-gpt.md
index 76aa003b02..46c411919f 100644
--- a/windows/deploy/mbr-to-gpt.md
+++ b/windows/deploy/mbr-to-gpt.md
@@ -216,7 +216,7 @@ Before any change to the disk is made, MBR2GPT validates the layout and geometry
 - There are at most 3 primary partitions in the MBR partition table
 - One of the partitions is set as active and is the system partition
 - The BCD store on the system partition contains a default OS entry pointing to an OS partition
-- The volume IDs can retrieved for each volume which has a drive letter assigned
+- The volume IDs can be retrieved for each volume which has a drive letter assigned
 - All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option
 
 If any of these checks fails, the conversion will not proceed and an error will be returned.
diff --git a/windows/deploy/resolve-windows-10-upgrade-errors.md b/windows/deploy/resolve-windows-10-upgrade-errors.md
index a16acec410..ecd6b073b2 100644
--- a/windows/deploy/resolve-windows-10-upgrade-errors.md
+++ b/windows/deploy/resolve-windows-10-upgrade-errors.md
@@ -2,7 +2,7 @@
 title: Resolve Windows 10 upgrade errors - Windows IT Pro
 description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
 ms.assetid: DFEFE22C-4FEF-4FD9-BFC4-9B419C339502
-keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback
+keywords: deploy, error, troubleshoot, windows, 10, upgrade, code, rollback, ITPro
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@@ -560,11 +560,13 @@ For more information, see [How to perform a clean boot in Windows](https://suppo
 
 </TABLE>
 
+
 ### 0x800xxxxx
 
+
 Result codes starting with the digits 0x800 are also important to understand. These error codes indicate general operating system errors, and are not unique to the Windows upgrade process. Examples include timeouts, devices not functioning, and a process stopping unexpectedly.
 
-<P>See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
+See the following general troubleshooting procedures associated with a result code of 0x800xxxxx:
 
 <TABLE border=1 cellspacing=0 cellpadding=0>
 
diff --git a/windows/keep-secure/bitlocker-group-policy-settings.md b/windows/keep-secure/bitlocker-group-policy-settings.md
index 8f5aa0a1af..252b46ba59 100644
--- a/windows/keep-secure/bitlocker-group-policy-settings.md
+++ b/windows/keep-secure/bitlocker-group-policy-settings.md
@@ -37,6 +37,7 @@ The following policy settings can be used to determine how a BitLocker-protected
 -   [Require additional authentication at startup](#bkmk-unlockpol1)
 -   [Allow enhanced PINs for startup](#bkmk-unlockpol2)
 -   [Configure minimum PIN length for startup](#bkmk-unlockpol3)
+-   [Disable new DMA devices when this computer is locked](#disable-new-dma-devices-when-this-computer-is-locked)
 -   [Disallow standard users from changing the PIN or password](#bkmk-dpinchange)
 -   [Configure use of passwords for operating system drives](#bkmk-ospw)
 -   [Require additional authentication at startup (Windows Server 2008 and Windows Vista)](#bkmk-unlockpol4)
@@ -355,6 +356,24 @@ This policy setting is used to set a minimum PIN length when you use an unlock m
 
 This policy setting is applied when you turn on BitLocker. The startup PIN must have a minimum length of 4 digits and can have a maximum length of 20 digits.
 
+### Disable new DMA devices when this computer is locked
+
+This policy setting allows you to block direct memory access (DMA) for all hot pluggable PCI ports until a user signs in to Windows.
+
+|                    |                      |
+|--------------------|----------------------|
+| Policy description | This setting helps prevent attacks that use external PCI-based devices to access BitLocker keys. |
+| Introduced         | Windows 10, version 1703 |
+| Drive type         | Operating system drives  |
+| Policy path        | Computer Configuration\Administrative Templates\Windows Components\BitLocker Drive Encryption\Operating System Drives|
+| Conflicts          | None                     |
+| When enabled       | Every time the user locks the screen, DMA will be blocked on hot pluggable PCI ports until the user signs in again. |
+| When disabled or not configured | DMA is available on hot pluggable PCI devices if the device is turned on, regardless of whether a user is signed in.|
+
+**Reference**
+
+This policy setting is only enforced when BitLocker or device encyption is enabled.
+
 ### <a href="" id="bkmk-dpinchange"></a>Disallow standard users from changing the PIN or password
 
 This policy setting allows you to configure whether standard users are allowed to change the PIN or password that is used to protect the operating system drive.
diff --git a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
index 8ef29a6be5..399486b886 100644
--- a/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/configure-proxy-internet-windows-defender-advanced-threat-protection.md
@@ -45,7 +45,7 @@ Configure a registry-based static proxy to allow only Windows Defender ATP senso
 
 The static proxy is configurable through Group Policy (GP). The group policy can be found under: **Administrative Templates > Windows Components > Data Collection and Preview Builds > Configure connected user experiences and telemetry**.
 
