Merge branch 'master' into edr-blocking

2025-05-13 13:57:22 +00:00 · 2020-04-21 13:56:38 -07:00 · 2020-04-21 13:56:38 -07:00 · 01ebdb08b7
commit 01ebdb08b7
parent bec68d2d1a e4a24d86b8
91 changed files with 1056 additions and 990 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -86,6 +86,11 @@
 "redirect_document_id": true
 },
 {
 "source_path": "windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md",
 "redirect_url": "https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip",
 "redirect_document_id": false
 },
 {
 "source_path": "windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune.md",
 "redirect_url": "https://docs.microsoft.com/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure",
 "redirect_document_id": false
--- a/browsers/edge/about-microsoft-edge.md
+++ b/browsers/edge/about-microsoft-edge.md
@ -2,7 +2,7 @@
 title: Microsoft Edge system and language requirements
 description: Overview information about Microsoft Edge, the default browser for Windows 10. This topic includes links to other Microsoft Edge topics.
 ms.assetid: 70377735-b2f9-4b0b-9658-4cf7c1d745bb
-ms.reviewer: 
+ms.reviewer:
 audience: itpro
 manager: dansimp
 ms.author: dansimp
@ -17,7 +17,7 @@ ms.date: 10/02/2018
 ---
 # Microsoft Edge system and language requirements
->Applies to:  Microsoft Edge on Windows 10 and Windows 10 Mobile
+> Applies to:  Microsoft Edge on Windows 10 and Windows 10 Mobile
 > [!NOTE]
 > You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
@ -25,8 +25,8 @@ ms.date: 10/02/2018
 Microsoft Edge is the new, default web browser for Windows 10, helping you to experience modern web standards, better performance, improved security, and increased reliability. Microsoft Edge lets you stay up-to-date through the Microsoft Store and to manage your enterprise through Group Policy or your mobile device management (MDM) tools.
->[!IMPORTANT]
+> [!IMPORTANT]
->The Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, don’t include Microsoft Edge or many other Universal Windows Platform (UWP) apps. Systems running the LTSB operating systems do not support these apps because their services get frequently updated with new functionality. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11.
+> The Long-Term Servicing Branch (LTSB) versions of Windows, including Windows Server 2016, don’t include Microsoft Edge or many other Universal Windows Platform (UWP) apps. Systems running the LTSB operating systems do not support these apps because their services get frequently updated with new functionality. For customers who require the LTSB for specialized devices, we recommend using Internet Explorer 11.
 ## Minimum system requirements
@ -49,7 +49,7 @@ Some of the components might also need additional system resources. Check the co
 ## Supported languages
-Microsoft Edge supports all of the same languages as Windows 10 and you can use the [Microsoft Translator extension](https://www.microsoft.com/p/translator-for-microsoft-edge/9nblggh4n4n3) to translate foreign language web pages and text selections for 60+ languages. 
+Microsoft Edge supports all of the same languages as Windows 10 and you can use the [Microsoft Translator extension](https://www.microsoft.com/p/translator-for-microsoft-edge/9nblggh4n4n3) to translate foreign language web pages and text selections for 60+ languages.
 If the extension does not work after install, restart Microsoft Edge. If the extension still does not work, provide feedback through the Feedback Hub.
--- a/browsers/edge/group-policies/favorites-management-gp.md
+++ b/browsers/edge/group-policies/favorites-management-gp.md
@ -1,43 +1,43 @@
 ---
 title: Microsoft Edge - Favorites group policies
 description: Configure Microsoft Edge to either show or hide the favorites bar on all pages. Microsoft Edge hides the favorites bar by default but shows the favorites bar on the Start and New tab pages. Also, by default, the favorites bar toggle, in Settings, is set to Off but enabled allowing users to make changes.
-services: 
+services:
-keywords: 
+keywords:
 ms.localizationpriority: medium
 audience: itpro
 manager: dansimp
 author: dansimp
 ms.author: dansimp
 ms.date: 10/02/2018
-ms.reviewer: 
+ms.reviewer:
 ms.topic: reference
 ms.prod: edge
 ms.mktglfcycl: explore
 ms.sitesec: library
 ---
-# Favorites 
+# Favorites
 > [!NOTE]
 > You've reached the documentation for Microsoft Edge version 45 and earlier. To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/).
