From c3601295409d69a476a42e3a53b32908d2ba1251 Mon Sep 17 00:00:00 2001
From: scooley <scooley@microsoft.com>
Date: Thu, 9 Jan 2020 20:56:42 -0800
Subject: [PATCH 1/7] accounts page

---
 devices/hololens/TOC.md                      |   1 +
 devices/hololens/hololens-users-and-login.md | 107 +++++++++++++++++++
 2 files changed, 108 insertions(+)
 create mode 100644 devices/hololens/hololens-users-and-login.md
diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index 6dcad5821b..6c05262061 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -32,6 +32,7 @@
 ## [Create, share, and view photos and video](holographic-photos-and-videos.md)
 
 # User management and access management
+## [Accounts on HoloLens](hololens-users-and-login.md)
 ## [Share your HoloLens with multiple people](hololens-multiple-users.md)
 ## [Set up HoloLens as a kiosk (single application access)](hololens-kiosk.md)
 ## [Set up limited application access](hololens-kiosk.md)
diff --git a/devices/hololens/hololens-users-and-login.md b/devices/hololens/hololens-users-and-login.md
new file mode 100644
index 0000000000..e4fa459ea8
--- /dev/null
+++ b/devices/hololens/hololens-users-and-login.md
@@ -0,0 +1,107 @@
+---
+title: Managing user identity and login on HoloLens
+description: Manage user identity, security, and login on HoloLens.
+keywords: HoloLens, user, account, aad, adfs, microsoft account, msa, credentials, reference
+ms.assetid: 728cfff2-81ce-4eb8-9aaa-0a3c3304660e
+author: scooley
+ms.author: scooley
+ms.date: 1/6/2019
+ms.prod: hololens
+ms.sitesec: library
+ms.localizationpriority: medium
+audience: ITPro
+manager: jarrettr
+appliesto:
+- HoloLens (1st gen)
+- HoloLens 2
+---
+
+# User identity and login
+
+> [!NOTE]
+> This is technical reference article for IT Pros and tech enthusiasts.  If you're looking HoloLens set up instructions, read "[Setting up your HoloLens (1st gen)](hololens1-start.md)" or "[Setting up your HoloLens2](hololens2-start.md)".
+
+HoloLens supports several kinds of user identities and lets you sign in with one or more user accounts.  Identity on HoloLens is almost identical to other Windows 10 devices; this article is a deep dive reference for identity on HoloLens with extra focus on how HoloLens differs from Windows 10.
+
+Here's an overview of the identity types and authentication options on HoloLens:
+
+| Identity type | Accounts per device | Authentication options |
+| --- | --- | --- |
+| [Azure Active Directory (AAD)](https://docs.microsoft.com/azure/active-directory/) | 32 (see details) | Azure web credential provider </br>Azure Authenticator App </br>Biometric (Iris) - HoloLens 2 only </br>PIN - Optional on HoloLens (1st gen), Required on HoloLens 2 </br> Password |
+| [Microsoft Account (MSA)](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts) | 1 | Biometric (Iris) - HoloLens 2 only </br>PIN - Optional on HoloLens (1st gen), Required on HoloLens 2 </br> Password |
+| [local account](https://docs.microsoft.com/windows/security/identity-protection/access-control/local-accounts) | 1 | Password |
+
+Cloud connected accounts (AAD and MSA) offer more features because they can use Azure services.  Similarly to Windows on other devices, HoloLens always runs the operating system with a user context (there will always be a user identity).
+
+## Setting up users
+
+The most common way to set up a new user is during the HoloLens out of box experience (OOBE).  During set-up, HoloLens prompts for a user to sign in with the account they want to use on the device. This account can be a consumer Microsoft account or an enterprise account that has been configured in Azure.  See Setting up your [HoloLens (1st gen)](hololens1-start.md) or [HoloLens2](hololens2-start.md).
+
+Like Windows on other devices, signing-in during setup creates a user profile on the device which stores apps and data. The same account also provides Single Sign On for apps such as Edge or Skype via the Windows Account Manager APIs.  
+
+Signing into an enterprise or organizational account on the device will enroll HoloLens in the organization's IT infrastructure.  Your HoloLens will receive company policies via Mobile Device Management (MDM), if configured by your IT Admin.
+
+Like other Windows 10 devices, you'll have to sign-in again when HoloLens restarts or resumes from standby unless explicitly configured differently in Settings or through company policy.
+
+### Linked accounts
+
+Within a single device account, users can link additional web account credentials for the purpose of the easier access within apps (such as the Store) or to combine access to personal and work resources, similar to the Desktop version of Windows. Signing into an additional account in this way does not separate the user data created on the device, such as images or downloads. Once an account has been connected to a device, apps can make use of it with your permission to reduce having to sign into each app individually.
