Merge branch 'master' into v-tea-CI-105366

2025-05-15 06:47:21 +00:00 · 2019-11-25 11:22:05 -08:00 · 2019-11-25 11:22:05 -08:00 · 00b02c41f1
commit 00b02c41f1
parent 45f0cbd867 567334c8b2
89 changed files with 1116 additions and 666 deletions
--- a/devices/surface/surface-enterprise-management-mode.md
+++ b/devices/surface/surface-enterprise-management-mode.md
@ -9,7 +9,7 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 10/31/2019
+ms.date: 11/20/2019
 ms.reviewer: scottmca
 manager: dansimp
 ms.localizationpriority: medium
@ -21,8 +21,7 @@ ms.audience: itpro
 Microsoft Surface Enterprise Management Mode (SEMM) is a feature of Surface devices with Surface UEFI that allows you to secure and manage firmware settings within your organization. With SEMM, IT professionals can prepare configurations of UEFI settings and install them on a Surface device. In addition to the ability to configure UEFI settings, SEMM also uses a certificate to protect the configuration from unauthorized tampering or removal.
 >[!NOTE]
->SEMM is only available on devices with Surface UEFI firmware. 
+>SEMM is only available on devices with Surface UEFI firmware. This includes most Surface devices including Surface Pro 7, Surface Pro X, and Surface Laptop 3 commercial SKUs with an Intel processor. SEMM is not supported on the 15" Surface Laptop 3 SKU with AMD processor (only available as a retail SKU). 
 When Surface devices are configured by SEMM and secured with the SEMM certificate, they are considered *enrolled* in SEMM. When the SEMM certificate is removed and control of UEFI settings is returned to the user of the device, the Surface device is considered *unenrolled* in SEMM.
@ -229,8 +228,8 @@ create a reset package using PowerShell to reset SEMM.
 ## Version History
-### Version 2.59.139
+### Version 2.59.
-* Support to Surface Pro 7 and Surface Laptop 3
+* Support to Surface Pro 7, Surface Pro X,  and Surface Laptop 3 13.5" and 15" models with Intel processor. Note:  Surface Laptop 3 15" AMD processor is not supported.
 - Support to Wake on Power feature
 ### Version 2.54.139.0
--- a/devices/surface/surface-pro-arm-app-management.md
+++ b/devices/surface/surface-pro-arm-app-management.md
@ -8,7 +8,7 @@ ms.sitesec: library
 author: dansimp
 ms.author: dansimp
 ms.topic: article
-ms.date: 10/03/2019
+ms.date: 11/20/2019
 ms.reviewer: jessko
 manager: dansimp
 ms.audience: itpro
@ -36,7 +36,7 @@ Organizations already using modern management, security, and productivity soluti
 ## Image-based deployment considerations
-Microsoft Deployment Toolkit (MDT) and System Center Configuration Manager (SCCM) operating system deployment currently do not support Surface Pro X. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
+Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager (formerly System Center Configuration Manager) currently do not support Surface Pro X for operating system deployment. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
 ## Managing Surface Pro X devices
@ -48,7 +48,7 @@ For more information about setting up Intune, refer to the [Intune documentation
 ### Co-management
-Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with SCCM, which will install the 32-bit x86 ConfigMgr client.
+Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client.
 ### Third party MDM solutions
@ -69,6 +69,12 @@ Outside of personal devices that rely on Windows Update, servicing devices in mo
 > [!NOTE]
 > Surface Pro X supports Windows 10, version 1903 and later.
 ### Windows Server Update Services
 Windows Server Update Services (WSUS) does not support the ability to deliver drivers and firmware to Surface Pro X.
 For more information, refer to the [Microsoft Endpoint Configuration Manager documentation](https://docs.microsoft.com/configmgr/sum/get-started/configure-classifications-and-products).
 ## Running apps on Surface Pro X
 Most apps run on ARM-based Windows 10 PCs with limited exclusions.
@ -120,7 +126,7 @@ The following tables show the availability of selected key features on Surface P
 | Support for Network Boot (PXE)          | Yes           | Yes           |                                                                                                                                 |
 | Windows Configuration Designer          | Yes           | No            | Not recommended for Surface Pro X.                                                                                              |
 | WinPE                                   | Yes           | Yes           | Not recommended for Surface Pro X. Microsoft does not provide the necessary .ISO and drivers to support WinPE with Surface Pro X. |
-| SCCM: Operating System Deployment (OSD) | Yes           | No            | Not supported on Surface Pro X.                                                                                              |
+| Endpoint Configuration Manager: Operating System Deployment (OSD) | Yes           | No            | Not supported on Surface Pro X.                                                                                              |
 | MDT                                     | Yes           | No            | Not supported on Surface Pro X.                                                                                              |
@ -129,7 +135,7 @@ The following tables show the availability of selected key features on Surface P
 | Intune                                        | Yes                 | Yes           | Manage LTE with eSIM profiles.                                                        |
 | Windows Autopilot                             | Yes                 | Yes           |                                                                                       |
 | Azure AD (co-management)                      | Yes                 | Yes           | Ability to join Surface Pro X to Azure AD or Active Directory (Hybrid Azure AD Join). |
-| SCCM                                          | Yes               | Yes           |                                                                                       |
+| Endpoint Configuration Manager                                          | Yes               | Yes           |                                                                                       |
 | Power on When AC Restore                      | Yes                 | Yes           |                                                                                   |
 | Surface Diagnostic Toolkit (SDT) for Business | Yes                 | Yes           |                                                                                   |
 | Surface Dock Firmware Update                  | Yes                 | Yes           |                                                                                   |
@ -150,9 +156,9 @@ The following tables show the availability of selected key features on Surface P
 | Surface Data Eraser (SDE)         | Yes           | Yes           |                                                                                                                                                                                                                                                                                                                                                     
 ## FAQ
-### Can I deploy Surface Pro X with MDT or SCCM?
+### Can I deploy Surface Pro X with MDT or Endpoint Configuration Manager?
-The Microsoft Deployment Toolkit and System Center Configuration Manager operating system deployment currently do not support Surface Pro X. Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
+The Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager  currently do not support Surface Pro X for operating system deployment.Customers relying on image-based deployment should consider Surface Pro 7 while they continue to evaluate the right time to transition to the cloud.
 ### How can I deploy Surface Pro X?
@ -164,4 +170,4 @@ Yes.
 ### Is Intune required to manage Surface Pro X?
-Intune is recommended but not required. Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with SCCM, which will install the 32-bit x86 ConfigMgr client.
+Intune is recommended but not required. Once deployed in Autopilot, you can join Surface Pro X devices to Azure AD or Active Directory (Hybrid Azure AD Join) where you will be able to manage the devices with Intune or co-manage them with Endpoint Configuration Manager, which will install the 32-bit x86 ConfigMgr client.
--- a/windows/privacy/manage-windows-1903-endpoints.md
+++ b/windows/privacy/manage-windows-1903-endpoints.md
@ -50,7 +50,9 @@ The following methodology was used to derive these network endpoints:
 |Area|Description|Protocol|Destination|
 |----------------|----------|----------|------------|
-|Apps|The following endpoints are used to download updates to the Weather app Live Tile. If you turn off traffic to this endpoint, no Live Tiles will be updated.|HTTP|blob.weather.microsoft.com|
+|Apps|||[Learn how to turn off traffic to the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
 ||The following endpoints are used to download updates to the Weather app Live Tile. If you turn off traffic to this endpoint, no Live Tiles will be updated.|HTTP|blob.weather.microsoft.com|
 |||HTTP|tile-service.weather.microsoft.com
 |||HTTP|tile-service.weather.microsoft.com
 ||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/livetile/?Language=en-US
 ||The following endpoint is used for Twitter updates. To turn off traffic for these endpoints, either uninstall Twitter or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|*.twimg.com*|
@ -65,8 +67,10 @@ The following methodology was used to derive these network endpoints:
 |Azure |The following endpoints are related to Azure. |HTTPS|wd-prod-*fe*.cloudapp.azure.com|
 |||HTTPS|ris-prod-atm.trafficmanager.net|
 |||HTTPS|validation-v2.sls.trafficmanager.net|
-|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible turn off traffic to this endpoint, but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.|HTTP|ctldl.windowsupdate.com|
+|Certificates|The following endpoint is used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available. It is possible turn off traffic to this endpoint, but that is not recommended because when root certificates are updated over time, applications and websites may stop working because they did not receive an updated root certificate the application uses. Additionally, it is used to download certificates that are publicly known to be fraudulent. These settings are critical for both Windows security and the overall security of the Internet. We do not recommend blocking this endpoint. If traffic to this endpoint is turned off, Windows no longer automatically downloads certificates known to be fraudulent, which increases the attack vector on the device.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#automatic-root-certificates-update)|
-|Cortana and Search|The following endpoint is used to get images that are used for Microsoft Store suggestions. If you turn off traffic for this endpoint, you will block images that are used for Microsoft Store suggestions. |HTTPS|store-images.*microsoft.com|
+|||HTTP|ctldl.windowsupdate.com|
 |Cortana and Search|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-cortana)|
 ||The following endpoint is used to get images that are used for Microsoft Store suggestions. If you turn off traffic for this endpoint, you will block images that are used for Microsoft Store suggestions.|HTTPS|store-images.*microsoft.com|
 ||The following endpoints are related to Cortana and Live Tiles. If you turn off traffic for this endpoint, you will block updates to Cortana greetings, tips, and Live Tiles.|HTTPS|www.bing.com/client|
 |||HTTPS|www.bing.com|
 |||HTTPS|www.bing.com/proactive|
@ -76,10 +80,12 @@ The following methodology was used to derive these network endpoints:
 |||HTTP|fp-vp.azureedge.net|
 |||HTTP|odinvzc.azureedge.net|
 |||HTTP|spo-ring.msedge.net|
-|Device authentication|
+|Device authentication|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
 ||The following endpoint is used to authenticate a device. If you  turn off traffic for this endpoint, the device will not be authenticated.|HTTPS|login.live.com*|
 |Device metadata|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#4-device-metadata-retrieval)|
 ||The following endpoint is used to retrieve device metadata. If you  turn off traffic for this endpoint, metadata will not be updated for the device.|HTTP|dmd.metaservices.microsoft.com|
-|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft.|HTTP|v10.events.data.microsoft.com|
+|Diagnostic Data|The following endpoints are used by the Connected User Experiences and Telemetry component and connects to the Microsoft Data Management service. If you turn off traffic for this endpoint, diagnostic and usage information, which helps Microsoft find and fix problems and improve our products and services, will not be sent back to Microsoft. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
 |||HTTP|v10.events.data.microsoft.com|
 |||HTTPS|v10.vortex-win.data.microsoft.com/collect/v1|
 |||HTTP|www.microsoft.com|
 ||The following endpoints are used by Windows Error Reporting. To turn off traffic for these endpoints, enable the following Group Policy: Administrative Templates > Windows Components > Windows Error Reporting > Disable Windows Error Reporting. This means error reporting information will not be sent back to Microsoft.|HTTPS|co4.telecommand.telemetry.microsoft.com|
@ -87,16 +93,21 @@ The following methodology was used to derive these network endpoints:
 |||HTTPS|cs1137.wpc.gammacdn.net|
 |||TLS v1.2|modern.watson.data.microsoft.com*|
 |||HTTPS|watson.telemetry.microsoft.com|
-|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.|HTTPS|*licensing.mp.microsoft.com*|
+|Licensing|The following endpoint is used for online activation and some app licensing. To turn off traffic for this endpoint, disable the Windows License Manager Service. This will also block online activation and app licensing may not work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#9-license-manager)|
-|Location|The following endpoints are used for location data. If you turn off traffic for this endpoint, apps cannot use location data.|HTTPS|inference.location.live.net|
+|||HTTPS|*licensing.mp.microsoft.com*|
 |Location|The following endpoints are used for location data. If you turn off traffic for this endpoint, apps cannot use location data. ||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-location)|
 |||HTTPS|inference.location.live.net|
 |||HTTP|location-inference-westus.cloudapp.net|
-|Maps|The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|HTTPS|*g.akamaiedge.net|
+|Maps|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-offlinemaps)|
 ||The following endpoints are used to check for updates to maps that have been downloaded for offline use. If you turn off traffic for this endpoint, offline maps will not be updated.|HTTPS|*g.akamaiedge.net|
 |||HTTP|*maps.windows.com*|
-|Microsoft Account|The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |HTTP|login.msa.akadns6.net|
+|Microsoft Account|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-microsoft-account)|
 ||The following endpoints are used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users cannot sign in with Microsoft accounts. |HTTP|login.msa.akadns6.net|
 |||HTTP|us.configsvc1.live.com.akadns.net|
 |Microsoft Edge|This traffic is related to the Microsoft Edge browser.|HTTPS|iecvlist.microsoft.com|
 |Microsoft forward link redirection service (FWLink)|The following endpoint is used by the Microsoft forward link redirection service (FWLink) to redirect permanent web links to their actual, sometimes transitory, URL. FWlinks are similar to URL shorteners, just longer. If you disable this endpoint, Windows Defender won't be able to update its malware definitions; links from Windows and other Microsoft products to the Web won't work; and PowerShell updateable Help won't update. To disable the traffic, instead disable the traffic that's getting forwarded.|HTTPS|go.microsoft.com|
-|Microsoft Store|The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|HTTPS|*.wns.windows.com|
+|Microsoft Store|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
 ||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|HTTPS|*.wns.windows.com|
 ||The following endpoint is used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTP|storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoint is used to download image files that are called when applications run (Microsoft Store or Inbox MSN Apps). If you turn off traffic for these endpoints, the image files won't be downloaded, and apps cannot be installed or updated from the Microsoft Store. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|img-prod-cms-rt-microsoft-com*|
 |||HTTPS|store-images.microsoft.com|
@ -106,9 +117,10 @@ The following methodology was used to derive these network endpoints:
 |||HTTP|storeedgefd.dsx.mp.microsoft.com|
 |||HTTP|markets.books.microsoft.com|
 |||HTTP |share.microsoft.com|
-|Network Connection Status Indicator (NCSI)|
+|Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
 ||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
-Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.|HTTP|*.c-msedge.net|
+|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
 |||HTTP|*.c-msedge.net|
 |||HTTPS|*.e-msedge.net|
 |||HTTPS|*.s-msedge.net|
 |||HTTPS|nexusrules.officeapps.live.com|
@ -120,29 +132,35 @@ Office|The following endpoints are used to connect to the Office 365 portal's sh
 |||HTTPS|onecollector.cloudapp.aria|
 |||HTTP|v10.events.data.microsoft.com/onecollector/1.0/|
 |||HTTPS|self.events.data.microsoft.com|
-||The following endpoint is used to connect the Office To-Do app to its cloud service. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store.|HTTPS|to-do.microsoft.com
+||The following endpoint is used to connect the Office To-Do app to its cloud service. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store.|HTTPS|to-do.microsoft.com|
-|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.|HTTP \ HTTPS|g.live.com/1rewlive5skydrive/*|
+|OneDrive|The following endpoints are related to OneDrive. If you turn off traffic for these endpoints, anything that relies on g.live.com to get updated URL information will no longer work.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-onedrive)|
 |||HTTP \ HTTPS|g.live.com/1rewlive5skydrive/*|
 |||HTTP|msagfx.live.com|
 |||HTTPS|oneclient.sfx.ms|
-|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.|HTTPS|cy2.settings.data.microsoft.com.akadns.net|
+|Settings|The following endpoint is used as a way for apps to dynamically update their configuration. Apps such as System Initiated User Feedback and the Xbox app use it. If you turn off traffic for this endpoint, an app that uses this endpoint may stop working.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-priv-feedback)|
 |||HTTPS|cy2.settings.data.microsoft.com.akadns.net|
 |||HTTPS|settings.data.microsoft.com|
 |||HTTPS|settings-win.data.microsoft.com|
-|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.|HTTPS|browser.pipe.aria.microsoft.com|
+|Skype|The following endpoint is used to retrieve Skype configuration values. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft store, other Microsoft Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
 |||HTTPS|browser.pipe.aria.microsoft.com|
 |||HTTP|config.edge.skype.com|
 |||HTTP|s2s.config.skype.com|
 |||HTTPS|skypeecs-prod-usw-0-b.cloudapp.net|
-|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.|HTTPS|wdcp.microsoft.com|
+|Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device will not use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
 |||HTTPS|wdcp.microsoft.com|
 |||HTTPS|definitionupdates.microsoft.com|
 |||HTTPS|go.microsoft.com|
 ||The following endpoints are used for Windows Defender Smartscreen reporting and notifications. If you turn off traffic for these endpoints, Smartscreen notifications will not appear.|HTTPS|*smartscreen.microsoft.com|
 |||HTTPS|smartscreen-sn3p.smartscreen.microsoft.com|
 |||HTTPS|unitedstates.smartscreen-prod.microsoft.com|
-|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see Windows Spotlight.|TLS v1.2|*.search.msn.com|
+|Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips will not be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
 |||TLS v1.2|*.search.msn.com|
 |||HTTPS|arc.msn.com|
 |||HTTPS|g.msn.com*|
 |||HTTPS|query.prod.cms.rt.microsoft.com|
 |||HTTPS|ris.api.iris.microsoft.com|
-|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.|HTTPS|*.prod.do.dsp.mp.microsoft.com|
+|Windows Update|The following endpoint is used for Windows Update downloads of apps and OS updates, including HTTP downloads or HTTP downloads blended with peers. If you turn off traffic for this endpoint, Windows Update downloads will not be managed, as critical metadata that is used to make downloads more resilient is blocked. Downloads may be impacted by corruption (resulting in re-downloads of full files). Additionally, downloads of the same update by multiple devices on the same local network will not use peer devices for bandwidth reduction.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-updates)|
 |||HTTPS|*.prod.do.dsp.mp.microsoft.com|
 |||HTTP|cs9.wac.phicdn.net|
 |||HTTP|emdl.ws.microsoft.com|
 ||The following endpoints are used to download operating system patches, updates, and apps from Microsoft Store. If you turn off traffic for these endpoints, the device will not be able to download updates for the operating system.|HTTP|*.dl.delivery.mp.microsoft.com|
--- a/windows/release-information/resolved-issues-windows-10-1507.yml
+++ b/windows/release-information/resolved-issues-windows-10-1507.yml
@ -36,7 +36,6 @@ sections:
      <tr><td><div id='315msg'></div><b>Apps using Visual Basic 6 (VB6), VBA, and VBScript may stop responding with error</b><br>Applications made using VB6, macros using VBA, and VBScript may stop responding and you may receive an error.<br><br><a href = '#315msgdesc'>See details ></a></td><td>OS Build 10240.18305<br><br>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512497' target='_blank'>KB4512497</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517276' target='_blank'>KB4517276</a></td><td>August 17, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a></td><td>July 09, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 10240.18215<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499154' target='_blank'>KB4499154</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505051' target='_blank'>KB4505051</a></td><td>May 19, 2019 <br>02:00 PM PT</td></tr>
      </table>
      "
@ -74,12 +73,3 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='243msgdesc'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><div>When trying to expand, view, or create&nbsp;<strong>Custom Views&nbsp;</strong>in Event Viewer, you may receive the error, \"MMC has detected an error in a snap-in and will unload it.\" and the app may stop responding or close. You may also receive the same error when using&nbsp;<strong>Filter Current Log</strong>&nbsp;in the&nbsp;<strong>Action&nbsp;</strong>menu with built-in views or logs. Built-in views and other features of Event Viewer should work as expected.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server 2019; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a>.</div><br><a href ='#243msg'>Back to top</a></td><td>OS Build 10240.18244<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503291' target='_blank'>KB4503291</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507458' target='_blank'>KB4507458</a></td><td>Resolved:<br>July 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 12, 2019 <br>11:11 AM PT</td></tr>
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution: </strong>We have released an \"optional, <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">out-of-band</a>\" update for Windows 10 (<a href='https://support.microsoft.com/help/4505051' target='_blank'>KB4505051</a>) to resolve this issue. If you are affected, we recommend you apply this update by installing <a href='https://support.microsoft.com/help/4505051' target='_blank'>KB4505051</a> from Windows Update and then restarting your device.</div><div><br></div><div>This update will not be applied automatically. To download and install this update, go to <strong>Settings</strong> &gt; <strong>Update &amp; Security</strong> &gt; <strong>Windows Update</strong> and select <strong>Check for updates</strong>. To get the standalone package for <a href='https://support.microsoft.com/help/4505051' target='_blank'>KB4505051</a>, search for it in the&nbsp;<a href=\"http://www.catalog.update.microsoft.com/home.aspx\" target=\"_blank\">Microsoft Update Catalog</a>.</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 10240.18215<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499154' target='_blank'>KB4499154</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505051' target='_blank'>KB4505051</a></td><td>Resolved:<br>May 19, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1607.yml
+++ b/windows/release-information/resolved-issues-windows-10-1607.yml
@ -47,7 +47,6 @@ sections:
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 14393.3025<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503294' target='_blank'>KB4503294</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 14393.2999<br><br>May 23, 2019<br><a href ='https://support.microsoft.com/help/4499177' target='_blank'>KB4499177</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='48msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.<br><br><a href = '#48msgdesc'>See details ></a></td><td>OS Build 14393.2848<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489882' target='_blank'>KB4489882</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503267' target='_blank'>KB4503267</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505052' target='_blank'>KB4505052</a></td><td>May 19, 2019 <br>02:00 PM PT</td></tr>
      </table>
      "
@ -109,7 +108,6 @@ sections:
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='221msgdesc'></div><b>Devices with Hyper-V enabled may receive BitLocker error 0xC0210000</b><div>Some devices with Hyper-V enabled may enter BitLocker recovery mode and receive an error, \"0xC0210000\" after installing <a href='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a> and restarting.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a>.</div><br><a href ='#221msg'>Back to top</a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4507460' target='_blank'>KB4507460</a></td><td>Resolved:<br>July 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 21, 2019 <br>08:50 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolution: </strong>We have released an \"optional, <a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">out-of-band</a>\" update for Windows 10 (<a href='https://support.microsoft.com/help/4505052' target='_blank'>KB4505052</a>) to resolve this issue. If you are affected, we recommend you apply this update by installing <a href='https://support.microsoft.com/help/4505052' target='_blank'>KB4505052</a> from Windows Update and then restarting your device.</div><div><br></div><div>This update will not be applied automatically. To download and install this update, go to <strong>Settings</strong> &gt; <strong>Update &amp; Security</strong> &gt; <strong>Windows Update</strong> and select <strong>Check for updates</strong>. To get the standalone package for <a href='https://support.microsoft.com/help/4505052' target='_blank'>KB4505052</a>, search for it in the&nbsp;<a href=\"http://www.catalog.update.microsoft.com/home.aspx\" target=\"_blank\">Microsoft Update Catalog</a>.</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505052' target='_blank'>KB4505052</a></td><td>Resolved:<br>May 19, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1709.yml
+++ b/windows/release-information/resolved-issues-windows-10-1709.yml
@ -41,7 +41,6 @@ sections:
      <tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509477' target='_blank'>KB4509477</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 16299.1217<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503281' target='_blank'>KB4503281</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 16299.1143<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4498946' target='_blank'>KB4498946</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505062' target='_blank'>KB4505062</a></td><td>May 19, 2019 <br>02:00 PM PT</td></tr>
      </table>
      "
@ -93,12 +92,3 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 16299.1182<br><br>May 28, 2019<br><a href ='https://support.microsoft.com/help/4499147' target='_blank'>KB4499147</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503284' target='_blank'>KB4503284</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolved: </strong>We have released an \"<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">out-of-band</a>\" update for Windows 10 (<a href='https://support.microsoft.com/help/4505062' target='_blank'>KB4505062</a>) to resolve this issue.</div><div><br></div><ul><li><strong>UK customers: </strong>This update will be applied automatically to resolve this issue. You may be required to restart your device again. If you are affected by this issue, <strong>Check for updates</strong> to apply the update immediately.</li><li><strong>Customers outside of the UK:</strong> This update will not be applied automatically. If you are affected by this issue, we recommend you apply this update by installing <a href='https://support.microsoft.com/help/4505062' target='_blank'>KB4505062</a> from Windows Update and then restarting your device.</li></ul><div></div><div>To download and install this update, go to <strong>Settings</strong> &gt; <strong>Update &amp; Security</strong> &gt; <strong>Windows Update</strong> and select <strong>Check for updates</strong>. To get the standalone package for <a href='https://support.microsoft.com/help/4505062' target='_blank'>KB4505062</a>, search for it in the&nbsp;<a href=\"http://www.catalog.update.microsoft.com/home.aspx\" target=\"_blank\">Microsoft Update Catalog</a>.</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 16299.1143<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4498946' target='_blank'>KB4498946</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505062' target='_blank'>KB4505062</a></td><td>Resolved:<br>May 19, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1803.yml
+++ b/windows/release-information/resolved-issues-windows-10-1803.yml
@ -44,7 +44,6 @@ sections:
      <tr><td><div id='247msg'></div><b>Difficulty connecting to some iSCSI-based SANs</b><br>Devices may have difficulty connecting to some Storage Area Network (SAN) devices that leverage iSCSI.<br><br><a href = '#247msgdesc'>See details ></a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4509478' target='_blank'>KB4509478</a></td><td>June 26, 2019 <br>04:00 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>OS Build 17134.829<br><br>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503288' target='_blank'>KB4503288</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 17134.765<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505064' target='_blank'>KB4505064</a></td><td>May 19, 2019 <br>02:00 PM PT</td></tr>
      </table>
      "
@ -99,12 +98,3 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='241msgdesc'></div><b>Opening Internet Explorer 11 may fail</b><div>Internet Explorer 11 may fail to open if <strong>Default Search Provider</strong> is not set or is malformed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607</li><li>Server: Windows Server 2019; Windows Server 2016</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a>.</div><br><a href ='#241msg'>Back to top</a></td><td>OS Build 17134.799<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4499183' target='_blank'>KB4499183</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503286' target='_blank'>KB4503286</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>June 05, 2019 <br>05:49 PM PT</td></tr>
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolved: </strong>We have released an \"<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">out-of-band</a>\" update for Windows 10 (<a href='https://support.microsoft.com/help/4505064' target='_blank'>KB4505064</a>) to resolve this issue.</div><div><br></div><ul><li><strong>UK customers: </strong>This update will be applied automatically to resolve this issue. You may be required to restart your device again. If you are affected by this issue, <strong>Check for updates</strong> to apply the update immediately.</li><li><strong>Customers outside of the UK:</strong> This update will not be applied automatically. If you are affected by this issue, we recommend you apply this update by installing <a href='https://support.microsoft.com/help/4505064' target='_blank'>KB4505064</a> from Windows Update and then restarting your device.</li></ul><div></div><div>To download and install this update, go to <strong>Settings</strong> &gt; <strong>Update &amp; Security</strong> &gt; <strong>Windows Update</strong> and select <strong>Check for updates</strong>. To get the standalone package for <a href='https://support.microsoft.com/help/4505064' target='_blank'>KB4505064</a>, search for it in the&nbsp;<a href=\"http://www.catalog.update.microsoft.com/home.aspx\" target=\"_blank\">Microsoft Update Catalog</a>.</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 17134.765<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505064' target='_blank'>KB4505064</a></td><td>Resolved:<br>May 19, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/resolved-issues-windows-10-1809-and-windows-server-2019.yml
@ -48,9 +48,6 @@ sections:
      <tr><td><div id='210msg'></div><b>Printing from Microsoft Edge or other UWP apps may result in the error 0x80070007</b><br>Attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) apps, you may receive an error.<br><br><a href = '#210msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>June 18, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='241msg'></div><b>Opening Internet Explorer 11 may fail</b><br>Internet Explorer 11 may fail to open if Default Search Provider is not set or is malformed.<br><br><a href = '#241msgdesc'>See details ></a></td><td>OS Build 17763.529<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4497934' target='_blank'>KB4497934</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='88msg'></div><b>Issue using PXE to start a device from WDS</b><br>Using PXE to start a device from a WDS server configured to use Variable Window Extension may terminate the connection.<br><br><a href = '#88msgdesc'>See details ></a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='90msg'></div><b>Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort</b><br>Upgrade block: Certain new Intel display drivers may accidentally turn on unsupported features in Windows.<br><br><a href = '#90msgdesc'>See details ></a></td><td>OS Build 17763.134<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467708' target='_blank'>KB4467708</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 21, 2019 <br>07:42 AM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505056' target='_blank'>KB4505056</a></td><td>May 19, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='216msg'></div><b>Windows 10, version 1809 update history may show an update installed twice</b><br>Some customers are reporting that KB4494441 installed twice on their device<br><br><a href = '#216msgdesc'>See details ></a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>May 16, 2019 <br>02:37 PM PT</td></tr>