-The policy sets two registry values `TelemetryProxyServer` as REG_SZ and `DisableEnterpriseAuthProxy` as REG_DWORD under the registry key `HKLM\Software\Policies\Microsoft\Windows\DisableEnterpriseAuthProxy`.
+The policy sets two registry values `TelemetryProxyServer` as REG_SZ and `DisableEnterpriseAuthProxy` as REG_DWORD under the registry key `HKLM\Software\Policies\Microsoft\Windows\DisableEnterpriseAuthProxy\DataCollection`.
 
 The registry value `TelemetryProxyServer` takes the following string format:
 
diff --git a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
index 9a231875f8..b632c08944 100644
--- a/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/minimum-requirements-windows-defender-advanced-threat-protection.md
@@ -117,4 +117,4 @@ If you're running Windows Defender as the primary antimalware product on your en
 
 If you're running a third-party antimalware client and use Mobile Device Management solutions or System Center Configuration Manager (current branch) version 1606, you'll need to ensure that the Windows Defender ELAM driver is enabled. For more information, see [Ensure that Windows Defender is not disabled by policy](troubleshoot-onboarding-windows-defender-advanced-threat-protection.md#ensure-that-windows-defender-is-not-disabled-by-a-policy).
 
->Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-abovefoldlink1)
+>Want to experience Windows Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=technet-wd-atp-minreq-belowfoldlink1)
diff --git a/windows/keep-secure/windows-defender-advanced-threat-protection.md b/windows/keep-secure/windows-defender-advanced-threat-protection.md
index 0a9feddff7..0963cb7037 100644
--- a/windows/keep-secure/windows-defender-advanced-threat-protection.md
+++ b/windows/keep-secure/windows-defender-advanced-threat-protection.md
@@ -27,6 +27,8 @@ localizationpriority: high
 
 Windows Defender Advanced Threat Protection (Windows Defender ATP) is a security service that enables enterprise customers to detect, investigate, and respond to advanced threats on their networks.
 
+Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see (Windows Defender ATP for Windows 10 Creators Update)[https://technet.microsoft.com/en-au/windows/mt782787].
+
 Windows Defender ATP uses the following combination of technology built into Windows 10 and Microsoft's robust cloud service:
 
 -   **Endpoint behavioral sensors**: Embedded in Windows 10, these sensors
diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md
index 3995354bb7..f10f250341 100644
--- a/windows/whats-new/whats-new-windows-10-version-1703.md
+++ b/windows/whats-new/whats-new-windows-10-version-1703.md
@@ -12,12 +12,12 @@ ms.assetid: dca7c655-c4f6-45f8-aa02-64187b202617
 
 # What's new in Windows 10, version 1703 IT pro content
 
-Below is a list of some of the new and updated content that discusses Information Technology (IT) pro features in Windows 10, version 1703 (also known as the Creators Update). 
+Below is a list of some of the new and updated content that discusses Information Technology (IT) pro features in Windows 10, version 1703 (also known as the Creators Update).
 
 For more general info about Windows 10 features, see [Features available only on Windows 10](https://www.microsoft.com/windows/features). For info about previous versions of Windows 10, see [What's New in Windows 10](index.md). Also see this blog post: [What’s new for IT pros in the Windows 10 Creators Update](https://blogs.technet.microsoft.com/windowsitpro/2017/04/05/whats-new-for-it-pros-in-the-windows-10-creators-update/).
 