+
+### Setting up multi-user support (AAD only)
+
+> [!NOTE]
+> **HoloLens (1st gen)** began supporting multiple AAD users in the [Windows 10 April 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018) as part of [Windows Holographic for Business](hololens-upgrade-enterprise.md).
+
+HoloLens supports multiple users from the same AAD tenant. To use this you must set up the device initially with an account that belongs to your organization. Subsequently, other users from the same tenant will be able to sign into the device from the sign-in screen or by tapping the user tile on the Start panel to sign out the existing user.  
+
+Apps installed on the device will be available to all other users, but each will have their own app data and preferences. Removing an app will also remove it for all other users though.  
+
+## Removing users
+
+You can remove device users from the device to reclaim space by going to **Settings** > **Accounts** > **Other people**. This will also remove all of the users' app data from the device.  
+
+## Using single sign-on within an app
+
+As an app developer, you can take advantage of having a connected identity on HoloLens with the [Windows Account Manager APIs](https://msdn.microsoft.com/library/windows/apps/xaml/windows.security.authentication.web.core.aspx), just as you would on other Windows devices. Some code samples for these APIs are available [here](http://go.microsoft.com/fwlink/p/?LinkId=620621).
+
+Any account interrupts that may occur such as requesting user consent for account information, two-factor authentication etc. must be handled when the app requests an authentication token.
+
+If your app requires a specific account type that hasn't been linked previously, your app can ask the system to prompt the user to add one. This will trigger the account settings pane to be launched as a modal child of your app. For 2D apps, this window will render directly over the center of your app and for Unity apps, this will briefly take the user out of your holographic app so that this child window can be rendered. Customizing the commands and actions on this pane is described [here](https://msdn.microsoft.com/library/windows/apps/windows.ui.applicationsettings.webaccountcommand.aspx).
+
+## Enterprise and other authentication
+
+If your app makes use of other types of authentication, such as NTLM, Basic, or Kerberos, you can use [Windows Credential UI](https://msdn.microsoft.com/library/windows/apps/windows.security.credentials.ui.aspx) to collect, process, and store the user's credentials. The user experience for collecting these credentials is very similar to other cloud driven account interrupts and will appear as a child app on top of your 2D app or briefly suspend a Unity app to show the UI.
+
+## Deprecated APIs
+
+One difference for developing on HoloLens from Desktop is that [OnlineIDAuthenticator](https://msdn.microsoft.com/library/windows/apps/windows.security.authentication.onlineid.onlineidauthenticator.aspx) API is not fully supported. Although it will return a token if the primary account is in good-standing, interrupts such as those described above will not display any UI for the user, and will fail to correctly authenticate the account.
+
+## Frequently asked questions
+
+### Is Windows Hello for Business supported on HoloLens?
+
+Windows Hello for Business (using a PIN to sign in) is supported for HoloLens. To allow Windows Hello for Business PIN sign-in on HoloLens:
+
+1. The HoloLens device must be [managed by MDM](hololens-enroll-mdm.md).
+2. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello))
+3. On HoloLens, the user can then set up a PIN from **Settings** > **Sign-in Options** > **Add PIN**.
+
+>[!NOTE]
+>Users who sign in with a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview).
+
+#### Does the type of account change the sign-in behavior?
+
+Yes, the behavior for the type of account impacts the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type.
+
+- Microsoft account: signs in automatically
+- Local account: always asks for password, not configurable in **Settings**
+- Azure AD: asks for password by default; configurable by **Settings** to no longer ask for password.
+
+> [!NOTE]
+> Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is only respected when the device goes into StandBy.
+
+## Additional resources
+
+Read much more about user identity protection and authentication on [the Windows 10 security and identity documentation](https://docs.microsoft.com/windows/security/identity-protection/).
+
+Learn more about setting up hybrid identity infrastructure thorough the [Azure Hybrid identity documentation](https://docs.microsoft.com/azure/active-directory/hybrid/).

