diff --git a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
index 681806fa2d..9c23328285 100644
--- a/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
+++ b/mdop/uev-v2/microsoft-user-experience-virtualization--ue-v--20-release-notesuevv2.md
@@ -32,55 +32,55 @@ This section contains release notes for User Experience Virtualization.
When a computer has an application that is installed through both Application Virtualization (App-V) and a locally with a Windows Installer (.msi) file, the registry-based settings do not synchronize between the technologies.
-WORKAROUND: To resolve this problem, run the application by selecting one of the two technologies, but not both.
+**WORKAROUND:** To resolve this problem, run the application by selecting one of the two technologies, but not both.
### Settings do not synchronization when network share is outside user’s domain
When Windows® 8 attempts operating system settings synchronization, the synchronization fails with the following error message: **boost::filesystem::exists::Incorrect user name or password**. This error can indicate that the network share is outside the user’s domain or a domain with a trust relationship to that domain. To check for operational log events, open the **Event Viewer** and navigate to **Applications and Services Logs** / **Microsoft** / **User Experience Virtualization** / **Logging** / **Operational**. Network shares that are used for UE-V settings storage locations should reside in the same Active Directory domain as the user or a trusted domain of the user’s domain.
-WORKAROUND: Use network shares from the same Active Directory domain as the user.
+**WORKAROUND:** Use network shares from the same Active Directory domain as the user.
### Unpredictable results with both Office 2010 and Office 2013 installed
When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be quite large or result in unpredictable conflicts with 2013, particularly if Office 365 is used.
-WORKAROUND: Install only one version of Office or limit which settings are synchronized by UE-V.
+**WORKAROUND:** Install only one version of Office or limit which settings are synchronized by UE-V.
### Uninstall and re-install of Windows 8 app reverts settings to initial state
While using UE-V settings synchronization for a Windows 8 app, if the user uninstalls the app and then reinstalls the app, the app’s settings revert to their default values. This happens because the uninstall removes the local (cached) copy of the app’s settings but does not remove the local UE-V settings package. When the app is reinstalled and launched, UE-V gather the app settings that were reset to the app defaults and then uploads the default settings to the central storage location. Other computers running the app then download the default settings. This behavior is identical to the behavior of desktop applications.
-WORKAROUND: None.
+**WORKAROUND:** None.
### Email signature roaming for Outlook 2010
UE-V will roam the Outlook 2010 signature files between devices. However, the default signature options for new messages and replies or forwards are not synchronized. These two settings are stored in the Outlook profile, which UE-V does not roam.
-WORKAROUND: None.
+**WORKAROUND:** None.
### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click here. ([http://office.microsoft.com/word-help/choose-the-32-bit-or-64-bit-version-of-microsoft-office-HA010369476.aspx](https://go.microsoft.com/fwlink/?LinkID=247623)). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 64-bit version of Microsoft Office for modern computers. To determine which version you you need, [click here](https://support.office.com/article/choose-between-the-64-bit-or-32-bit-version-of-office-2dee7807-8f95-4d0c-b5fe-6c6f49b8d261?ui=en-US&rs=en-US&ad=US#32or64Bit=Newer_Versions).
-WORKAROUND: None
+**WORKAROUND:** None
### MSI’s are not localized
UE-V 2.0 includes a localized setup program for both the UE-V Agent and UE-V generator. These MSI files are still available but the user interface is minimized and the MSI’s only display in English. Despite the file being in English, the setup program installs all supported languages during the installation.
-WORKAROUND: None
+**WORKAROUND:** None
### Favicons that are associated with Internet Explorer 9 favorites do not roam
The favicons that are associated with Internet Explorer 9 favorites are not roamed by User Experience Virtualization and do not appear when the favorites first appear on a new computer.
-WORKAROUND: Favicons will appear with their associated favorites once the bookmark is used and cached in the Internet Explorer 9 browser.
+**WORKAROUND:** Favicons will appear with their associated favorites once the bookmark is used and cached in the Internet Explorer 9 browser.
### File settings paths are stored in registry
Some application settings store the paths of their configuration and settings files as values in the registry. The files that are referenced as paths in the registry must be synchronized when settings are roamed between computers.
-WORKAROUND: Use folder redirection or some other technology to ensure that any files that are referenced as file settings paths are present and placed in the same location on all computers where settings roam.
+**WORKAROUND:** Use folder redirection or some other technology to ensure that any files that are referenced as file settings paths are present and placed in the same location on all computers where settings roam.
### Long Settings Storage Paths could cause an error
@@ -90,25 +90,25 @@ Keep settings storage paths as short as possible. Long paths could prevent resol
To check the operational log events, open the Event Viewer and navigate to Applications and Services Logs / Microsoft / User Experience Virtualization / Logging / Operational.
-WORKAROUND: None.
+**WORKAROUND:** None.
### Some operating system settings only roam between like operating system versions
Operating system settings for Narrator and currency characters specific to the locale (i.e. language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8.
-WORKAROUND: None
+**WORKAROUND:** None
### Windows 8 apps do not sync settings when the app restarts after closing unexpectedly
If a Windows 8 app closes unexpectedly soon after startup, settings for the application may not be synchronized when the application is restarted.
-WORKAROUND: Close the Windows 8 app, close and restart the UevAppMonitor.exe application (can use TaskManager), and then restart the Windows 8 app.
+**WORKAROUND:** Close the Windows 8 app, close and restart the UevAppMonitor.exe application (can use TaskManager), and then restart the Windows 8 app.