 >[!NOTE]
->Windows 10, version 1703 contains all fixes included in previous cumulative updates to Windows 10, version 1607. For info about each version, see [Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info). For a list of removed features, see [Features that are removed or deprecated in Windows 10 Creators Update](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update). 
+>Windows 10, version 1703 contains all fixes included in previous cumulative updates to Windows 10, version 1607. For info about each version, see [Windows 10 release information](https://technet.microsoft.com/en-us/windows/release-info). For a list of removed features, see [Features that are removed or deprecated in Windows 10 Creators Update](https://support.microsoft.com/help/4014193/features-that-are-removed-or-deprecated-in-windows-10-creators-update).
  
 ## Configuration
 
@@ -121,6 +121,8 @@ New features in Windows Defender Advanced Threat Protection (ATP) for Windows 10
 
 You can read more about ransomware mitigations and detection capability in Windows Defender Advanced Threat Protection in the blog: [Averting ransomware epidemics in corporate networks with Windows Defender ATP](https://blogs.technet.microsoft.com/mmpc/2017/01/30/averting-ransomware-epidemics-in-corporate-networks-with-windows-defender-atp/).
 
+Get a quick, but in-depth overview of Windows Defender ATP for Windows 10 and the new capabilities in Windows 10, version 1703 see (Windows Defender ATP for Windows 10 Creators Update)[https://technet.microsoft.com/en-au/windows/mt782787].
+
 ### Windows Defender Antivirus
 Windows Defender is now called Windows Defender Antivirus, and we've [increased the breadth of the documentation library for enterprise security admins](../keep-secure/windows-defender-antivirus-in-windows-10.md).
 
@@ -160,7 +162,7 @@ A new security policy setting
 
 ### Windows Hello for Business
 
-You can now reset a forgotten PIN without deleting company managed data or apps on devices managed by [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune). 
+You can now reset a forgotten PIN without deleting company managed data or apps on devices managed by [Microsoft Intune](https://www.microsoft.com/cloud-platform/microsoft-intune).
 
 For Windows Phone devices, an adminisrator is able to initiate a remote PIN reset through the Intune portal.
 
@@ -185,7 +187,7 @@ We recently added the option to download Windows 10 Insider Preview builds using
 With changes delivered in Windows 10, version 1703, [Express updates](../update/waas-optimize-windows-10-updates.md#express-update-delivery) are now fully supported with System Center Configuration Manager, starting with version 1702 of Configuration Manager, as well as with other third-party updating and management products that [implement this new functionality](https://technet.microsoft.com/windows-server-docs/management/windows-server-update-services/deploy/express-update-delivery-isv-support). This is in addition to current Express support on Windows Update, Windows Update for Business and WSUS.
 
 >[!NOTE]
-> The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update. 
+> The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update.
 
 Delivery Optimization policies now enable you to configure additional restrictions to have more control in various scenarios.
 
@@ -220,7 +222,7 @@ Some of the other new CSPs are:
 
 - The [Office CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/office-csp) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool. For more information, see [Configuration options for the Office Deployment Tool](https://technet.microsoft.com/library/jj219426.aspx).
 
-- The [EnterpriseAppVManagement CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by MDM. 
+- The [EnterpriseAppVManagement CSP](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/enterpriseappvmanagement-csp) is used to manage virtual applications in Windows 10 PCs (Enterprise and Education editions) and enables App-V sequenced apps to be streamed to PCs even when managed by MDM.
 
 IT pros can use the new [MDM Migration Analysis Tool (MMAT)](http://aka.ms/mmat) to determine which Group Policy settings have been configured for a user or computer and cross-reference those settings against a built-in list of supported MDM policies. MMAT can generate both XML and HTML reports indicating the level of support for each Group Policy setting and MDM equivalents.
 
@@ -233,7 +235,7 @@ The Windows version of mobile application management (MAM) is a lightweight solu
 For more info, see [Implement server-side support for mobile application management on Windows](https://msdn.microsoft.com/windows/hardware/commercialize/customize/mdm/implement-server-side-mobile-application-management).
 
 ### MDM diagnostics		
-	
+
 In Windows 10, version 1703, we continue our work to improve the diagnostic experience for modern management. By introducing auto-logging for mobile devices, Windows will automatically collect logs when encountering an error in MDM, eliminating the need to have always-on logging for memory-constrained devices. Additionally, we are introducing [Microsoft Message Analyzer](https://www.microsoft.com/download/details.aspx?id=44226) as an additional tool to help Support personnel quickly reduce issues to their root cause, while saving time and cost.
 
 ### Application Virtualization for Windows (App-V)