From d0db8e28904ef032262a39d98b6d309619ec949e Mon Sep 17 00:00:00 2001
From: scooley <scooley@microsoft.com>
Date: Thu, 9 Jan 2020 21:00:01 -0800
Subject: [PATCH 2/7] renamed per naming guidance to remove and from file name

---
 .../{hololens-users-and-login.md => hololens-identity.md}         | 0
 1 file changed, 0 insertions(+), 0 deletions(-)
 rename devices/hololens/{hololens-users-and-login.md => hololens-identity.md} (100%)

diff --git a/devices/hololens/hololens-users-and-login.md b/devices/hololens/hololens-identity.md
similarity index 100%
rename from devices/hololens/hololens-users-and-login.md
rename to devices/hololens/hololens-identity.md

From 20c314841fcbc1b5fc59c60c57fbaafa8115dfb6 Mon Sep 17 00:00:00 2001
From: scooley <scooley@microsoft.com>
Date: Fri, 10 Jan 2020 09:07:09 -0800
Subject: [PATCH 3/7] fixing warnings

---
 devices/hololens/TOC.md               | 2 +-
 devices/hololens/hololens-identity.md | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/devices/hololens/TOC.md b/devices/hololens/TOC.md
index 6c05262061..d9ff00d3a8 100644
--- a/devices/hololens/TOC.md
+++ b/devices/hololens/TOC.md
@@ -32,7 +32,7 @@
 ## [Create, share, and view photos and video](holographic-photos-and-videos.md)
 
 # User management and access management
-## [Accounts on HoloLens](hololens-users-and-login.md)
+## [Accounts on HoloLens](hololens-identity.md)
 ## [Share your HoloLens with multiple people](hololens-multiple-users.md)
 ## [Set up HoloLens as a kiosk (single application access)](hololens-kiosk.md)
 ## [Set up limited application access](hololens-kiosk.md)
diff --git a/devices/hololens/hololens-identity.md b/devices/hololens/hololens-identity.md
index e4fa459ea8..2a6ce48259 100644
--- a/devices/hololens/hololens-identity.md
+++ b/devices/hololens/hololens-identity.md
@@ -62,7 +62,7 @@ You can remove device users from the device to reclaim space by going to **Setti
 
 ## Using single sign-on within an app
 
-As an app developer, you can take advantage of having a connected identity on HoloLens with the [Windows Account Manager APIs](https://msdn.microsoft.com/library/windows/apps/xaml/windows.security.authentication.web.core.aspx), just as you would on other Windows devices. Some code samples for these APIs are available [here](http://go.microsoft.com/fwlink/p/?LinkId=620621).
+As an app developer, you can take advantage of having a connected identity on HoloLens with the [Windows Account Manager APIs](https://msdn.microsoft.com/library/windows/apps/xaml/windows.security.authentication.web.core.aspx), just as you would on other Windows devices. Some code samples for these APIs are available [here](https://go.microsoft.com/fwlink/p/?LinkId=620621).
 
 Any account interrupts that may occur such as requesting user consent for account information, two-factor authentication etc. must be handled when the app requests an authentication token.
 

From 137884177a3e04f1c961aeed4bf4bb566e62a245 Mon Sep 17 00:00:00 2001
From: scooley <scooley@microsoft.com>
Date: Fri, 10 Jan 2020 13:16:46 -0800
Subject: [PATCH 4/7] fixed warnings +assimilated editing

---
 devices/hololens/hololens-identity.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/devices/hololens/hololens-identity.md b/devices/hololens/hololens-identity.md
index 2a6ce48259..122188d5a7 100644
--- a/devices/hololens/hololens-identity.md
+++ b/devices/hololens/hololens-identity.md
@@ -8,6 +8,7 @@ ms.author: scooley
 ms.date: 1/6/2019
 ms.prod: hololens
 ms.sitesec: library
+ms.topic: article
 ms.localizationpriority: medium
 audience: ITPro
 manager: jarrettr
@@ -19,7 +20,7 @@ appliesto:
 # User identity and login
 
 > [!NOTE]
-> This is technical reference article for IT Pros and tech enthusiasts.  If you're looking HoloLens set up instructions, read "[Setting up your HoloLens (1st gen)](hololens1-start.md)" or "[Setting up your HoloLens2](hololens2-start.md)".
+> This is technical reference article for IT Pros and tech enthusiasts.  If you're looking HoloLens setup instructions, read "[Setting up your HoloLens (1st gen)](hololens1-start.md)" or "[Setting up your HoloLens2](hololens2-start.md)".
 
