From 5804004f5447536c52b869b4ae34528398e85bbb Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 3 Jan 2017 07:25:13 -0800
Subject: [PATCH 1/3] format

---
 windows/manage/configure-devices-without-mdm.md | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/windows/manage/configure-devices-without-mdm.md b/windows/manage/configure-devices-without-mdm.md
index b28734a5f6..7b63a5986b 100644
--- a/windows/manage/configure-devices-without-mdm.md
+++ b/windows/manage/configure-devices-without-mdm.md
@@ -104,11 +104,13 @@ When you run Windows ICD, you have several options for creating your package.
 6. Toggle **On** or **Off** for wireless network connectivity. If you select **On**, enter the SSID, type, and (if required) password for the wireless network.
 7. Click **Enroll into Active Directory**.
 8. Toggle **Yes** or **No** for Active Directory enrollment. If you select **Yes**, enter the credentials for an account with permissions to enroll the device. (Optional) Enter a user name and password to create a local administrator account.
+
     > [!WARNING]
     > If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you will have to reimage the device and start over. As a best practice, we recommend:
     - Use a least-privileged domain account to join the device to the domain.
     - Create a temporary administrator account to use for debugging or reprovisioning if the device fails to enroll successfully.
     - [Use Group Policy to delete the temporary administrator account](https://blogs.technet.microsoft.com/canitpro/2014/12/10/group-policy-creating-a-standard-local-admin-account/) after the device is enrolled in Active Directory.
+    
 9. Click **Finish**.
 10. Review your settings in the summary. You can return to previous pages to change your selections. Then, under **Protect your package**, toggle **Yes** or **No** to encrypt the provisioning package. If you select **Yes**, enter a password. This password must be entered to apply the encrypted provisioning package.
 11. Click **Create**.

From 23542380d3de9a8a7eaec1ab4de3eab133e6c019 Mon Sep 17 00:00:00 2001
From: Justinha <Justinha@Microsoft.com>
Date: Tue, 3 Jan 2017 09:21:23 -0800
Subject: [PATCH 2/3] added changed WMI filter topic for Dec

---
 .../change-history-for-keep-windows-10-secure.md           | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/windows/keep-secure/change-history-for-keep-windows-10-secure.md b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
index 759d44b4af..e17a75ec92 100644
--- a/windows/keep-secure/change-history-for-keep-windows-10-secure.md
+++ b/windows/keep-secure/change-history-for-keep-windows-10-secure.md
@@ -12,6 +12,13 @@ author: brianlic-msft
 # Change history for Keep Windows 10 secure
 This topic lists new and updated topics in the [Keep Windows 10 secure](index.md) documentation for [Windows 10 and Windows 10 Mobile](../index.md).
 
+## December 2016
+
+| New or changed topic | Description |
+| --- | --- |
+|[Create WMI Filters for the GPO](create-wmi-filters-for-the-gpo.md) |Added filter examples for Windows 10 and Windows Server 2016. |
+
+
 ## November 2016
 | New or changed topic | Description |
 | --- | --- |

From d0f4e623458589f75398a15c7b1e9b28c67e9c4c Mon Sep 17 00:00:00 2001
From: jdeckerMS <jdecker@microsoft.com>
Date: Tue, 3 Jan 2017 09:48:40 -0800
Subject: [PATCH 3/3] format

---
 windows/manage/configure-devices-without-mdm.md | 1 +
 1 file changed, 1 insertion(+)

diff --git a/windows/manage/configure-devices-without-mdm.md b/windows/manage/configure-devices-without-mdm.md
index 7b63a5986b..d5f5cf6cc2 100644
--- a/windows/manage/configure-devices-without-mdm.md
+++ b/windows/manage/configure-devices-without-mdm.md
@@ -107,6 +107,7 @@ When you run Windows ICD, you have several options for creating your package.
 
     > [!WARNING]
     > If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you will have to reimage the device and start over. As a best practice, we recommend:
+    
     - Use a least-privileged domain account to join the device to the domain.
     - Create a temporary administrator account to use for debugging or reprovisioning if the device fails to enroll successfully.
     - [Use Group Policy to delete the temporary administrator account](https://blogs.technet.microsoft.com/canitpro/2014/12/10/group-policy-creating-a-standard-local-admin-account/) after the device is enrolled in Active Directory.