### UE-V 1 agent generates errors when running UE-V 2 templates
If a UE-V 2 settings location template is distributed to a computer installed with a UE-V 1 agent, some settings fail to synchronize between computers and the agent reports errors in the event log.
-WORKAROUND: When migrating from UE-V 1 to UE-V 2 and it is likely you’ll have computers running the previous version of the agent, create a separate UE-V 2.0 catalog to support the UE-V 2.0 Agent and templates.
+**WORKAROUND:** When migrating from UE-V 1 to UE-V 2 and it is likely you’ll have computers running the previous version of the agent, create a separate UE-V 2.0 catalog to support the UE-V 2.0 Agent and templates.
## Hotfixes and Knowledge Base articles for UE-V 2.0
diff --git a/windows/client-management/mdm/oma-dm-protocol-support.md b/windows/client-management/mdm/oma-dm-protocol-support.md
index 29344603d2..72df15b90d 100644
--- a/windows/client-management/mdm/oma-dm-protocol-support.md
+++ b/windows/client-management/mdm/oma-dm-protocol-support.md
@@ -314,13 +314,13 @@ For more information about Basic or MD5 client authentication, MD5 server authen
## User targeted vs. Device targeted configuration
-For CSPs and policies that supports per user configuration, MDM server could send user targeted setting values to the device the user that enrolled MDM is actively logged in. The device notifies the server the login status via a device alert (1224) with Alert type = in DM pkg\#1.
+For CSPs and policies that support per user configuration, the MDM server can send user targeted setting values to the device that a MDM-enrolled user is actively logged into. The device notifies the server of the login status via a device alert (1224) with Alert type = in DM pkg\#1.
The data part of this alert could be one of following strings:
-- user – the user that enrolled the device is actively login. The MDM server could send user specific configuration for CSPs/policies that support per user configuration
+- user – the user that enrolled the device is actively logged in. The MDM server could send user specific configuration for CSPs/policies that support per user configuration
- others – another user login but that user does not have an MDM account. The server can only apply device wide configuration, e.g. configuration applies to all users in the device.
-- none – no active user login. The server can only apply device wide configuration and available configuration is restricted to the device environment (no active user login
+- none – no active user login. The server can only apply device wide configuration and available configuration is restricted to the device environment (no active user login).
Below is an alert example:
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index 61f823bd03..a976e68696 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -422,7 +422,7 @@ To enable this policy, use the following SyncML. This example prevents Windows f
$CmdID$
- ./Device/Vendor/MSFT/Policy/Config/PreventInstallationOfDevicesNotDescribedByOtherPolicySettings
+ ./Device/Vendor/MSFT/Policy/Config/DeviceInstallation/PreventInstallationOfDevicesNotDescribedByOtherPolicySettingsstring
diff --git a/windows/configuration/TOC.md b/windows/configuration/TOC.md
index 6be8931eeb..c0ad05a8bd 100644
--- a/windows/configuration/TOC.md
+++ b/windows/configuration/TOC.md
@@ -79,6 +79,7 @@
#### [DeviceFormFactor](wcd/wcd-deviceformfactor.md)
#### [DeviceInfo](wcd/wcd-deviceinfo.md)
#### [DeviceManagement](wcd/wcd-devicemanagement.md)
+#### [DeviceUpdateCenter](wcd/wcd-deviceupdatecenter.md)
#### [DMClient](wcd/wcd-dmclient.md)
#### [EditionUpgrade](wcd/wcd-editionupgrade.md)
#### [EmbeddedLockdownProfiles](wcd/wcd-embeddedlockdownprofiles.md)
@@ -102,6 +103,7 @@
#### [OtherAssets](wcd/wcd-otherassets.md)
#### [Personalization](wcd/wcd-personalization.md)
#### [Policies](wcd/wcd-policies.md)
+#### [Privacy](wcd/wcd-privacy.md)
#### [ProvisioningCommands](wcd/wcd-provisioningcommands.md)
#### [RcsPresence](wcd/wcd-rcspresence.md)
#### [SharedPC](wcd/wcd-sharedpc.md)
@@ -110,11 +112,13 @@
#### [Start](wcd/wcd-start.md)
#### [StartupApp](wcd/wcd-startupapp.md)
#### [StartupBackgroundTasks](wcd/wcd-startupbackgroundtasks.md)
+#### [StorageD3InModernStandby](wcd/wcd-storaged3inmodernstandby.md)
#### [SurfaceHubManagement](wcd/wcd-surfacehubmanagement.md)
#### [TabletMode](wcd/wcd-tabletmode.md)
#### [TakeATest](wcd/wcd-takeatest.md)
#### [TextInput](wcd/wcd-textinput.md)
-#### [Theme](wcd/wcd-theme.md)
+#### [Theme](wcd/wcd-theme.md)
+#### [Time](wcd/wcd-time.md)
#### [UnifiedWriteFilter](wcd/wcd-unifiedwritefilter.md)
#### [UniversalAppInstall](wcd/wcd-universalappinstall.md)
#### [UniversalAppUninstall](wcd/wcd-universalappuninstall.md)
diff --git a/windows/configuration/wcd/wcd-cellular.md b/windows/configuration/wcd/wcd-cellular.md
index f6c9545c4a..9c292c9e3d 100644
--- a/windows/configuration/wcd/wcd-cellular.md
+++ b/windows/configuration/wcd/wcd-cellular.md
@@ -8,7 +8,7 @@ author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
-ms.date: 10/02/2018
+ms.date: 05/21/2019
---
# Cellular (Windows Configuration Designer reference)
@@ -52,6 +52,10 @@ Enter the destination path for the BrandingIcon .ico file.
Enter the service provider name for the mobile operator.