-You can customize the favorites bar, for example, you can turn off features such as Save a Favorite and Import settings, and hide or show the favorites bar on all pages.  Another customization you can make is provisioning a standard list of favorites, including folders, to appear in addition to the user’s favorites. If it’s important to keep the favorites in both IE11 and Microsoft Edge synced, you can turn on syncing where changes to the list of favorites in one browser reflect in the other. 
+You can customize the favorites bar, for example, you can turn off features such as Save a Favorite and Import settings, and hide or show the favorites bar on all pages.  Another customization you can make is provisioning a standard list of favorites, including folders, to appear in addition to the user’s favorites. If it’s important to keep the favorites in both IE11 and Microsoft Edge synced, you can turn on syncing where changes to the list of favorites in one browser reflect in the other.
->[!TIP]
+> [!TIP]
->You can find the Favorites under C:\\Users\\<_username_>\\Favorites.
+> You can find the Favorites under C:\\Users\\<_username_>\\Favorites.
 You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;**Computer Configuration\\Administrative Templates\\Windows Components\\Microsoft Edge\\**
-## Configure Favorites Bar 
+## Configure Favorites Bar
 [!INCLUDE [configure-favorites-bar-include](../includes/configure-favorites-bar-include.md)]
-## Keep favorites in sync between Internet Explorer and Microsoft Edge 
+## Keep favorites in sync between Internet Explorer and Microsoft Edge
-[!INCLUDE [keep-fav-sync-ie-edge-include](../includes/keep-fav-sync-ie-edge-include.md)] 
+[!INCLUDE [keep-fav-sync-ie-edge-include](../includes/keep-fav-sync-ie-edge-include.md)]
 ## Prevent changes to Favorites on Microsoft Edge
-[!INCLUDE [prevent-changes-to-favorites-include](../includes/prevent-changes-to-favorites-include.md)] 
+[!INCLUDE [prevent-changes-to-favorites-include](../includes/prevent-changes-to-favorites-include.md)]
-## Provision Favorites 
+## Provision Favorites
 [!INCLUDE [provision-favorites-include](../includes/provision-favorites-include.md)]
--- a/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
+++ b/browsers/edge/group-policies/interoperability-enterprise-guidance-gp.md
@ -7,7 +7,7 @@ manager: dansimp
 ms.author: dansimp
 author: dansimp
 ms.date: 10/02/2018
-ms.reviewer: 
+ms.reviewer:
 ms.prod: edge
 ms.mktglfcycl: explore
 ms.sitesec: library
@ -21,11 +21,10 @@ ms.topic: reference
 Microsoft Edge is the default browser experience for Windows 10 and Windows 10 Mobile. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. If you are running web apps that continue to use ActiveX controls, x-ua-compatible headers, or legacy document modes, you need to keep running them in IE11. IE11 offers additional security, manageability, performance, backward compatibility, and modern standards support.
->[!TIP] 
+> [!TIP]
->If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly.
+> If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly.
 **Technology not supported by Microsoft Edge**  
 **Technology not supported by Microsoft Edge**
 - ActiveX controls
@ -39,20 +38,19 @@ Microsoft Edge is the default browser experience for Windows 10 and Windows 10 M
 - Legacy document modes
-If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically. 
+If you have specific websites and apps that you know have compatibility problems with Microsoft Edge, you can use the Enterprise Mode site list so that the websites automatically open using Internet Explorer 11. Additionally, if you know that your intranet sites aren't going to work correctly with Microsoft Edge, you can set all intranet sites to open using IE11 automatically.
 Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
 ## Relevant group policies
 1. [Configure the Enterprise Mode Site List](#configure-the-enterprise-mode-site-list)
-1.  [Configure the Enterprise Mode Site List](#configure-the-enterprise-mode-site-list)
+2. [Send all intranet sites to Internet Explorer 11](#send-all-intranet-sites-to-internet-explorer-11)
-2.  [Send all intranet sites to Internet Explorer 11](#send-all-intranet-sites-to-internet-explorer-11)
+3. [Show message when opening sites in Internet Explorer](#show-message-when-opening-sites-in-internet-explorer)
-3.  [Show message when opening sites in Internet Explorer](#show-message-when-opening-sites-in-internet-explorer)
+4. [(IE11 policy) Send all sites not included in the Enterprise Mode Site List to Microsoft Edge](#ie11-policy-send-all-sites-not-included-in-the-enterprise-mode-site-list-to-microsoft-edge)
 4.  [(IE11 policy) Send all sites not included in the Enterprise Mode Site List to Microsoft Edge](#ie11-policy-send-all-sites-not-included-in-the-enterprise-mode-site-list-to-microsoft-edge)
 You can find the Microsoft Edge Group Policy settings in the following location of the Group Policy Editor unless otherwise noted in the policy:
--- a/browsers/edge/includes/configure-home-button-include.md
+++ b/browsers/edge/includes/configure-home-button-include.md
@ -1,61 +1,59 @@
---
+---
-author: eavena
+author: eavena
-ms.author: eravena
+ms.author: eravena
-ms.date:  10/28/2018
+ms.date:  10/28/2018
-ms.reviewer: 
+ms.reviewer:
-audience: itpro
manager: dansimp
+audience: itpro
-ms.prod: edge
+manager: dansimp
-ms.topic: include
+ms.prod: edge
---
+ms.topic: include
-
+---
-<!-- ## Configure Home Button-->  
+
->*Supported versions: Microsoft Edge on Windows 10, version 1809*<br>
+<!-- ## Configure Home Button-->
->*Default setting: Disabled or not configured (Show home button and load the Start page)*
+> *Supported versions: Microsoft Edge on Windows 10, version 1809*<br>
-
+> *Default setting: Disabled or not configured (Show home button and load the Start page)*
-
+
-[!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
+
-
+[!INCLUDE [configure-home-button-shortdesc](../shortdesc/configure-home-button-shortdesc.md)]
-
+
-### Supported values
+
-
+### Supported values
-|                Group Policy                 | MDM | Registry |                          Description                           |
+
-|---------------------------------------------|:---:|:--------:|----------------------------------------------------------------|
+|                Group Policy                 | MDM | Registry |                          Description                           |
-| Disabled or not configured<br>**(default)** |  0  |    0     |                      Load the Start page.                      |
+|---------------------------------------------|:---:|:--------:|----------------------------------------------------------------|
-|                   Enabled                   |  1  |    1     |                     Load the New Tab page.                     |
+| Disabled or not configured<br>**(default)** |  0  |    0     |                      Load the Start page.                      |
-|                   Enabled                   |  2  |    2     | Load the custom URL defined in the Set Home Button URL policy. |
+|                   Enabled                   |  1  |    1     |                     Load the New Tab page.                     |
-|                   Enabled                   |  3  |    3     |                     Hide the home button.                      |
+|                   Enabled                   |  2  |    2     | Load the custom URL defined in the Set Home Button URL policy. |
-
+|                   Enabled                   |  3  |    3     |                     Hide the home button.                      |
---
+
-
+---
-
+
->[!TIP]
+
->If you want to make changes to this policy:<ol><li>Enable the **Unlock Home Button** policy.</li><li>Make changes to the **Configure Home Button** policy or **Set Home Button URL** policy.</li><li>Disable the **Unlock Home Button** policy.</li></ol>
+> [!TIP]
-
+> If you want to make changes to this policy:<ol><li>Enable the **Unlock Home Button** policy.</li><li>Make changes to the **Configure Home Button** policy or **Set Home Button URL** policy.</li><li>Disable the **Unlock Home Button** policy.</li></ol>
-
+
-### ADMX info and settings
+### ADMX info and settings
-#### ADMX info
+#### ADMX info
- **GP English name:** Configure Home Button
+- **GP English name:** Configure Home Button
- **GP name:** ConfigureHomeButton
+- **GP name:** ConfigureHomeButton
- **GP element:** ConfigureHomeButtonDropdown
+- **GP element:** ConfigureHomeButtonDropdown
- **GP path:** Windows Components/Microsoft Edge
+- **GP path:** Windows Components/Microsoft Edge