      </table>
      "
@ -122,8 +119,6 @@ sections:
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='210msgdesc'></div><b>Printing from Microsoft Edge or other UWP apps may result in the error 0x80070007</b><div>When attempting to print from Microsoft Edge or other Universal Windows Platform (UWP) applications you may receive the error, \"Your printer has experienced an unexpected configuration problem. 0x80070007e.\"</div><div>&nbsp;</div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a>.&nbsp;</div><br><a href ='#210msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501371' target='_blank'>KB4501371</a></td><td>Resolved:<br>June 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 02, 2019 <br>04:47 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolved: </strong>We have released an \"<a href=\"https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-10-update-servicing-cadence/ba-p/222376\" target=\"_blank\">out-of-band</a>\" update for Windows 10 (<a href='https://support.microsoft.com/help/4505056' target='_blank'>KB4505056</a>) to resolve this issue.</div><div><br></div><ul><li><strong>UK customers: </strong>This update will be applied automatically to resolve this issue. You may be required to restart your device again. If you are affected by this issue, <strong>Check for updates</strong> to apply the update immediately.</li><li><strong>Customers outside of the UK:</strong> This update will not be applied automatically. If you are affected by this issue, we recommend you apply this update by installing <a href='https://support.microsoft.com/help/4505056' target='_blank'>KB4505056</a> from Windows Update and then restarting your device.</li></ul><div></div><div>To download and install this update, go to <strong>Settings</strong> &gt; <strong>Update &amp; Security</strong> &gt; <strong>Windows Update</strong> and select <strong>Check for updates</strong>. To get the standalone package for <a href='https://support.microsoft.com/help/4505056' target='_blank'>KB4505056</a>, search for it in the&nbsp;<a href=\"http://www.catalog.update.microsoft.com/home.aspx\" target=\"_blank\">Microsoft Update Catalog</a>.</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505056' target='_blank'>KB4505056</a></td><td>Resolved:<br>May 19, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='216msgdesc'></div><b>Windows 10, version 1809 update history may show an update installed twice</b><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809</li></ul><div></div><div><strong>Cause:</strong></div><div>In certain situations, installing an update requires multiple download and restart steps. In cases where two intermediate steps of the installation complete successfully, the <strong>View your Update history</strong> page will report that installation completed successfully twice.&nbsp;</div><div><br></div><div><strong>Resolution:</strong></div><div>No action is required on your part. The update installation may take longer and may require more than one restart, but will install successfully after all intermediate installation steps have completed. We are working on improving this update experience to ensure the <strong>Update history</strong> correctly reflects the installation of the latest cumulative update (LCU).</div><br><a href ='#216msg'>Back to top</a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 16, 2019 <br>02:37 PM PT<br><br>Opened:<br>May 14, 2019 <br>02:56 PM PT</td></tr>
      </table>
      "
@ -135,12 +130,3 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='88msgdesc'></div><b>Issue using PXE to start a device from WDS</b><div>After installing <a href=\"https://support.microsoft.com/help/4489899\" target=\"_blank\">KB4489899</a>, there may be issues using the Preboot Execution Environment (PXE) to start a device from a Windows Deployment Services (WDS) server configured to use Variable Window Extension. This may cause the connection to the WDS server to terminate prematurely while downloading the image. This issue does not affect clients or devices that are not using Variable Window Extension.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Resolution:</strong>&nbsp;This issue was resolved in <a href='https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a>.</div><br><a href ='#88msg'>Back to top</a></td><td>OS Build 17763.379<br><br>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489899' target='_blank'>KB4489899</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503327' target='_blank'>KB4503327</a></td><td>Resolved:<br>June 11, 2019 <br>10:00 AM PT<br><br>Opened:<br>March 12, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
 - title: November 2018
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='90msgdesc'></div><b>Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort</b><div><strong>Upgrade block:</strong> Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows.&nbsp;</div><div>&nbsp;</div><div>As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.</div><div><strong>Note:</strong> This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously <a href=\"https://answers.microsoft.com/en-us/windows/forum/all/windows-10-audio-stops-working-after-installing/5a541c88-89e1-4bf3-b356-2837d564b109\" target=\"_blank\">documented</a>.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019&nbsp;</li></ul><div></div><div><strong>Next steps:</strong> Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update. For more information, see the <a href=\"https://www.intel.com/content/www/us/en/support/articles/000031612/graphics-drivers.html\" target=\"_blank\">Intel Customer Support article</a>.</div><div><br></div><div><strong>Resolution: </strong>Microsoft has removed the safeguard hold. </div><div><br></div><div><br></div><br><a href ='#90msg'>Back to top</a></td><td>OS Build 17763.134<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467708' target='_blank'>KB4467708</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>May 21, 2019 <br>07:42 AM PT<br><br>Opened:<br>November 13, 2018 <br>10:00 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-10-1903.yml
+++ b/windows/release-information/resolved-issues-windows-10-1903.yml
@ -32,6 +32,7 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
      <tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
      <tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
      <tr><td><div id='317msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive error code 0x80073701.<br><br><a href = '#317msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:11 AM PT</td></tr>
      <tr><td><div id='228msg'></div><b>Intel Audio displays an intcdaud.sys notification</b><br>Devices with a range of Intel Display Audio device drivers may experience battery drain.<br><br><a href = '#228msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 12, 2019 <br>08:04 AM PT</td></tr>
@ -137,6 +138,7 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='228msgdesc'></div><b>Intel Audio displays an intcdaud.sys notification</b><div>Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain.&nbsp;If you see an <strong>intcdaud.sys</strong> notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).</div><div>&nbsp;&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until&nbsp;updated device drivers have been installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.</div><div><br></div><div><strong>Note </strong>If you are still experiencing the issue described, please contact your device manufacturer (OEM).</div><br><a href ='#228msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 12, 2019 <br>08:04 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:22 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='226msgdesc'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><div>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.</div><div><br></div><div>Microsoft has identified some scenarios in which these features may have issues or stop working, for example:</div><ul><li>Connecting to (or disconnecting from) an external monitor, dock, or projector</li><li>Rotating the screen</li><li>Updating display drivers or making other display mode changes</li><li>Closing full screen applications</li><li>Applying custom color profiles</li><li>Running applications that rely on custom gamma ramps</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed.</div><br><a href ='#226msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:28 AM PT</td></tr>
--- a/windows/release-information/resolved-issues-windows-10-1909.yml
+++ b/windows/release-information/resolved-issues-windows-10-1909.yml
@ -32,6 +32,7 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Date resolved</td></tr>
      <tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
      <tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
      </table>
      "
@ -48,6 +49,7 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/resolved-issues-windows-7-and-windows-server-2008-r2-sp1.yml
@ -41,7 +41,6 @@ sections:
      <tr><td><div id='306msg'></div><b>MacOS may be unable to access network shares via CIFS or SMBv1 on Windows devices</b><br>You may receive an error on MacOS when trying to access network shares via CIFS or SMBv1 on certain Windows devices.<br><br><a href = '#306msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved External<br></td><td>August 09, 2019 <br>07:03 PM PT</td></tr>
      <tr><td><div id='242msg'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><br>Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.<br><br><a href = '#242msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503292' target='_blank'>KB4503292</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503277' target='_blank'>KB4503277</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>May 18, 2019 <br>02:00 PM PT</td></tr>
      </table>
      "
@ -92,15 +91,6 @@ sections:
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolved: </strong>We have released an \"optional\" update for Internet Explorer 11 (<a href=\"https://support.microsoft.com/help/4505050\" target=\"_blank\"><u>KB4505050</u></a>) to resolve this issue. We recommend you apply this update by installing <a href=\"https://support.microsoft.com/help/4505050\" target=\"_blank\"><u>KB4505050</u></a> from Windows Update and then restarting your device.</div><div>To download and install this update, see <a href=\"https://support.microsoft.com/help/3067639\" target=\"_blank\"><u>How to get an update through Windows Update</u></a>. This update is also available through the <a href=\"http://catalog.update.microsoft.com/v7/site/search.aspx?q=KB4505050\" target=\"_blank\"><u>Microsoft Update Catalog</u></a> website.</div><br><a href ='#218msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>Resolved:<br>May 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      </table>
      "
 - title: April 2019
 - items:
  - type: markdown
--- a/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/resolved-issues-windows-8.1-and-windows-server-2012-r2.yml
@ -41,7 +41,6 @@ sections:
      <tr><td><div id='242msg'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><br>Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.<br><br><a href = '#242msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503283' target='_blank'>KB4503283</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='155msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.<br><br><a href = '#155msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489881' target='_blank'>KB4489881</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503276' target='_blank'>KB4503276</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>May 18, 2019 <br>02:00 PM PT</td></tr>
      </table>
      "
@ -91,15 +90,6 @@ sections:
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolved: </strong>We have released an \"optional\" update for Internet Explorer 11 (<a href=\"https://support.microsoft.com/help/4505050\" target=\"_blank\"><u>KB4505050</u></a>) to resolve this issue. We recommend you apply this update by installing <a href=\"https://support.microsoft.com/help/4505050\" target=\"_blank\"><u>KB4505050</u></a> from Windows Update and then restarting your device.</div><div>To download and install this update, see <a href=\"https://support.microsoft.com/help/3067639\" target=\"_blank\"><u>How to get an update through Windows Update</u></a>. This update is also available through the <a href=\"http://catalog.update.microsoft.com/v7/site/search.aspx?q=KB4505050\" target=\"_blank\"><u>Microsoft Update Catalog</u></a> website.</div><br><a href ='#218msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>Resolved:<br>May 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      </table>
      "
 - title: April 2019
 - items:
  - type: markdown
--- a/windows/release-information/resolved-issues-windows-server-2012.yml
+++ b/windows/release-information/resolved-issues-windows-server-2012.yml
@ -40,7 +40,6 @@ sections:
      <tr><td><div id='242msg'></div><b>IE11 may stop working when loading or interacting with Power BI reports</b><br>Power BI reports that contain line charts with markers may cause Internet Explorer 11 to stop working.<br><br><a href = '#242msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>June 21, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='243msg'></div><b>Event Viewer may close or you may receive an error when using Custom Views</b><br>When trying to expand, view, or create Custom Views in Event Viewer, you may see an error or the app may close.<br><br><a href = '#243msgdesc'>See details ></a></td><td>June 11, 2019<br><a href ='https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503295' target='_blank'>KB4503295</a></td><td>June 20, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='184msg'></div><b>Issue using PXE to start a device from WDS</b><br>There may be issues using PXE to start a device from a WDS server configured to use Variable Window Extension.<br><br><a href = '#184msgdesc'>See details ></a></td><td>March 12, 2019<br><a href ='https://support.microsoft.com/help/4489891' target='_blank'>KB4489891</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4503285' target='_blank'>KB4503285</a></td><td>June 11, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>May 18, 2019 <br>02:00 PM PT</td></tr>
      </table>
      "
@ -90,15 +89,6 @@ sections:
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Resolved: </strong>We have released an \"optional\" update for Internet Explorer 11 (<a href=\"https://support.microsoft.com/help/4505050\" target=\"_blank\"><u>KB4505050</u></a>) to resolve this issue. We recommend you apply this update by installing <a href=\"https://support.microsoft.com/help/4505050\" target=\"_blank\"><u>KB4505050</u></a> from Windows Update and then restarting your device.</div><div>To download and install this update, see <a href=\"https://support.microsoft.com/help/3067639\" target=\"_blank\"><u>How to get an update through Windows Update</u></a>. This update is also available through the <a href=\"http://catalog.update.microsoft.com/v7/site/search.aspx?q=KB4505050\" target=\"_blank\"><u>Microsoft Update Catalog</u></a> website.</div><br><a href ='#218msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>Resolved:<br>May 18, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      </table>
      "
 - title: March 2019
 - items:
  - type: markdown
--- a/windows/release-information/status-windows-10-1507.yml
+++ b/windows/release-information/status-windows-10-1507.yml
@ -61,6 +61,7 @@ sections:
    text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 10240.18368<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520011' target='_blank'>KB4520011</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 10240.18215<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499154' target='_blank'>KB4499154</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505051' target='_blank'>KB4505051</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
      <tr><td><div id='196msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#196msgdesc'>See details ></a></td><td>OS Build 10240.18094<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480962' target='_blank'>KB4480962</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
      </table>
      "
@ -81,6 +82,15 @@ sections:
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 10240.18215<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499154' target='_blank'>KB4499154</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505051' target='_blank'>KB4505051</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      </table>
      "
 - title: January 2019
 - items:
  - type: markdown
--- a/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
+++ b/windows/release-information/status-windows-10-1607-and-windows-server-2016.yml
@ -61,6 +61,7 @@ sections:
    text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 14393.3274<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519998' target='_blank'>KB4519998</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505052' target='_blank'>KB4505052</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
      <tr><td><div id='195msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#195msgdesc'>See details ></a></td><td>OS Build 14393.2724<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480961' target='_blank'>KB4480961</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
      <tr><td><div id='61msg'></div><b>Windows may not start on certain Lenovo and Fujitsu laptops with less than 8GB of RAM</b><br>Windows may fail to start on certain Lenovo and Fujitsu laptops that have less than 8 GB of RAM.<br><br><a href = '#61msgdesc'>See details ></a></td><td>OS Build 14393.2608<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467691' target='_blank'>KB4467691</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>February 19, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='36msg'></div><b>Cluster service may fail if the minimum password length is set to greater than 14</b><br>The cluster service may fail to start if “Minimum Password Length” is configured with greater than 14 characters.<br><br><a href = '#36msgdesc'>See details ></a></td><td>OS Build 14393.2639<br><br>November 27, 2018<br><a href ='https://support.microsoft.com/help/4467684' target='_blank'>KB4467684</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
@ -83,6 +84,15 @@ sections:
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 14393.2969<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494440' target='_blank'>KB4494440</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505052' target='_blank'>KB4505052</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      </table>
      "
 - title: January 2019
 - items:
  - type: markdown
--- a/windows/release-information/status-windows-10-1709.yml
+++ b/windows/release-information/status-windows-10-1709.yml
@ -62,6 +62,7 @@ sections:
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 16299.1387<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516066' target='_blank'>KB4516066</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 16299.1451<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520004' target='_blank'>KB4520004</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 16299.1143<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4498946' target='_blank'>KB4498946</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505062' target='_blank'>KB4505062</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
      <tr><td><div id='193msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#193msgdesc'>See details ></a></td><td>OS Build 16299.904<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480978' target='_blank'>KB4480978</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
      </table>
      "
@ -91,6 +92,15 @@ sections:
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 16299.1143<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4498946' target='_blank'>KB4498946</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505062' target='_blank'>KB4505062</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      </table>
      "
 - title: January 2019
 - items:
  - type: markdown
--- a/windows/release-information/status-windows-10-1803.yml
+++ b/windows/release-information/status-windows-10-1803.yml
@ -66,6 +66,7 @@ sections:
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 17134.1006<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4516058' target='_blank'>KB4516058</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 17134.1069<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520008' target='_blank'>KB4520008</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 17134.765<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505064' target='_blank'>KB4505064</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
      <tr><td><div id='192msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#192msgdesc'>See details ></a></td><td>OS Build 17134.523<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480966' target='_blank'>KB4480966</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
      </table>
      "
@ -95,6 +96,15 @@ sections:
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 17134.765<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499167' target='_blank'>KB4499167</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505064' target='_blank'>KB4505064</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      </table>
      "
 - title: January 2019
 - items:
  - type: markdown
--- a/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
+++ b/windows/release-information/status-windows-10-1809-and-windows-server-2019.yml
@ -67,8 +67,10 @@ sections:
      <tr><td><div id='360msg'></div><b>Microsoft Defender Advanced Threat Protection might stop running</b><br>The Microsoft Defender ATP service might stop running and might fail to send reporting data.<br><br><a href = '#360msgdesc'>See details ></a></td><td>OS Build 17763.832<br><br>October 15, 2019<br><a href ='https://support.microsoft.com/help/4520062' target='_blank'>KB4520062</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4523205' target='_blank'>KB4523205</a></td><td>November 12, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 17763.737<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4512578' target='_blank'>KB4512578</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 17763.805<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519338' target='_blank'>KB4519338</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505056' target='_blank'>KB4505056</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
      <tr><td><div id='211msg'></div><b>Devices with some Asian language packs installed may receive an error</b><br>Devices with Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"<br><br><a href = '#211msgdesc'>See details ></a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 03, 2019 <br>10:59 AM PT</td></tr>
      <tr><td><div id='191msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#191msgdesc'>See details ></a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 09, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='90msg'></div><b>Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort</b><br>Upgrade block: Certain new Intel display drivers may accidentally turn on unsupported features in Windows.<br><br><a href = '#90msgdesc'>See details ></a></td><td>OS Build 17763.134<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467708' target='_blank'>KB4467708</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>March 15, 2019 <br>12:00 PM PT</td></tr>
      </table>
      "
@ -103,6 +105,7 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>OS Build 17763.503<br><br>May 14, 2019<br><a href ='https://support.microsoft.com/help/4494441' target='_blank'>KB4494441</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505056' target='_blank'>KB4505056</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='211msgdesc'></div><b>Devices with some Asian language packs installed may receive an error</b><div>After installing the April 2019 Cumulative Update (<a href=\"https://support.microsoft.com/help/4493509\" target=\"_blank\">KB4493509</a>), devices with some Asian language packs installed may receive the error, \"0x800f0982 - PSFX_E_MATCHING_COMPONENT_NOT_FOUND.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019</li></ul><div></div><div><strong>Workaround: </strong></div><ol><li>Uninstall and reinstall any recently added language packs.&nbsp;For instructions, see \"<a href=\"https://support.microsoft.com/help/4496404/windows-10-manage-the-input-and-display-language\" target=\"_blank\">Manage the input and display language settings in Windows 10</a>\".</li><li>Click <strong>Check for Updates</strong> and install the April 2019 Cumulative Update. For instructions, see \"<a href=\"https://support.microsoft.com/help/4027667/windows-10-update\" target=\"_blank\">Update Windows 10</a>\".</li></ol><div><strong>Note: </strong>If reinstalling the language pack does not mitigate the issue, reset your PC as follows:</div><ol><ol><li>Go to <strong>Settings app</strong> -&gt; <strong>Recovery</strong>.</li><li>Click on <strong>Get Started</strong> under <strong>\"Reset this PC\"</strong> recovery option.</li><li>Select <strong>\"Keep my Files\"</strong>.</li></ol></ol><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#211msg'>Back to top</a></td><td>OS Build 17763.437<br><br>April 09, 2019<br><a href ='https://support.microsoft.com/help/4493509' target='_blank'>KB4493509</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 03, 2019 <br>10:59 AM PT<br><br>Opened:<br>May 02, 2019 <br>04:36 PM PT</td></tr>
      </table>
      "
@ -115,3 +118,12 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='191msgdesc'></div><b>Certain operations performed on a Cluster Shared Volume may fail </b><div>Certain operations, such as <strong>rename</strong>, that you perform on files or folders that are on a Cluster Shared Volume (CSV) may fail with the error, \"STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5)\". This occurs when you perform the operation on a CSV owner node from a process that doesn’t have administrator privilege.&nbsp;</div><div><br></div><div><strong>Affected platforms:</strong>&nbsp;</div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10 Enterprise LTSC 2016; Windows 10, version 1507; Windows 10 Enterprise LTSB 2015; Windows 8.1</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong>Do one of the following:&nbsp;&nbsp;</div><ul><li>Perform the operation from a process that has administrator privilege.&nbsp;</li><li>Perform the operation from a node that doesn’t have CSV ownership.&nbsp;</li></ul><div></div><div><strong>Next steps: </strong>Microsoft is working on a resolution and will provide an update in an upcoming release.</div><br><a href ='#191msg'>Back to top</a></td><td>OS Build 17763.253<br><br>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480116' target='_blank'>KB4480116</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>April 09, 2019 <br>10:00 AM PT<br><br>Opened:<br>January 08, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
 - title: November 2018
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='90msgdesc'></div><b>Audio not working on monitors or TV connected to a PC via HDMI, USB, or DisplayPort</b><div><strong>Upgrade block:</strong> Microsoft has identified issues with certain new Intel display drivers. Intel inadvertently released versions of its display driver (versions 24.20.100.6344, 24.20.100.6345) to OEMs that accidentally turned on unsupported features in Windows.&nbsp;</div><div>&nbsp;</div><div>As a result, after updating to Windows 10, version 1809, audio playback from a monitor or television connected to a PC via HDMI, USB-C, or a DisplayPort may not function correctly on devices with these drivers.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10 Enterprise LTSC 2019</li><li>Server: Windows Server, version 1809; Windows Server 2019&nbsp;</li></ul><div></div><div><strong>Next steps:</strong> Intel has released updated drivers to OEM device manufacturers. OEMs need to make the updated driver available via Windows Update.</div><div><br></div><div>For more information, see the <a href=\"https://www.intel.com/content/www/us/en/support/articles/000031612/graphics-drivers.html\" target=\"_blank\">Intel Customer Support article</a>.</div><div><br></div><div><strong>Note:</strong> This Intel display driver issue is different from the Intel Smart Sound Technology driver (version 09.21.00.3755) audio issue previously <a href=\"https://answers.microsoft.com/en-us/windows/forum/all/windows-10-audio-stops-working-after-installing/5a541c88-89e1-4bf3-b356-2837d564b109\" target=\"_blank\">documented</a>.</div><br><a href ='#90msg'>Back to top</a></td><td>OS Build 17763.134<br><br>November 13, 2018<br><a href ='https://support.microsoft.com/help/4467708' target='_blank'>KB4467708</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>March 15, 2019 <br>12:00 PM PT<br><br>Opened:<br>November 13, 2018 <br>10:00 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/status-windows-10-1903.yml
+++ b/windows/release-information/status-windows-10-1903.yml
@ -64,9 +64,10 @@ sections:
  - type: markdown
    text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
      <tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
      <tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
      <tr><td><div id='317msg'></div><b>Updates may fail to install and you may receive Error 0x80073701</b><br>Installation of updates may fail and you may receive error code 0x80073701.<br><br><a href = '#317msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:11 AM PT</td></tr>
      <tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Mitigated External<br></td><td>November 12, 2019 <br>08:08 AM PT</td></tr>
      <tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18362.356<br><br>September 10, 2019<br><a href ='https://support.microsoft.com/help/4515384' target='_blank'>KB4515384</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='228msg'></div><b>Intel Audio displays an intcdaud.sys notification</b><br>Devices with a range of Intel Display Audio device drivers may experience battery drain.<br><br><a href = '#228msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>November 12, 2019 <br>08:04 AM PT</td></tr>
@ -74,7 +75,6 @@ sections:
      <tr><td><div id='229msg'></div><b>Cannot launch Camera app </b><br>Microsoft and Intel have identified an issue affecting Intel RealSense SR300 or Intel RealSense S200 camera apps.<br><br><a href = '#229msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>June 27, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='358msg'></div><b>Unable to discover or connect to Bluetooth devices using some Qualcomm adapters</b><br>Microsoft has identified compatibility issues with some versions of Qualcomm Bluetooth radio drivers.<br><br><a href = '#358msgdesc'>See details ></a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>October 08, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='338msg'></div><b>Safeguard on certain devices with some Intel and Broadcom Wi-Fi adapters</b><br>Some devices with Intel Centrino 6205/6235 and Broadcom 802.11ac Wi-Fi cards may experience compatibility issues.<br><br><a href = '#338msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4522355' target='_blank'>KB4522355</a></td><td>October 24, 2019 <br>10:00 AM PT</td></tr>
      <tr><td><div id='248msg'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><br>Some apps or games may close or fail to open on Surface Book 2 devices with Nvidia dGPU.<br><br><a href = '#248msgdesc'>See details ></a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>October 18, 2019 <br>04:33 PM PT</td></tr>
      </table>
      "
@ -90,6 +90,7 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='322msgdesc'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><div>Microsoft and Avast has identified compatibility issues with some versions of Avast Antivirus and AVG Antivirus. Any application from Avast or AVG that contains Antivirus version 19.5.4444.567 or earlier is affected.</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Avast and AVG Antivirus from being offered or installing Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the application is updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows Server, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Workaround: </strong>Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated version of your Avast or AVG application. Guidance for Avast and AVG customers can be found in the following support articles:</div><ul><li><a href=\"https://support.avast.com/en-ww/article/253?p_pro=131&amp;p_ves=1&amp;p_lng=en&amp;p_lid=en-us&amp;p_vbd=2022&amp;cid=9632b01a-b7ec-4366-95d6-996c79ff9420\" rel=\"noopener noreferrer\" target=\"_blank\">Avast support KB article</a></li><li><a href=\"https://support.avg.com/SupportArticleView?supportType=home&amp;urlName=AVG-Antivirus-Windows-10-update&amp;cid=9632b01a-b7ec-4366-95d6-996c79ff9420&amp;l=en\" rel=\"noopener noreferrer\" target=\"_blank\">AVG support KB article</a></li></ul><div></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until a new version of your Avast or AVG application has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you.</div><br><a href ='#322msg'>Back to top</a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>November 22, 2019 <br>04:10 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>OS Build 18362.418<br><br>October 08, 2019<br><a href ='https://support.microsoft.com/help/4517389' target='_blank'>KB4517389</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
      </table>
      "
@ -122,22 +123,13 @@ sections:
      </table>
      "
 - title: July 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='248msgdesc'></div><b>dGPU occasionally disappear from device manager on Surface Book 2</b><div>Microsoft has identified a compatibility issue on some Surface Book 2 devices configured with Nvidia discrete graphics processing units (dGPUs). After updating to Windows 10, version 1903 (the May 2019 Update), some apps or games that needs to perform graphics intensive operations may close or fail to open.</div><div>&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on Surface Book 2 devices with Nvidia dGPU from being offered Windows 10, version 1903 until&nbsp;this issue is resolved.</div><div>&nbsp;</div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolved:&nbsp;</strong>To resolve this issue, you will need to update the firmware of your Surface Book 2&nbsp;device. Please see the <a href=\"https://support.microsoft.com/help/4055398/surface-book-2-update-history\" target=\"_blank\">Surface Book 2 update history page</a><strong>&nbsp;</strong>for instructions on how to install the October 2019 updates on your device. There is no update for Windows needed for this issue.</div><div>&nbsp;</div><div>The safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1903.</div><br><a href ='#248msg'>Back to top</a></td><td>OS Build 18362.145<br><br>May 29, 2019<br><a href ='https://support.microsoft.com/help/4497935' target='_blank'>KB4497935</a></td><td>Resolved<br><a href = '' target='_blank'></a></td><td>Resolved:<br>October 18, 2019 <br>04:33 PM PT<br><br>Opened:<br>July 12, 2019 <br>04:20 PM PT</td></tr>