+### DataClassMappingTable
+
+Enter a customized string for the appropriate [data class](https://docs.microsoft.com/windows/desktop/api/mbnapi/ne-mbnapi-mbn_data_class).
+
### NetworkBlockList
Enter a comma-separated list of mobile country code (MCC) and mobile network code (MCC) pairs (MCC:MNC).
diff --git a/windows/configuration/wcd/wcd-changes.md b/windows/configuration/wcd/wcd-changes.md
index b51c2ab60e..571f137000 100644
--- a/windows/configuration/wcd/wcd-changes.md
+++ b/windows/configuration/wcd/wcd-changes.md
@@ -8,12 +8,27 @@ author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
-ms.date: 10/02/2018
+ms.date: 05/21/2019
---
# Changes to settings in Windows Configuration Designer
-Settings added in Windows 10, version 1809
+## Settings added in Windows 10, version 1903
+
+- [DeviceUpdateCenter](wcd-deviceupdatecenter.md)
+- [Privacy](wcd-privacy.md)
+- [Time](wcd-time.md)
+- [Cellular > DataClassMappingTable](wcd-cellular.md#dataclassmappingtable)
+- [OOBE > EnableCortanaVoice](wcd-oobe.md#enablecortanavoice)
+- [Policies > LocalPoliciesSecurityOptions](wcd-policies.md#localpoliciessecurityoptions)
+- [Policies > Power](wcd-policies.md#power)
+- [StorageD3InModernStandby](wcd-storaged3inmodernstandby.md)
+
+## Settings removed in Windows 10, version 1903
+
+- [WLAN](wcd-wlan.md)
+
+## Settings added in Windows 10, version 1809
- [Browser > AllowPrelaunch](wcd-browser.md#allowprelaunch)
@@ -74,7 +89,7 @@ Settings added in Windows 10, version 1809
- [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md)
-Settings removed in Windows 10, version 1809
+## Settings removed in Windows 10, version 1809
- [CellCore](wcd-cellcore.md)
- [Policies > Browser:](wcd-policies.md#browser)
diff --git a/windows/configuration/wcd/wcd-deviceupdatecenter.md b/windows/configuration/wcd/wcd-deviceupdatecenter.md
new file mode 100644
index 0000000000..09f2af4d12
--- /dev/null
+++ b/windows/configuration/wcd/wcd-deviceupdatecenter.md
@@ -0,0 +1,23 @@
+---
+title: DeviceUpdateCenter (Windows 10)
+description: This section describes the DeviceUpdateCenter settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+ms.localizationpriority: medium
+ms.author: jdecker
+ms.topic: article
+ms.date: 05/21/2019
+---
+
+# DeviceUpdateCenter (Windows Configuration Designer reference)
+
+Do not use **DeviceUpdateCenter** settings at this time.
+
+## Applies to
+
+| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | :---: |
+| All settings | X | | | | |
+
diff --git a/windows/configuration/wcd/wcd-oobe.md b/windows/configuration/wcd/wcd-oobe.md
index 35acf44bc2..31af250386 100644
--- a/windows/configuration/wcd/wcd-oobe.md
+++ b/windows/configuration/wcd/wcd-oobe.md
@@ -8,20 +8,38 @@ author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
-ms.date: 09/06/2017
+ms.date: 05/21/2019
---
# OOBE (Windows Configuration Designer reference)
-Use to configure settings for the Out Of Box Experience (OOBE).
+Use to configure settings for the [Out Of Box Experience (OOBE)](https://docs.microsoft.com/windows-hardware/customize/desktop/customize-oobe).
## Applies to
| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | :---: | :---: | :---: | :---: | :---: |
+| [Desktop > EnableCortanaVoice](#enablecortanavoice) | X | | | | |
+| [Desktop > HideOobe](#hided) | X | | | | |
| [Mobile > EnforceEnterpriseProvisioning](#nforce) | | X | | | |
| [Mobile > HideOobe](#hidem) | | X | | | |
-| [Desktop > HideOobe](#hided) | X | | | | |
+
+
+
+
+## EnableCortanaVoice
+
+Use this setting to control whether Cortana voice-over is enabled during OOBE. The voice-over is disabled by default on Windows 10 Pro, Education, and Enterprise. The voice-over is enabled by default on Windows 10 Home. Select **True** to enable voice-over during OOBE, or **False** to disable voice-over during OOBE.
+
+
+## HideOobe for desktop
+
+When set to **True**, it hides the interactive OOBE flow for Windows 10.
+
+>[!NOTE]
+>You must create a user account if you set the value to true or the device will not be usable.
+
+When set to **False**, the OOBE screens are displayed.
## EnforceEnterpriseProvisioning
@@ -35,14 +53,4 @@ When set to **False**, it does not force the OOBE flow to the enterprise provisi
When set to **True**, it hides the interactive OOBE flow for Windows 10 Mobile.
-When set to **False**, the OOBE screens are displayed.
-
-
-## HideOobe for desktop
-
-When set to **True**, it hides the interactive OOBE flow for Windows 10.
-
->[!NOTE]
->You must create a user account if you set the value to true or the device will not be usable.
-
When set to **False**, the OOBE screens are displayed.