- **GP ADMX file name:** MicrosoftEdge.admx
+- **GP ADMX file name:** MicrosoftEdge.admx
-
+
-#### MDM settings
+#### MDM settings
- **MDM name:** Browser/[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)
+- **MDM name:** Browser/[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)
- **Supported devices:** Desktop and Mobile
+- **Supported devices:** Desktop and Mobile
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton 
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton
- **Data type:** Integer
+- **Data type:** Integer
-
+
-#### Registry settings
+#### Registry settings
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings 
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
- **Value name:** ConfigureHomeButton
+- **Value name:** ConfigureHomeButton
- **Value type:** REG_DWORD
+- **Value type:** REG_DWORD
-
+
-### Related policies
+### Related policies
-
+
- [Set Home Button URL](../available-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
+- [Set Home Button URL](../available-policies.md#set-home-button-url): [!INCLUDE [set-home-button-url-shortdesc](../shortdesc/set-home-button-url-shortdesc.md)]
-
+- [Unlock Home Button](../available-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)]
- [Unlock Home Button](../available-policies.md#unlock-home-button): [!INCLUDE [unlock-home-button-shortdesc](../shortdesc/unlock-home-button-shortdesc.md)] 
+
-
+<hr>
 <hr>
--- a/browsers/edge/includes/configure-open-edge-with-include.md
+++ b/browsers/edge/includes/configure-open-edge-with-include.md
@ -1,68 +1,63 @@
---
+---
-author: eavena
+author: eavena
-ms.author: eravena
+ms.author: eravena
-ms.date:  10/02/2018
+ms.date:  10/02/2018
-ms.reviewer: 
+ms.reviewer:
-audience: itpro
manager: dansimp
+audience: itpro
-ms.prod: edge
+manager: dansimp
-ms.topic: include
+ms.prod: edge
---
+ms.topic: include
-
+---
-<!-- Configure Open Microsoft Edge With-->
+
-
+<!-- Configure Open Microsoft Edge With-->
->*Supported versions: Microsoft Edge on Windows 10, version 1809*<br>
+
->*Default setting:  Enabled (A specific page or pages)*
+> *Supported versions: Microsoft Edge on Windows 10, version 1809*<br>
-
+> *Default setting:  Enabled (A specific page or pages)*
-[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
+
-
+[!INCLUDE [configure-open-microsoft-edge-with-shortdesc](../shortdesc/configure-open-microsoft-edge-with-shortdesc.md)]
-**Version 1703 or later:**<br>If you don't want to send traffic to Microsoft, use the \<about:blank\> value, which honors both domain and non domain-joined devices when it's the only configured URL.
+
-
+**Version 1703 or later:**<br>If you don't want to send traffic to Microsoft, use the \<about:blank\> value, which honors both domain and non domain-joined devices when it's the only configured URL.
-**version 1809:**<br>When you enable this policy (Configure Open Microsoft Edge With) and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.<p>
+
-
+**version 1809:**<br>When you enable this policy (Configure Open Microsoft Edge With) and select an option, and also enable the Configure Start Pages policy, Microsoft Edge ignores the Configure Start Page policy.<p>
-### Supported values
+
-
+### Supported values
-|       Group Policy       |  MDM  | Registry |                                                                 Description                                                                 |
+
-|--------------------------|:-----:|:--------:|---------------------------------------------------------------------------------------------------------------------------------------------|
+|       Group Policy       |  MDM  | Registry |                                                                 Description                                                                 |
-|      Not configured      | Blank |  Blank   | If you don't configure this policy and you enable the Disable Lockdown of Start Pages policy, users can change or customize the Start page. |
+|--------------------------|:-----:|:--------:|---------------------------------------------------------------------------------------------------------------------------------------------|
-|         Enabled          |   0   |    0     |                                                            Load the Start page.                                                             |
+|      Not configured      | Blank |  Blank   | If you don't configure this policy and you enable the Disable Lockdown of Start Pages policy, users can change or customize the Start page. |
-|         Enabled          |   1   |    1     |                                                           Load the New Tab page.                                                            |
+|         Enabled          |   0   |    0     |                                                            Load the Start page.                                                             |