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Workaround: </strong>Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated Wi-Fi driver from your device manufacturer (OEM).</div><div>&nbsp;</div><div><strong>Note</strong> We recommend that you do not attempt to manually update using the <strong>Update now</strong> button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 12, 2019 <br>08:08 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='228msgdesc'></div><b>Intel Audio displays an intcdaud.sys notification</b><div>Microsoft and Intel have identified an issue with a range of Intel Display Audio device drivers that may result in higher than normal battery drain.&nbsp;If you see an <strong>intcdaud.sys</strong> notification or “What needs your attention” notification when trying to update to Windows 10, version 1903, you have an affected Intel Audio Display device driver installed on your machine (intcdaud.sys, versions 10.25.0.3 through 10.25.0.8).</div><div>&nbsp;&nbsp;</div><div>To safeguard your update experience, we have applied a compatibility hold on devices with drivers from being offered Windows 10, version 1903 until&nbsp;updated device drivers have been installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with updated drivers from your device manufacturer (OEM) or Intel. The safeguard hold has been removed.</div><div><br></div><div><strong>Note </strong>If you are still experiencing the issue described, please contact your device manufacturer (OEM).</div><br><a href ='#228msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved External<br></td><td>Last updated:<br>November 12, 2019 <br>08:04 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:22 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='226msgdesc'></div><b>Gamma ramps, color profiles, and night light settings do not apply in some cases</b><div>Microsoft has identified some scenarios where gamma ramps, color profiles and night light settings may stop working.</div><div><br></div><div>Microsoft has identified some scenarios in which these features may have issues or stop working, for example:</div><ul><li>Connecting to (or disconnecting from) an external monitor, dock, or projector</li><li>Rotating the screen</li><li>Updating display drivers or making other display mode changes</li><li>Closing full screen applications</li><li>Applying custom color profiles</li><li>Running applications that rely on custom gamma ramps</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a> and the safeguard hold has been removed.</div><br><a href ='#226msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4505903' target='_blank'>KB4505903</a></td><td>Resolved:<br>July 26, 2019 <br>02:00 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:28 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='229msgdesc'></div><b>Cannot launch Camera app </b><div>Microsoft and Intel have identified an issue affecting Intel RealSense SR300 and Intel RealSense S200 cameras when using the Camera app. After updating to the Windows 10 May 2019 Update and launching the Camera app, you may get an error message stating:</div><div class=\"ql-indent-1\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;\"Close other apps, error code: 0XA00F4243.”</div><div><br></div><div>To safeguard your update experience, we have applied a protective hold on machines with Intel RealSense SR300 or Intel RealSense S200 cameras installed from being offered Windows 10, version 1903, until&nbsp;this issue is resolved.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved in&nbsp;<a href='https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a> and the safeguard hold has been removed.</div><br><a href ='#229msg'>Back to top</a></td><td>OS Build 18362.116<br><br>May 21, 2019<br><a href ='https://support.microsoft.com/help/4505057' target='_blank'>KB4505057</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4501375' target='_blank'>KB4501375</a></td><td>Resolved:<br>June 27, 2019 <br>10:00 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:20 AM PT</td></tr>
--- a/windows/release-information/status-windows-10-1909.yml
+++ b/windows/release-information/status-windows-10-1909.yml
@ -64,8 +64,9 @@ sections:
  - type: markdown
    text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
      <tr><td><div id='322msg'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><br>Microsoft and Avast has identified compatibility issues with some versions of Avast and AVG Antivirus.<br><br><a href = '#322msgdesc'>See details ></a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>November 22, 2019 <br>04:10 PM PT</td></tr>
      <tr><td><div id='225msg'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><br>Microsoft has identified compatibility issues with some versions of Realtek Bluetooth radio drivers.<br><br><a href = '#225msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
      <tr><td><div id='231msg'></div><b>Intermittent loss of Wi-Fi connectivity</b><br>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. <br><br><a href = '#231msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Mitigated External<br></td><td>November 12, 2019 <br>08:08 AM PT</td></tr>
      <tr><td><div id='348msg'></div><b>Unable to create local users in Chinese, Japanese and Korean during device setup</b><br>You might be unable to create users in Chinese, Japanese and Korean using Input Method Editor (IME) during OOBE.<br><br><a href = '#348msgdesc'>See details ></a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 12, 2019 <br>08:05 AM PT</td></tr>
      </table>
      "
@ -77,6 +78,15 @@ sections:
        <div>
        </div> 
      "
 - title: November 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='322msgdesc'></div><b>Issues with some older versions of Avast and AVG anti-virus products</b><div>Microsoft and Avast has identified compatibility issues with some versions of Avast Antivirus and AVG Antivirus. Any application from Avast or AVG that contains Antivirus version 19.5.4444.567 or earlier is affected.</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Avast and AVG Antivirus from being offered or installing Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the application is updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows Server, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Workaround: </strong>Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated version of your Avast or AVG application. Guidance for Avast and AVG customers can be found in the following support articles:</div><ul><li><a href=\"https://support.avast.com/en-ww/article/253?p_pro=131&amp;p_ves=1&amp;p_lng=en&amp;p_lid=en-us&amp;p_vbd=2022&amp;cid=9632b01a-b7ec-4366-95d6-996c79ff9420\" rel=\"noopener noreferrer\" target=\"_blank\">Avast support KB article</a></li><li><a href=\"https://support.avg.com/SupportArticleView?supportType=home&amp;urlName=AVG-Antivirus-Windows-10-update&amp;cid=9632b01a-b7ec-4366-95d6-996c79ff9420&amp;l=en\" rel=\"noopener noreferrer\" target=\"_blank\">AVG support KB article</a></li></ul><div></div><div><strong>Note</strong>&nbsp;We recommend that you do not attempt to manually update using the&nbsp;<strong>Update now</strong>&nbsp;button or the Media Creation Tool until a new version of your Avast or AVG application has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you.</div><br><a href ='#322msg'>Back to top</a></td><td>N/A <br><br><a href ='' target='_blank'></a></td><td>Mitigated External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>November 22, 2019 <br>04:10 PM PT</td></tr>
      </table>
      "
 - title: October 2019
 - items:
  - type: markdown
@ -91,7 +101,7 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated Qualcomm Wifi driver and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>Last updated:<br>November 22, 2019 <br>04:10 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='225msgdesc'></div><b>Unable to discover or connect to Bluetooth devices using some Realtek adapters</b><div>Microsoft has identified compatibility issues with some driver versions for Bluetooth radios made by Realtek. To safeguard your update experience, we have applied a compatibility hold on devices with affected driver versions for Realtek Bluetooth radios from being offered Windows 10, version 1903 or Windows Server, version 1903 until the driver has been updated.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li><li>Server: Windows 10, version 1909; Windows Server, version 1903</li></ul><div></div><div><strong>Resolution:&nbsp;</strong>This issue was resolved with an updated driver for the affected Realtek Bluetooth radio and the safeguard hold has been removed. Please note, it can take up to 48 hours before you can update to offered Windows 10, version 1909 or Windows 10, version 1903.</div><br><a href ='#225msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Resolved External<br></td><td>Last updated:<br>November 15, 2019 <br>05:59 PM PT<br><br>Opened:<br>May 21, 2019 <br>07:29 AM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='231msgdesc'></div><b>Intermittent loss of Wi-Fi connectivity</b><div>Some older devices may experience loss of Wi-Fi connectivity due to an outdated Qualcomm driver. An updated Wi-Fi driver should be available from your device manufacturer (OEM).</div><div><br></div><div>To safeguard your upgrade experience, we have applied a hold on devices with affected Qualcomm driver from being offered Windows 10, version 1903 or Windows 10, version 1909, until&nbsp;the updated driver is installed.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1909; Windows 10, version 1903</li></ul><div></div><div><strong>Workaround: </strong>Before updating to Windows 10, version 1903 or Windows 10, version 1909, you will need to download and install an updated Wi-Fi driver from your device manufacturer (OEM).</div><div>&nbsp;</div><div><strong>Note</strong> We recommend that you do not attempt to manually update using the <strong>Update now</strong> button or the Media Creation Tool until a new driver has been installed and the Windows 10, version 1903 or Windows 10, version 1909 feature update has been automatically offered to you.</div><br><a href ='#231msg'>Back to top</a></td><td>OS Build 18363.476<br><br>November 12, 2019<br><a href ='https://support.microsoft.com/help/4524570' target='_blank'>KB4524570</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 12, 2019 <br>08:08 AM PT<br><br>Opened:<br>May 21, 2019 <br>07:13 AM PT</td></tr>
      </table>
      "
--- a/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
+++ b/windows/release-information/status-windows-7-and-windows-server-2008-r2-sp1.yml
@ -63,6 +63,7 @@ sections:
      <tr><td><div id='374msg'></div><b>MSRT might fail to install and be re-offered from Windows Update or WSUS </b><br>The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.<br><br><a href = '#374msgdesc'>See details ></a></td><td><br><a href ='' target='_blank'></a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4519976' target='_blank'>KB4519976</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='310msg'></div><b>IA64 and x64 devices may fail to start after installing updates</b><br>After installing updates released on or after August 13, 2019, IA64 and x64 devices using EFI Boot may fail to start.<br><br><a href = '#310msgdesc'>See details ></a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>August 17, 2019 <br>12:59 PM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
      </table>
      "
@ -91,3 +92,12 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='310msgdesc'></div><b>IA64 and x64 devices may fail to start after installing updates</b><div>IA64 devices (in any configuration) and x64 devices using EFI boot that were provisioned after the July 9th updates and/or skipped the recommended update (KB3133977), may fail to start with the following error:</div><div><strong>\"File: \\Windows\\system32\\winload.efi</strong></div><div><strong>Status: 0xc0000428</strong></div><div><strong>Info: Windows cannot verify the digital signature for this file.\"</strong></div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 7 SP1</li><li>Server: Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Take Action: </strong>To resolve this issue please follow the steps outlined in the&nbsp;<a href=\"https://support.microsoft.com/help/4472027\" target=\"_blank\">SHA-2 support FAQ</a> article for error code 0xc0000428.</div><br><a href ='#310msg'>Back to top</a></td><td>August 13, 2019<br><a href ='https://support.microsoft.com/help/4512506' target='_blank'>KB4512506</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>August 17, 2019 <br>12:59 PM PT<br><br>Opened:<br>August 13, 2019 <br>08:34 AM PT</td></tr>
      </table>
      "
 - title: May 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499164' target='_blank'>KB4499164</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
+++ b/windows/release-information/status-windows-8.1-and-windows-server-2012-r2.yml
@ -61,6 +61,7 @@ sections:
    text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520005' target='_blank'>KB4520005</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
      <tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
      <tr><td><div id='161msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#161msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480963' target='_blank'>KB4480963</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
      </table>
@ -87,6 +88,7 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499151' target='_blank'>KB4499151</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='217msgdesc'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><div>If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong></div><div>If you see any of the previous dictionary updates listed below, uninstall it from <strong>Programs and features</strong> &gt; <strong>Uninstall or change a program</strong>. New words that were in previous dictionary updates are also in this update.</div><ul><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)</li></ul><br><a href ='#217msg'>Back to top</a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493443' target='_blank'>KB4493443</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 15, 2019 <br>05:53 PM PT<br><br>Opened:<br>May 15, 2019 <br>05:53 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/status-windows-server-2008-sp2.yml
+++ b/windows/release-information/status-windows-server-2008-sp2.yml
@ -62,7 +62,6 @@ sections:
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='374msg'></div><b>MSRT might fail to install and be re-offered from Windows Update or WSUS </b><br>The November 2019 update for Windows Malicious Software Removal Tool (MSRT) might fail to install from WU/WSUS.<br><br><a href = '#374msgdesc'>See details ></a></td><td><br><a href ='' target='_blank'></a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>November 15, 2019 <br>05:59 PM PT</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520002' target='_blank'>KB4520002</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='327msg'></div><b>Issues manually installing updates by double-clicking the .msu file</b><br>You may encounter issues manually installing updates by double-clicking the .msu file and may receive an error.<br><br><a href = '#327msgdesc'>See details ></a></td><td>September 10, 2019<br><a href ='https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a></td><td>September 23, 2019 <br>10:00 AM PT</td></tr>
      </table>
      "
@ -82,12 +81,3 @@ sections:
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='364msgdesc'></div><b>TLS connections might fail or timeout</b><div>Updates for Windows released October 8, 2019 or later provide protections, tracked by <a href=\"https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2019-1318\" rel=\"noopener noreferrer\" target=\"_blank\">CVE-2019-1318</a>, against an attack that could allow unauthorized access to information or data within TLS connections.&nbsp;This type of attack is known as a man-in-the-middle exploit.&nbsp;Windows might fail to connect to TLS clients and servers that do not support Extended Master Secret for resumption (<a href=\"https://tools.ietf.org/html/rfc7627\" rel=\"noopener noreferrer\" target=\"_blank\">RFC 7627</a>). Lack of RFC support might cause one or more of the following errors or logged events:</div><ul><li>\"The request was aborted: Could not create SSL/TLS secure Channel\"</li><li>SCHANNEL event 36887 is logged in the System event log with the description, \"A fatal alert was received from the remote endpoint. The TLS protocol defined fatal alert code is 20.\"</li></ul><div></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1903; Windows 10, version 1809; Windows 10 Enterprise LTSC 2019; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10 Enterprise LTSC 2016; Windows 10, version 1607; Windows 10 Enterprise LTSC 2015; Windows 8.1; Windows 7 SP1</li><li>Server: Windows Server, version 1903; Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709 ; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1; Windows Server 2008 SP2</li></ul><div></div><div><br></div><div><strong>Next Steps: </strong>Connections between two devices running any supported version of Windows should not have this issue when fully updated.&nbsp;There is no update for Windows needed for this issue.&nbsp;These changes are required to address a security issue and security compliance. For information, see <a href=\"https://support.microsoft.com/help/4528489\" rel=\"noopener noreferrer\" target=\"_blank\">KB4528489</a>.</div><br><a href ='#364msg'>Back to top</a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520002' target='_blank'>KB4520002</a></td><td>Mitigated External<br></td><td>Last updated:<br>November 05, 2019 <br>03:36 PM PT<br><br>Opened:<br>November 05, 2019 <br>03:36 PM PT</td></tr>
      </table>
      "
 - title: September 2019
 - items:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='327msgdesc'></div><b>Issues manually installing updates by double-clicking the .msu file</b><div>After installing the SHA-2 update (<a href='https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a>) released on September 10, 2019, you may encounter issues manually installing updates by double-clicking on the .msu file and may receive the error, \"Installer encountered an error: 0x80073afc. The resource loader failed to find MUI file.\"</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Server: Windows Server 2008 SP2</li></ul><div></div><div><strong>Workaround:</strong> Open a command prompt and use the following command (replacing &lt;msu location&gt; with the actual location and filename of the update): <strong>wusa.exe &lt;msu location&gt; /quiet</strong></div><div><br></div><div><strong>Resolution:</strong> This issue is resolved in <a href='https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a> released October 8, 2019. It will install automatically from Windows Update and Windows Server Update Services (WSUS). If you need to install this update manually, you will need to use the workaround above.</div><div><br></div><div><strong>Note&nbsp;</strong>If you previously installed&nbsp;<a href='https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a>&nbsp;released&nbsp;September 23, 2019, then you already have the latest version of this update and do not need to reinstall.</div><br><a href ='#327msg'>Back to top</a></td><td>September 10, 2019<br><a href ='https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a></td><td>Resolved<br><a href = 'https://support.microsoft.com/help/4474419' target='_blank'>KB4474419</a></td><td>Resolved:<br>September 23, 2019 <br>10:00 AM PT<br><br>Opened:<br>September 20, 2019 <br>04:57 PM PT</td></tr>
      </table>
      "
--- a/windows/release-information/status-windows-server-2012.yml
+++ b/windows/release-information/status-windows-server-2012.yml
@ -61,6 +61,7 @@ sections:
    text: "<div>This table offers a summary of current active issues and those issues that have been resolved in the last 30 days.</div><br>
      <table border ='0'><tr><td width='65%'>Summary</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>Last updated</td></tr>
      <tr><td><div id='364msg'></div><b>TLS connections might fail or timeout</b><br>Transport Layer Security (TLS) connections might fail or timeout when connecting or attempting a resumption.<br><br><a href = '#364msgdesc'>See details ></a></td><td>October 08, 2019<br><a href ='https://support.microsoft.com/help/4520007' target='_blank'>KB4520007</a></td><td>Mitigated External<br></td><td>November 05, 2019 <br>03:36 PM PT</td></tr>
      <tr><td><div id='218msg'></div><b>Unable to access some gov.uk websites</b><br>gov.uk websites that don’t support “HSTS” may not be accessible<br><br><a href = '#218msgdesc'>See details ></a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>May 16, 2019 <br>06:41 PM PT</td></tr>
      <tr><td><div id='217msg'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><br>With previous dictionary updates installed, the Japanese IME doesn't show the new Japanese Era name as an input option.<br><br><a href = '#217msgdesc'>See details ></a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>May 15, 2019 <br>05:53 PM PT</td></tr>
      <tr><td><div id='187msg'></div><b>Certain operations performed on a Cluster Shared Volume may fail</b><br>Operations performed on files or folders on a CSV may fail with the error: STATUS_BAD_IMPERSONATION_LEVEL (0xC00000A5).<br><br><a href = '#187msgdesc'>See details ></a></td><td>January 08, 2019<br><a href ='https://support.microsoft.com/help/4480975' target='_blank'>KB4480975</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>April 25, 2019 <br>02:00 PM PT</td></tr>
      </table>
@ -87,6 +88,7 @@ sections:
  - type: markdown
    text: "
      <table border ='0'><tr><td width='65%'>Details</td><td width='15%'>Originating update</td><td width='10%'>Status</td><td width='10%'>History</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='218msgdesc'></div><b>Unable to access some gov.uk websites</b><div>After installing the May 14, 2019 update, some gov.uk websites that don’t support HTTP Strict Transport Security&nbsp;(HSTS)&nbsp;may not be accessible through Internet Explorer 11 or Microsoft Edge.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 10, version 1809; Windows 10, version 1803; Windows 10, version 1709; Windows 10, version 1703; Windows 10, version 1607; Windows 10, version 1507; Windows 8.1; Windows 7 SP1&nbsp;</li><li>Server: Windows Server, version 1809; Windows Server 2019; Windows Server, version 1803; Windows Server, version 1709; Windows Server 2016; Windows Server 2012 R2; Windows Server 2012; Windows Server 2008 R2 SP1</li></ul><div></div><div><strong>Next Steps: </strong>Microsoft is working on a resolution and will provide an update as quickly as possible.</div><div>&nbsp;</div><div>&nbsp;</div><br><a href ='#218msg'>Back to top</a></td><td>May 14, 2019<br><a href ='https://support.microsoft.com/help/4499171' target='_blank'>KB4499171</a></td><td>Investigating<br><a href = 'https://support.microsoft.com/help/4505050' target='_blank'>KB4505050</a></td><td>Last updated:<br>May 16, 2019 <br>06:41 PM PT<br><br>Opened:<br>May 16, 2019 <br>01:57 PM PT</td></tr>
      <tr><td style='border-left-width:1px;border-right-width:1px;border-bottom-width:1px;'><div id='217msgdesc'></div><b>Japanese IME doesn't show the new Japanese Era name as a text input option</b><div>If previous dictionary updates are installed, the Japanese input method editor (IME) doesn't show the new Japanese Era name as a text input option.</div><div><br></div><div><strong>Affected platforms:</strong></div><ul><li>Client: Windows 8.1</li><li>Server: Windows Server 2012 R2; Windows Server 2012</li></ul><div></div><div><strong>Workaround: </strong></div><div>If you see any of the previous dictionary updates listed below, uninstall it from <strong>Programs and features</strong> &gt; <strong>Uninstall or change a program</strong>. New words that were in previous dictionary updates are also in this update.</div><ul><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.2013)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1215)</li><li>Update for Japanese Microsoft IME Standard Dictionary (15.0.1080)</li><li>Update for Japanese Microsoft IME Standard Extended Dictionary (15.0.1080)</li></ul><br><a href ='#217msg'>Back to top</a></td><td>April 25, 2019<br><a href ='https://support.microsoft.com/help/4493462' target='_blank'>KB4493462</a></td><td>Mitigated<br><a href = '' target='_blank'></a></td><td>Last updated:<br>May 15, 2019 <br>05:53 PM PT<br><br>Opened:<br>May 15, 2019 <br>05:53 PM PT</td></tr>
      </table>
      "
--- a/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/endpoint-detection-response-mac-preview.md
@ -133,6 +133,12 @@ In the command prompt, run:
    mdatp --edr --early-preview true
 ```
 >[!NOTE]
 >For this command to work, you will need to be at version 100.78.x.
 >To get the latest version of the Microsoft Defender ATP for MAC, set the Microsoft AutoUpdate to “Fast Ring”. To get “Microsoft AutoUpdate”, download it from [Release history for Microsoft AutoUpdate (MAU)](https://docs.microsoft.com/officeupdates/release-history-microsoft-autoupdate).
 ## Troubleshooting
 ### Verify you are running the correct version
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-asr.md
@ -1,6 +1,6 @@
 ---
 title: Troubleshoot problems with attack surface reduction rules
-description: Check pre-requisites, use audit mode, add exclusions, or collect diagnostic data to help troubleshoot issues
+description: Check prerequisites, use audit mode, add exclusions, or collect diagnostic data to help troubleshoot issues
 keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@ -10,11 +10,12 @@ ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.date: 03/27/2019
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
 ---
 # Troubleshoot attack surface reduction rules
@ -23,48 +24,56 @@ manager: dansimp
 * [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-When you use [attack surface reduction rules](attack-surface-reduction.md) you may encounter issues, such as:
+When you use [attack surface reduction rules](attack-surface-reduction.md) you may run into issues, such as:
-* A rule blocks a file, process, or performs some other action that it should not (false positive)
+- A rule blocks a file, process, or performs some other action that it should not (false positive)
-* A rule does not work as described, or does not block a file or process that it should (false negative)
+
 - A rule does not work as described, or does not block a file or process that it should (false negative)
 There are four steps to troubleshooting these problems:
-1. Confirm prerequisites
+1. [Confirm prerequisites](#confirm-prerequisites)
-2. Use audit mode to test the rule
+
-3. Add exclusions for the specified rule (for false positives)
+2. [Use audit mode to test the rule](#use-audit-mode-to-test-the-rule)
-4. Submit support logs
+
 3. [Add exclusions for the specified rule](#add-exclusions-for-a-false-positive) (for false positives)
 4. [Submit support logs](#collect-diagnostic-data-for-file-submissions)
 ## Confirm prerequisites
 Attack surface reduction rules will only work on devices with the following conditions:
-> [!div class="checklist"]
+- Endpoints are running Windows 10 Enterprise, version 1709 (also known as the Fall Creators Update).
 > * Endpoints are running Windows 10 Enterprise, version 1709 (also known as the Fall Creators Update).
 > * Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
 > * [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled.
 > * Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
-If these pre-requisites have all been met, proceed to the next step to test the rule in audit mode.
+- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](../windows-defender-antivirus/windows-defender-antivirus-compatibility.md).
 - [Real-time protection](../windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md) is enabled.
 - Audit mode is not enabled. Use Group Policy to set the rule to **Disabled** (value: **0**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md).
 If these prerequisites have all been met, proceed to the next step to test the rule in audit mode.
 ## Use audit mode to test the rule
-You can visit the Windows Defender Testground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm attack surface reduction rules are generally working for pre-configured scenarios and processes on a device, or you can use audit mode, which enables rules for reporting only.
+You can visit the Windows Defender Test ground website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm attack surface reduction rules are generally working for pre-configured scenarios and processes on a device, or you can use audit mode, which enables rules for reporting only.
 Follow these instructions in [Use the demo tool to see how attack surface reduction rules work](evaluate-attack-surface-reduction.md) to test the specific rule you are encountering problems with.
 1. Enable audit mode for the specific rule you want to test. Use Group Policy to set the rule to **Audit mode** (value: **2**) as described in [Enable attack surface reduction rules](enable-attack-surface-reduction.md). Audit mode allows the rule to report the file or process, but will still allow it to run.
 2. Perform the activity that is causing an issue (for example, open or execute the file or process that should be blocked but is being allowed).
 3. [Review the attack surface reductio rule event logs](attack-surface-reduction.md) to see if the rule would have blocked the file or process if the rule had been set to **Enabled**.
->
+2. Perform the activity that is causing an issue (for example, open or execute the file or process that should be blocked but is being allowed).
->If a rule is not blocking a file or process that you are expecting it should block, first check if audit mode is enabled.
+
->
+3. [Review the attack surface reduction rule event logs](attack-surface-reduction.md) to see if the rule would have blocked the file or process if the rule had been set to **Enabled**.
->Audit mode may have been enabled for testing another feature, or by an automated PowerShell script, and may not have been disabled after the tests were completed.
+
 If a rule is not blocking a file or process that you are expecting it should block, first check if audit mode is enabled.
 Audit mode may have been enabled for testing another feature, or by an automated PowerShell script, and may not have been disabled after the tests were completed.
 If you've tested the rule with the demo tool and with audit mode, and attack surface reduction rules are working on pre-configured scenarios, but the rule is not working as expected, proceed to either of the following sections based on your situation:
 1. If the attack surface reduction rule is blocking something that it should not block (also known as a false positive), you can [first add an attack surface reduction rule exclusion](#add-exclusions-for-a-false-positive).
 2. If the attack surface reduction rule is not blocking something that it should block (also known as a false negative), you can proceed immediately to the last step, [collecting diagnostic data and submitting the issue to us](#collect-diagnostic-data-for-file-submissions).
 ## Add exclusions for a false positive
@ -79,7 +88,7 @@ To add an exclusion, see [Customize Attack surface reduction](customize-attack-s
 ## Report a false positive or false negative
-Use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/wdsi/filesubmission) to report a false negative or false positive for network protection. With an E5 subscription, you can also [provide a link to any associated alert](../microsoft-defender-atp/alerts-queue.md).
+Use the [Windows Defender Security Intelligence web-based submission form](https://www.microsoft.com/wdsi/filesubmission) to report a false negative or false positive for network protection. With a Windows E5 subscription, you can also [provide a link to any associated alert](../microsoft-defender-atp/alerts-queue.md).
 ## Collect diagnostic data for file submissions
@ -97,10 +106,12 @@ When you report a problem with attack surface reduction rules, you are asked to
   mpcmdrun -getfiles
   ```
-3. By default, they are saved to C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab. Attach the file to the submission form.
+3. By default, they are saved to `C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab`. Attach the file to the submission form.
-## Related topics
+## Related articles
-* [Attack surface reduction rules](attack-surface-reduction.md)
+- [Attack surface reduction rules](attack-surface-reduction.md)
-* [Enable attack surface reduction rules](enable-attack-surface-reduction.md)
+
-* [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md)
+- [Enable attack surface reduction rules](enable-attack-surface-reduction.md)
 - [Evaluate attack surface reduction rules](evaluate-attack-surface-reduction.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/troubleshoot-np.md
@ -1,6 +1,6 @@
 ---
 title: Troubleshoot problems with Network protection
-description: Check pre-requisites, use audit mode, add exclusions, or collect diagnostic data to help troubleshoot issues
+description: Check prerequisites, use audit mode, add exclusions, or collect diagnostic data to help troubleshoot issues
 keywords: troubleshoot, error, fix, windows defender eg, asr, rules, hips, troubleshoot, audit, exclusion, false positive, broken, blocking
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@ -61,12 +61,12 @@ You can enable network protection in audit mode and then visit a website that we
 1. Perform the connection activity that is causing an issue (for example, attempt to visit the site, or connect to the IP address you do or don't want to block).
 1. [Review the network protection event logs](network-protection.md#review-network-protection-events-in-windows-event-viewer) to see if the feature would have blocked the connection if it had been set to **Enabled**.
   >
   >If network protection is not blocking a connection that you are expecting it should block, enable the feature.
-```PowerShell
+   If network protection is not blocking a connection that you are expecting it should block, enable the feature.
-Set-MpPreference -EnableNetworkProtection Enabled
+
-```
+   ```PowerShell
   Set-MpPreference -EnableNetworkProtection Enabled
   ```
 ## Report a false positive or false negative
--- a/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/collect-diagnostic-data-update-compliance.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -24,35 +25,35 @@ manager: dansimp
 This topic describes how to collect diagnostic data that can be used by Microsoft support and engineering teams to help troubleshoot issues you may encounter when using the Windows Defender AV Assessment section in the Update Compliance add-in.
-Before attempting this process, ensure you have read [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md), met all require pre-requisites, and taken any other suggested troubleshooting steps.
+Before attempting this process, ensure you have read [Troubleshoot Windows Defender Antivirus reporting](troubleshoot-reporting.md), met all require prerequisites, and taken any other suggested troubleshooting steps.
-1. On at least two endpoints that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by following this process:
+On at least two endpoints that are not reporting or showing up in Update Compliance, obtain the .cab diagnostic file by following this process:
-    1. Open an administrator-level version of the command prompt:
+1. Open an administrator-level version of the command prompt as follows:
-        1. Open the **Start** menu.
+    a. Open the **Start** menu.
-        2. Type **cmd**. Right-click on **Command Prompt** and click **Run as administrator**.
+    b. Type **cmd**. Right-click on **Command Prompt** and click **Run as administrator**.
-        3. Enter administrator credentials or approve the prompt.