\ No newline at end of file
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index d2d9d74f45..a2098f93b8 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -8,7 +8,7 @@ author: jdeckerMS
ms.localizationpriority: medium
ms.author: jdecker
ms.topic: article
-ms.date: 10/02/2018
+ms.date: 05/21/2019
---
# Policies (Windows Configuration Designer reference)
@@ -154,7 +154,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
-| [AllowCamera](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | X | X | X | X | |
+| [AllowCamera](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#camera-allowcamera) | Disable or enable the camera. | X | X | X | | |
## Connectivity
@@ -337,12 +337,46 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
5. Open the project again in Windows Configuration Designer.
6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
+## LocalPoliciesSecurityOptions
+
+| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | :---: |
+| [InteractiveLogon_DoNotDisplayLastSignedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin) | Specify whether the Windows sign-in screen will show the username of the last person who signed in. | X | | | | |
+| [Shutdown_AllowSystemtobeShutDownWithoutHavingToLogOn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-shutdown-allowsystemtobeshutdownwithouthavingtologon) | Specify whether a computer can be shut down without signing in. | X | | | | |
+| [UserAccountControl_BehaviorOfTheElevationPromptForStandardUsers](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-useraccountcontrol-behavioroftheelevationpromptforstandardusers) | Configure how an elevation prompt should behave for standard users. | X | | | | |
+
## Location
| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: | :---: |
| [EnableLocation](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Do not use. | | | | | |
+## Power
+
+| Setting | Description | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
+| --- | --- | :---: | :---: | :---: | :---: | :---: |
+| [AllowStandbyStatesWhenSleepingOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingonbattery) | Specify whether Windows can use standby states when putting the computer in a sleep state while on battery. | X | | | | |
+| [AllowStandbyWhenSleepingPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#allowstandbystateswhensleepingpluggedin) | Specify whether Windows can use standby states when putting the computer in a sleep state while plugged in. | X | | | | |
+| [DisplayOffTimeoutOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#displayofftimeoutonbattery) | Specify the period of inactivity before Windows turns off the display while on battery. | X | | | | |
+| [DisplayOffTimeoutPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#displayofftimeoutpluggedin) | Specify the period of inactivity before Windows turns off the display while plugged in. | X | | | | |
+| [EnergySaverBatteryThresholdOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#energysaverbatterythresholdonbattery) | Specify the battery charge level at which Energy Saver is turned on while on battery. | X | | | | |
+| [EnergySaverBatteryThresholdPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#EnergySaverBatteryThresholdPluggedIn) | Specify the battery charge level at which Energy Saver is turned on while plugged in. | X | | | | |
+| [HibernateTimeoutOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#hibernatetimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to hibernate while on battery. | X | | | | |
+| [HibernateTimeoutPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#hibernatetimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to hibernate while plugged in. | X | | | | |
+| [RequirePasswordWhenComputerWakesOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakesonbattery) | Specify whether the user is prompted for a password when the system resumes from sleep while on battery. | X | | | | |
+| [RequirePasswordWhenComputerWakesPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#requirepasswordwhencomputerwakespluggedin) | Specify whether the user is prompted for a password when the system resumes from sleep while plugged in. | X | | | | |
+| [SelectLidCloseActionBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on battery. | X | | | | |
+| [SelectLidCloseActionPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#selectlidcloseactionpluggedin) | Select the action to be taken when a user closes the lid on a mobile device while on plugged in. | X | | | | |
+| [SelectPowerButtonActionOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactiononbattery) | Select the action to be taken when the user presses the power button while on battery. | X | | | | |
+| [SelectPowerButtonActionPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#selectpowerbuttonactionpluggedin) | Select the action to be taken when the user presses the power button while on plugged in. | X | | | | |
+| [SelectSleepButtonActionOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactiononbattery) | Select the action to be taken when the user presses the sleep button while on battery. | X | | | | |
+| [SelectSleepButtonActionPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#selectsleepbuttonactionpluggedin) | Select the action to be taken when the user presses the sleep button while plugged in. | X | | | | |
+| [StandbyTimeoutOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#StandbyTimeoutOnBattery) | Specify the period of inactivity before Windows transitions the system to sleep while on battery. | X | | | | |
+| [StandbyTimeoutPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | X | | | | |
+| [TurnOffHybridSleepOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | X | | | | |
+| [TurnOffHybridSleepPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | X | | | | |
+| [UnattendedSleepTimeoutOnBattery](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while on battery. | X | | | | |
+| [UnattendedSleepTimeoutPluggedIn](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while plugged in. | X | | | | |
## Privacy
@@ -534,7 +568,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| [AllowInternetSharing](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowinternetsharing) | Allow Internet sharing. | X | X | | | |
| [AllowManualWiFiConfiguration](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowmanualwificonfiguration) | Allow connecting to Wi-Fi outside of MDM server-installed networks. | | X | | | |
| [AllowWiFi](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-allowwifi) | Allow Wi-Fi connections. | | X | | | |
-| [WLANScanMode](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | X | X | X | X | X |
+| [WLANScanMode](https://docs.microsoft.com/windows/client-management/mdm/policy-configuration-service-provider#wifi-wlanscanmode) | Configure the WLAN scanning behavior and how aggressively devices should be actively scanning for Wi-Fi networks to get devices connected. | X | X | X | | X |
## WindowsInkWorkspace
diff --git a/windows/configuration/wcd/wcd-privacy.md b/windows/configuration/wcd/wcd-privacy.md
new file mode 100644
index 0000000000..ad2a699688
--- /dev/null
+++ b/windows/configuration/wcd/wcd-privacy.md
@@ -0,0 +1,30 @@
+---
+title: Privacy (Windows 10)
+description: This section describes the Privacy settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+ms.localizationpriority: medium
+ms.author: jdecker
+ms.topic: article
+ms.date: 05/21/2019
+---
+
+# Privacy (Windows Configuration Designer reference)
+
+Use **Privacy** to configure settings for app activation with voice.