-|         Enabled          |   2   |    2     |                                                          Load the previous pages.                                                           |
+|         Enabled          |   1   |    1     |                                                           Load the New Tab page.                                                            |
-| Enabled<br>**(default)** |   3   |    3     |                                                       Load a specific page or pages.                                                        |
+|         Enabled          |   2   |    2     |                                                          Load the previous pages.                                                           |
-
+| Enabled<br>**(default)** |   3   |    3     |                                                       Load a specific page or pages.                                                        |
---
+
-
+---
-
+
->[!TIP]
+> [!TIP]
->If you want to make changes to this policy:<ol><li>Set the **Disabled Lockdown of Start Pages** policy to not configured.</li><li>Make changes to the **Configure Open Microsoft With** policy.</li><li>Enable the **Disabled Lockdown of Start Pages** policy.</li></ol>
+> If you want to make changes to this policy:<ol><li>Set the **Disabled Lockdown of Start Pages** policy to not configured.</li><li>Make changes to the **Configure Open Microsoft With** policy.</li><li>Enable the **Disabled Lockdown of Start Pages** policy.</li></ol>
-
+
-
+
-
+### ADMX info and settings
-### ADMX info and settings
+#### ADMX info
-#### ADMX info
+- **GP English name:** Configure Open Microsoft Edge With
- **GP English name:** Configure Open Microsoft Edge With
+- **GP name:** ConfigureOpenMicrosoftEdgeWith
- **GP name:** ConfigureOpenMicrosoftEdgeWith
+- **GP path:** Windows Components/Microsoft Edge
- **GP path:** Windows Components/Microsoft Edge
+- **GP ADMX file name:** MicrosoftEdge.admx
- **GP ADMX file name:** MicrosoftEdge.admx
+
-
+#### MDM settings
-#### MDM settings
+- **MDM name:** Browser/[ConfigureOpenEdgeWith](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)
- **MDM name:** Browser/[ConfigureOpenEdgeWith](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith)
+- **Supported devices:** Desktop
- **Supported devices:** Desktop
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureOpenEdgeWith
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureOpenEdgeWith
+- **Data type:** Integer
- **Data type:** Integer
+
-
+#### Registry settings
-#### Registry settings
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Internet Settings
+- **Value name:** ConfigureOpenEdgeWith
- **Value name:** ConfigureOpenEdgeWith
+- **Value type:** REG_DWORD
- **Value type:** REG_DWORD
+
-
+### Related policies
-### Related policies
+
-
+- [Configure Start pages](../available-policies.md#configure-start-pages): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
- [Configure Start pages](../available-policies.md#configure-start-pages): [!INCLUDE [configure-start-pages-shortdesc](../shortdesc/configure-start-pages-shortdesc.md)]
+- [Disable lockdown of Start pages](../available-policies.md#disable-lockdown-of-start-pages): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
-
+
- [Disable lockdown of Start pages](../available-policies.md#disable-lockdown-of-start-pages): [!INCLUDE [disable-lockdown-of-start-pages-shortdesc](../shortdesc/disable-lockdown-of-start-pages-shortdesc.md)]
+
-
+---
 ---
--- a/browsers/edge/includes/provision-favorites-include.md
+++ b/browsers/edge/includes/provision-favorites-include.md
@ -1,52 +1,53 @@
---
+---
-author: eavena
+author: eavena
-ms.author: eravena
+ms.author: eravena
-ms.date:  10/02/2018
+ms.date:  10/02/2018
-ms.reviewer: 
+ms.reviewer:
-audience: itpro
manager: dansimp
+audience: itpro
-ms.prod: edge
+manager: dansimp
-ms.topic: include
+ms.prod: edge
---
+ms.topic: include
-
+---
-<!-- ## Provision Favorites -->
+
->*Supported versions: Microsoft Edge on Windows 10, version 1511 or later*<br>
+<!-- ## Provision Favorites -->
->*Default setting:  Disabled or not configured (Customizable)*
+> *Supported versions: Microsoft Edge on Windows 10, version 1511 or later*<br>
-
+> *Default setting:  Disabled or not configured (Customizable)*
-[!INCLUDE [provision-favorites-shortdesc](../shortdesc/provision-favorites-shortdesc.md)]
+
-
+[!INCLUDE [provision-favorites-shortdesc](../shortdesc/provision-favorites-shortdesc.md)]
-
+
->[!IMPORTANT]
+
->Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
+> [!IMPORTANT]
-
+> Enable only this policy or the Keep favorites in sync between Internet Explorer and Microsoft Edge policy. If you enable both, Microsoft Edge prevents users from syncing their favorites between the two browsers.