+    c. Enter administrator credentials or approve the prompt.
-    2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example:
+2. Navigate to the Windows Defender directory. By default, this is C:\Program Files\Windows Defender, as in the following example:
    ```Dos
    cd c:\program files\windows\defender
    ```
-    3. Enter the following command and press **Enter**
+3. Enter the following command and press **Enter**
    ```Dos
    mpcmdrun -getfiles
    ```
-    4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt, but by default it will be in C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab.
+4. A .cab file will be generated that contains various diagnostic logs. The location of the file will be specified in the output in the command prompt, but by default it will be in C:\ProgramData\Microsoft\Windows Defender\Support\MpSupportFiles.cab.
-2. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
+5. Copy these .cab files to a location that can be accessed by Microsoft support. An example could be a password-protected OneDrive folder that you can share with us.
-3. Send an email using the <a href="mailto:ucsupport@microsoft.com?subject=WDAV assessment issue&body=I%20am%20encountering%20the%20following%20issue%20when%20using%20Windows%20Defender%20AV%20in%20Update%20Compliance%3a%20%0d%0aI%20have%20provided%20at%20least%202%20support%20.cab%20files%20at%20the%20following%20location%3a%20%3Caccessible%20share%2c%20including%20access%20details%20such%20as%20password%3E%0d%0aMy%20OMS%20workspace%20ID%20is%3a%20%0d%0aPlease%20contact%20me%20at%3a">Update Compliance support email template</a>, and fill out the template with the following information:
+6. Send an email using the <a href="mailto:ucsupport@microsoft.com?subject=WDAV assessment issue&body=I%20am%20encountering%20the%20following%20issue%20when%20using%20Windows%20Defender%20AV%20in%20Update%20Compliance%3a%20%0d%0aI%20have%20provided%20at%20least%202%20support%20.cab%20files%20at%20the%20following%20location%3a%20%3Caccessible%20share%2c%20including%20access%20details%20such%20as%20password%3E%0d%0aMy%20OMS%20workspace%20ID%20is%3a%20%0d%0aPlease%20contact%20me%20at%3a">Update Compliance support email template</a>, and fill out the template with the following information:
    ```
    I am encountering the following issue when using Windows Defender Antivirus in Update Compliance:
@ -64,7 +65,7 @@ Before attempting this process, ensure you have read [Troubleshoot Windows Defen
    Please contact me at:
    ```
-## Related topics
+## See also
 - [Troubleshoot Windows Defender Windows Defender Antivirus reporting](troubleshoot-reporting.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus.md
@ -1,6 +1,6 @@
 ---
 title: Use the command line to manage Windows Defender Antivirus
-description: Run Windows Defender Antivirus scans and configure next gen protection with a dedicated command-line utility.
+description: Run Windows Defender Antivirus scans and configure next-generation protection with a dedicated command-line utility.
 keywords: run windows defender scan, run antivirus scan from command line, run windows defender scan from command line, mpcmdrun, defender
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
 ---
--- a/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configuration-management-reference-windows-defender-antivirus.md
@ -1,6 +1,6 @@
 ---
 title: Manage Windows Defender  in your business
-description: Learn how to use Group Policy, Configuration Manager, PowerShell, WMI, Intune, and the comman line to manage Windows Defender AV
+description: Learn how to use Group Policy, Configuration Manager, PowerShell, WMI, Intune, and the command line to manage Windows Defender AV
 keywords: group policy, gpo, config manager, sccm, scep, powershell, wmi, intune, defender, antivirus, antimalware, security, protection
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-advanced-scan-types-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 10/25/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-block-at-first-sight-windows-defender-antivirus.md
@ -9,10 +9,11 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.reviewer: 
 manager: dansimp
 ms.custom: nextgen
 ---
 # Enable block at first sight
@ -21,16 +22,12 @@ manager: dansimp
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-Block at first sight is a feature of next gen protection that provides a way to detect and block new malware within seconds.
+Block at first sight is a feature of next-generation protection that provides a way to detect and block new malware within seconds. This protection is enabled by default when certain prerequisite settings are also enabled. In most cases, these prerequisite settings are also enabled by default, so the feature is running without any intervention. 
-It is enabled by default when certain pre-requisite settings are also enabled. In most cases, these pre-requisite settings are also enabled by default, so the feature is running without any intervention. 
+You can [specify how long the file should be prevented from running](configure-cloud-block-timeout-period-windows-defender-antivirus.md) while the cloud-based protection service analyzes the file. And, you can [customize the message displayed on users' desktops](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information) when a file is blocked. You can change the company name, contact information, and message URL.
 You can [specify how long the file should be prevented from running](configure-cloud-block-timeout-period-windows-defender-antivirus.md) while the cloud-based protection service analyzes the file.
 You can also [customize the message displayed on users' desktops](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-security-center/wdsc-customize-contact-information) when a file is blocked. You can change the company name, contact information, and message URL.
 >[!TIP]
->You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work.
+>Visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the features are working and see how they work.
 ## How it works
@ -55,8 +52,8 @@ Block at first sight requires a number of settings to be configured correctly or
 1. In Intune, navigate to **Device configuration - Profiles > *Profile name* > Device restrictions > Windows Defender Antivirus**.
-> [!NOTE]
+   > [!NOTE]
-> The profile you select must be a Device Restriction profile type, not an Endpoint Protection profile type.
+   > The profile you select must be a Device Restriction profile type, not an Endpoint Protection profile type.
 2. Verify these settings are configured as follows:
@ -67,8 +64,8 @@ Block at first sight requires a number of settings to be configured correctly or
   ![Intune config](images/defender/intune-block-at-first-sight.png)
-> [!Warning]
+   > [!WARNING]
-> Setting the file blocking level to **High** will apply a strong level of detection. In the unlikely event that it causes a false positive detection of legitimate files, use the option to [restore the quarantined files](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus).
+   > Setting the file blocking level to **High** will apply a strong level of detection. In the unlikely event that it causes a false positive detection of legitimate files, use the option to [restore the quarantined files](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus).
 For more information about configuring Windows Defender Antivirus device restrictions in Intune, see [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
@ -77,18 +74,24 @@ For a list of Windows Defender Antivirus device restrictions in Intune, see [Dev
 ### Enable block at first sight with SCCM
 1. In System Center Configuration Manager, click **Assets and Compliance** > **Endpoint Protection** > **AntiMalware Policies**.
-1. Click **Home** > **Create Antimalware Policy**.
+
-1. Enter a name and a description, and add these settings:
+2. Click **Home** > **Create Antimalware Policy**.
 3. Enter a name and a description, and add these settings:
   - **Real time protection**
   - **Advanced**
   - **Cloud Protection Service**
-1. In the left column, click **Real time protection**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**.
+
 4. In the left column, click **Real time protection**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**.
   ![Enable real-time protection](images/defender/sccm-real-time-protection.png)
-1. Click **Advanced**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**.
+
 5. Click **Advanced**, set **Enable real-time protection** to **Yes**, and set **Scan system files** to **Scan incoming and outgoing files**.
   ![Enable Advanced settings](images/defender/sccm-advanced-settings.png)
-1. Click **Cloud Protection Service**, set **Cloud Protection Service membership type** to **Advanced membership**, set **Level for blocking malicious files** to **High**, and set **Allow extended cloud check to block and scan suspicious files for up to (seconds)** to **50** seconds.
+
 6. Click **Cloud Protection Service**, set **Cloud Protection Service membership type** to **Advanced membership**, set **Level for blocking malicious files** to **High**, and set **Allow extended cloud check to block and scan suspicious files for up to (seconds)** to **50** seconds.
   ![Enable Cloud Protection Service](images/defender/sccm-cloud-protection-service.png)
-1. Click **OK** to create the policy.
+
 7. Click **OK** to create the policy.
 ### Confirm block at first sight is enabled with Group Policy
@ -97,25 +100,20 @@ For a list of Windows Defender Antivirus device restrictions in Intune, see [Dev
 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
-3. Expand the tree to **Windows components > Windows Defender Antivirus > MAPS** and configure the following Group Policies:
+3. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **MAPS**, configure the following Group Policies, and then click **OK**:
-   1. Double-click **Join Microsoft MAPS** and ensure the option is set to **Enabled**. Click **OK**.
+   -  Double-click **Join Microsoft MAPS** and ensure the option is set to **Enabled**. Click **OK**.
-   2. Double-click **Send file samples when further analysis is required** and ensure the option is set to **Enabled** and the additional options are either of the following:
+   - Double-click **Send file samples when further analysis is required** and ensure the option is set to **Enabled** and the additional options are either **Send safe samples (1)** or **Send all samples (3)**.
      - Send safe samples (1)
      - Send all samples (3)
    > [!WARNING]
-        > Setting to 0 (Always Prompt) will lower the protection state of the device. Setting to 2 (Never send) means block at first sight will not function.
+    > Setting to **Always prompt (0)** will lower the protection state of the device. Setting to **Never send (2)** means block at first sight will not function.
-   3. Click **OK**.
+4. In the **Group Policy Management Editor**, expand the tree to **Windows components** > **Windows Defender Antivirus** > **Real-time Protection**:
-4. In the **Group Policy Management Editor**, expand the tree to **Windows components > Windows Defender Antivirus > Real-time Protection**:
+    1. Double-click **Scan all downloaded files and attachments** and ensure the option is set to **Enabled**, and then click **OK**.
-    1. Double-click **Scan all downloaded files and attachments** and ensure the option is set to **Enabled**. Click **OK**.
+    2. Double-click **Turn off real-time protection** and ensure the option is set to **Disabled**, and then click **OK**.
    2. Double-click **Turn off real-time protection** and ensure the option is set to **Disabled**. Click **OK**.
 If you had to change any of the settings, you should re-deploy the Group Policy Object across your network to ensure all endpoints are covered.
@ -125,7 +123,7 @@ You can confirm that block at first sight is enabled in Windows Settings.
 Block at first sight is automatically enabled as long as **Cloud-based protection** and **Automatic sample submission** are both turned on.
-**Confirm Block at First Sight is enabled on individual clients**
+### Confirm Block at First Sight is enabled on individual clients
 1. Open the Windows Security app by clicking the shield icon in the task bar.
@ -136,7 +134,7 @@ Block at first sight is automatically enabled as long as **Cloud-based protectio
 3. Confirm that **Cloud-based Protection** and **Automatic sample submission** are switched to **On**.
 > [!NOTE]
-> If the pre-requisite settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings.
+> If the prerequisite settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings.
 ### Validate block at first sight is working
@ -147,20 +145,20 @@ You can validate that the feature is working by following the steps outlined in
 > [!WARNING]
 > Disabling block at first sight will lower the protection state of the endpoint and your network.
-You may choose to disable block at first sight if you want to retain the pre-requisite settings without using block at first sight protection. You might wish to do this if you are experiencing latency issues or you want to test the feature's impact on your network.
+You may choose to disable block at first sight if you want to retain the prerequisite settings without using block at first sight protection. You might wish to do this if you are experiencing latency issues or you want to test the feature's impact on your network.
-**Disable block at first sight with Group Policy**
+### Disable block at first sight with Group Policy
-1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure, and then click **Edit**.
 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
-3. Expand the tree through **Windows components > Windows Defender Antivirus > MAPS**.
+3. Expand the tree through **Windows components** > **Windows Defender Antivirus** > **MAPS**.
 4. Double-click **Configure the 'Block at First Sight' feature** and set the option to **Disabled**.
    > [!NOTE]
-    > Disabling block at first sight will not disable or alter the pre-requisite group policies.
+    > Disabling block at first sight will not disable or alter the prerequisite group policies.
 ## Related topics
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-cloud-block-timeout-period-windows-defender-antivirus.md
@ -9,11 +9,13 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
 ms.custom: nextgen
 ---
 # Configure the cloud block timeout period
@ -47,6 +49,6 @@ You can use Group Policy to specify an extended timeout for cloud checks.
 ## Related topics
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
- [Use next-gen antivirus technologies through cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
+- [Use next-generation antivirus technologies through cloud-delivered protection](utilize-microsoft-cloud-protection-windows-defender-antivirus.md)
 - [Configure block at first sight](configure-block-at-first-sight-windows-defender-antivirus.md)
 - [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-end-user-interaction-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-exclusions-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-extension-file-exclusions-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 12/10/2018
 ms.reviewer: 
 manager: dansimp
@ -25,26 +26,23 @@ manager: dansimp
 > [!IMPORTANT]
 > Windows Defender Antivirus exclusions don't apply to other Microsoft Defender ATP capabilities, including [endpoint detection and response (EDR)](../microsoft-defender-atp/overview-endpoint-detection-response.md), [attack surface reduction (ASR) rules](../microsoft-defender-atp/attack-surface-reduction.md), and [controlled folder access](../microsoft-defender-atp/controlled-folders.md). Files that you exclude using the methods described in this article can still trigger EDR alerts and other detections. To exclude files broadly, add them to the Microsoft Defender ATP [custom indicators](../microsoft-defender-atp/manage-indicators.md).
-You can exclude certain files from Windows Defender Antivirus scans by modifying exclusion lists.
+## Exclusion lists
-Generally, you shouldn't need to apply exclusions. Windows Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations.
+You can exclude certain files from Windows Defender Antivirus scans by modifying exclusion lists. **Generally, you shouldn't need to apply exclusions**. Windows Defender Antivirus includes a number of automatic exclusions based on known operating system behaviors and typical management files, such as those used in enterprise management, database management, and other enterprise scenarios and situations.
 > [!NOTE]
-> Automatic exclusions apply only to Windows Server 2016 and above. 
+> Automatic exclusions apply only to Windows Server 2016 and above. The default antimalware policy we deploy at Microsoft doesn't set any exclusions by default.
->[!TIP]
+This topic describes how to configure exclusion lists for the files and folders.
 >The default antimalware policy we deploy at Microsoft doesn't set any exclusions by default.
 This topic describes how to configure exclusion lists for the following:
 Exclusion | Examples | Exclusion list
 ---|---|---
-Any file with a specific extension | All files with the .test extension, anywhere on the machine | Extension exclusions
+Any file with a specific extension | All files with the `.test` extension, anywhere on the machine | Extension exclusions
-Any file under a specific folder | All files under the c:\test\sample folder | File and folder exclusions
+Any file under a specific folder | All files under the `c:\test\sample` folder | File and folder exclusions
-A specific file in a specific folder | The file c:\sample\sample.test only | File and folder exclusions
+A specific file in a specific folder | The file `c:\sample\sample.test` only | File and folder exclusions
-A specific process | The executable file c:\test\process.exe | File and folder exclusions
+A specific process | The executable file `c:\test\process.exe` | File and folder exclusions
-This means the exclusion lists have the following characteristics:
+Exclusion lists have the following characteristics:
 - Folder exclusions will apply to all files and folders under that folder, unless the subfolder is a reparse point. Reparse point subfolders must be excluded separately.
 - File extensions will apply to any file name with the defined extension if a path or folder is not defined.
@ -65,21 +63,23 @@ The exclusions apply to [scheduled scans](scheduled-catch-up-scans-windows-defen
 >
 >Changes made in the Windows Security app **will not show** in the Group Policy lists.
-By default, local changes made to the lists (by users with administrator privileges, including changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence in case of conflicts.
+By default, local changes made to the lists (by users with administrator privileges, including changes made with PowerShell and WMI) will be merged with the lists as defined (and deployed) by Group Policy, Configuration Manager, or Intune. The Group Policy lists will take precedence when there are conflicts.
 You can [configure how locally and globally defined exclusions lists are merged](configure-local-policy-overrides-windows-defender-antivirus.md#merge-lists) to allow local changes to override managed deployment settings.
 ## Configure the list of exclusions based on folder name or file extension
-**Use Intune to configure file name, folder, or file extension exclusions:**
+### Use Intune to configure file name, folder, or file extension exclusions
-See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
+See the following articles:
 - [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure)
 - [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus)
-**Use Configuration Manager to configure file name, folder, or file extension exclusions:**
+### Use Configuration Manager to configure file name, folder, or file extension exclusions
 See [How to create and deploy antimalware policies: Exclusion settings](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) for details on configuring System Center Configuration Manager (current branch).
-**Use Group Policy to configure folder or file extension exclusions:**
+### Use Group Policy to configure folder or file extension exclusions
 >[!NOTE]
 >If you specify a fully qualified path to a file, then only that file is excluded. If a folder is defined in the exclusion, then all files and subdirectories under that folder are excluded.
@ -112,7 +112,7 @@ See [How to create and deploy antimalware policies: Exclusion settings](https://
 <a id="ps"></a>
-**Use PowerShell cmdlets to configure file name, folder, or file extension exclusions:**
+### Use PowerShell cmdlets to configure file name, folder, or file extension exclusions
 Using PowerShell to add or remove exclusions for files based on the extension, location, or file name requires using a combination of three cmdlets and the appropriate exclusion list parameter. The cmdlets are all in the [Defender module](https://technet.microsoft.com/itpro/powershell/windows/defender/defender).
@ -140,15 +140,15 @@ All files under a folder (including files in subdirectories), or a specific file
 >[!IMPORTANT]
 >If you have created a list, either with `Set-MpPreference` or `Add-MpPreference`, using the `Set-MpPreference` cmdlet again will overwrite the existing list.
-For example, the following code snippet would cause Windows Defender AV scans to exclude any file with the **.test** file extension:
+For example, the following code snippet would cause Windows Defender AV scans to exclude any file with the `.test` file extension:
 ```PowerShell
 Add-MpPreference -ExclusionExtension ".test"
 ```
-See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
+For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index).
-**Use Windows Management Instruction (WMI) to configure file name, folder, or file extension exclusions:**
+### Use Windows Management Instruction (WMI) to configure file name, folder, or file extension exclusions
 Use the [**Set**, **Add**, and **Remove** methods of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@ -159,20 +159,18 @@ ExclusionPath
 The use of **Set**, **Add**, and **Remove** is analogous to their counterparts in PowerShell: `Set-MpPreference`, `Add-MpPreference`, and `Remove-MpPreference`.
-See the following for more information and allowed parameters:
+For more information, see [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx).
 - [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
 <a id="man-tools"></a>
-**Use the Windows Security app to configure file name, folder, or file extension exclusions:**
+### Use the Windows Security app to configure file name, folder, or file extension exclusions
 See [Add exclusions in the Windows Security app](windows-defender-security-center-antivirus.md#exclusions) for instructions.
 <a id="wildcards"></a>
 ## Use wildcards in the file name and folder path or extension exclusion lists
-You can use the asterisk `*`, question mark `?`, or environment variables (such as `%ALLUSERSPROFILE%`) as wildcards when defining items in the file name or folder path exclusion list. The way in which these wildcards are interpreted differs from their usual usage in other apps and languages, so you should read this section to understand their specific limitations.
+You can use the asterisk `*`, question mark `?`, or environment variables (such as `%ALLUSERSPROFILE%`) as wildcards when defining items in the file name or folder path exclusion list. The way in which these wildcards are interpreted differs from their usual usage in other apps and languages. Make sure to read this section to understand their specific limitations.
 >[!IMPORTANT]
 >There are key limitations and usage scenarios for these wildcards:
@ -193,7 +191,7 @@ The following table describes how the wildcards can be used and provides some ex
    <tr>
        <td><b>*</b> (asterisk)</td>
        <td>Replaces any number of characters. <br />Only applies to files in the last folder defined in the argument. </td>
-        <td>Replaces a single folder. <br />Use multiple <b>*</b> with folder slashes <b>\</b> to indicate multiple, nested folders. </br>After matching the number of wilcarded and named folders, all subfolders will also be included.</td>
+        <td>Replaces a single folder. <br />Use multiple <b>*</b> with folder slashes <b>\</b> to indicate multiple, nested folders. </br>After matching the number of wild carded and named folders, all subfolders will also be included.</td>
        <td>
            <ol>
                <li>C:\MyData\<b>*</b>.txt</li>
@ -227,7 +225,7 @@ The following table describes how the wildcards can be used and provides some ex
        </td>
        <td>
            Replaces a single character in a folder name. </br>
-            After matching the number of wilcarded and named folders, all subfolders will also be included.
+            After matching the number of wild carded and named folders, all subfolders will also be included.
        </td>
        <td>
            <ol>
@ -264,15 +262,20 @@ The following table describes how the wildcards can be used and provides some ex
 >[!IMPORTANT]
 >If you mix a file exclusion argument with a folder exclusion argument, the rules will stop at the file argument match in the matched folder, and will not look for file matches in any subfolders.
 >
->For example, you can exclude all files that start with "date" in the folders *c:\data\final\marked* and *c:\data\review\marked* by using the rule argument <b>c:\data\\\*\marked\date*.\*</b>.
+>For example, you can exclude all files that start with "date" in the folders `c:\data\final\marked` and `c:\data\review\marked` by using the rule argument <b>c:\data\\\*\marked\date*.\*</b>.
 >
->This argument, however, will not match any files in **subfolders** under *c:\data\final\marked* or *c:\data\review\marked*.
+>This argument, however, will not match any files in **subfolders** under `c:\data\final\marked` or `c:\data\review\marked`.
 <a id="review"></a>
 ## Review the list of exclusions
-You can retrieve the items in the exclusion list with [Intune](https://docs.microsoft.com/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune), [System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings), MpCmdRun, PowerShell, or the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions).
+You can retrieve the items in the exclusion list using one of the following methods:
 - [Intune](https://docs.microsoft.com/intune/deploy-use/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune)
 - [System Center Configuration Manager](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings)
 - MpCmdRun
 - PowerShell
 - [Windows Security app](windows-defender-security-center-antivirus.md#exclusions)
 >[!IMPORTANT]
 >Exclusion list changes made with Group Policy **will show** in the lists in the [Windows Security app](windows-defender-security-center-antivirus.md#exclusions).
@ -284,7 +287,7 @@ If you use PowerShell, you can retrieve the list in two ways:
 - Retrieve the status of all Windows Defender Antivirus preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line.
 - Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line.
-**Validate the exclusion list by using MpCmdRun:**
+### Validate the exclusion list by using MpCmdRun
 To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus?branch=v-anbic-wdav-new-mpcmdrun-options), use the following command:
@ -295,7 +298,7 @@ MpCmdRun.exe -CheckExclusion -path <path>
 >[!NOTE]
 >Checking exclusions with MpCmdRun requires Windows Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later.
-**Review the list of exclusions alongside all other Windows Defender Antivirus preferences by using PowerShell:**
+### Review the list of exclusions alongside all other Windows Defender Antivirus preferences by using PowerShell
 Use the following cmdlet:
@ -307,9 +310,9 @@ In the following example, the items contained in the `ExclusionExtension` list a
 ![PowerShell output for Get-MpPreference showing the exclusion list alongside other preferences](images/defender/wdav-powershell-get-exclusions-all.png)
-See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
+For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index).
-**Retrieve a specific exclusions list by using PowerShell:**
+### Retrieve a specific exclusions list by using PowerShell
 Use the following code snippet (enter each line as a separate command); replace **WDAVprefs** with whatever label you want to name the variable:
@ -323,7 +326,7 @@ In the following example, the list is split into new lines for each use of the `
 ![PowerShell output showing only the entries in the exclusion list](images/defender/wdav-powershell-get-exclusions-variable.png)
-See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
+For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index).
 <a id="validate"></a>
@ -331,15 +334,15 @@ See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use
 You can validate that your exclusion lists are working by using PowerShell with either the `Invoke-WebRequest` cmdlet or the .NET WebClient class to download a test file.
-In the following PowerShell snippet, replace *test.txt* with a file that conforms to your exclusion rules. For example, if you have excluded the .testing extension, replace *test.txt* with *test.testing*. If you are testing a path, ensure you run the cmdlet within that path.
+In the following PowerShell snippet, replace *test.txt* with a file that conforms to your exclusion rules. For example, if you have excluded the `.testing` extension, replace `test.txt` with `test.testing`. If you are testing a path, ensure you run the cmdlet within that path.
 ```PowerShell
 Invoke-WebRequest "http://www.eicar.org/download/eicar.com.txt" -OutFile "test.txt"
 ```
-If Windows Defender Antivirus reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm the contents are the same as what is described on the [EICAR testfile website](http://www.eicar.org/86-0-Intended-use.html).
+If Windows Defender Antivirus reports malware, then the rule is not working. If there is no report of malware, and the downloaded file exists, then the exclusion is working. You can open the file to confirm the contents are the same as what is described on the [EICAR test file website](http://www.eicar.org/86-0-Intended-use.html).
-You can also use the following PowerShell code, which calls the .NET WebClient class to download the testfile - as with the `Invoke-WebRequest` cmdlet; replace *c:\test.txt* with a file that conforms to the rule you are validating:
+You can also use the following PowerShell code, which calls the .NET WebClient class to download the test file - as with the `Invoke-WebRequest` cmdlet; replace *c:\test.txt* with a file that conforms to the rule you are validating:
 ```PowerShell
 $client = new-object System.Net.WebClient
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-local-policy-overrides-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-network-connections-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 10/08/2018
 ms.reviewer: 
 manager: dansimp
@ -24,9 +25,9 @@ manager: dansimp
 To ensure Windows Defender Antivirus cloud-delivered protection works properly, you need to configure your network to allow connections between your endpoints and certain Microsoft servers.
-This topic lists the connections that must be allowed, such as by using firewall rules, and provides instructions for validating your connection. This will help ensure you receive the best protection from our cloud-delivered protection services.
+This article lists the connections that must be allowed, such as by using firewall rules, and provides instructions for validating your connection. Configuring your protection properly helps ensure that you receive the best value from your cloud-delivered protection services.
-See the Enterprise Mobility and Security blog post [Important changes to Microsoft Active Protection Services endpoint](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/important-changes-to-microsoft-active-protection-service-maps-endpoint/) for some details about network connectivity.
+See the blog post [Important changes to Microsoft Active Protection Services endpoint](https://techcommunity.microsoft.com/t5/Configuration-Manager-Archive/Important-changes-to-Microsoft-Active-Protection-Service-MAPS/ba-p/274006) for some details about network connectivity.
 >[!TIP]
 >You can also visit the Microsoft Defender ATP demo website at [demo.wd.microsoft.com](https://demo.wd.microsoft.com?ocid=cx-wddocs-testground) to confirm the following features are working:
@ -37,7 +38,7 @@ See the Enterprise Mobility and Security blog post [Important changes to Microso
 ## Allow connections to the Windows Defender Antivirus cloud service
-The Windows Defender Antivirus cloud service provides fast, strong protection for your endpoints. Enabling the cloud-delivered protection service is optional, however it is highly recommended because it provides very important protection against malware on your endpoints and across your network.
+The Windows Defender Antivirus cloud service provides fast, strong protection for your endpoints. Enabling the cloud-delivered protection service is optional, however it is highly recommended because it provides important protection against malware on your endpoints and across your network.
 >[!NOTE]
 >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.
@ -46,18 +47,18 @@ See [Enable cloud-delivered protection](enable-cloud-protection-windows-defender
 After you've enabled the service, you may need to configure your network or firewall to allow connections between it and your endpoints.
-As a cloud service, it is required that computers have access to the internet and that the ATP machine learning services are reachable. The URL: "\*.blob.core.windows.net" should not be excluded from any kind of network inspection. The table below lists the services and their associated URLs. You should ensure there are no firewall or network filtering rules denying access to these URLs, or you may need to create an allow rule specifically for them (excluding the URL: "\*.blob.core.windows.net"). Below mention URLs are using port 443 for communication.