+
+## Applies to
+
+| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | :---: |
+| All settings | X | X | X | | X |
+
+## LetAppsActivateWithVoice
+
+Select between **User is in control**, **Force allow**, or **Force deny**.
+
+## LetAppsActivateWithVoiceAboveLock
+
+Select between **User is in control**, **Force allow**, or **Force deny**.
\ No newline at end of file
diff --git a/windows/configuration/wcd/wcd-storaged3inmodernstandby.md b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
new file mode 100644
index 0000000000..a866ee0dab
--- /dev/null
+++ b/windows/configuration/wcd/wcd-storaged3inmodernstandby.md
@@ -0,0 +1,25 @@
+---
+title: StorageD3InModernStandby (Windows 10)
+description: This section describes the StorageD3InModernStandby settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+ms.localizationpriority: medium
+ms.author: jdecker
+ms.topic: article
+ms.date: 09/06/2017
+---
+
+# StorageD3InModernStandby (Windows Configuration Designer reference)
+
+Use **StorageD3InModernStandby** to enable or disable low power state (D3) during standby. When this setting is configured to **Enable Storage Device D3**, SATA and NVMe devices will be able to enter the D3 state when the system transits to modern standby state, if they are using a Microsoft inbox driver such as StorAHCI, StorNVMe.
+
+[Learn more about device power states.](https://docs.microsoft.com/windows-hardware/drivers/kernel/device-power-states)
+
+## Applies to
+
+| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | :---: |
+| All settings | X | X | X | | X |
+
diff --git a/windows/configuration/wcd/wcd-time.md b/windows/configuration/wcd/wcd-time.md
new file mode 100644
index 0000000000..b81a6d8f1c
--- /dev/null
+++ b/windows/configuration/wcd/wcd-time.md
@@ -0,0 +1,37 @@
+---
+title: Time (Windows 10)
+description: This section describes the Time settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
+ms.prod: w10
+ms.mktglfcycl: deploy
+ms.sitesec: library
+author: jdeckerMS
+ms.localizationpriority: medium
+ms.author: jdecker
+ms.topic: article
+ms.date: 05/21/2019
+---
+
+# Time
+
+Use **Time** to configure settings for time zone setup for Windows 10, version (TBD) and later.
+
+## Applies to
+
+| Setting | Desktop editions | Mobile editions | Surface Hub | HoloLens | IoT Core |
+| --- | :---: | :---: | :---: | :---: | :---: |
+| [ProvisionSetTimeZone](#provisionsettimezone) | X | | | | |
+
+## ProvisionSetTimeZone
+
+Set to **True** to skip time zone assignment when the first user signs in, in which case the device will remain in its default time zone. For the proper configuration, you should also use **Policies > TimeLanguageSettings > ConfigureTimeZone** to set the default time zone.
+
+>[!TIP]
+>Configuring a time zone in **Policies > TimeLanguageSettings > ConfigureTimeZone** accomplishes the same purpose as setting **ProvisionSetTimeZone** to **True**, so you don't need to configure both settings.
+
+Set to **False** for time zone assignment to occur when the first user signs in. The user will be prompted to select a time zone during first sign-in.
+
+>[!NOTE]
+>Do not set **Time > ProvisionSetTimeZone** to **False** and also set a time zone in **Policies > TimeLanguageSettings > ConfigureTimeZone**.
+
+
+
diff --git a/windows/configuration/wcd/wcd.md b/windows/configuration/wcd/wcd.md
index c3a9c02907..732e57f9cb 100644
--- a/windows/configuration/wcd/wcd.md
+++ b/windows/configuration/wcd/wcd.md
@@ -24,34 +24,34 @@ This section describes the settings that you can configure in [provisioning pack
| [ADMXIngestion](wcd-admxingestion.md) | X | | | | |
| [AssignedAccess](wcd-assignedaccess.md) | X | | | X | |
| [AutomaticTime](wcd-automatictime.md) | | X | | | |
-| [Browser](wcd-browser.md) | X | X | X | X | |
+| [Browser](wcd-browser.md) | X | X | X | | |
| [CallAndMessagingEnhancement](wcd-callandmessagingenhancement.md) | | X | | | |
| [Calling](wcd-calling.md) | | X | | | |
| [CellCore](wcd-cellcore.md) | X | X | | | |
| [Cellular](wcd-cellular.md) | X | | | | |
| [Certificates](wcd-certificates.md) | X | X | X | X | X |
| [CleanPC](wcd-cleanpc.md) | X | | | | |
-| [Connections](wcd-connections.md) | X | X | X | X | |
+| [Connections](wcd-connections.md) | X | X | X | | |
| [ConnectivityProfiles](wcd-connectivityprofiles.md) | X | X | X | X | |
-| [CountryAndRegion](wcd-countryandregion.md) | X | X | X | X | |
+| [CountryAndRegion](wcd-countryandregion.md) | X | X | X | | |
| [DesktopBackgroundAndColors](wcd-desktopbackgroundandcolors.md) | X | | | | |
| [DeveloperSetup](wcd-developersetup.md) | | | | X | |
-| [DeviceFormFactor](wcd-deviceformfactor.md) | X | X | X | X | |
+| [DeviceFormFactor](wcd-deviceformfactor.md) | X | X | X | | |
| [DeviceInfo](wcd-deviceinfo.md) | | X | | | |
| [DeviceManagement](wcd-devicemanagement.md) | X | X | X | X | |