-### Supported values
+
-
+### Supported values
-|                Group Policy                 |                                                                                                                                                                                                                                                                                                                                                                                                                    Description                                                                                                                                                                                                                                                                                                                                                                                                                     |                 Most restricted                  |
+
-|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+|                Group Policy                 |                                                                                                                                                                                                                                                                                                                                                                                                                    Description                                                                                                                                                                                                                                                                                                                                                                                                                     |                 Most restricted                  |
-| Disabled or not configured<br>**(default)** |                                                                                                                                                                                                                                                                                                                                                                         Users can customize the favorites list, such as adding folders, or adding and removing favorites.                                                                                                                                                                                                                                                                                                                                                                          |                                                  |
+|---------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
-|                   Enabled                   | Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.<p>To define a default list of favorites, do the following:<ol><li>In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.</li><li>Click **Import from another browser**, click **Export to file** and save the file.</li><li>In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision.  Specify the URL as: <ul><li>HTTP location: "SiteList"=<https://localhost:8080/URLs.html></li><li>Local network: "SiteList"="\network\shares\URLs.html"</li><li>Local file: "SiteList"=file:///c:/Users/Documents/URLs.html</li></ul></li></ol> | ![Most restricted value](../images/check-gn.png) |
+| Disabled or not configured<br>**(default)** |                                                                                                                                                                                                                                                                                                                                                                         Users can customize the favorites list, such as adding folders, or adding and removing favorites.                                                                                                                                                                                                                                                                                                                                                                          |                                                  |
-
+|                   Enabled                   | Define a default list of favorites in Microsoft Edge. In this case, the Save a Favorite, Import settings, and context menu options (such as Create a new folder) are turned off.<p>To define a default list of favorites, do the following:<ol><li>In the upper-right corner of Microsoft Edge, click the ellipses (**...**) and select **Settings**.</li><li>Click **Import from another browser**, click **Export to file** and save the file.</li><li>In the **Options** section of the Group Policy Editor, provide the location that points the file with the list of favorites to provision.  Specify the URL as: <ul><li>HTTP location: "SiteList"=<https://localhost:8080/URLs.html></li><li>Local network: "SiteList"="\network\shares\URLs.html"</li><li>Local file: "SiteList"=file:///c:/Users/Documents/URLs.html</li></ul></li></ol> | ![Most restricted value](../images/check-gn.png) |
---
+
-
+---
-### ADMX info and settings
+
-#### ADMX info
+### ADMX info and settings
- **GP English name:** Provision Favorites
+#### ADMX info
- **GP name:** ConfiguredFavorites
+- **GP English name:** Provision Favorites
- **GP element:** ConfiguredFavoritesPrompt
+- **GP name:** ConfiguredFavorites
- **GP path:** Windows Components/Microsoft Edge
+- **GP element:** ConfiguredFavoritesPrompt
- **GP ADMX file name:** MicrosoftEdge.admx
+- **GP path:** Windows Components/Microsoft Edge
-
+- **GP ADMX file name:** MicrosoftEdge.admx
-#### MDM settings
+
- **MDM name:** Browser/[ProvisionFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites)
+#### MDM settings
- **Supported devices:** Desktop
+- **MDM name:** Browser/[ProvisionFavorites](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites)
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites 
+- **Supported devices:** Desktop
- **Data type:** String
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ProvisionFavorites
-
+- **Data type:** String
-#### Registry settings
+
- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Favorites
+#### Registry settings
- **Value name:** ConfiguredFavorites
+- **Path:** HKLM\Software\Policies\Microsoft\MicrosoftEdge\Favorites
- **Value type:** REG_SZ
+- **Value name:** ConfiguredFavorites
-
+- **Value type:** REG_SZ
-### Related policies
+