+Because your protection is a cloud service, computers must have access to the internet and reach the ATP machine learning services. Do not exclude the URL `*.blob.core.windows.net` from any kind of network inspection. The table below lists the services and their associated URLs. Make sure that there are no firewall or network filtering rules denying access to these URLs, or you may need to create an allow rule specifically for them (excluding the URL `*.blob.core.windows.net`). Below mention URLs are using port 443 for communication.
 | **Service**| **Description** |**URL** |
 | :--: | :-- | :-- |
-| *Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)*|Used by Windows Defender Antivirus to provide cloud-delivered protection|\*.wdcp.microsoft.com  \*.wdcpalt.microsoft.com  \*.wd.microsoft.com|
+| Windows Defender Antivirus cloud-delivered protection service, also referred to as Microsoft Active Protection Service (MAPS)|Used by Windows Defender Antivirus to provide cloud-delivered protection|`*.wdcp.microsoft.com` <br/> `*.wdcpalt.microsoft.com` <br/> `*.wd.microsoft.com`|
-| *Microsoft Update Service (MU)*|	Security intelligence and product updates	|\*.update.microsoft.com|
+| Microsoft Update Service (MU)|	Security intelligence and product updates	|`*.update.microsoft.com`|
-| *Security intelligence updates Alternate Download Location (ADL)*|	Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)|	\*.download.microsoft.com|
+|Security intelligence updates Alternate Download Location (ADL)|	Alternate location for Windows Defender Antivirus Security intelligence updates if the installed Security intelligence is out of date (7 or more days behind)|	`*.download.microsoft.com`|
-| *Malware submission storage*|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission	| ussus1eastprod.blob.core.windows.net   ussus1westprod.blob.core.windows.net   usseu1northprod.blob.core.windows.net   usseu1westprod.blob.core.windows.net   ussuk1southprod.blob.core.windows.net   ussuk1westprod.blob.core.windows.net   ussas1eastprod.blob.core.windows.net   ussas1southeastprod.blob.core.windows.net   ussau1eastprod.blob.core.windows.net   ussau1southeastprod.blob.core.windows.net |
+| Malware submission storage|Upload location for files submitted to Microsoft via the Submission form or automatic sample submission	| `ussus1eastprod.blob.core.windows.net` <br/>    `ussus1westprod.blob.core.windows.net` <br/>    `usseu1northprod.blob.core.windows.net` <br/>    `usseu1westprod.blob.core.windows.net` <br/>    `ussuk1southprod.blob.core.windows.net` <br/>    `ussuk1westprod.blob.core.windows.net` <br/>    `ussas1eastprod.blob.core.windows.net` <br/>    `ussas1southeastprod.blob.core.windows.net` <br/>    `ussau1eastprod.blob.core.windows.net` <br/>    `ussau1southeastprod.blob.core.windows.net` |
-| *Certificate Revocation List (CRL)*|Used by Windows when creating the SSL connection to MAPS for updating the CRL	| http://www.microsoft.com/pkiops/crl/   http://www.microsoft.com/pkiops/certs  http://crl.microsoft.com/pki/crl/products   http://www.microsoft.com/pki/certs |
+| Certificate Revocation List (CRL)|Used by Windows when creating the SSL connection to MAPS for updating the CRL	| `https://www.microsoft.com/pkiops/crl/` <br/> `https://www.microsoft.com/pkiops/certs` <br/>   `https://crl.microsoft.com/pki/crl/products` <br/> `https://www.microsoft.com/pki/certs` |
-| *Symbol Store*|Used by Windows Defender Antivirus to restore certain critical files during remediation flows	| https://msdl.microsoft.com/download/symbols |
+| Symbol Store|Used by Windows Defender Antivirus to restore certain critical files during remediation flows	| `https://msdl.microsoft.com/download/symbols` |
-| *Universal Telemetry Client*| Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes	| This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints:   vortex-win.data.microsoft.com  settings-win.data.microsoft.com|
+| Universal Telemetry Client| Used by Windows to send client diagnostic data; Windows Defender Antivirus uses this for product quality monitoring purposes	| This update uses SSL (TCP Port 443) to download manifests and upload diagnostic data to Microsoft that uses the following DNS endpoints:   `vortex-win.data.microsoft.com` <br/>   `settings-win.data.microsoft.com`|
 ## Validate connections between your network and the cloud
@ -66,7 +67,7 @@ After whitelisting the URLs listed above, you can test if you are connected to t
 **Use the cmdline tool to validate cloud-delivered protection:**
-Use the following argument with the Windows Defender Antivirus command line utility (*mpcmdrun.exe*) to verify that your network can communicate with the Windows Defender Antivirus cloud service:
+Use the following argument with the Windows Defender Antivirus command-line utility (`mpcmdrun.exe`) to verify that your network can communicate with the Windows Defender Antivirus cloud service:
 ```DOS
 "%ProgramFiles%\Windows Defender\MpCmdRun.exe" -ValidateMapsConnection
@ -75,7 +76,7 @@ Use the following argument with the Windows Defender Antivirus command line util
 > [!NOTE]
 > You need to open an administrator-level version of the command prompt. Right-click the item in the Start menu, click **Run as administrator** and click **Yes** at the permissions prompt. This command will only work on Windows 10, version 1703 or higher.
-See [Manage Windows Defender Antivirus with the mpcmdrun.exe commandline tool](command-line-arguments-windows-defender-antivirus.md) for more information on how to use the *mpcmdrun.exe* utility.
+For more information, see [Manage Windows Defender Antivirus with the mpcmdrun.exe commandline tool](command-line-arguments-windows-defender-antivirus.md).
 **Attempt to download a fake malware file from Microsoft:**
@ -112,16 +113,19 @@ You will also see a detection under **Quarantined threats** in the **Scan histor
    ![Screenshot of quarantined items in the Windows Security app](images/defender/wdav-quarantined-history-wdsc.png)
 >[!NOTE]
->Versions of Windows 10 before version 1703 have a different user interface. See [Windows Defender Antivirus in the Windows Security app](windows-defender-security-center-antivirus.md) for more information about the differences between versions, and instructions on how to perform common tasks in the different interfaces.
+>Versions of Windows 10 before version 1703 have a different user interface. See [Windows Defender Antivirus in the Windows Security app](windows-defender-security-center-antivirus.md).
 The Windows event log will also show [Windows Defender client event ID 2050](troubleshoot-windows-defender-antivirus.md).
 >[!IMPORTANT]
 >You will not be able to use a proxy auto-config (.pac) file to test network connections to these URLs. You will need to verify your proxy servers and any network filtering tools manually to ensure connectivity.
-## Related topics
+## Related articles
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
 - [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md)
 - [Run an Windows Defender Antivirus scan from the command line](command-line-arguments-windows-defender-antivirus.md) and [Command line arguments](command-line-arguments-windows-defender-antivirus.md)
- [Important changes to Microsoft Active Protection Services endpoint](https://blogs.technet.microsoft.com/enterprisemobility/2016/05/31/important-changes-to-microsoft-active-protection-service-maps-endpoint/) 
+
 - [Important changes to Microsoft Active Protection Services endpoint](https://techcommunity.microsoft.com/t5/Configuration-Manager-Archive/Important-changes-to-Microsoft-Active-Protection-Service-MAPS/ba-p/274006) 
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-notifications-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-process-opened-file-exclusions-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 12/10/2018
 ms.reviewer: 
 manager: dansimp
@ -52,15 +53,15 @@ You can [configure how locally and globally defined exclusions lists are merged]
 <a id="gp"></a>
-**Use Microsoft Intune to exclude files that have been opened by specified processes from scans:**
+### Use Microsoft Intune to exclude files that have been opened by specified processes from scans
 See [Configure device restriction settings in Microsoft Intune](https://docs.microsoft.com/intune/device-restrictions-configure) and [Windows Defender Antivirus device restriction settings for Windows 10 in Intune](https://docs.microsoft.com/intune/device-restrictions-windows-10#windows-defender-antivirus) for more details.
-**Use System Center Configuration Manager to exclude files that have been opened by specified processes from scans:**
+### Use System Center Configuration Manager to exclude files that have been opened by specified processes from scans
 See [How to create and deploy antimalware policies: Exclusion settings](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#exclusion-settings) for details on configuring System Center Configuration Manager (current branch).
-**Use Group Policy to exclude files that have been opened by specified processes from scans:**
+### Use Group Policy to exclude files that have been opened by specified processes from scans
 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@ -80,7 +81,7 @@ See [How to create and deploy antimalware policies: Exclusion settings](https://
 <a id="ps"></a>
-**Use PowerShell cmdlets to exclude files that have been opened by specified processes from scans:**
+### Use PowerShell cmdlets to exclude files that have been opened by specified processes from scans
 Using PowerShell to add or remove exclusions for files that have been opened by processes requires using a combination of three cmdlets with the `-ExclusionProcess` parameter. The cmdlets are all in the [Defender module](https://technet.microsoft.com/itpro/powershell/windows/defender/defender).
@ -109,7 +110,7 @@ Add-MpPreference -ExclusionProcess "c:\internal\test.exe"
 See [Manage antivirus with PowerShell cmdlets](use-powershell-cmdlets-windows-defender-Windows Defender Antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
-**Use Windows Management Instruction (WMI) to exclude files that have been opened by specified processes from scans:**
+### Use Windows Management Instruction (WMI) to exclude files that have been opened by specified processes from scans
 Use the [**Set**, **Add**, and **Remove** methods of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@ -125,7 +126,7 @@ See the following for more information and allowed parameters:
 <a id="man-tools"></a>
-**Use the Windows Security app to exclude files that have been opened by specified processes from scans:**
+### Use the Windows Security app to exclude files that have been opened by specified processes from scans
 See [Add exclusions in the Windows Security app](windows-defender-security-center-antivirus.md#exclusions) for instructions.
@ -156,7 +157,7 @@ If you use PowerShell, you can retrieve the list in two ways:
 - Retrieve the status of all Windows Defender Antivirus preferences. Each of the lists will be displayed on separate lines, but the items within each list will be combined into the same line.
 - Write the status of all preferences to a variable, and use that variable to only call the specific list you are interested in. Each use of `Add-MpPreference` is written to a new line.
-**Validate the exclusion list by using MpCmdRun:**
+### Validate the exclusion list by using MpCmdRun
 To check exclusions with the dedicated [command-line tool mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus?branch=v-anbic-wdav-new-mpcmdrun-options), use the following command:
@ -168,7 +169,7 @@ MpCmdRun.exe -CheckExclusion -path <path>
 >Checking exclusions with MpCmdRun requires Windows Defender Antivirus CAMP version 4.18.1812.3 (released in December 2018) or later.
-**Review the list of exclusions alongside all other Windows Defender Antivirus preferences by using PowerShell:**
+### Review the list of exclusions alongside all other Windows Defender Antivirus preferences by using PowerShell
 Use the following cmdlet:
@ -178,7 +179,7 @@ Get-MpPreference
 See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
-**Retrieve a specific exclusions list by using PowerShell:**
+### Retrieve a specific exclusions list by using PowerShell
 Use the following code snippet (enter each line as a separate command); replace **WDAVprefs** with whatever label you want to name the variable:
@ -189,7 +190,7 @@ $WDAVprefs.ExclusionProcess
 See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
-## Related topics
+## Related articles
 - [Configure and validate exclusions in Windows Defender Antivirus scans](configure-exclusions-windows-defender-antivirus.md)
 - [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-protection-features-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-real-time-protection-windows-defender-antivirus.md
@ -9,11 +9,12 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.date: 11/13/2018
 ms.reviewer: 
 manager: dansimp
 ms.custom: nextgen
 ---
 # Enable and configure antivirus always-on protection and monitoring
@ -59,7 +60,7 @@ Root | Allow antimalware service to remain running always | If protection update
 The main real-time protection capability is enabled by default, but you can disable it with Group Policy:
-**Use Group Policy to disable real-time protection:**
+### Use Group Policy to disable real-time protection
 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@ -69,7 +70,7 @@ The main real-time protection capability is enabled by default, but you can disa
 4. Double-click the **Turn off real-time protection** setting and set the option to **Enabled**. Click **OK**.
-## Related topics
+## Related articles
 - [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md)
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-remediation-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-server-exclusions-windows-defender-antivirus.md
@ -11,8 +11,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ---
 # Configure Windows Defender Antivirus exclusions on Windows Server
@ -35,8 +36,6 @@ Custom exclusions take precedence over automatic exclusions.
 > [!TIP]
 > Custom and duplicate exclusions do not conflict with automatic exclusions.
 Windows Defender Antivirus uses the Deployment Image Servicing and Management (DISM) tools to determine which roles are installed on your computer.
 ## Opt out of automatic exclusions
@ -54,7 +53,7 @@ In Windows Server 2016, the predefined exclusions delivered by Security intellig
 You can disable the automatic exclusion lists with Group Policy, PowerShell cmdlets, and WMI.
-**Use Group Policy to disable the auto-exclusions list on Windows Server 2016:**
+### Use Group Policy to disable the auto-exclusions list on Windows Server 2016
 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@ -74,7 +73,7 @@ Set-MpPreference -DisableAutoExclusions $true
 See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
-**Use Windows Management Instruction (WMI) to disable the auto-exclusions list on Windows Server 2016:**
+### Use Windows Management Instruction (WMI) to disable the auto-exclusions list on Windows Server 2016
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@ -294,6 +293,7 @@ This section lists the exclusions that are delivered automatically when you inst
  - %systemroot%\System32\lsass.exe
 ### DHCP Server exclusions
 This section lists the exclusions that are delivered automatically when you install the DHCP Server role. The DHCP Server file locations are specified by the *DatabasePath*, *DhcpLogFilePath*, and *BackupDatabasePath* parameters in the registry key `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\DHCPServer\Parameters`
 - *%systemroot%*\System32\DHCP\\*\\\*.mdb
@ -307,6 +307,7 @@ This section lists the exclusions that are delivered automatically when you inst
 - *%systemroot%*\System32\DHCP\\*\\\*.edb
 ### DNS Server exclusions
 This section lists the file and folder exclusions and the process exclusions that are delivered automatically when you install the DNS Server role.
 - File and folder exclusions for the DNS Server role:
@ -324,6 +325,7 @@ This section lists the file and folder exclusions and the process exclusions tha
  - *%systemroot%*\System32\dns.exe
 ### File and Storage Services exclusions
 This section lists the file and folder exclusions that are delivered automatically when you install the File and Storage Services role. The exclusions listed below do not include exclusions for the Clustering role.
 - *%SystemDrive%*\ClusterStorage
@ -333,6 +335,7 @@ This section lists the file and folder exclusions that are delivered automatical
 - *%SystemDrive%*\mscs
 ### Print Server exclusions
 This section lists the file type exclusions, folder exclusions, and the process exclusions that are delivered automatically when you install the Print Server role.
 - File type exclusions:
@ -350,6 +353,7 @@ This section lists the file type exclusions, folder exclusions, and the process
  - spoolsv.exe
 ### Web Server exclusions
 This section lists the folder exclusions and the process exclusions that are delivered automatically when you install the Web Server role.
 - Folder exclusions:
@ -373,6 +377,7 @@ This section lists the folder exclusions and the process exclusions that are del
  - *%SystemDrive%*\PHP5433\php-cgi.exe
 ### Windows Server Update Services exclusions
 This section lists the folder exclusions that are delivered automatically when you install the Windows Server Update Services (WSUS) role. The WSUS folder is specified in the registry key `HKEY_LOCAL_MACHINE\Software\Microsoft\Update Services\Server\Setup`
 - *%systemroot%*\WSUS\WSUSContent
@ -383,7 +388,7 @@ This section lists the folder exclusions that are delivered automatically when y
 - *%systemroot%*\SoftwareDistribution\Download
-## Related topics
+## Related articles
 - [Configure and validate exclusions for Windows Defender Antivirus scans](configure-exclusions-windows-defender-antivirus.md)
 - [Configure and validate exclusions based on file name, extension, and folder location](configure-extension-file-exclusions-windows-defender-antivirus.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/configure-windows-defender-antivirus-features.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/customize-run-review-remediate-scans-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/deploy-manage-report-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/deploy-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/deployment-vdi-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -202,6 +203,6 @@ On Windows Server 2016, Windows Defender Antivirus will automatically deliver th
 ## Additional resources
- [Video: Microsoft Senior Program Manager Bryan Keller on how System Center Configuration Manger 2012 manages VDI and integrates with App-V]( http://channel9.msdn.com/Shows/Edge/Edge-Show-5-Manage-VDI-using-SCCM-2012#time=03m02s)
+- [Video: Microsoft Senior Program Manager Bryan Keller on how System Center Configuration Manger 2012 manages VDI and integrates with App-V]( https://channel9.msdn.com/Shows/Edge/Edge-Show-5-Manage-VDI-using-SCCM-2012#time=03m02s)
 - [TechNet forums on Remote Desktop Services and VDI](https://social.technet.microsoft.com/Forums/windowsserver/en-US/home?forum=winserverTS)
 - [SignatureDownloadCustomTask PowerShell script](https://www.powershellgallery.com/packages/SignatureDownloadCustomTask/1.4/DisplayScript)
--- a/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: detect
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 audience: ITPro
 ms.date: 10/02/2018
 ms.reviewer: 
@ -142,7 +143,7 @@ See [Troubleshoot event IDs](troubleshoot-windows-defender-antivirus.md) for det
 Sometimes a file is erroneously blocked by PUA protection, or a feature of a PUA is required to complete a task. In these cases, a file can be allow-listed. See [How to Configure Endpoint Protection in Configuration Manager](https://docs.microsoft.com/previous-versions/system-center/system-center-2012-R2/hh508770(v=technet.10)#to-exclude-specific-files-or-folders) for information on allowing files which are currently blocked by PUA protection in Windows Defender Antivirus.
-## Related topics
+## Related articles
- [Next gen protection](windows-defender-antivirus-in-windows-10.md)
+- [Next-generation protection](windows-defender-antivirus-in-windows-10.md)
 - [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/enable-cloud-protection-windows-defender-antivirus.md
@ -9,10 +9,11 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.reviewer: 
 manager: dansimp
 ms.custom: nextgen
 ---
 # Enable cloud-delivered protection
--- a/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/evaluate-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/limited-periodic-scanning-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -26,9 +27,9 @@ manager: dansimp
 Limited periodic scanning is a special type of threat detection and remediation that can be enabled when you have installed another antivirus product on a Windows 10 device.
-It can only be enabled in certain situations. See [Windows Defender Antivirus compatibility](windows-defender-antivirus-compatibility.md) for more information on when limited periodic scanning can be enabled, and how Windows Defender Antivirus works with other AV products.
+It can only be enabled in certain situations. For more information about limited periodic scanning and how Microsoft Defender Antivirus works with other antivirus products, see [Windows Defender Antivirus compatibility](windows-defender-antivirus-compatibility.md).
-**Microsoft does not recommend using this feature in enterprise environments. This is a feature primarily intended for consumers.** This feature only uses a very limited subset of the Windows Defender Antivirus capabilities to detect malware, and will not be able to detect most malware and potentially unwanted software. Also, management and reporting capabilities will be limited. Microsoft recommends enterprises choose their primary antivirus solution and use it exclusively.
+**Microsoft does not recommend using this feature in enterprise environments. This is a feature primarily intended for consumers.** This feature only uses a limited subset of the Windows Defender Antivirus capabilities to detect malware, and will not be able to detect most malware and potentially unwanted software. Also, management and reporting capabilities will be limited. Microsoft recommends enterprises choose their primary antivirus solution and use it exclusively.
 ## How to enable limited periodic scanning
@ -42,15 +43,15 @@ If another antivirus product is installed and working correctly, Windows Defende
 ![Windows Security app showing ContosoAV as the installed and running antivirus provider. There is a single link to open ContosoAV settings.](images/vtp-3ps.png)
-Underneath any 3rd party AV products, a new link will appear as **Windows Defender Antivirus options**. Clicking this link will expand to show the toggle that enables limited periodic scanning. 
+Underneath any third party AV products, a new link will appear as **Windows Defender Antivirus options**. Clicking this link will expand to show the toggle that enables limited periodic scanning. 
 ![The limited periodic option is a toggle to enable or disable **periodic scanning**](images/vtp-3ps-lps.png)
-Sliding the swtich to **On** will show the standard Windows Defender AV options underneath the 3rd party AV product. The limited periodic scanning option will appear at the bottom of the page.
+Sliding the switch to **On** will show the standard Windows Defender AV options underneath the third party AV product. The limited periodic scanning option will appear at the bottom of the page.
 ![When enabled, periodic scanning shows the normal Windows Defender Antivirus options](images/vtp-3ps-lps-on.png)
-## Related topics
+## Related articles
 - [Configure behavioral, heuristic, and real-time protection](configure-protection-features-windows-defender-antivirus.md)
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-event-based-updates-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -28,7 +29,7 @@ Windows Defender Antivirus allows you to determine if updates should (or should
 You can use System Center Configuration Manager, Group Policy, PowerShell cmdlets, and WMI to force Windows Defender Antivirus to check and download protection updates before running a scheduled scan.
-**Use Configuration Manager to check for protection updates before running a scan:**
+### Use Configuration Manager to check for protection updates before running a scan
 1. On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**)
@ -36,23 +37,23 @@ You can use System Center Configuration Manager, Group Policy, PowerShell cmdlet
 3. Click **OK**.
-4.[Deploy the updated policy as usual](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
+4. [Deploy the updated policy as usual](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
-**Use Group Policy to check for protection updates before running a scan:**
+### Use Group Policy to check for protection updates before running a scan
-1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/desktop/gpmc/group-policy-management-console-portal), right-click the Group Policy Object you want to configure and click **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration**.
+2. Using the **Group Policy Management Editor** go to **Computer configuration**.
 3. Click **Policies** then **Administrative templates**.
-4. Expand the tree to **Windows components > Windows Defender Antivirus > Scan**.
+4. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Scan**.
 5. Double-click **Check for the latest virus and spyware definitions before running a scheduled scan** and set the option to **Enabled**.
 6. Click **OK**.
-**Use PowerShell cmdlets to check for protection updates before running a scan:**
+### Use PowerShell cmdlets to check for protection updates before running a scan
 Use the following cmdlets:
@ -60,9 +61,9 @@ Use the following cmdlets:
 Set-MpPreference -CheckForSignaturesBeforeRunningScan
 ```
-See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md)  and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
+For more information, see [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index).
-**Use Windows Management Instruction (WMI) to check for protection updates before running a scan**
+### Use Windows Management Instruction (WMI) to check for protection updates before running a scan
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@ -70,20 +71,19 @@ Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com
 CheckForSignaturesBeforeRunningScan
 ```
-See the following for more information:
+For more information, see [Windows Defender WMIv2 APIs](https://docs.microsoft.com/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal).
 - [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
 ## Check for protection updates on startup
 You can use Group Policy to force Windows Defender Antivirus to check and download protection updates when the machine is started.
-1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management computer, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/desktop/gpmc/group-policy-management-console-portal), right-click the Group Policy Object you want to configure and click **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration**.
+2. Using the **Group Policy Management Editor** go to **Computer configuration**.
 3. Click **Policies** then **Administrative templates**.
-4. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates**.
+4. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Signature Updates**.
 5. Double-click **Check for the latest virus and spyware definitions on startup** and set the option to **Enabled**. 
@ -91,21 +91,21 @@ You can use Group Policy to force Windows Defender Antivirus to check and downlo
 You can also use Group Policy, PowerShell, or WMI to configure Windows Defender Antivirus to check for updates at startup even when it is not running.
-**Use Group Policy to download updates when Windows Defender Antivirus is not present:**
+### Use Group Policy to download updates when Windows Defender Antivirus is not present
-1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/desktop/gpmc/group-policy-management-console-portal), right-click the Group Policy Object you want to configure and click **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration**.
+2. Using the **Group Policy Management Editor**, go to **Computer configuration**.
 3. Click **Policies** then **Administrative templates**.
-4. Expand the tree to **Windows components > Windows Defender Antivirus > Security Intelligence Updates**.
+4. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Security Intelligence Updates**.
 5. Double-click **Initiate security intelligence update on startup** and set the option to **Enabled**.
 6. Click **OK**.
-**Use PowerShell cmdlets to download updates when Windows Defender Antivirus is not present:**
+### Use PowerShell cmdlets to download updates when Windows Defender Antivirus is not present
 Use the following cmdlets:
@ -113,43 +113,44 @@ Use the following cmdlets:
 Set-MpPreference -SignatureDisableUpdateOnStartupWithoutEngine
 ```
-See [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md)  and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
+For more information, see [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://docs.microsoft.com/powershell/module/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
-**Use Windows Management Instruction (WMI) to download updates when Windows Defender Antivirus is not present:**
+### Use Windows Management Instruction (WMI) to download updates when Windows Defender Antivirus is not present
-Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
+Use the [**Set** method of the **MSFT_MpPreference**](https://docs.microsoft.com/previous-versions/windows/desktop/legacy/dn455323(v=vs.85)) class for the following properties:
 ```WMI
 SignatureDisableUpdateOnStartupWithoutEngine
 ```
-See the following for more information:
+For more information, see [Windows Defender WMIv2 APIs](https://docs.microsoft.com/previous-versions/windows/desktop/defender/windows-defender-wmiv2-apis-portal).
 - [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
 <a id="cloud-report-updates"></a>
 ## Allow ad hoc changes to protection based on cloud-delivered protection
-Windows Defender AV can make changes to its protection based on cloud-delivered protection. This can occur outside of normal or scheduled protection updates.
+Windows Defender AV can make changes to its protection based on cloud-delivered protection. Such changes can occur outside of normal or scheduled protection updates.
 If you have enabled cloud-delivered protection, Windows Defender AV will send files it is suspicious about to the Windows Defender cloud. If the cloud service reports that the file is malicious, and the file is detected in a recent protection update, you can use Group Policy to configure Windows Defender AV to automatically receive that protection update. Other important protection updates can also be applied.
-**Use Group Policy to automatically download recent updates based on cloud-delivered protection:**
+### Use Group Policy to automatically download recent updates based on cloud-delivered protection
-1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/desktop/gpmc/group-policy-management-console-portal), right-click the Group Policy Object you want to configure and click **Edit**.
-2. In the **Group Policy Management Editor** go to **Computer configuration**.
+2. Using the **Group Policy Management Editor** go to **Computer configuration**.
 3. Click **Policies** then **Administrative templates**.
-4. Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates** and configure the following:
+4. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Signature Updates**.
-    1. Double-click **Allow real-time security intelligence updates based on reports to Microsoft MAPS** and set the option to **Enabled**. Click **OK**.
+
-    2. Double-click **Allow notifications to disable definitions based reports to Microsoft MAPS** and set the option to **Enabled**. Click **OK**.
+5. Double-click **Allow real-time security intelligence updates based on reports to Microsoft MAPS** and set the option to **Enabled**. Then click **OK**.
 6. **Allow notifications to disable definitions-based reports to Microsoft MAPS** and set the option to **Enabled**. Then click **OK**.
 > [!NOTE]
 > "Allow notifications to disable definitions based reports" enables Microsoft MAPS to disable those definitions known to cause false-positive reports. You must configure your computer to join Microsoft MAPS for this function to work.
-## Related topics
+## Related articles
 - [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
 - [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-outdated-endpoints-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -32,7 +33,7 @@ When the user returns to work and logs on to their PC, Windows Defender Antiviru
 If Windows Defender Antivirus did not download protection updates for a specified period, you can set it up to automatically check and download the latest update at the next log on. This is useful if you have [globally disabled automatic update downloads on startup](manage-event-based-updates-windows-defender-antivirus.md).
-**Use Configuration Manager to configure catch-up protection updates:**
+### Use Configuration Manager to configure catch-up protection updates
 1.  On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**)
@ -45,7 +46,7 @@ If Windows Defender Antivirus did not download protection updates for a specifie
 4.	[Deploy the updated policy as usual](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
-**Use Group Policy to enable and configure the catch-up update feature:**
+### Use Group Policy to enable and configure the catch-up update feature
 1. On your Group Policy management computer, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@ -59,7 +60,7 @@ If Windows Defender Antivirus did not download protection updates for a specifie
 6. Click **OK**.
-**Use PowerShell cmdlets to configure catch-up protection updates:**
+### Use PowerShell cmdlets to configure catch-up protection updates
 Use the following cmdlets:
@ -69,7 +70,7 @@ Set-MpPreference -SignatureUpdateCatchupInterval
 See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md)  and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
-**Use Windows Management Instruction (WMI) to configure catch-up protection updates:**
+### Use Windows Management Instruction (WMI) to configure catch-up protection updates
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@ -81,13 +82,11 @@ See the following for more information and allowed parameters:
 - [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
 ## Set the number of days before protection is reported as out-of-date
 You can also specify the number of days after which Windows Defender Antivirus protection is considered old or out-of-date. After the specified number of days, the client will report itself as out-of-date, and show an error to the user of the PC. It may also cause Windows Defender Antivirus to attempt to download an update from other sources (based on the defined [fallback source order](manage-protection-updates-windows-defender-antivirus.md#fallback-order)), such as when using MMPC as a secondary source after setting WSUS or Microsoft Update as the first source.