-| [DMClient](wcd-dmclient.md) | X | X | X | X | X |
-| [EditionUpgrade](wcd-editionupgrade.md) | X | X | X | X | |
+| [DeviceUpdateCenter](wcd-deviceupdatecenter.md) | X | | | | |
+| [DMClient](wcd-dmclient.md) | X | X | X | | X |
+| [EditionUpgrade](wcd-editionupgrade.md) | X | X | | X | |
| [EmbeddedLockdownProfiles](wcd-embeddedlockdownprofiles.md) | | X | | | |
| [FirewallConfiguration](wcd-firewallconfiguration.md) | | | | | X |
| [FirstExperience](wcd-firstexperience.md) | | | | X | |
-| [Folders](wcd-folders.md) |X | X | X | X | |
-| [HotSpot](wcd-hotspot.md) | | | | | |
+| [Folders](wcd-folders.md) |X | X | X | | |
| [InitialSetup](wcd-initialsetup.md) | | X | | | |
| [InternetExplorer](wcd-internetexplorer.md) | | X | | | |
| [KioskBrowser](wcd-kioskbrowser.md) | | | | | X |
| [Licensing](wcd-licensing.md) | X | | | | |
| [Location](wcd-location.md) | | | | | X |
-| [Maps](wcd-maps.md) |X | X | X | X | |
+| [Maps](wcd-maps.md) |X | X | X | | |
| [Messaging](wcd-messaging.md) | | X | | | |
| [ModemConfigurations](wcd-modemconfigurations.md) | | X | | | |
| [Multivariant](wcd-multivariant.md) | | X | | | |
@@ -62,26 +62,29 @@ This section describes the settings that you can configure in [provisioning pack
| [OtherAssets](wcd-otherassets.md) | | X | | | |
| [Personalization](wcd-personalization.md) | X | | | | |
| [Policies](wcd-policies.md) | X | X | X | X | X |
+| [Privacy](wcd-folders.md) |X | X | X | | X |
| [ProvisioningCommands](wcd-provisioningcommands.md) | X | | | | |
-[RcsPresence](wcd-rcspresence.md) | | X | | | |
+| [RcsPresence](wcd-rcspresence.md) | | X | | | |
| [SharedPC](wcd-sharedpc.md) | X | | | | |
| [Shell](wcd-shell.md) | | X | | | |
| [SMISettings](wcd-smisettings.md) | X | | | | |
| [Start](wcd-start.md) | X | X | | | |
| [StartupApp](wcd-startupapp.md) | | | | | X |
| [StartupBackgroundTasks](wcd-startupbackgroundtasks.md) | | | | | X |
+| [StorageD3InModernStandby](wcd-storaged3inmodernstandby.md) |X | X | X | | X |
| [SurfaceHubManagement](wcd-surfacehubmanagement.md) | | | X | | |
-| [TabletMode](wcd-tabletmode.md) |X | X | X | X | |
+| [TabletMode](wcd-tabletmode.md) |X | X | X | | |
| [TakeATest](wcd-takeatest.md) | X | | | | |
| [TextInput](wcd-textinput.md) | | X | | | |
| [Theme](wcd-theme.md) | | X | | | |
+| [Time](wcd-time.md) | X | | | | |
| [UnifiedWriteFilter](wcd-unifiedwritefilter.md) | X | | | | X |
-| [UniversalAppInstall](wcd-universalappinstall.md) | X | X | X | X | X |
-| [UniversalAppUninstall](wcd-universalappuninstall.md) | X | X | X | X | X |
-| [WeakCharger](wcd-weakcharger.md) |X | X | X | X | |
+| [UniversalAppInstall](wcd-universalappinstall.md) | X | X | X | | X |
+| [UniversalAppUninstall](wcd-universalappuninstall.md) | X | X | X | | X |
+| [UsbErrorsOEMOverride](wcd-usberrorsoemoverride.md) | X | X | X | | |
+| [WeakCharger](wcd-weakcharger.md) |X | X | X | | |
| [WindowsHelloForBusiness](wcd-windowshelloforbusiness.md) | X | | | | |
| [WindowsTeamSettings](wcd-windowsteamsettings.md) | | | X | | |
-| [WLAN](wcd-wlan.md) | | | | X | |
-| [Workplace](wcd-workplace.md) |X | X | X | X | X |
+| [Workplace](wcd-workplace.md) |X | X | X | | X |
diff --git a/windows/deployment/images/upgrademdt-fig1-machines.png b/windows/deployment/images/upgrademdt-fig1-machines.png
index 38129332e6..ef553b6595 100644
Binary files a/windows/deployment/images/upgrademdt-fig1-machines.png and b/windows/deployment/images/upgrademdt-fig1-machines.png differ
diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
index 7bfbdc5b72..5ecbefe38b 100644
--- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
+++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
@@ -25,14 +25,14 @@ ms.topic: article
You must deploy your customized database (.sdb) files to other computers in your organization before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways, including by using a logon script, by using Group Policy, or by performing file copy operations.
-After you deploy and store the customized databases on each of your local computers, you must register the database files. Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application.
+After you deploy and store the customized databases on each of your local computers, you must register the database files. Until you register the database files, the operating system is unable to identify the available compatibility fixes when starting an application.
## Command-Line Options for Deploying Customized Database Files
The command-line options use the following conventions.
-Sdbinst.exe \[-q\] \[-u filepath\] \[-g *GUID*\] \[-n *"name"*\] \[-?\]
+Sdbinst.exe \[-q\] \[-?\] \[-u\] \[-g\] \[-p\] \[-u filepath\] \[-g *GUID*\] \[-n *"name"*\]
The following table describes the available command-line options.
@@ -78,8 +78,14 @@ The following table describes the available command-line options.
For example,
sdbinst.exe -?