 HoloLens supports several kinds of user identities and lets you sign in with one or more user accounts.  Identity on HoloLens is almost identical to other Windows 10 devices; this article is a deep dive reference for identity on HoloLens with extra focus on how HoloLens differs from Windows 10.
 

From d76599c93ce9778c8e289ecdebcefd1e897e3956 Mon Sep 17 00:00:00 2001
From: Teresa-Motiv <v-tea@microsoft.com>
Date: Fri, 10 Jan 2020 14:14:40 -0800
Subject: [PATCH 5/7] Edits

---
 devices/hololens/hololens-identity.md | 63 ++++++++++++++-------------
 1 file changed, 33 insertions(+), 30 deletions(-)

diff --git a/devices/hololens/hololens-identity.md b/devices/hololens/hololens-identity.md
index 2a6ce48259..077b25e84b 100644
--- a/devices/hololens/hololens-identity.md
+++ b/devices/hololens/hololens-identity.md
@@ -7,6 +7,7 @@ author: scooley
 ms.author: scooley
 ms.date: 1/6/2019
 ms.prod: hololens
+ms.topic: article
 ms.sitesec: library
 ms.localizationpriority: medium
 audience: ITPro
@@ -16,86 +17,88 @@ appliesto:
 - HoloLens 2
 ---
 
-# User identity and login
+# User identity and signin
 
 > [!NOTE]
-> This is technical reference article for IT Pros and tech enthusiasts.  If you're looking HoloLens set up instructions, read "[Setting up your HoloLens (1st gen)](hololens1-start.md)" or "[Setting up your HoloLens2](hololens2-start.md)".
+> This article is technical reference article for IT Pros and tech enthusiasts. If you're looking HoloLens set up instructions, read "[Setting up your HoloLens (1st gen)](hololens1-start.md)" or "[Setting up your HoloLens 2](hololens2-start.md)".
 
-HoloLens supports several kinds of user identities and lets you sign in with one or more user accounts.  Identity on HoloLens is almost identical to other Windows 10 devices; this article is a deep dive reference for identity on HoloLens with extra focus on how HoloLens differs from Windows 10.
+Like other Windows devices, HoloLens always operates under a user context. There is always a user identity. HoloLens treats identity in almost the same manner as other Windows 10 devices do. This article is a deep-dive reference for identity on HoloLens, and focuses on how HoloLens differs from other Windows 10 devices.
 
-Here's an overview of the identity types and authentication options on HoloLens:
+HoloLens supports several kinds of user identities. You can use one or more user accounts to sign in. Here's an overview of the identity types and authentication options on HoloLens:
 
 | Identity type | Accounts per device | Authentication options |
 | --- | --- | --- |
-| [Azure Active Directory (AAD)](https://docs.microsoft.com/azure/active-directory/) | 32 (see details) | Azure web credential provider </br>Azure Authenticator App </br>Biometric (Iris) - HoloLens 2 only </br>PIN - Optional on HoloLens (1st gen), Required on HoloLens 2 </br> Password |
-| [Microsoft Account (MSA)](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts) | 1 | Biometric (Iris) - HoloLens 2 only </br>PIN - Optional on HoloLens (1st gen), Required on HoloLens 2 </br> Password |
-| [local account](https://docs.microsoft.com/windows/security/identity-protection/access-control/local-accounts) | 1 | Password |
+| [Azure Active Directory (AAD)](https://docs.microsoft.com/azure/active-directory/) | 32 (see details) | <ul><li>Azure web credential provider</li><li>Azure Authenticator App</li><li>Biometric (Iris) &ndash; HoloLens 2 only</li><li>PIN &ndash; Optional for HoloLens (1st gen), required for HoloLens 2</li><li>Password</li></ul> |
+| [Microsoft Account (MSA)](https://docs.microsoft.com/windows/security/identity-protection/access-control/microsoft-accounts) | 1 | <ul><li>Biometric (Iris) &ndash; HoloLens 2 only</li><li>PIN &ndash; Optional for HoloLens (1st gen), required for HoloLens 2</li><li>Password</li></ul> |
+| [Local account](https://docs.microsoft.com/windows/security/identity-protection/access-control/local-accounts) | 1 | Password |
 
-Cloud connected accounts (AAD and MSA) offer more features because they can use Azure services.  Similarly to Windows on other devices, HoloLens always runs the operating system with a user context (there will always be a user identity).
+Cloud-connected accounts (AAD and MSA) offer more features because they can use Azure services.  
 