-**Use Group Policy to specify the number of days before protection is considered out-of-date:**
+### Use Group Policy to specify the number of days before protection is considered out-of-date
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@ -106,8 +105,6 @@ You can also specify the number of days after which Windows Defender Antivirus p
    4. Click **OK**.
 ## Set up catch-up scans for endpoints that have not been scanned for a while
 You can set the number of consecutive scheduled scans that can be missed before Windows Defender Antivirus will force a scan.
@ -120,7 +117,7 @@ The process for enabling this feature is:
 This feature can be enabled for both full and quick scans.
-**Use Group Policy to enable and configure the catch-up scan feature:**
+### Use Group Policy to enable and configure the catch-up scan feature
 1.  Ensure you have set up at least one scheduled scan.
@ -140,7 +137,7 @@ This feature can be enabled for both full and quick scans.
 > [!NOTE]
 > The Group Policy setting title refers to the number of days. The setting, however, is applied to the number of scans (not days) before the catch-up scan will be run.
-**Use PowerShell cmdlets to configure catch-up scans:**
+### Use PowerShell cmdlets to configure catch-up scans
 Use the following cmdlets:
@ -152,7 +149,7 @@ Set-MpPreference -DisableCatchupQuickScan
 See [Use PowerShell cmdlets to manage Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md)  and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
-**Use Windows Management Instruction (WMI) to configure catch-up scans:**
+### Use Windows Management Instruction (WMI) to configure catch-up scans
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@ -165,7 +162,7 @@ See the following for more information and allowed parameters:
 - [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
-**Use Configuration Manager to configure catch-up scans:**
+### Use Configuration Manager to configure catch-up scans
 1.  On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**)
@ -175,8 +172,7 @@ See the following for more information and allowed parameters:
 4.	[Deploy the updated policy as usual](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
-
+## Related articles
 ## Related topics
 - [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
 - [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-protection-update-schedule-windows-defender-antivirus.md
@ -10,8 +10,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -33,7 +34,7 @@ You can schedule updates for your endpoints by:
 You can also randomize the times when each endpoint checks and downloads protection updates. See the [Schedule scans](scheduled-catch-up-scans-windows-defender-antivirus.md) topic for more information.
-**Use Configuration Manager to schedule protection updates:**
+## Use Configuration Manager to schedule protection updates
 1.  On your System Center Configuration Manager console, open the antimalware policy you want to change (click **Assets and Compliance** in the navigation pane on the left, then expand the tree to **Overview** > **Endpoint Protection** > **Antimalware Policies**)
@ -47,7 +48,7 @@ You can also randomize the times when each endpoint checks and downloads protect
 5.	[Deploy the updated policy as usual](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#deploy-an-antimalware-policy-to-client-computers).
-**Use Group Policy to schedule protection updates:**
+## Use Group Policy to schedule protection updates
 > [!IMPORTANT]
 > By default, Windows Defender Antivirus will check for an update 15 minutes before the time of any scheduled scans. Enabling these settings will override that default.
@ -65,8 +66,7 @@ You can also randomize the times when each endpoint checks and downloads protect
    3. Double-click the **Specify the time to check for security intelligence updates** setting and set the option to **Enabled**. Enter the time when updates should be checked. The time is based on the local time of the endpoint. Click **OK**.
-
+## Use PowerShell cmdlets to schedule protection updates
 **Use PowerShell cmdlets to schedule protection updates:**
 Use the following cmdlets:
@ -78,7 +78,7 @@ Set-MpPreference -SignatureUpdateInterval
 See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md)  and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
-**Use Windows Management Instruction (WMI) to schedule protection updates:**
+## Use Windows Management Instruction (WMI) to schedule protection updates
 Use the [**Set** method of the **MSFT_MpPreference**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class for the following properties:
@ -92,7 +92,7 @@ See the following for more information and allowed parameters:
 - [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
-## Related topics
+## Related articles
 - [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
 - [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-baselines-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -24,6 +25,7 @@ manager: dansimp
 There are two types of updates related to keeping Windows Defender Antivirus up to date:
 1. Protection updates
 2. Product updates
 You can also apply [Windows security baselines](https://technet.microsoft.com/itpro/windows/keep-secure/windows-security-baselines) to quickly bring your endpoints up to a uniform level of protection.
@ -34,7 +36,6 @@ Windows Defender Antivirus uses both [cloud-delivered protection](utilize-micros
 The cloud-delivered protection is always on and requires an active connection to the Internet to function, while the protection updates generally occur once a day (although this can be configured). See the [Utilize Microsoft cloud-provided protection in Windows Defender Antivirus](utilize-microsoft-cloud-protection-windows-defender-antivirus.md) topic for more details about enabling and configuring cloud-provided protection. 
 ## Product updates
 Windows Defender Antivirus requires [monthly updates](https://support.microsoft.com/help/4052623/update-for-windows-defender-antimalware-platform) (known as "engine updates" and "platform updates"), and will receive major feature updates alongside Windows 10 releases.
--- a/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/manage-updates-mobile-devices-vms-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -46,7 +47,7 @@ You can opt-in to Microsoft Update on the mobile device in one of the following
 2. Use a VBScript to create a script, then run it on each computer in your network.
 3. Manually opt-in every computer on your network through the **Settings** menu.
-**Use Group Policy to opt-in to Microsoft Update:**
+### Use Group Policy to opt-in to Microsoft Update
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@ -54,18 +55,17 @@ You can opt-in to Microsoft Update on the mobile device in one of the following
 4.  Click **Policies** then **Administrative templates**.
-5.  Expand the tree to **Windows components > Windows Defender Antivirus > Signature Updates**.
+5.  Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Signature Updates**.
 6.  Double-click the **Allow security intelligence updates from Microsoft Update** setting and set the option to **Enabled**. Click **OK**.
-**Use a VBScript to opt-in to Microsoft Update**
+### Use a VBScript to opt-in to Microsoft Update
 1.  Use the instructions in the MSDN article [Opt-In to Microsoft Update](https://msdn.microsoft.com/library/windows/desktop/aa826676.aspx) to create the VBScript.
 2.  Run the VBScript you created on each computer in your network.
-
+### Manually opt-in to Microsoft Update
 **Manually opt-in to Microsoft Update**
 1.  Open **Windows Update** in **Update & security** settings on the computer you want to opt-in.
 2.  Click **Advanced** options.
@ -75,7 +75,7 @@ You can opt-in to Microsoft Update on the mobile device in one of the following
 You can configure Windows Defender Antivirus to only download protection updates when the PC is connected to a wired power source. 
-**Use Group Policy to prevent security intelligence updates on battery power:**
+### Use Group Policy to prevent security intelligence updates on battery power
 1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
@ -89,10 +89,7 @@ You can configure Windows Defender Antivirus to only download protection updates
    2. Click **OK**. This will prevent protection updates from downloading when the PC is on battery power.
-
+## Related articles
 ## Related topics
 - [Manage Windows Defender Antivirus updates and apply baselines](manage-updates-baselines-windows-defender-antivirus.md)
 - [Update and manage Windows Defender Antivirus in Windows 10](deploy-manage-report-windows-defender-antivirus.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-changes-to-security-settings-with-tamper-protection.md
@ -14,6 +14,7 @@ ms.localizationpriority: medium
 audience: ITPro
 author: denisebmsft
 ms.author: deniseb
 ms.custom: nextgen
 ---
 # Protect security settings with Tamper Protection
--- a/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/prevent-end-user-interaction-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -34,52 +35,49 @@ With the setting set to **Enabled**:
 With the setting set to **Disabled** or not configured:
-![Scheenshot of Windows Security showing the shield icon and virus and threat protection section](images/defender/wdav-headless-mode-off-1703.png)
+![Screenshot of Windows Security showing the shield icon and virus and threat protection section](images/defender/wdav-headless-mode-off-1703.png)
 >[!NOTE]
->Hiding the interface will also prevent Windows Defender Antivirus notifications from appearing on the endpoint. Microsoft Defender Advanced Threat Protection notifications will still appear. You can also individually [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md)
+>Hiding the interface will also prevent Windows Defender Antivirus notifications from appearing on the endpoint. Microsoft Defender Advanced Threat Protection notifications will still appear. You can also individually [configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md)
 In earlier versions of Windows 10, the setting will hide the Windows Defender client interface. If the user attempts to open it, they will receive a warning that says, "Your system administrator has restricted access to this app."
-In earlier versions of Windows 10, the setting will hide the Windows Defender client interface. If the user attempts to open it, they will receive a warning "Your system administrator has restricted access to this app.":
+![Warning message when headless mode is enabled in Windows 10, versions earlier than 1703](images/defender/wdav-headless-mode-1607.png)
-![Warning message when headless mode is enabled in Windows 10, versions earlier than 1703 that says Your system administrator has restricted access to this app](images/defender/wdav-headless-mode-1607.png)
+## Use Group Policy to hide the Windows Defender AV interface from users
-**Use Group Policy to hide the Windows Defender AV interface from users:**
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/desktop/gpmc/group-policy-management-console-portal), right-click the Group Policy Object you want to configure and click **Edit**.
-1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+2. Using the **Group Policy Management Editor** go to **Computer configuration**.
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
+3. Click **Administrative templates**.
-4.  Click **Administrative templates**.
+4. Expand the tree to **Windows components > Windows Defender Antivirus > Client interface**.
-5.  Expand the tree to **Windows components > Windows Defender Antivirus > Client interface**.
+5. Double-click the **Enable headless UI mode** setting and set the option to **Enabled**. Click **OK**. 
-6. Double-click the **Enable headless UI mode** setting and set the option to **Enabled**. Click **OK**. 
+See [Prevent users from locally modifying policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) for more options on preventing users form modifying protection on their PCs.
 Also see the [Prevent users from locally modifying policy settings](configure-local-policy-overrides-windows-defender-antivirus.md) topic for more options on preventing users form modifying protection on their PCs.
 ## Prevent users from pausing a scan
-You can prevent users from pausing scans. This can be helpful to ensure scheduled or on-demand scans are not interrupted by users.
+You can prevent users from pausing scans, which can be helpful to ensure scheduled or on-demand scans are not interrupted by users.
 ### Use Group Policy to prevent users from pausing a scan
-**Use Group Policy to prevent users from pausing a scan:**
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/desktop/gpmc/group-policy-management-console-portal), right-click the Group Policy Object you want to configure and click **Edit**.
-1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+2. Using the **Group Policy Management Editor** go to **Computer configuration**.
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
+3. Click **Administrative templates**.
-4.  Click **Administrative templates**.
+4. Expand the tree to **Windows components** > **Windows Defender Antivirus** > **Scan**.
-5.  Expand the tree to **Windows components > Windows Defender Antivirus > Scan**.
+5. Double-click the **Allow users to pause scan** setting and set the option to **Disabled**. Click **OK**. 
 6. Double-click the **Allow users to pause scan** setting and set the option to **Disabled**. Click **OK**. 
 ## Related topics
 ## Related articles
 - [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md)
 - [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-windows-defender-antivirus.md)
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/report-monitor-windows-defender-antivirus.md
@ -1,6 +1,6 @@
 ---
 title: Monitor and report on Windows Defender Antivirus protection
-description: Use Configuration Manager or SIEM tools to consume reports, and monitor Windows Defender AV with PowerShell and WMI.
+description: Use Configuration Manager or security information and event management (SIEM) tools to consume reports, and monitor Windows Defender AV with PowerShell and WMI.
 keywords: siem, monitor, report, windows defender av
 search.product: eADQiWindows 10XVcnh
 ms.pagetype: security
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -22,24 +23,22 @@ manager: dansimp
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-There are a number of ways you can review protection status and alerts, depending on the management tool you are using for Windows Defender Antivirus.
+With Windows Defender Antivirus, you have several options for reviewing protection status and alerts. You can use System Center Configuration Manager to [monitor Windows Defender Antivirus](https://docs.microsoft.com/sccm/protect/deploy-use/monitor-endpoint-protection) or [create email alerts](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-configure-alerts). Or, you can monitor protection using [Microsoft Intune](https://docs.microsoft.com/intune/introduction-intune).  
 You can use System Center Configuration Manager to [monitor Windows Defender Antivirus](https://docs.microsoft.com/sccm/protect/deploy-use/monitor-endpoint-protection) or [create email alerts](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-configure-alerts), or you can also monitor protection using [Microsoft Intune](https://docs.microsoft.com/intune/introduction-intune).  
 Microsoft Operations Management Suite has an [Update Compliance add-in](/windows/deployment/update/update-compliance-get-started) that reports on key Windows Defender Antivirus issues, including protection updates and real-time protection settings.
 If you have a third-party security information and event management (SIEM) server, you can also consume [Windows Defender client events](https://msdn.microsoft.com/library/windows/desktop/aa964766(v=vs.85).aspx). 
-If you have a third-party security information and event management (SIEM) tool, you can also consume [Windows Defender client events](https://msdn.microsoft.com/library/windows/desktop/aa964766(v=vs.85).aspx). 
+Windows events comprise several security event sources, including Security Account Manager (SAM) events ([enhanced for Windows 10](https://technet.microsoft.com/library/mt431757.aspx), also see the [Security auditing](/windows/device-security/auditing/security-auditing-overview) topic) and  [Windows Defender events](troubleshoot-windows-defender-antivirus.md). 
-Windows events comprise several security event sources, including Security Account Manager (SAM) events ([enhanced for Windows 10](https://technet.microsoft.com/library/mt431757.aspx), also see the [Security audting](/windows/device-security/auditing/security-auditing-overview) topic) and  [Windows Defender events](troubleshoot-windows-defender-antivirus.md). 
+These events can be centrally aggregated using the [Windows event collector](https://msdn.microsoft.com/library/windows/desktop/bb427443(v=vs.85).aspx). Often, SIEM servers have connectors for Windows events, allowing you to correlate all security events in your SIEM server. 
 These events can be centrally aggregated using the [Windows event collector](https://msdn.microsoft.com/library/windows/desktop/bb427443(v=vs.85).aspx). It is common practice for SIEMs to have connectors for Windows events. This technique allows for correlation of all security events from the machine in the SIEM. 
 You can also [monitor malware events using the Malware Assessment solution in Log Analytics](https://docs.microsoft.com/azure/log-analytics/log-analytics-malware).
 For monitoring or determining status with PowerShell, WMI, or Microsoft Azure, see the [(Deployment, management, and reporting options table)](deploy-manage-report-windows-defender-antivirus.md#ref2).
-## Related topics
+## Related articles
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
 - [Deploy Windows Defender Antivirus](deploy-manage-report-windows-defender-antivirus.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/restore-quarantined-files-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 11/16/2018
 ms.reviewer: 
 manager: dansimp
@ -32,7 +33,7 @@ If Windows Defender Antivirus is configured to detect and remediate threats on y
 > [!NOTE]
 > You can also use the dedicated command-line tool [mpcmdrun.exe](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-antivirus/command-line-arguments-windows-defender-antivirus) to restore quarantined files in Windows Defender AV.
-## Related topics
+## Related articles
 - [Configure remediation for scans](configure-remediation-windows-defender-antivirus.md)
 - [Review scan results](review-scan-results-windows-defender-antivirus.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/review-scan-results-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -25,18 +26,17 @@ manager: dansimp
 After an Windows Defender Antivirus scan completes, whether it is an [on-demand](run-scan-windows-defender-antivirus.md) or [scheduled scan](scheduled-catch-up-scans-windows-defender-antivirus.md), the results are recorded and you can view the results. 
-**Use Microsoft Intune to review scan results:**
+## Use Microsoft Intune to review scan results
 1. In Intune, go to **Devices > All Devices** and select the device you want to scan.
 2. Click the scan results in **Device actions status**.
-**Use Configuration Manager to review scan results:**
+## Use Configuration Manager to review scan results
 See [How to monitor Endpoint Protection status](https://docs.microsoft.com/sccm/protect/deploy-use/monitor-endpoint-protection).
-
+## Use the Windows Security app to review scan results
 **Use the Windows Security app to review scan results:**
 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
@ -45,10 +45,7 @@ See [How to monitor Endpoint Protection status](https://docs.microsoft.com/sccm/
    - Click **See full history** for any of the sections to see previous detections and the action taken. You can also clear the list.
    - Information about the last scan is displayed at the bottom of the page.
-
+## Use PowerShell cmdlets to review scan results
 **Use PowerShell cmdlets to review scan results:**
 The following cmdlet will return each detection on the endpoint. If there are multiple detections of the same threat, each detection will be listed separately, based on the time of each detection:
@ -70,15 +67,12 @@ Get-MpThreat
 See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
-**Use Windows Management Instruction (WMI) to review scan results:**
+## Use Windows Management Instruction (WMI) to review scan results
 Use the [**Get** method of the **MSFT_MpThreat** and **MSFT_MpThreatDetection**](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx) classes.
-
+## Related articles
 ## Related topics
 - [Customize, initiate, and review the results of Windows Defender Antivirus scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/run-scan-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -38,49 +39,40 @@ A full scan can be useful on endpoints that have encountered a malware threat to
 >[!NOTE]
 >By default, quick scans run on mounted removable devices, such as USB drives.
-**Use Configuration Manager to run a scan:**
+## Use Configuration Manager to run a scan
 See [Antimalware and firewall tasks: How to perform an on-demand scan](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-firewall#how-to-perform-an-on-demand-scan-of-computers) for details on using System Center Configuration Manager (current branch) to run a scan.
-**Use the mpcmdrun.exe command-line utility to run a scan:**
+## Use the mpcmdrun.exe command-line utility to run a scan
 Use the following `-scan` parameter:
 ```DOS
 mpcmdrun.exe -scan -scantype 1
 ```
 See [Use the mpcmdrun.exe commandline tool to configure and manage Windows Defender Antivirus](command-line-arguments-windows-defender-antivirus.md) for more information on how to use the tool and additional parameters, including starting a full scan or defining paths.
-
+## Use Microsoft Intune to run a scan
 **Use Microsoft Intune to run a scan:**
 1. In Intune, go to **Devices > All Devices** and select the device you want to scan.
 2. Select **...More** and then select **Quick Scan** or **Full Scan**.
-**Use the Windows Security app to run a scan:**
+## Use the Windows Security app to run a scan
 See [Run a scan in the Windows Security app](windows-defender-security-center-antivirus.md#scan) for instructions on running a scan on individual endpoints.
-
+## Use PowerShell cmdlets to run a scan
 **Use PowerShell cmdlets to run a scan:**
 Use the following cmdlet:
 ```PowerShell
 Start-MpScan
 ```
 See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/itpro/powershell/windows/defender/index) for more information on how to use PowerShell with Windows Defender Antivirus.
-**Use Windows Management Instruction (WMI) to run a scan:**
+## Use Windows Management Instruction (WMI) to run a scan
 Use the [**Start** method of the **MSFT_MpScan**](https://msdn.microsoft.com/library/dn455324(v=vs.85).aspx#methods) class.
@ -88,8 +80,7 @@ See the following for more information and allowed parameters:
 - [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
-## Related topics
+## Related articles
 - [Configure Windows Defender Antivirus scanning options](configure-advanced-scan-types-windows-defender-antivirus.md)
 - [Configure scheduled Windows Defender Antivirus scans](scheduled-catch-up-scans-windows-defender-antivirus.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/scheduled-catch-up-scans-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 12/10/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/specify-cloud-protection-level-windows-defender-antivirus.md
@ -9,11 +9,12 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
 ms.custom: nextgen
 ---
 # Specify the cloud-delivered protection level
@ -27,9 +28,7 @@ You can specify the level of cloud-protection offered by Windows Defender Antivi
 >[!NOTE]
 >The Windows Defender Antivirus cloud service is a mechanism for delivering updated protection to your network and endpoints. Although it is called a cloud service, it is not simply protection for files stored in the cloud, rather it uses distributed resources and machine learning to deliver protection to your endpoints at a rate that is far faster than traditional Security intelligence updates.
-
+## Use Intune to specify the level of cloud-delivered protection
 **Use Intune to specify the level of cloud-delivered protection:**
 1. Sign in to the [Azure portal](https://portal.azure.com).
 2. Select **All services > Intune**.
@ -46,13 +45,15 @@ You can specify the level of cloud-protection offered by Windows Defender Antivi
 For more information about Intune device profiles, including how to create and configure their settings, see [What are Microsoft Intune device profiles?](https://docs.microsoft.com/intune/device-profiles)
-**Use Configuration Manager to specify the level of cloud-delivered protection:**
+## Use Configuration Manager to specify the level of cloud-delivered protection
-1.  See [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) for details on configuring System Center Configuration Manager (current branch).
+See [How to create and deploy antimalware policies: Cloud-protection service](https://docs.microsoft.com/sccm/protect/deploy-use/endpoint-antimalware-policies#cloud-protection-service) for details on configuring System Center Configuration Manager (current branch).
-**Use Group Policy to specify the level of cloud-delivered protection:**
+## Use Group Policy to specify the level of cloud-delivered protection
-1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1.  On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx).
 2. Right-click the Group Policy Object you want to configure, and then click **Edit**.
 3.  In the **Group Policy Management Editor** go to **Computer configuration**. 
@ -60,20 +61,19 @@ For more information about Intune device profiles, including how to create and c
 5.  Expand the tree to **Windows components > Windows Defender Antivirus > MpEngine**.
-1.  Double-click the **Select cloud protection level** setting and set it to **Enabled**. Select the level of protection:  
+6.  Double-click the **Select cloud protection level** setting and set it to **Enabled**. Select the level of protection:
-    1.  **Default Windows Defender Antivirus blocking level** provides strong detection without increasing the risk of detecting legitimate files.  
+    - **Default Windows Defender Antivirus blocking level** provides strong detection without increasing the risk of detecting legitimate files.
-    2.  **High blocking level** applies a strong level of detection while optimizing client performance (greater chance of false positives).
+    - **High blocking level** applies a strong level of detection while optimizing client performance (greater chance of false positives).
-    3. **High + blocking level** applies additional protection measures (may impact client performance and increase risk of false positives).
+    - **High + blocking level** applies additional protection measures (may impact client performance and increase risk of false positives).
-    4. **Zero tolerance blocking level** blocks all unknown executables.
+    - **Zero tolerance blocking level** blocks all unknown executables.
    > [!WARNING]
    > While unlikely, setting this switch to **High** or **High +** may cause some legitimate files to be detected (although you will have the option to unblock or dispute that detection).
-6. Click **OK**.
+
 7. Click **OK**.
-
+## Related articles
 ## Related topics
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
 - [Enable cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-reporting.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.reviewer: 
 manager: dansimp
 ---
@ -34,7 +35,7 @@ For common error codes and event IDs related to the Windows Defender Antivirus s
 There are three steps to troubleshooting these problems:
-1. Confirm that you have met all pre-requisites
+1. Confirm that you have met all prerequisites
 2. Check your connectivity to the Windows Defender cloud-based service
 3. Submit support logs
@ -42,9 +43,9 @@ There are three steps to troubleshooting these problems:
 >It typically takes 3 days for devices to start appearing in Update Compliance.
-## Confirm pre-requisites
+## Confirm prerequisites
-In order for devices to properly show up in Update Compliance, you have to meet certain pre-requisites for both the Update Compliance service and for Windows Defender Antivirus:
+In order for devices to properly show up in Update Compliance, you have to meet certain prerequisites for both the Update Compliance service and for Windows Defender Antivirus:
 >[!div class="checklist"]
 >- Endpoints are using Windows Defender Antivirus as the sole antivirus protection app. [Using any other antivirus app will cause Windows Defender AV to disable itself](windows-defender-antivirus-compatibility.md) and the endpoint will not be reported in Update Compliance.
@ -55,7 +56,7 @@ In order for devices to properly show up in Update Compliance, you have to meet
 “You can use Windows Defender Antivirus with Update Compliance. You’ll see status for E3, B, F1, VL, and Pro licenses. However, for E5 licenses, you need to use the Microsoft Defender ATP portal (https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints). To learn more about licensing options, see Windows 10 product licensing options"
-If the above pre-requisites have all been met, you might need to proceed to the next step to collect diagnostic information and send it to us.
+If the above prerequisites have all been met, you might need to proceed to the next step to collect diagnostic information and send it to us.
 > [!div class="nextstepaction"]
 > [Collect diagnostic data for Update Compliance troubleshooting](collect-diagnostic-data-update-compliance.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/troubleshoot-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/11/2018
 ms.reviewer: 
 manager: dansimp
@ -46,7 +47,7 @@ You can directly view the event log, or if you have a third-party security infor
 The table in this section lists the main Windows Defender Antivirus event IDs and, where possible, provides suggested solutions to fix or resolve the error. 
-**To view a Windows Defender Antivirus event**
+## To view a Windows Defender Antivirus event
 1.  Open **Event Viewer**.
 2.  In the console tree, expand **Applications and Services Logs**, then **Microsoft**, then **Windows**, then **Windows Defender Antivirus**.
@ -54,9 +55,6 @@ The table in this section lists the main Windows Defender Antivirus event IDs an
 4.  In the details pane, view the list of individual events to find your event.
 5.  Click the event to see specific details about an event in the lower pane, under the **General** and **Details** tabs.
 <table> 
 <tr>
 <th colspan="2" >Event ID: 1000</th>
@ -361,7 +359,7 @@ Message:
 Description:
 </td>
 <td >
-For more information please see the following:
+For more information, see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@ -434,7 +432,7 @@ Message:
 Description:
 </td>
 <td >
-Windows Defender Antivirus has taken action to protect this machine from malware or other potentially unwanted software. For more information please see the following:
+Windows Defender Antivirus has taken action to protect this machine from malware or other potentially unwanted software. For more information, see the following:
 <dl>
 <dt>User: &lt;Domain&gt;\&lt;User&gt;</dt>
 <dt>Name: &lt;Threat name&gt;</dt>
@ -452,7 +450,7 @@ Windows Defender Antivirus has taken action to protect this machine from malware
 <li>Quarantine: The resource was quarantined</li>
 <li>Remove: The resource was deleted</li>
 <li>Allow: The resource was allowed to execute/exist</li>
-<li>User defined: User defined action which is normally one from this list of actions that the user has specified</li>
+<li>User defined: User-defined action that is normally one from this list of actions that the user has specified</li>
 <li>No action: No action</li>
 <li>Block: The resource was blocked from executing</li>
 </ul>
@ -486,7 +484,7 @@ Message:
 Description:
 </td>
 <td >
-Windows Defender Antivirus has encountered an error when taking action on malware or other potentially unwanted software. For more information please see the following:
+Windows Defender Antivirus has encountered an error when taking action on malware or other potentially unwanted software. For more information, see the following:
 <dl>
 <dt>User: &lt;Domain&gt;\&lt;User&gt;</dt>
 <dt>Name: &lt;Threat name&gt;</dt>
@ -505,7 +503,7 @@ Windows Defender Antivirus has encountered an error when taking action on malwar
 <li>Quarantine: The resource was quarantined</li>
 <li>Remove: The resource was deleted</li>
 <li>Allow: The resource was allowed to execute/exist</li>
-<li>User defined: User defined action which is normally one from this list of actions that the user has specified</li>
+<li>User defined: User-defined action that is normally one from this list of actions that the user has specified</li>
 <li>No action: No action</li>
 <li>Block: The resource was blocked from executing</li>
 </ul>
@ -545,7 +543,7 @@ Message:
 Description:
 </td>
 <td >
-Windows Defender Antivirus has restored an item from quarantine. For more information please see the following:
+Windows Defender Antivirus has restored an item from quarantine. For more information, see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@ -589,7 +587,7 @@ Message:
 Description:
 </td>
 <td >
-Windows Defender Antivirus has encountered an error trying to restore an item from quarantine. For more information please see the following:
+Windows Defender Antivirus has encountered an error trying to restore an item from quarantine. For more information, see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@ -636,7 +634,7 @@ Message:
 Description:
 </td>
 <td >
-Windows Defender Antivirus has deleted an item from quarantine.<br/>For more information please see the following:
+Windows Defender Antivirus has deleted an item from quarantine.<br/>For more information, see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@ -680,7 +678,7 @@ Description:
 </td>
 <td >
 Windows Defender Antivirus has encountered an error trying to delete an item from quarantine.
-For more information please see the following:
+For more information, see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@ -729,7 +727,7 @@ Description:
 <td >
 Windows Defender Antivirus has removed history of malware and other potentially unwanted software.