+
+
-p
+
Allows SDBs installation with Patches
+
For example,
+
sdbinst.exe -p C:\Windows\AppPatch\Myapp.sdb
+
## Related topics
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
\ No newline at end of file
+[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
diff --git a/windows/deployment/planning/windows-10-1803-removed-features.md b/windows/deployment/planning/windows-10-1803-removed-features.md
index f31922410d..8afb576298 100644
--- a/windows/deployment/planning/windows-10-1803-removed-features.md
+++ b/windows/deployment/planning/windows-10-1803-removed-features.md
@@ -51,4 +51,4 @@ If you have feedback about the proposed replacement of any of these features, yo
|Phone Companion|Use the **Phone** page in the Settings app. In Windows 10, version 1709, we added the new **Phone** page to help you sync your mobile phone with your PC. It includes all the Phone Companion features.|
|IPv4/6 Transition Technologies (6to4, ISATAP, and Direct Tunnels)|6to4 has been disabled by default since Windows 10, version 1607 (the Anniversary Update), ISATAP has been disabled by default since Windows 10, version 1703 (the Creators Update), and Direct Tunnels has always been disabled by default. Please use native IPv6 support instead.|
|[Layered Service Providers](https://msdn.microsoft.com/library/windows/desktop/bb513664)|Layered Service Providers have been deprecated since Windows 8 and Windows Server 2012. Use the [Windows Filtering Platform](https://msdn.microsoft.com/library/windows/desktop/aa366510) instead. When you upgrade from an older version of Windows, any layered service providers you're using aren't migrated; you'll need to re-install them after upgrading.|
-|Business Scanning, also called Distributed Scan Management (DSM) **(Added 05/03/2018)**|The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124\(vs.11\)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.|
+|Business Scanning, also called Distributed Scan Management (DSM) **(Added 05/03/2018)**|The [Scan Management functionality](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd759124(v=ws.11)) was introduced in Windows 7 and enabled secure scanning and the management of scanners in an enterprise. We're no longer investing in this feature, and there are no devices available that support it.|
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
index 4b0bf32fe5..3964a0f292 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
@@ -95,6 +95,7 @@ This policy setting controls whether the elevation request prompt is displayed o
- **Enabled** (Default) All elevation requests go to the secure desktop regardless of prompt behavior policy settings for administrators and standard users.
- **Disabled** All elevation requests go to the interactive user's desktop. Prompt behavior policy settings for administrators and standard users are used.
+
## User Account Control: Virtualize file and registry write failures to per-user locations
This policy setting controls whether application write failures are redirected to defined registry and file system locations. This policy setting mitigates applications that run as administrator and write run-time application data to %ProgramFiles%, %Windir%, %Windir%\\system32, or HKLM\\Software.
diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index e69b8ed62c..69944937b7 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -10,7 +10,7 @@ ms.author: pashort
manager: elizapo
ms.reviewer:
ms.localizationpriority: medium
-ms.date: 01/26/2019
+ms.date: 03/21/2019
---
# VPN and conditional access
@@ -32,11 +32,7 @@ Conditional Access Platform components used for Device Compliance include the fo
- Azure AD Certificate Authority - It is a requirement that the client certificate used for the cloud-based device compliance solution be issued by an Azure Active Directory-based Certificate Authority (CA). An Azure AD CA is essentially a mini-CA cloud tenant in Azure. The Azure AD CA cannot be configured as part of an on-premises Enterprise CA.
-- Azure AD-issued short-lived certificates - When a VPN connection attempt is made, the Azure AD Token Broker on the local device communicates with Azure Active Directory, which then checks for health based on compliance rules. If compliant, Azure AD sends back a short-lived certificate that is used to authenticate the VPN. Note that certificate authentication methods such as EAP-TLS can be used.
-
- Additional details regarding the Azure AD issued short-lived certificate:
- - The default lifetime is 60 minutes and is configurable
- - When that certificate expires, the client will again check with Azure AD so that continued health can be validated before a new certificate is issued allowing continuation of the connection
+- Azure AD-issued short-lived certificates - When a VPN connection attempt is made, the Azure AD Token Broker on the local device communicates with Azure Active Directory, which then checks for health based on compliance rules. If compliant, Azure AD sends back a short-lived certificate that is used to authenticate the VPN. Note that certificate authentication methods such as EAP-TLS can be used. When that certificate expires, the client will again check with Azure AD for health validation before a new certificate is issued.
- [Microsoft Intune device compliance policies](https://docs.microsoft.com/intune/deploy-use/introduction-to-device-compliance-policies-in-microsoft-intune) - Cloud-based device compliance leverages Microsoft Intune Compliance Policies, which are capable of querying the device state and define compliance rules for the following, among other things.
diff --git a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
index 1fd68c4416..5201ac7cf1 100644
--- a/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
+++ b/windows/security/threat-protection/security-policy-settings/network-security-configure-encryption-types-allowed-for-kerberos.md
@@ -15,12 +15,12 @@ ms.topic: conceptual
ms.date: 04/19/2017
---
-# Network security: Configure encryption types allowed for Kerberos Win7 only
+# Network security: Configure encryption types allowed for Kerberos
**Applies to**
- Windows 10
-Describes the best practices, location, values and security considerations for the **Network security: Configure encryption types allowed for Kerberos Win7 only** security policy setting.
+Describes the best practices, location, values and security considerations for the **Network security: Configure encryption types allowed for Kerberos** security policy setting.