 ## Setting up users
 
-The most common way to set up a new user is during the HoloLens out of box experience (OOBE).  During set-up, HoloLens prompts for a user to sign in with the account they want to use on the device. This account can be a consumer Microsoft account or an enterprise account that has been configured in Azure.  See Setting up your [HoloLens (1st gen)](hololens1-start.md) or [HoloLens2](hololens2-start.md).
+The most common way to set up a new user is during the HoloLens out-of-box experience (OOBE). During setup, HoloLens prompts for a user to sign in by using the account that they want to use on the device. This account can be a consumer Microsoft account or an enterprise account that has been configured in Azure. See Setting up your [HoloLens (1st gen)](hololens1-start.md) or [HoloLens 2](hololens2-start.md).
 
-Like Windows on other devices, signing-in during setup creates a user profile on the device which stores apps and data. The same account also provides Single Sign On for apps such as Edge or Skype via the Windows Account Manager APIs.  
+Like Windows on other devices, signing in during setup creates a user profile on the device. The user profile stores apps and data. The same account also provides Single Sign-on for apps such as Edge or Skype by using the Windows Account Manager APIs.  
 
-Signing into an enterprise or organizational account on the device will enroll HoloLens in the organization's IT infrastructure.  Your HoloLens will receive company policies via Mobile Device Management (MDM), if configured by your IT Admin.
+If you use an enterprise or organizational account to sign in to HoloLens, HoloLens enrolls in the organization's IT infrastructure. This enrollment allows your IT Admin to configure Mobile Device Management (MDM) to send group policies to your HoloLens.
 
-Like other Windows 10 devices, you'll have to sign-in again when HoloLens restarts or resumes from standby unless explicitly configured differently in Settings or through company policy.
+By default, as for other Windows 10 devices, you'll have to sign in again when HoloLens restarts or resumes from standby. You can use the Settings app to change this behavior, or the behavior can be controlled by group policy.
 
 ### Linked accounts
 
-Within a single device account, users can link additional web account credentials for the purpose of the easier access within apps (such as the Store) or to combine access to personal and work resources, similar to the Desktop version of Windows. Signing into an additional account in this way does not separate the user data created on the device, such as images or downloads. Once an account has been connected to a device, apps can make use of it with your permission to reduce having to sign into each app individually.
+As in the Desktop version of Windows, you can link additional web account credentials to your HoloLens account. Such linking makes it easier to access resources across or within apps (such as the Store) or to combine access to personal and work resources. After you connect an account to the device, you can grant permission to use the device to apps so that you don't have to sign in to each app individually.
+
+Linking accounts does not separate the user data created on the device, such as images or downloads.  
 
 ### Setting up multi-user support (AAD only)
 
 > [!NOTE]
 > **HoloLens (1st gen)** began supporting multiple AAD users in the [Windows 10 April 2018 Update](https://docs.microsoft.com/windows/mixed-reality/release-notes-april-2018) as part of [Windows Holographic for Business](hololens-upgrade-enterprise.md).
 
-HoloLens supports multiple users from the same AAD tenant. To use this you must set up the device initially with an account that belongs to your organization. Subsequently, other users from the same tenant will be able to sign into the device from the sign-in screen or by tapping the user tile on the Start panel to sign out the existing user.  
+HoloLens supports multiple users from the same AAD tenant. To use this feature, you must use an account that belongs to your organization to set up the device. Subsequently, other users from the same tenant can sign in to the device from the sign-in screen or by tapping the user tile on the Start panel. Only one user can be signed in at a time. When a user signs in, HoloLens signs out the previous user.  
 
-Apps installed on the device will be available to all other users, but each will have their own app data and preferences. Removing an app will also remove it for all other users though.  
+All users can use the apps installed on the device. However, each user has their own app data and preferences. Removing an app from the device removes it for all users.  
 
 ## Removing users
 
-You can remove device users from the device to reclaim space by going to **Settings** > **Accounts** > **Other people**. This will also remove all of the users' app data from the device.  
+You can remove a user from the device by going to **Settings** > **Accounts** > **Other people**. This action also reclaims space by removing all of that user's app data from the device.  
 