 <dl>
-<dt>Time: The time when the event occurred, for example when the history is purged. Note that this parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.</dt>
+<dt>Time: The time when the event occurred, for example when the history is purged. This parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.</dt>
 <dt>User: &lt;Domain&gt;\&lt;User&gt;</dt>
 </dl>
 </td>
@ -760,7 +758,7 @@ Description:
 <td >
 Windows Defender Antivirus has encountered an error trying to remove history of malware and other potentially unwanted software.
 <dl>
-<dt>Time: The time when the event occurred, for example when the history is purged. Note that this parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.</dt>
+<dt>Time: The time when the event occurred, for example when the history is purged. This parameter is not used in threat events so that there is no confusion regarding whether it is remediation time or infection time. For those, we specifically call them as Action Time or Detection Time.</dt>
 <dt>User: &lt;Domain&gt;\&lt;User&gt;</dt>
 <dt>Error Code: &lt;Error code&gt;
 Result code associated with threat status. Standard HRESULT values. </dt>
@ -793,7 +791,7 @@ Message:
 Description:
 </td>
 <td >
-Windows Defender Antivirus has detected a suspicious behavior.<br/>For more information please see the following:
+Windows Defender Antivirus has detected a suspicious behavior.<br/>For more information, see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@ -870,7 +868,7 @@ Message:
 Description:
 </td>
 <td >
-Windows Defender Antivirus has detected malware or other potentially unwanted software.<br/>For more information please see the following:
+Windows Defender Antivirus has detected malware or other potentially unwanted software.<br/>For more information, see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@ -951,7 +949,7 @@ Message:
 Description:
 </td>
 <td >
-Windows Defender Antivirus has taken action to protect this machine from malware or other potentially unwanted software.<br/>For more information please see the following:
+Windows Defender Antivirus has taken action to protect this machine from malware or other potentially unwanted software.<br/>For more information, see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@ -999,7 +997,7 @@ UAC</dt>
 <li>Quarantine: The resource was quarantined</li>
 <li>Remove: The resource was deleted</li>
 <li>Allow: The resource was allowed to execute/exist</li>
-<li>User defined: User defined action which is normally one from this list of actions that the user has specified</li>
+<li>User defined: User-defined action that is normally one from this list of actions that the user has specified</li>
 <li>No action: No action</li>
 <li>Block: The resource was blocked from executing</li>
 </ul>
@ -1012,7 +1010,7 @@ Description of the error. </dt>
 <dt>Signature Version: &lt;Definition version&gt;</dt>
 <dt>Engine Version: &lt;Antimalware Engine version&gt;</dt>
 NOTE:
-Whenever Windows Defender Antivirus, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services which the malware might have changed:<ul>
+Whenever Windows Defender Antivirus, Microsoft Security Essentials, Malicious Software Removal Tool, or System Center Endpoint Protection detects a malware, it will restore the following system settings and services that the malware might have changed:<ul>
 <li>Default Internet Explorer or Microsoft Edge setting</li>
 <li>User Access Control settings</li>
 <li>Chrome settings</li>
@ -1078,7 +1076,7 @@ Message:
 Description:
 </td>
 <td >
-Windows Defender Antivirus has encountered a non-critical error when taking action on malware or other potentially unwanted software.<br/>For more information please see the following:
+Windows Defender Antivirus has encountered a non-critical error when taking action on malware or other potentially unwanted software.<br/>For more information, see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@ -1126,7 +1124,7 @@ UAC</dt>
 <li>Quarantine: The resource was quarantined</li>
 <li>Remove: The resource was deleted</li>
 <li>Allow: The resource was allowed to execute/exist</li>
-<li>User defined: User defined action which is normally one from this list of actions that the user has specified</li>
+<li>User defined: User-defined action that is normally one from this list of actions that the user has specified</li>
 <li>No action: No action</li>
 <li>Block: The resource was blocked from executing</li>
 </ul>
@ -1173,7 +1171,7 @@ Message:
 Description:
 </td>
 <td >
-Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.<br/>For more information please see the following:
+Windows Defender Antivirus has encountered a critical error when taking action on malware or other potentially unwanted software.<br/>For more information, see the following:
 <dl>
 <dt>Name: &lt;Threat name&gt;</dt>
 <dt>ID: &lt;Threat ID&gt;</dt>
@ -1221,7 +1219,7 @@ UAC</dt>
 <li>Quarantine: The resource was quarantined</li>
 <li>Remove: The resource was deleted</li>
 <li>Allow: The resource was allowed to execute/exist</li>
-<li>User defined: User defined action which is normally one from this list of actions that the user has specified</li>
+<li>User defined: User-defined action that is normally one from this list of actions that the user has specified</li>
 <li>No action: No action</li>
 <li>Block: The resource was blocked from executing</li>
 </ul>
@ -1323,7 +1321,7 @@ Windows Defender Antivirus client is up and running in a healthy state.
 <tr>
 <td></td>
 <td >
-<div class="alert"><b>Note</b>  This event will only be logged if the following policy is set: <b>ThreatFileHashLogging     unsigned</b>.</div>
+<div class="alert"><b>Note: This event will only be logged if the following policy is set: <b>ThreatFileHashLogging     unsigned</b>.</div>
 <div> </div>
 </td>
 </tr>
@ -2452,7 +2450,7 @@ Message:
 Description:
 </td>
 <td >
-Windows Defender Antivirus configuration has changed. If this is an unexpected event you should review the settings as this may be the result of malware.
+Windows Defender Antivirus configuration has changed. If this is an unexpected event, you should review the settings as this may be the result of malware.
 <dl>
 <dt>Old value: &lt;Old value number&gt;
 Old antivirus configuration value.</dt>
@ -2893,7 +2891,7 @@ Run a full system scan.
 <td>
 This error indicates that an offline scan is required. 
 </td></tr><tr><td>Resolution</td><td>
-Run offline Windows Defender Antivirus. You can read about how to do this in the <a href="http://windows.microsoft.com/windows/what-is-windows-defender-offline">offline Windows Defender Antivirus article</a>.
+Run offline Windows Defender Antivirus. You can read about how to do this in the <a href="https://windows.microsoft.com/windows/what-is-windows-defender-offline">offline Windows Defender Antivirus article</a>.
 </td>
 </tr>
 <tr>
--- a/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/use-group-policy-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -28,20 +29,19 @@ In general, you can use the following procedure to configure or change Windows D
 1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object (GPO) you want to configure and click **Edit**.
-3.  In the **Group Policy Management Editor** go to **Computer configuration**.
+2. Using the **Group Policy Management Editor** go to **Computer configuration**.
-4.  Click **Administrative templates**.
+3. Click **Administrative templates**.
-5.  Expand the tree to **Windows components > Windows Defender Antivirus**.
+4. Expand the tree to **Windows components** > **Windows Defender Antivirus**.
-6. Expand the section (referred to as **Location** in the table in this topic) that contains the setting you want to configure, double-click the setting to open it, and make configuration changes.
+5. Expand the section (referred to as **Location** in the table in this topic) that contains the setting you want to configure, double-click the setting to open it, and make configuration changes.
-7. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx). 
+6. [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx). 
 The following table in this topic lists the Group Policy settings available in Windows 10, version 1703, and provides links to the appropriate topic in this documentation library (where applicable).
-
+Location | Setting | Article
 Location | Setting | Documented in topic
 ---|---|---
 Client interface | Enable headless UI mode | [Prevent users from seeing or interacting with the Windows Defender Antivirus user interface](prevent-end-user-interaction-windows-defender-antivirus.md)
 Client interface | Display additional text to clients when they need to perform an action | [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md)
@ -88,10 +88,10 @@ Reporting | Configure time out for detections requiring additional action | Not
 Reporting | Turn off enhanced notifications | [Configure the notifications that appear on endpoints](configure-notifications-windows-defender-antivirus.md)
 Root | Turn off Windows Defender Antivirus | Not used (This setting must be set to **Not configured** to ensure any installed third-party antivirus apps work correctly)
 Root | Define addresses to bypass proxy server | Not used
-Root | Define proxy auto-config (.pac) for connecting to the network | Not used
+Root | Define proxy autoconfig (.pac) for connecting to the network | Not used
 Root | Define proxy server for connecting to the network | Not used
 Root | Configure local administrator merge behavior for lists | [Prevent or allow users to locally modify policy settings](configure-local-policy-overrides-windows-defender-antivirus.md)
-Root | Allow antimalware service to startup with normal priority | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md)
+Root | Allow antimalware service to start up with normal priority | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md)
 Root | Allow antimalware service to remain running always | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md)
 Root | Turn off routine remediation | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md)
 Root | Randomize scheduled task times | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md)
@ -126,7 +126,7 @@ Scan | Specify the time of day to run a scheduled scan | [Configure scheduled sc
 Scan | Start the scheduled scan only when computer is on but not in use | [Configure scheduled scans for Windows Defender Antivirus](scheduled-catch-up-scans-windows-defender-antivirus.md)
 Security intelligence updates | Allow security intelligence updates from Microsoft Update | [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
 Security intelligence updates | Allow security intelligence updates when running on battery power | [Manage updates for mobile devices and virtual machines (VMs)](manage-updates-mobile-devices-vms-windows-defender-antivirus.md)
-Security intelligence updates | Allow notifications to disable definitions based repots to Microsoft MAPS | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md)
+Security intelligence updates | Allow notifications to disable definitions-based reports to Microsoft MAPS | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md)
 Security intelligence updates | Allow real-time security intelligence updates based on reports to Microsoft MAPS | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md)
 Security intelligence updates | Check for the latest virus and spyware definitions on startup | [Manage event-based forced updates](manage-event-based-updates-windows-defender-antivirus.md)
 Security intelligence updates | Define file shares for downloading security intelligence updates | [Manage Windows Defender Antivirus protection and security intelligence updates](manage-protection-updates-windows-defender-antivirus.md)
@ -143,12 +143,8 @@ Threats | Specify threat alert levels at which default action should not be take
 Threats | Specify threats upon which default action should not be taken when detected | [Configure remediation for Windows Defender Antivirus scans](configure-remediation-windows-defender-antivirus.md)
-
+## Related articles
 ## Related topics
 - [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/use-intune-config-manager-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -31,7 +32,7 @@ See the [Endpoint Protection](https://docs.microsoft.com/sccm/protect/deploy-use
 For Microsoft Intune, consult the [Microsoft Intune library](https://docs.microsoft.com/intune/introduction-intune) and [Configure device restriction settings in Intune](https://docs.microsoft.com/intune/device-restrictions-configure).
-## Related topics
+## Related articles
 - [Reference topics for management and configuration tools](configuration-management-reference-windows-defender-antivirus.md)
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/use-powershell-cmdlets-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -38,7 +39,7 @@ You can [configure which settings can be overridden locally with local policy ov
 PowerShell is typically installed under the folder _%SystemRoot%\system32\WindowsPowerShell_.
-**Use Windows Defender Antivirus PowerShell cmdlets:**
+## Use Windows Defender Antivirus PowerShell cmdlets
 1. Click **Start**, type **powershell**, and press **Enter**.
 2. Click **Windows PowerShell** to open the interface. 
--- a/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/use-wmi-windows-defender-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/utilize-microsoft-cloud-protection-windows-defender-antivirus.md
@ -9,10 +9,11 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.reviewer: 
 manager: dansimp
 ms.custom: nextgen
 ---
 # Use next-gen technologies in Windows Defender Antivirus through cloud-delivered protection
@ -21,7 +22,7 @@ manager: dansimp
 - [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
-Microsoft next-gen technologies in Windows Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models.  
+Microsoft next-generation technologies in Windows Defender Antivirus provide near-instant, automated protection against new and emerging threats. To dynamically identify new threats, these technologies work with large sets of interconnected data in the Microsoft Intelligent Security Graph and powerful artificial intelligence (AI) systems driven by advanced machine learning models.  
 Windows Defender Antivirus uses multiple detection and prevention technologies to deliver accurate, real-time, and intelligent protection. [Get to know the advanced technologies at the core of Microsoft Defender ATP next generation protection](https://www.microsoft.com/security/blog/2019/06/24/inside-out-get-to-know-the-advanced-technologies-at-the-core-of-microsoft-defender-atp-next-generation-protection/).
 ![List of Windows Defender AV engines](images/microsoft-defender-atp-next-generation-protection-engines.png)  
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-compatibility.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-antivirus-in-windows-10.md
@ -14,6 +14,7 @@ ms.author: deniseb
 ms.date: 10/14/2019
 ms.reviewer: 
 manager: dansimp
 ms.custom: nextgen
 ---
 # Next-generation protection in Windows 10 and Windows Server 2016
@ -33,8 +34,7 @@ Next-generation protection includes services that use machine learning together
 >- [Cloud-delivered protection](enable-cloud-protection-windows-defender-antivirus.md)
 >- Fast learning (including [block at first sight](configure-block-at-first-sight-windows-defender-antivirus.md))
 >- [Potentially unwanted application blocking](detect-block-potentially-unwanted-apps-windows-defender-antivirus.md)
-
+> 
 > [!NOTE]
 > For more information regarding what's new in each Windows version, please refer to [What's new in Microsoft Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/whats-new-in-microsoft-defender-atp).
 ## Minimum system requirements
@ -44,7 +44,7 @@ Windows Defender Antivirus is your main vehicle for next-generation protection,
 - [Minimum hardware requirements](https://docs.microsoft.com/windows-hardware/design/minimum/minimum-hardware-requirements-overview)
 - [Hardware component guidelines](https://docs.microsoft.com/windows-hardware/design/component-guidelines/components)
-## Configuring Next-generation services
+## Configuring next-generation services
 You can use the following to configure and manage next-generation services in Windows 10 while running Windows Defender Antivirus:
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-offline.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -28,7 +29,7 @@ You can use Windows Defender Offline if you suspect a malware infection, or you
 In Windows 10, Windows Defender Offline can be run with one click directly from the [Windows Security app](windows-defender-security-center-antivirus.md). In previous versions of Windows, a user had to install Windows Defender Offline to bootable media, restart the endpoint, and load the bootable media.
-## Pre-requisites and requirements
+## prerequisites and requirements
 Windows Defender Offline in Windows 10 has the same hardware requirements as Windows 10. 
@ -92,7 +93,7 @@ You can run a Windows Defender Offline scan with the following:
-**Use PowerShell cmdlets to run an offline scan:**
+### Use PowerShell cmdlets to run an offline scan
 Use the following cmdlets:
@ -102,7 +103,7 @@ Start-MpWDOScan
 See [Use PowerShell cmdlets to configure and run Windows Defender Antivirus](use-powershell-cmdlets-windows-defender-antivirus.md) and [Defender cmdlets](https://technet.microsoft.com/library/dn433280.aspx) for more information on how to use PowerShell with Windows Defender Antivirus.
-**Use Windows Management Instruction (WMI) to run an offline scan:**
+### Use Windows Management Instruction (WMI) to run an offline scan
 Use the [**MSFT_MpWDOScan**](https://msdn.microsoft.com/library/dn455323(v=vs.85).aspx) class to run an offline scan.
@ -116,7 +117,7 @@ See the following for more information:
 - [Windows Defender WMIv2 APIs](https://msdn.microsoft.com/library/dn439477(v=vs.85).aspx)
-**Use the Windows Defender Security app to run an offline scan:**
+### Use the Windows Defender Security app to run an offline scan
 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
@ -135,7 +136,7 @@ See the following for more information:
 Windows Defender Offline scan results will be listed in the [Scan history section of the Windows Security app](windows-defender-security-center-antivirus.md#detection-history). 
-## Related topics
+## Related articles
 - [Customize, initiate, and review the results of scans and remediation](customize-run-review-remediate-scans-windows-defender-antivirus.md)
 - [Windows Defender Antivirus in Windows 10](windows-defender-antivirus-in-windows-10.md)
--- a/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
+++ b/windows/security/threat-protection/windows-defender-antivirus/windows-defender-security-center-antivirus.md
@ -9,8 +9,9 @@ ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
-author: dansimp
+author: denisebmsft
-ms.author: dansimp
+ms.author: deniseb
 ms.custom: nextgen
 ms.date: 09/03/2018
 ms.reviewer: 
 manager: dansimp
@ -40,7 +41,7 @@ See the [Windows Security topic](/windows/threat-protection/windows-defender-sec
 >[!NOTE]
 >The Windows Security app is a client interface on Windows 10, version 1703 and later. It is not the Microsoft Defender Security Center web portal that is used to review and manage [Microsoft Defender Advanced Threat Protection](../microsoft-defender-atp/microsoft-defender-advanced-threat-protection.md).
-**Review virus and threat protection settings in the Windows Security app:**
+## Review virus and threat protection settings in the Windows Security app
 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
@ -66,7 +67,6 @@ Item | Windows 10, before version 1703 | Windows 10, version 1703 and later | De
 4 | **Scan options** | **Advanced scan** | Run a full scan, custom scan, or a Windows Defender Offline scan
 5 | Run a scan (based on the option chosen under **Scan options** | **Quick scan** | In Windows 10, version 1703 and later, you can run custom and full scans under the **Advanced scan** option
 ## Common tasks
 This section describes how to perform some of the most common tasks when reviewing or interacting with the threat protection provided by Windows Defender Antivirus in the Windows Security app.
@ -75,7 +75,9 @@ This section describes how to perform some of the most common tasks when reviewi
 > If these settings are configured and deployed using Group Policy, the settings described in this section will be greyed-out and unavailable for use on individual endpoints. Changes made through a Group Policy Object must first be deployed to individual endpoints before the setting will be updated in Windows Settings. The [Configure end-user interaction with Windows Defender Antivirus](configure-end-user-interaction-windows-defender-antivirus.md) topic describes how local policy override settings can be configured.
 <a id="scan"></a>
-**Run a scan with the Windows Security app**
+
 ### Run a scan with the Windows Security app
 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
@ -85,7 +87,9 @@ This section describes how to perform some of the most common tasks when reviewi
 4. Click **Run a new advanced scan** to specify different types of scans, such as a full scan.
 <a id="definition-version"></a>
-**Review the security intelligence update version and download the latest updates in the Windows Security app**
+
 ### Review the security intelligence update version and download the latest updates in the Windows Security app
 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
@ -97,8 +101,7 @@ This section describes how to perform some of the most common tasks when reviewi
 4. Click **Check for updates** to download new protection updates (if there are any).
-
+### Ensure Windows Defender Antivirus is enabled in the Windows Security app
 **Ensure Windows Defender Antivirus is enabled in the Windows Security app**
 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
@ -114,7 +117,9 @@ This section describes how to perform some of the most common tasks when reviewi
 <a id="exclusions"></a>
-**Add exclusions for Windows Defender Antivirus in the Windows Security app**
+
 ### Add exclusions for Windows Defender Antivirus in the Windows Security app
 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
@ -126,7 +131,8 @@ This section describes how to perform some of the most common tasks when reviewi
 5. Click the plus icon to choose the type and set the options for each exclusion. 
 <a id="detection-history"></a>
-**Review threat detection history in the Windows Defender Security Center app**
+
 ### Review threat detection history in the Windows Defender Security Center app
 1. Open the Windows Defender Security Center app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
@ -136,7 +142,9 @@ This section describes how to perform some of the most common tasks when reviewi
 4. Click **See full history** under each of the categories (**Current threats**, **Quarantined threats**, **Allowed threats**).
 <a id="ransomware"></a>
-**Set ransomware protection and recovery options**
+
 ### Set ransomware protection and recovery options
 1. Open the Windows Security app by clicking the shield icon in the task bar or searching the start menu for **Defender**.
 2. Click the **Virus & threat protection** tile (or the shield icon on the left menu bar).
@ -147,8 +155,7 @@ This section describes how to perform some of the most common tasks when reviewi
 5. To set up ransomware recovery options, click **Set up** under **Ransomware data recovery** and follow the instructions for linking or setting up your OneDrive account so you can easily recover from a ransomware attack.
-
+## Related articles
 ## Related topics
 - [Windows Defender Antivirus](windows-defender-antivirus-in-windows-10.md)
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.md
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.md
@ -5,20 +5,23 @@
 ### Design and create your WDAC policy
 #### [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md)
 #### [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md)
-#### [Create an initial default policy](create-initial-default-policy.md)
+##### [Authorize apps deployed with a WDAC managed installer](use-windows-defender-application-control-with-managed-installer.md)
-#### [Microsoft recommended block rules](microsoft-recommended-block-rules.md)
+##### [Authorize reputable apps with Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md)
 #### [Example WDAC base policies](example-wdac-base-policies.md)
 #### [Use multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md)
 #### [Common WDAC deployment scenarios](types-of-devices.md)
 ##### [Create a WDAC policy for lightly-managed devices](create-wdac-policy-for-lightly-managed-devices.md)
 ##### [Create a WDAC policy for fully-managed devices](create-wdac-policy-for-fully-managed-devices.md)
 ##### [Create a WDAC policy for fixed-workload devices](create-initial-default-policy.md)
 ##### [Microsoft recommended block rules](microsoft-recommended-block-rules.md)
 ## [Windows Defender Application Control deployment guide](windows-defender-application-control-deployment-guide.md)
 ### [Types of devices](types-of-devices.md)
 ### [Audit WDAC policies](audit-windows-defender-application-control-policies.md)
 ### [Merge WDAC policies](merge-windows-defender-application-control-policies.md)
 ### [Deploy multiple WDAC policies](deploy-multiple-windows-defender-application-control-policies.md)
 ### [Enforce WDAC policies](enforce-windows-defender-application-control-policies.md)
 ### [Allow COM object registration](allow-com-object-registration-in-windows-defender-application-control-policy.md)
 ### [Deploy WDAC with a managed installer](use-windows-defender-application-control-with-managed-installer.md)
 ### [Deploy WDAC with Intelligent Security Graph (ISG)](use-windows-defender-application-control-with-intelligent-security-graph.md)
 ### [Deploy WDAC policies using Group Policy](deploy-windows-defender-application-control-policies-using-group-policy.md)
 ### [Deploy WDAC policies using Intune](deploy-windows-defender-application-control-policies-using-intune.md)
 ### [Use WDAC with .NET hardening](use-windows-defender-application-control-with-dynamic-code-security.md)
--- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
@ -1,11 +1,8 @@
 ---
-title: Create a Windows Defender Application Control policy from a reference computer (Windows 10)
+title: Create a WDAC policy for fixed-workload devices using a reference computer (Windows 10)
 description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core.
 keywords: whitelisting, security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
@ -20,14 +17,15 @@ manager: dansimp
 ms.date: 05/03/2018
 ---
-# Create a Windows Defender Application Control policy from a reference computer
+# Create a WDAC policy for fixed-workload devices using a reference computer
 **Applies to:**
 -   Windows 10
-   Windows Server 2016
+-   Windows Server 2016 and above
 This section outlines the process to create a WDAC policy for fixed-workload devices within an organization. Fixed-workload devices tend to be dedicated to a specific functional purpose and share common configuration attributes with other devices servicing the same functional role. Examples of fixed-workload devices may include Active Directory Domain Controllers, Secure Admin Workstations, pharmaceutical drug-mixing equipment, manufacturing devices, cash registers, ATMs, etc...
 This section outlines the process to create a WDAC policy with Windows PowerShell. 
 For this example, you must initiate variables to be used during the creation process or use the full file paths in the command. 
 Then create the WDAC policy by scanning the system for installed applications. 
 The policy file is converted to binary format when it gets created so that Windows can interpret it.
@ -52,24 +50,24 @@ You can remove or disable such software on the reference computer.
 To create a WDAC policy, copy each of the following commands into an elevated Windows PowerShell session, in order:
-1. Initialize variables that you will use. The following example commands use **InitialScan.xml** and **DeviceGuardPolicy.bin** for the names of the files that will be created:
+1. Initialize variables that you will use.
-   `$CIPolicyPath=$env:userprofile+"\Desktop\"`
+   ```powershell
-
+   $PolicyPath=$env:userprofile+"\Desktop\"
-   `$InitialCIPolicy=$CIPolicyPath+"InitialScan.xml"`
+   $PolicyName="FixedWorkloadPolicy_Audit"
-
+   $WDACPolicy=$PolicyPath+$PolicyName+".xml"
-   `$CIPolicyBin=$CIPolicyPath+"DeviceGuardPolicy.bin"`
+   $WDACPolicyBin=$PolicyPath+$PolicyName+".bin"
 2. Use [New-CIPolicy](https://docs.microsoft.com/powershell/module/configci/new-cipolicy) to create a new WDAC policy by scanning the system for installed applications:
   ```powershell
-   New-CIPolicy -Level PcaCertificate -FilePath $InitialCIPolicy –UserPEs 3> CIPolicyLog.txt 
+   New-CIPolicy -Level PcaCertificate -FilePath $WDACPolicy –UserPEs 3> CIPolicyLog.txt 
   ```
   > [!Note]
   > 
   > - When you specify the **-UserPEs** parameter (to include user mode executables in the scan), rule option **0 Enabled:UMCI** is automatically added to the WDAC policy. In contrast, if you do not specify **-UserPEs**, the policy will be empty of user mode executables and will only have rules for kernel mode binaries like drivers, in other words, the whitelist will not include applications. If you create such a policy and later add rule option **0 Enabled:UMCI**, all attempts to start applications will cause a response from Windows Defender Application Control. In audit mode, the response is logging an event, and in enforced mode, the response is blocking the application. 
-   > 
+   > - You can add the **-MultiplePolicyFormat** parameter when creating policies which will be deployed to computers which are running Windows build 1903+. For more information about multiple policies, see [Deploy multiple Windows Defender Application Control policies](deploy-multiple-windows-defender-application-control-policies.md).
   > - You can add the **-Fallback** parameter to catch any applications not discovered using the primary file rule level specified by the **-Level** parameter. For more information about file rule level options, see [Windows Defender Application Control file rule levels](select-types-of-rules-to-create.md).
   > 
   > - To specify that the WDAC policy scan only a specific drive, include the **-ScanPath** parameter followed by a path. Without this parameter, the entire system is scanned.
@ -79,10 +77,10 @@ To create a WDAC policy, copy each of the following commands into an elevated Wi
 3. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the WDAC policy to a binary format:
   ```powershell
-   ConvertFrom-CIPolicy $InitialCIPolicy $CIPolicyBin
+   ConvertFrom-CIPolicy $WDACPolicy $WDACPolicyBin
   ```
-After you complete these steps, the WDAC binary file (DeviceGuardPolicy.bin) and original .xml file (InitialScan.xml) will be available on your desktop. You can use the binary file as a WDAC policy or sign it for additional security.
+After you complete these steps, the WDAC binary file ($WDACPolicyBin) and original .xml file ($WDACPolicy) will be available on your desktop. You can use the binary file as a WDAC policy or sign it for additional security.
 > [!NOTE]
 > We recommend that you keep the original .xml file of the policy for use when you need to merge the WDAC policy with another policy or update its rule options. Alternatively, you would have to create a new policy from a new scan for servicing. For more information about how to merge WDAC policies, see [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md).
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
@ -0,0 +1,168 @@
 ---
 title: Create a WDAC policy for fully-managed devices (Windows 10)
 description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core.
 keywords: whitelisting, security, malware
 ms.topic: conceptual
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 11/20/2019
 ---
 # Create a WDAC policy for fully-managed devices
 **Applies to:**
 -   Windows 10
 -   Windows Server 2016 and above
 This section outlines the process to create a WDAC policy for **fully-managed devices** within an organization. The key difference between this scenario and [lightly-managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully-managed device is managed by IT and users of the device cannot install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Endpoint Manager (MEM). Additionally, users on fully-managed devices should ideally run as standard user and only authorized IT pros have administrative access.
 > [!NOTE]
 > Some of the WDAC options described in this topic are only available on Windows 10 version 1903 and above. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
 As described in [common WDAC deployment scenarios](types-of-devices.md), we will use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
 **Alice Pena** is the IT team lead tasked with the rollout of WDAC.
 Alice previously created a policy for the organization's lightly-managed devices. Some devices, however, are more tightly managed and can benefit from a more constrained policy. In particular, certain job functions such as administrative staff and task-workers are not granted administrator level access to their devices. Similarly, shared kiosks are configured only with a managed set of apps and all users of the device except IT run as standard user. On these devices, all apps are deployed and installed by IT.
 ## Define the "circle-of-trust" for fully-managed devices
 Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's fully-managed devices:
 - All clients are running Windows 10 version 1903 or above;
 - All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or hybrid mode with Intune;
 > [!NOTE]
 > Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager (SCCM) 
 - Most, but not all, apps are deployed using MEMCM;
 - Sometimes, IT staff install apps directly to these devices without using MEMCM;
 - All users except IT are standard users on these devices.