## Reference
@@ -67,9 +67,9 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec
| Default domain policy| Not defined|
| Default domain controller policy| Not defined|
| Stand-alone server default settings | Not defined|
-| Domain controller effective default settings | None of these encryption types that are available in this policy are allowed.|
-| Member server effective default settings | None of these encryption types that are available in this policy are allowed.|
-| Effective GPO default settings on client computers | None of these encryption types that are available in this policy are allowed.|
+| Domain controller effective default settings | The default OS setting applies, DES suites are not supported by default.|
+| Member server effective default settings | The default OS setting applies, DES suites are not supported by default.|
+| Effective GPO default settings on client computers | The default OS setting applies, DES suites are not supported by default.|
## Security considerations
diff --git a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
index 18456c6af1..9fb5a24ec2 100644
--- a/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/microsoft-defender-atp-mac.md
@@ -171,7 +171,7 @@ After Intune changes are propagated to the enrolled machines, you'll see it on t
8. Change **Assignment type=Required**.
-9. Click **Included Groups**. Select M**ake this app required for all devices=Yes**. Click **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
+9. Click **Included Groups**. Select **Make this app required for all devices=Yes**. Click **Select group to include** and add a group that contains the users you want to target. Select **OK** and **Save**.
@@ -473,17 +473,17 @@ Or, from a command line:
## Known issues
- Microsoft Defender ATP is not yet optimized for performance or disk space.
-- Centrally managed uninstall using Intune/JAMF is still in development. To uninstall (as a workaround an uninstall action has to be completed on each client device).
+- Centrally managed uninstall using Intune/JAMF is still in development. To uninstall (as a workaround) an uninstall action has to be completed on each client device).
- Geo preference for telemetry traffic is not yet supported. Cloud traffic (definition updates) routed to US only.
- Full Windows Defender ATP integration is not yet available
- Not localized yet
- There might be accessibility issues
### Installation issues
-If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. You can also contact xplatpreviewsupport@microsoft.com for support on onboarding issues.
+If an error occurs during installation, the installer will only report a general failure. The detailed log is saved to /Library/Logs/Microsoft/wdav.install.log. If you experience issues during installation, send us this file so we can help diagnose the cause. You can also contact _**xplatpreviewsupport@microsoft.com**_ for support on onboarding issues.
-For feedback on the preview, contact: mdatpfeedback@microsoft.com.
+For feedback on the preview, contact: _**mdatpfeedback@microsoft.com**_.
diff --git a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md b/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md
index 55933fb093..2be8b96e04 100644
--- a/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md
+++ b/windows/security/threat-protection/windows-defender-atp/exposed-apis-list.md
@@ -14,7 +14,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 30/07/2018
---
# Supported Windows Defender ATP query APIs
diff --git a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
index 56f599b483..fe70b2cba7 100644
--- a/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
+++ b/windows/security/threat-protection/windows-defender-atp/manage-alerts-windows-defender-advanced-threat-protection.md
@@ -67,7 +67,15 @@ Create custom rules to control when alerts are suppressed, or resolved. You can
1. Select the alert you'd like to suppress. This brings up the **Alert management** pane.
-2. Select **Create a supression rule**.
+2. Select **Create a suppression rule**.
+
+ You can create a suppression rule based on the following attributes:
+
+ * File hash
+ * File name - wild card supported
+ * File path - wild card supported
+ * IP
+ * URL - wild card supported
3. Select the **Trigerring IOC**.
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md
index dbbd0cd122..9282b0c321 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-app-token.md
@@ -14,7 +14,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 30/07/2018
---
# Create custom reports using Power BI (app authentication)
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md
index f4b88a4481..336ac77edb 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-power-bi-user-token.md
@@ -14,7 +14,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 30/07/2018
---
# Create custom reports using Power BI (user authentication)
diff --git a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md
index e823425018..07bb15a7cf 100644
--- a/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md
+++ b/windows/security/threat-protection/windows-defender-atp/run-advanced-query-sample-python.md
@@ -14,7 +14,6 @@ manager: dansimp
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
-ms.date: 30/07/2018
---
# Advanced Hunting using Python
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
index 08ee562873..3f018f31f7 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/network-protection-exploit-guard.md
@@ -37,7 +37,7 @@ You can also use [audit mode](audit-windows-defender-exploit-guard.md) to evalua
## Requirements
-Network protection requires Windows 10 Enterprise E3 and Windows Defender AV real-time protection.
+Network protection requires Windows 10 Pro, Enterprise E3, E5 and Windows Defender AV real-time protection.
Windows 10 version | Windows Defender Antivirus
- | -
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md
index 524e3cc666..1696f26258 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/troubleshoot-asr.md
@@ -36,7 +36,7 @@ There are four steps to troubleshooting these problems:
Attack surface reduction rules will only work on devices with the following conditions:
>[!div class="checklist"]
-> - Endpoints are running Windows 10 Enterprise E5, version 1709 (also known as the Fall Creators Update).
+> - Endpoints are running Windows 10 Enterprise, version 1709 (also known as the Fall Creators Update).
> - Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
> - [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled.
> - Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
diff --git a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
index 74f7688832..32055b2546 100644
--- a/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
+++ b/windows/security/threat-protection/windows-defender-exploit-guard/windows-defender-exploit-guard.md
@@ -60,7 +60,7 @@ This section covers requirements for each feature in Windows Defender EG.
| Feature | Windows 10 Home | Windows 10 Professional | Windows 10 E3 | Windows 10 E5 |
| ----------------- | :------------------------------------: | :---------------------------: | :-------------------------: | :--------------------------------------: |
| Exploit protection |  |  |  |  |
-| Attack surface reduction rules |  |  |  |  |
+| Attack surface reduction rules |  |  |  |  |
| Network protection |  |  |  |  |
| Controlled folder access |  |  |  |  |