 ## Using single sign-on within an app
 
-As an app developer, you can take advantage of having a connected identity on HoloLens with the [Windows Account Manager APIs](https://msdn.microsoft.com/library/windows/apps/xaml/windows.security.authentication.web.core.aspx), just as you would on other Windows devices. Some code samples for these APIs are available [here](https://go.microsoft.com/fwlink/p/?LinkId=620621).
+As an app developer, you can take advantage of linked identities on HoloLens by using the [Windows Account Manager APIs](https://docs.microsoft.com/uwp/api/Windows.Security.Authentication.Web.Core), just as you would on other Windows devices. Some code samples for these APIs are available [here](https://go.microsoft.com/fwlink/p/?LinkId=620621).
 
-Any account interrupts that may occur such as requesting user consent for account information, two-factor authentication etc. must be handled when the app requests an authentication token.
+Any account interrupts that might occur, such as requesting user consent for account information, two-factor authentication, and so forth, must be handled when the app requests an authentication token.
 
-If your app requires a specific account type that hasn't been linked previously, your app can ask the system to prompt the user to add one. This will trigger the account settings pane to be launched as a modal child of your app. For 2D apps, this window will render directly over the center of your app and for Unity apps, this will briefly take the user out of your holographic app so that this child window can be rendered. Customizing the commands and actions on this pane is described [here](https://msdn.microsoft.com/library/windows/apps/windows.ui.applicationsettings.webaccountcommand.aspx).
+If your app requires a specific account type that hasn't been linked previously, your app can ask the system to prompt the user to add one. This request triggers the account settings pane to launch as a modal child of your app. For 2D apps, this window renders directly over the center of your app. For Unity apps, this request briefly takes the user out of your holographic app to render the child window. For information about customizing the commands and actions on this pane, see [WebAccountCommand Class](https://docs.microsoft.com/uwp/api/Windows.UI.ApplicationSettings.WebAccountCommand).
 
 ## Enterprise and other authentication
 
-If your app makes use of other types of authentication, such as NTLM, Basic, or Kerberos, you can use [Windows Credential UI](https://msdn.microsoft.com/library/windows/apps/windows.security.credentials.ui.aspx) to collect, process, and store the user's credentials. The user experience for collecting these credentials is very similar to other cloud driven account interrupts and will appear as a child app on top of your 2D app or briefly suspend a Unity app to show the UI.
+If your app uses other types of authentication, such as NTLM, Basic, or Kerberos, you can use [Windows Credential UI](https://docs.microsoft.com/en-us/uwp/api/Windows.Security.Credentials.UI) to collect, process, and store the user's credentials. The user experience for collecting these credentials is very similar to other cloud-driven account interrupts, and appears as a child app on top of your 2D app or briefly suspends a Unity app to show the UI.
 
 ## Deprecated APIs
 
-One difference for developing on HoloLens from Desktop is that [OnlineIDAuthenticator](https://msdn.microsoft.com/library/windows/apps/windows.security.authentication.onlineid.onlineidauthenticator.aspx) API is not fully supported. Although it will return a token if the primary account is in good-standing, interrupts such as those described above will not display any UI for the user, and will fail to correctly authenticate the account.
+One way in which developing for HoloLens differs from developing for Desktop is that the [OnlineIDAuthenticator](https://docs.microsoft.com/uwp/api/Windows.Security.Authentication.OnlineId.OnlineIdAuthenticator) API is not fully supported. Although the API returns a token if the primary account is in good-standing, interrupts such as those described in this article do not display any UI for the user and fail to correctly authenticate the account.
 
 ## Frequently asked questions
 
 ### Is Windows Hello for Business supported on HoloLens?
 
-Windows Hello for Business (using a PIN to sign in) is supported for HoloLens. To allow Windows Hello for Business PIN sign-in on HoloLens:
+Windows Hello for Business (which supports using a PIN to sign in) is supported for HoloLens. To allow Windows Hello for Business PIN sign-in on HoloLens:
 
 1. The HoloLens device must be [managed by MDM](hololens-enroll-mdm.md).
-2. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello))
-3. On HoloLens, the user can then set up a PIN from **Settings** > **Sign-in Options** > **Add PIN**.
+1. You must enable Windows Hello for Business for the device. ([See instructions for Microsoft Intune.](https://docs.microsoft.com/intune/windows-hello))
+1. On HoloLens, the user can then use **Settings** > **Sign-in Options** > **Add PIN** to set up a PIN.
 