 Alice's team develops a simple console application, called *LamnaITInstaller.exe*, which will become the authorized way for IT staff to install apps directly to devices. *LamnaITInstaller.exe* allows the IT pro to launch another process, such as an app installer. Alice will configure *LamnaITInstaller.exe* as an additional managed installer for WDAC and allows her to remove the need for filepath rules.
 Based on the above, Alice defines the pseudo-rules for the policy:
 1. **“Windows works”** rules which authorizes:
   - Windows
   - WHQL (3rd party kernel drivers)
   - Windows Store signed apps
 2. **"MEMCM works”** rules which includes signer and hash rules for MEMCM components to properly function
 3. **Allow Managed Installer** (MEMCM and *LamnaITInstaller.exe* configured as a managed installer)
 The critical differences between this set of pseudo-rules and those defined for Lamna's [lightly-managed devices](create-wdac-policy-for-lightly-managed-devices.md#define-the-circle-of-trust-for-lightly-managed-devices) are:
 - Removal of the Intelligent Security Graph (ISG) option; and
 - Removal of filepath rules.
 ## Create a custom base policy using an example WDAC base policy
 Having defined the "circle-of-trust", Alice is ready to generate the initial policy for Lamna's fully-managed devices. She decides to use MEMCM to create the initial base policy and then customize it to meet Lamna's needs.
 Alice follows these steps to complete this task:
 > [!NOTE]
 > If you do not use MEMCM or prefer to use a different [example WDAC base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the MEMCM policy path with your preferred example base policy.
 1. [Use MEMCM to create and deploy an audit policy](https://docs.microsoft.com/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 or above.
 2. On the client device, run the following commands in an elevated Windows PowerShell session to initialize variables:
      ```powershell
      $PolicyName= "Lamna_FullyManagedClients_Audit"
      $LamnaPolicy=$env:userprofile+"\Desktop\"+$PolicyName+".xml"
      $MEMCMPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml"
      ```
 3. Copy the policy created by MEMCM to the desktop:
      ```powershell
      cp $MEMCMPolicy $LamnaPolicy
      ```
 4. Give the new policy a unique ID, descriptive name, and initial version number:
      ```powershell
      Set-CIPolicyIdInfo -FilePath $LamnaPolicy -PolicyName $PolicyName -ResetPolicyID
      Set-CIPolicyVersion -FilePath $LamnaPolicy -Version "1.0.0.0"
      ```
 5. Modify the copied policy to set policy rules:
      ```powershell
      Set-RuleOption -FilePath $LamnaPolicy -Option 3 # Audit Mode
      Set-RuleOption -FilePath $LamnaPolicy -Option 6 # Unsigned Policy
      Set-RuleOption -FilePath $LamnaPolicy -Option 9 # Advanced Boot Menu
      Set-RuleOption -FilePath $LamnaPolicy -Option 12 # Enforce Store Apps
      Set-RuleOption -FilePath $LamnaPolicy -Option 13 # Managed Installer
      Set-RuleOption -FilePath $LamnaPolicy -Option 16 # No Reboot
      Set-RuleOption -FilePath $LamnaPolicy -Option 17 # Allow Supplemental
      Set-RuleOption -FilePath $LamnaPolicy -Option 19 # Dynamic Code Security
      ```
 6. If appropriate, add additional signer or file rules to further customize the policy for your organization.
 7. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the WDAC policy to a binary format:
    > [!NOTE]
    > In the sample commands below, replace the string "{InsertPolicyID}" with the actual PolicyID GUID (including braces **{ }**) found in your policy XML file.
   ```powershell
   $WDACPolicyBin=$env:userprofile+"\Desktop\"+$PolicyName+"_{InsertPolicyID}.bin"
   ConvertFrom-CIPolicy $LamnaPolicy $WDACPolicyBin
   ```
 8. Upload your base policy XML and the associated binary to a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration).
 At this point, Alice now has an initial policy that is ready to deploy in audit mode to the managed clients within Lamna.
 ## Security considerations of this fully-managed policy
 Alice has defined a policy for Lamna's fully-managed devices that makes some trade-offs between security and manageability for apps. Some of the trade-offs include:
 - **Users with administrative access**<br>
    Although applying to fewer users, Lamna still allows some IT staff to log in to its fully-managed devices as administrator. This allows these admin users (or malware running with the user's privileges) to modify or remove altogether the WDAC policy applied on the device. Additionally, administrators can configure any app they wish to operate as a managed installer which would allow them to gain persistent app authorization for whatever apps or binaries they wish.
   Possible mitigations:
  - Use signed WDAC policies and UEFI BIOS access protection to prevent tampering of WDAC policies.
  - Create and deploy signed catalog files as part of the app deployment process in order to remove the requirement for managed installer.
  - Use device attestation to detect the configuration state of WDAC at boot time and use that information to condition access to sensitive corporate resources.
 - **Unsigned policies**<br>
    Unsigned policies can be replaced or removed without consequence by any process running as administrator. Unsigned base policies that also enable supplemental policies can have their "circle-of-trust" altered by any unsigned supplemental policy.
   Existing mitigations applied:
  - Limit who can elevate to administrator on the device.
   Possible mitigations:
  - Use signed WDAC policies and UEFI BIOS access protection to prevent tampering of WDAC policies.
 - **Managed installer**<br>
    See [security considerations with managed installer](use-windows-defender-application-control-with-managed-installer.md#security-considerations-with-managed-installer)
   Existing mitigations applied:
  - Limit who can elevate to administrator on the device.
   Possible mitigations:
  - Create and deploy signed catalog files as part of the app deployment process in order to remove the requirement for managed installer.
 - **Supplemental policies**<br>
    Supplemental policies are designed to relax the associated base policy. Additionally allowing unsigned policies allows any administrator process to expand the "circle-of-trust" defined by the base policy without restriction.
   Possible mitigations:
  - Use signed WDAC policies which allow authorized signed supplemental policies only.
  - Use a restrictive audit mode policy to audit app usage and augment vulnerability detection.
 ## Up next
 - [Create a WDAC policy for fixed-workload devices using a reference computer](create-initial-default-policy.md)
 - [Prepare to deploy WDAC policies](windows-defender-application-control-deployment-guide.md)
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
@ -0,0 +1,184 @@
 ---
 title: Create a WDAC policy for lightly-managed devices (Windows 10)
 description: Windows Defender Application Control restricts which applications users are allowed to run and the code that runs in the system core.
 keywords: whitelisting, security, malware
 ms.topic: conceptual
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 11/15/2019
 ---
 # Create a WDAC policy for lightly-managed devices
 **Applies to:**
 -   Windows 10
 -   Windows Server 2016 and above
 This section outlines the process to create a WDAC policy for **lightly-managed devices** within an organization. Typically, organizations that are new to application control will be most successful if they start with a permissive policy like the one described in this topic. Organizations can choose to harden the policy over time to achieve a stronger overall security posture on their WDAC managed devices as described in later topics.
 > [!NOTE]
 > Some of the WDAC options described in this topic are only available on Windows 10 version 1903 and above. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
 As in the [previous topic](types-of-devices.md), we will use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
 **Alice Pena** is the IT team lead tasked with the rollout of WDAC. Recognizing where Lamna is starting from, with very loose application usage policies and a culture of maximum app flexibility for users, Alice knows that she will need to take an incremental approach to application control and use different policies for different workloads.
 For the majority of users and devices, Alice wants to create an initial policy that is as relaxed as possible in order to minimize user productivity impact, while still providing security value.
 ## Define the "circle-of-trust" for lightly-managed devices
 Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's lightly-managed devices, which currently includes most end-user devices:
 - All clients are running Windows 10 version 1903 or above;
 - All clients are managed by Microsoft Endpoint Manager (MEM) either with Configuration Manager (MEMCM) standalone or hybrid mode with Intune;
 > [!NOTE]
 > Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager (SCCM) 
 - Some, but not all, apps are deployed using MEMCM;
 - Most users are local administrators on their devices;
 - Some teams may need additional rules to authorize specific apps that don't apply generally to all other users.
 Based on the above, Alice defines the pseudo-rules for the policy:
 1. **“Windows works”** rules which authorizes:
   - Windows
   - WHQL (3rd party kernel drivers)
   - Windows Store signed apps
 2. **"MEMCM works”** rules which includes signer and hash rules for MEMCM components to properly function
 3. **Allow Managed Installer** (MEMCM configured as a managed installer)
 4. **Allow Intelligent Security Graph (ISG)** (reputation-based authorization)
 5. **Admin-only path rules** for the following locations:
   - C:\Program Files\*
   - C:\Program Files (x86)\*
   - %windir%\*
 ## Create a custom base policy using an example WDAC base policy
 Having defined the "circle-of-trust", Alice is ready to generate the initial policy for Lamna's lightly-managed devices. She decides to use MEMCM to create the initial base policy and then customize it to meet Lamna's needs.
 Alice follows these steps to complete this task:
 > [!NOTE]
 > If you do not use MEMCM or prefer to use a different [example WDAC base policy](example-wdac-base-policies.md) for your own policy, skip to step 2 and substitute the MEMCM policy path with your preferred example base policy.
 1. [Use MEMCM to create and deploy an audit policy](https://docs.microsoft.com/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) to a client device running Windows 10 version 1903 or above.
 2. On the client device, run the following commands in an elevated Windows PowerShell session to initialize variables:
      ```powershell
      $PolicyName= "Lamna_LightlyManagedClients_Audit"
      $LamnaPolicy=$env:userprofile+"\Desktop\"+$PolicyName+".xml"
      $MEMCMPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml"
      ```
 3. Copy the policy created by MEMCM to the desktop:
      ```powershell
      cp $MEMCMPolicy $LamnaPolicy
      ```
 4. Give the new policy a unique ID, descriptive name, and initial version number:
      ```powershell
      Set-CIPolicyIdInfo -FilePath $LamnaPolicy -PolicyName $PolicyName -ResetPolicyID
      Set-CIPolicyVersion -FilePath $LamnaPolicy -Version "1.0.0.0"
      ```
 5. Modify the copied policy to set policy rules:
      ```powershell
      Set-RuleOption -FilePath $LamnaPolicy -Option 3 # Audit Mode
      Set-RuleOption -FilePath $LamnaPolicy -Option 6 # Unsigned Policy
      Set-RuleOption -FilePath $LamnaPolicy -Option 9 # Advanced Boot Menu
      Set-RuleOption -FilePath $LamnaPolicy -Option 12 # Enforce Store Apps
      Set-RuleOption -FilePath $LamnaPolicy -Option 13 # Managed Installer
      Set-RuleOption -FilePath $LamnaPolicy -Option 14 # ISG
      Set-RuleOption -FilePath $LamnaPolicy -Option 16 # No Reboot
      Set-RuleOption -FilePath $LamnaPolicy -Option 17 # Allow Supplemental
      Set-RuleOption -FilePath $LamnaPolicy -Option 19 # Dynamic Code Security
      ```
 6. Add rules to allow windir and Program Files directories:
      ```powershell
      $PathRules += New-CIPolicyRule -FilePathRule "%windir%\*"
      $PathRules += New-CIPolicyRule -FilePathRule "%OSDrive%\Program Files\*"
      $PathRules += New-CIPolicyRule -FilePathRule "%OSDrive%\Program Files (x86)\*"
      Merge-CIPolicy -OutputFilePath = $LamnaPolicy -PolicyPaths $LamnaPolicy -Rules $PathRules
      ```
 7. If appropriate, add additional signer or file rules to further customize the policy for your organization.
 8. Use [ConvertFrom-CIPolicy](https://docs.microsoft.com/powershell/module/configci/convertfrom-cipolicy) to convert the WDAC policy to a binary format:
    > [!NOTE]
    > In the sample commands below, replace the string "{InsertPolicyID}" with the actual PolicyID GUID (including braces **{ }**) found in your policy XML file.
   ```powershell
   $WDACPolicyBin=$env:userprofile+"\Desktop\"+$PolicyName+"_{InsertPolicyID}.bin"
   ConvertFrom-CIPolicy $LamnaPolicy $WDACPolicyBin
   ```
 9. Upload your base policy XML and the associated binary to a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration).
 At this point, Alice now has an initial policy that is ready to deploy in audit mode to the managed clients within Lamna.
 ## Security considerations of this lightly-managed policy
 In order to minimize user productivity impact, Alice has defined a policy that makes several trade-offs between security and user app flexibility. Some of the trade-offs include:
 - **Users with administrative access**<br>
    By far the most impactful security trade-off, this allows the device user (or malware running with the user's privileges) to modify or remove altogether the WDAC policy applied on the device. Additionally, administrators can configure any app they wish to operate as a managed installer which would allow them to gain persistent app authorization for whatever apps or binaries they wish.
    Possible mitigations:
  - Use signed WDAC policies and UEFI BIOS access protection to prevent tampering of WDAC policies.
  - Create and deploy signed catalog files as part of the app deployment process in order to remove the requirement for managed installer.
  - Use device attestation to detect the configuration state of WDAC at boot time and use that information to condition access to sensitive corporate resources.
 - **Unsigned policies**<br>
    Unsigned policies can be replaced or removed without consequence by any process running as administrator. Unsigned base policies that also enable supplemental policies can have their "circle-of-trust" altered by any unsigned supplemental policy.
    Possible mitigations:
  - Use signed WDAC policies and UEFI BIOS access protection to prevent tampering of WDAC policies.
  - Limit who can elevate to administrator on the device.
 - **Managed installer**<br>
    See [security considerations with managed installer](use-windows-defender-application-control-with-managed-installer.md#security-considerations-with-managed-installer)
    Possible mitigations:
  - Create and deploy signed catalog files as part of the app deployment process in order to remove the requirement for managed installer.
  - Limit who can elevate to administrator on the device.
 - **Intelligent Security Graph (ISG)**<br>
    See [security considerations with the Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md#security-considerations-with-the-intelligent-security-graph)
    Possible mitigations:
  - Implement policies requiring apps are managed by IT; audit existing app usage and deploy authorized apps using a software distribution solution such as Microsoft Endpoint Manager; move from ISG to managed installer or signature based rules.
  - Use a restrictive audit mode policy to audit app usage and augment vulnerability detection.
 - **Supplemental policies**<br>
    Supplemental policies are designed to relax the associated base policy. Additionally allowing unsigned policies allows any administrator process to expand the "circle-of-trust" defined by the base policy without restriction.
    Possible mitigations:
  - Use signed WDAC policies which allow authorized signed supplemental policies only.
  - Use a restrictive audit mode policy to audit app usage and augment vulnerability detection.
 - **FilePath rules**<br>
    See [more information about filepath rules](select-types-of-rules-to-create.md#more-information-about-filepath-rules)
    Possible mitigations:
  - Limit who can elevate to administrator on the device.
  - Migrate from filepath rules to managed installer or signature-based rules.
 ## Up next
 - [Create a WDAC policy for fully-managed devices](create-wdac-policy-for-fully-managed-devices.md)
 - [Prepare to deploy WDAC policies](windows-defender-application-control-deployment-guide.md)
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
@ -1,5 +1,5 @@
 ---
-title: Deploy multiple Windows Defender Application Control Policies  (Windows 10)
+title: Use multiple Windows Defender Application Control Policies  (Windows 10)
 description: Windows Defender Application Control supports multiple code integrity policies for one device.
 keywords: whitelisting, security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@ -17,7 +17,7 @@ manager: dansimp
 ms.date: 05/17/2019
 ---
-# Deploy multiple Windows Defender Application Control Policies 
+# Use multiple Windows Defender Application Control Policies
 **Applies to:**
--- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
@ -0,0 +1,39 @@
 ---
 title: Example WDAC base policies (Windows 10)
 description: When creating a WDAC policy for an organization, start from one of the many available example base policies.
 keywords: whitelisting, security, malware
 ms.topic: article
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
 ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
 ms.reviewer: isbrahm
 ms.author: dansimp
 manager: dansimp
 ms.date: 11/15/2019
 ---
 # Windows Defender Application Control example base policies
 **Applies to**
 -   Windows 10
 -   Windows Server 2016 and above
 When creating policies for use with Windows Defender Application Control (WDAC), it is recommended to start from an existing base policy and then add or remove rules to build your own custom policy XML files. Windows includes several example policies which can be used, or organizations which use the Device Guard Signing Service can download a starter policy from that service.
 ## Example Base Policies
 | **Example Base Policy** | **Description** | **Where it can be found** |
 |----------------------------|---------------------------------------------------------------|--------|
 | **DefaultWindows.xml** | This example policy is available in either audit or enforce mode. It includes the rules necessary to ensure that Windows, 3rd party hardware and software kernel drivers, and Windows Store apps will run. Used as the basis for all [Microsoft Endpoint Manager(MEM)](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) policies. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies |
 | **AllowMicrosoft.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed by the Microsoft product root certificate. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies |
 | **AllowAll.xml** | This example policy is useful when creating a block list policy. All block policies should include rules allowing all other code to run and then add the DENY rules for your organization's needs. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies |
 | **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](https://docs.microsoft.com/windows/security/threat-protection/device-guard/memory-integrity) (also known as hypervisor-protected code integrity) using WDAC. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies |
 | **DenyAllAudit.xml** | This example policy should only be deployed in audit mode and can be used to audit all binaries running on critical systems or to comply with regulatory requirements. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies |
 | **Device Guard Signing Service (DGSS) DefaultPolicy.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed with your organization-specific certificates issued by the DGSS. | [DGSS in the Microsoft Store for Business](https://businessstore.microsoft.com/manage/settings/devices) |
 | **MEM Configuration Manager** | Customers who use MEM Configuration Manager (MEMCM), formerly known as System Center Configuration Manager, can deploy a policy to a device using MEMCM's built-in integration with WDAC and then copy the resulting policy XML to use as a custom base policy. | %OSDrive%\Windows\CCM\DeviceGuard on a managed endpoint |
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@ -54,7 +54,7 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru
 | **2 Required:WHQL** | By default, legacy drivers that are not Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Going forward, every new Windows 10–compatible driver must be WHQL certified. |
 | **3 Enabled:Audit Mode (Default)** | Enables the execution of binaries outside of the WDAC policy but logs each occurrence in the CodeIntegrity event log, which can be used to update the existing policy before enforcement. To begin enforcing a WDAC policy, delete this option. |
 | **4 Disabled:Flight Signing** | If enabled, WDAC policies will not trust flightroot-signed binaries. This would be used in the scenario in which organizations only want to run released binaries, not flighted builds. |
-| **5 Enabled:Inherit Default Policy** | This option is not currently supported. |
+| **5 Enabled:Inherit Default Policy** | This option is reserved for future use. |
 | **6 Enabled:Unsigned System Integrity Policy (Default)** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and have UpdatePolicySigners added to the policy to enable future policy modifications. |
 | **7 Allowed:Debug Policy Augmented** | This option is not currently supported. |
 | **8 Required:EV Signers** | In addition to being WHQL signed, this rule requires that drivers must have been submitted by a partner that has an Extended Verification (EV) certificate. All future Windows 10 and later drivers will meet this requirement. |
--- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
@ -1,5 +1,5 @@
 ---
-title: Types of devices (Windows 10)
+title: Common WDAC deployment scenarios (Windows 10)
 description: Typically, deployment of Windows Defender Application Control happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices.
 keywords: whitelisting, security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@ -21,21 +21,32 @@ ms.date: 03/01/2018
 **Applies to**
 -   Windows 10
-   Windows Server 2016
+-   Windows Server 2016 and above
-Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization.
+Typically, deployment of Windows Defender Application Control (WDAC) happens best in phases, rather than being a feature that you simply “turn on.” The choice and sequence of phases depends on the way various computers and other devices are used in your organization, and to what degree IT manages those devices. The following table can help you begin to develop a plan for deploying WDAC in your organization. It is very common for organizations to have device use cases across each of the categories described.
 ## Types of devices
 | **Type of device**                 | **How WDAC relates to this type of device**  | 
 |------------------------------------|------------------------------------------------------|
 | **Fixed-workload devices**: Perform same tasks every day.<br>Lists of approved applications rarely change.<br>Examples: kiosks, point-of-sale systems, call center computers. | WDAC can be deployed fully, and deployment and ongoing administration are relatively straightforward.<br>After WDAC deployment, only approved applications can run. This is because of protections offered by WDAC. | 
 | **Fully managed devices**: Allowed software is restricted by IT department.<br>Users can request additional software, or install from a list of applications provided by IT department.<br>Examples: locked-down, company-owned desktops and laptops. | An initial baseline WDAC policy can be established and enforced. Whenever the IT department approves additional applications, it will update the WDAC policy and (for unsigned LOB applications) the catalog.<br>WDAC policies are supported by the HVCI service. | 
 | **Lightly managed devices**: Company-owned, but users are free to install software.<br>Devices are required to run organization's antivirus solution and client management tools. | WDAC can be used to help protect the kernel, and to monitor (audit) for problem applications rather than limiting the applications that can be run. | 
-| **Bring Your Own Device**: Employees are allowed to bring their own devices, and also use those devices away from work. | WDAC does not apply. Instead, you can explore other hardening and security features with MDM-based conditional access solutions, such as Microsoft Intune. | 
+| **Fully managed devices**: Allowed software is restricted by IT department.<br>Users can request additional software, or install from a list of applications provided by IT department.<br>Examples: locked-down, company-owned desktops and laptops. | An initial baseline WDAC policy can be established and enforced. Whenever the IT department approves additional applications, it will update the WDAC policy and (for unsigned LOB applications) the catalog.<br>WDAC policies are supported by the HVCI service. | 
 | **Fixed-workload devices**: Perform same tasks every day.<br>Lists of approved applications rarely change.<br>Examples: kiosks, point-of-sale systems, call center computers. | WDAC can be deployed fully, and deployment and ongoing administration are relatively straightforward.<br>After WDAC deployment, only approved applications can run. This is because of protections offered by WDAC. | 
 | **Bring Your Own Device**: Employees are allowed to bring their own devices, and also use those devices away from work. | In most cases, WDAC does not apply. Instead, you can explore other hardening and security features with MDM-based conditional access solutions, such as Microsoft Intune. However, you may choose to deploy an audit-mode policy to these devices or employ a block-list only policy to prevent specific apps or binaries that are considered malicious or vulnerable by your organization. | 
 ## An introduction to Lamna Healthcare Company
-## Related topics
+In the next set of topics, we will explore each of the above scenarios using a fictional organization called Lamna Healthcare Company.
- [Windows Defender Application Control Design Guide](windows-defender-application-control-design-guide.md)
+Lamna Healthcare Company (Lamna) is a large healthcare provider operating in the United States. Lamna employs thousands of people, from doctors and nurses to accountants, in-house lawyers, and IT technicians. Their device use cases are varied and include single-user workstations for their professional staff, shared kiosks used by doctors and nurses to access patient records, dedicated medical devices such as MRI scanners, and many others. Additionally, Lamna has a relaxed, bring-your-own-device policy for many of their professional staff.
 - [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md)
 Lamna uses [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) (MEM) in hybrid mode with both Configuration Manager (MEMCM) and Intune. Although they use MEM to deploy many applications, Lamna has always had very relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender Advanced Threat Protection](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) (MDATP) for better endpoint detection and response.
 > [!NOTE]
 > Microsoft Endpoint Configuration Manager was previously known as System Center Configuration Manager (SCCM) 
 Recently, Lamna experienced a ransomware event that required an expensive recovery process and may have included data exfiltration by the unknown attacker. Part of the attack included installing and running malicious binaries that evaded detection by Lamna's antivirus solution but would have been blocked by an application control policy. In response, Lamna's executive board has authorized a number of new security IT responses, including tightening policies for application use and introducing application control.
 ## Up next
 - [Create a WDAC policy for lightly-managed devices](create-wdac-policy-for-lightly-managed-devices.md)
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
@ -1,5 +1,5 @@
 ---
-title: Deploy Windows Defender Application Control with Intelligent Security Graph (ISG) (Windows 10)
+title: Authorize reputable apps with the Intelligent Security Graph (ISG) (Windows 10)
 description: Automatically authorize applications that Microsoft’s ISG recognizes as having known good reputation.
 keywords: whitelisting, security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@ -17,12 +17,12 @@ manager: dansimp
 ms.date: 06/14/2018
 ---
-# Use Windows Defender Application Control (WDAC) with the Microsoft Intelligent Security Graph 
+# Authorize reputable apps with the Intelligent Security Graph (ISG) 
 **Applies to:**
 -   Windows 10
-   Windows Server 2016
+-   Windows Server 2016 and above
 Application execution control can be difficult to implement in enterprises that do not have processes to effectively control the deployment of applications centrally through an IT managed system. 
 In such environments, users are empowered to acquire the applications they need for work, making accounting for all the applications that would need to be authorized for execution control a daunting task.  
@ -89,7 +89,7 @@ appidtel start
 For WDAC policies deployed over MDM using the AppLocker CSP this step is not required as the CSP will enable the necessary components. ISG enabled through the SCCM WDAC UX will not need this step but if custom policies are being deployed outside of the WDAC UX through SCCM then this step is required.   
-## Security considerations with using the Intelligent Security Graph 
+## Security considerations with the Intelligent Security Graph 
 Since the ISG is a heuristic-based mechanism, it does not provide the same security guarantees that explicit allow or deny rules do. It is best suited for deployment to systems where each user is configured as a standard user and there are other monitoring systems in place like Windows Defender Advanced Threat Protection to help provide optics into what users are doing. 
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-managed-installer.md
@ -1,5 +1,5 @@
 ---
-title: Deploy Managed Installer for Windows Defender Device Guard (Windows 10)
+title: Authorize apps deployed with a WDAC managed installer (Windows 10)
 description: Explains how you can use a managed installer to automatically authorize applications deployed and installed by a designated software distribution solution, such as System Center Configuration Manager. 
 keywords: whitelisting, security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@ -17,12 +17,12 @@ manager: dansimp
 ms.date: 06/13/2018
 ---
-# Deploy Managed Installer for Windows Defender Application Control
+# Authorize apps deployed with a WDAC managed installer
 **Applies to:**
 -   Windows 10
-   Windows Server 2016
+-   Windows Server 2016 and above
 Creating and maintaining application execution control policies has always been challenging, and finding ways to address this issue has been a frequently-cited request for customers of AppLocker and Windows Defender Application Control (WDAC). 
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-design-guide.md
@ -41,8 +41,8 @@ Once these business factors are in place, you are ready to begin planning your W
 | Topic | Description |
 | - | - |
 | [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies. |
 | [Select the types of rules to create](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using WDAC. |
 | [Plan for WDAC policy management](plan-windows-defender-application-control-management.md) | This topic describes the decisions you need to make to establish the processes for managing and maintaining WDAC policies. |
 | [Understand WDAC policy design decisions](understand-windows-defender-application-control-policy-design-decisions.md) | This topic lists the design questions, possible answers, and ramifications of the decisions when you plan a deployment of application control policies. |
 | [Understand WDAC policy rules and file rules](select-types-of-rules-to-create.md) | This topic lists resources you can use when selecting your application control policy rules by using WDAC. |
 After planning is complete, the next step is to deploy WDAC. The [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md) covers the creation and testing of policies, deploying the enforcement setting, and managing and maintaining the policies.
--- a/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/wd-app-guard-overview.md
@ -44,7 +44,7 @@ Application Guard has been created to target several types of systems:
 |Article |Description |
 |------|------------|
-|[System requirements for Windows Defender Application Guard](reqs-wd-app-guard.md) |Specifies the pre-requisites necessary to install and use Application Guard.|
+|[System requirements for Windows Defender Application Guard](reqs-wd-app-guard.md) |Specifies the prerequisites necessary to install and use Application Guard.|
 |[Prepare and install Windows Defender Application Guard](install-wd-app-guard.md) |Provides instructions about determining which mode to use, either Standalone or Enterprise-managed, and how to install Application Guard in your organization.|
 |[Configure the Group Policy settings for Windows Defender Application Guard](configure-wd-app-guard.md) |Provides info about the available Group Policy and MDM settings.|
 |[Testing scenarios using Windows Defender Application Guard in your business or organization](test-scenarios-wd-app-guard.md)|Provides a list of suggested testing scenarios that you can use to test Application Guard in your organization.|