->[!NOTE]
->Users who sign in with a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview).
+> [!NOTE]
+> Users who sign in by using a Microsoft account can also set up a PIN in **Settings** > **Sign-in Options** > **Add PIN**. This PIN is associated with [Windows Hello](https://support.microsoft.com/help/17215/windows-10-what-is-hello), rather than [Windows Hello for Business](https://docs.microsoft.com/windows/security/identity-protection/hello-for-business/hello-overview).
 
 #### Does the type of account change the sign-in behavior?
 
-Yes, the behavior for the type of account impacts the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type.
+Yes, the behavior for the type of account affects the sign-in behavior. If you apply policies for sign-in, the policy is always respected. If no policy for sign-in is applied, these are the default behaviors for each account type:
 
-- Microsoft account: signs in automatically
-- Local account: always asks for password, not configurable in **Settings**
-- Azure AD: asks for password by default; configurable by **Settings** to no longer ask for password.
+- **Microsoft account**: signs in automatically
+- **Local account**: always asks for password, not configurable in **Settings**
+- **Azure AD**: asks for password by default, and configurable by **Settings** to no longer ask for password.
 
 > [!NOTE]
 > Inactivity timers are currently not supported, which means that the **AllowIdleReturnWithoutPassword** policy is only respected when the device goes into StandBy.

From 8adc3a0b2a63836217735d312c2c54d8754f6a83 Mon Sep 17 00:00:00 2001
From: Teresa-Motiv <v-tea@microsoft.com>
Date: Fri, 10 Jan 2020 14:19:58 -0800
Subject: [PATCH 6/7] typo

---
 devices/hololens/hololens-identity.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devices/hololens/hololens-identity.md b/devices/hololens/hololens-identity.md
index 82cef91531..0a0cd05c53 100644
--- a/devices/hololens/hololens-identity.md
+++ b/devices/hololens/hololens-identity.md
@@ -21,7 +21,7 @@ appliesto:
 # User identity and signin
 
 > [!NOTE]
-> This article is a technical reference for IT Pros and tech enthusiasts. If you're looking HoloLens set up instructions, read "[Setting up your HoloLens (1st gen)](hololens1-start.md)" or "[Setting up your HoloLens 2](hololens2-start.md)".
+> This article is a technical reference for IT Pros and tech enthusiasts. If you're looking for HoloLens set up instructions, read "[Setting up your HoloLens (1st gen)](hololens1-start.md)" or "[Setting up your HoloLens 2](hololens2-start.md)".
 
 Like other Windows devices, HoloLens always operates under a user context. There is always a user identity. HoloLens treats identity in almost the same manner as other Windows 10 devices do. This article is a deep-dive reference for identity on HoloLens, and focuses on how HoloLens differs from other Windows 10 devices.
 

From 7de51467fbd712f49f6aff82fa0ea70b4378b4db Mon Sep 17 00:00:00 2001
From: "v-tea@microsoft.com" <46357187+Teresa-Motiv@users.noreply.github.com>
Date: Fri, 10 Jan 2020 14:29:07 -0800
Subject: [PATCH 7/7] Link fix

---
 devices/hololens/hololens-identity.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/devices/hololens/hololens-identity.md b/devices/hololens/hololens-identity.md
index 0a0cd05c53..3cc6cc4cfc 100644
--- a/devices/hololens/hololens-identity.md
+++ b/devices/hololens/hololens-identity.md
@@ -74,7 +74,7 @@ If your app requires a specific account type that hasn't been linked previously,
 
 ## Enterprise and other authentication
 
-If your app uses other types of authentication, such as NTLM, Basic, or Kerberos, you can use [Windows Credential UI](https://docs.microsoft.com/en-us/uwp/api/Windows.Security.Credentials.UI) to collect, process, and store the user's credentials. The user experience for collecting these credentials is very similar to other cloud-driven account interrupts, and appears as a child app on top of your 2D app or briefly suspends a Unity app to show the UI.
+If your app uses other types of authentication, such as NTLM, Basic, or Kerberos, you can use [Windows Credential UI](https://docs.microsoft.com/uwp/api/Windows.Security.Credentials.UI) to collect, process, and store the user's credentials. The user experience for collecting these credentials is very similar to other cloud-driven account interrupts, and appears as a child app on top of your 2D app or briefly suspends a Unity app to show the UI.
 
 ## Deprecated APIs
 