-[Keep favorites in sync between Internet Explorer and Microsoft Edge](../available-policies.md#keep-favorites-in-sync-between-internet-explorer-and-microsoft-edge): [!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
+### Related policies
-
+[Keep favorites in sync between Internet Explorer and Microsoft Edge](../available-policies.md#keep-favorites-in-sync-between-internet-explorer-and-microsoft-edge): [!INCLUDE [keep-favorites-in-sync-between-ie-and-edge-shortdesc](../shortdesc/keep-favorites-in-sync-between-ie-and-edge-shortdesc.md)]
-<hr>
+
 <hr>
--- a/browsers/edge/includes/send-all-intranet-sites-ie-include.md
+++ b/browsers/edge/includes/send-all-intranet-sites-ie-include.md
@ -1,62 +1,63 @@
---
+---
-author: eavena
+author: eavena
-ms.author: eravena
+ms.author: eravena
-ms.date:  10/02/2018
+ms.date:  10/02/2018
-ms.reviewer: 
+ms.reviewer:
-audience: itpro
manager: dansimp
+audience: itpro
-ms.prod: edge
+manager: dansimp
-ms.topic: include
+ms.prod: edge
---
+ms.topic: include
-
+---
-<!-- ## Send all intranet sites to Internet Explorer 11 -->
+
->*Supported versions: Microsoft Edge on Windows 10*<br>
+<!-- ## Send all intranet sites to Internet Explorer 11 -->
->*Default setting:  Disabled or not configured*
+> *Supported versions: Microsoft Edge on Windows 10*<br>
-
+> *Default setting:  Disabled or not configured*
-[!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)] 
+
-
+[!INCLUDE [send-all-intranet-sites-to-ie-shortdesc](../shortdesc/send-all-intranet-sites-to-ie-shortdesc.md)]
->[!TIP]
+
->Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and needs IE11 to run, you can add them to the Enterprise Mode site list, using Enterprise Mode Site List Manager. 
+> [!TIP]
-
+> Microsoft Edge does not support ActiveX controls, Browser Helper Objects, VBScript, or other legacy technology. If you have websites or web apps that still use this technology and needs IE11 to run, you can add them to the Enterprise Mode site list, using Enterprise Mode Site List Manager.
-
+
-### Supported values
+
-
+### Supported values
-|                Group Policy                 | MDM | Registry |                                                                                                                                                                                                                                                                                                                                           Description                                                                                                                                                                                                                                                                                                                                            |                 Most restricted                  |
+
-|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
+|                Group Policy                 | MDM | Registry |                                                                                                                                                                                                                                                                                                                                           Description                                                                                                                                                                                                                                                                                                                                            |                 Most restricted                  |
-| Disabled or not configured<br>**(default)** |  0  |    0     |                                                                                                                                                                                                                                                                                                            All sites, including intranet sites, open in Microsoft Edge automatically.                                                                                                                                                                                                                                                                                                            | ![Most restricted value](../images/check-gn.png) |
+|---------------------------------------------|:---:|:--------:|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|:------------------------------------------------:|
-|                   Enabled                   |  1  |    1     | Only intranet sites open in Internet Explorer 11 automatically.<p><p>Enabling this policy opens all intranet sites in IE11 automatically, even if the users have Microsoft Edge as their default browser.<ol><li>In Group Policy Editor, navigate to:<p><p>**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**</li><li>Click **Enable** and then refresh the policy to view the affected sites in Microsoft Edge.<p><p>A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.</li></ol> |                                                  |
+| Disabled or not configured<br>**(default)** |  0  |    0     |                                                                                                                                                                                                                                                                                                            All sites, including intranet sites, open in Microsoft Edge automatically.                                                                                                                                                                                                                                                                                                            | ![Most restricted value](../images/check-gn.png) |
-
+|                   Enabled                   |  1  |    1     | Only intranet sites open in Internet Explorer 11 automatically.<p><p>Enabling this policy opens all intranet sites in IE11 automatically, even if the users have Microsoft Edge as their default browser.<ol><li>In Group Policy Editor, navigate to:<p><p>**Computer Configuration\\Administrative Templates\\Windows Components\\File Explorer\\Set a default associations configuration file**</li><li>Click **Enable** and then refresh the policy to view the affected sites in Microsoft Edge.<p><p>A message opens stating that the page needs to open in IE. At the same time, the page opens in IE11 automatically; in a new frame if it is not yet running, or in a new tab.</li></ol> |                                                  |
---
+
-
+---
-
+
-### ADMX info and settings
+
-#### ADMX info
+### ADMX info and settings
- **GP English name:** Send all intranet sites to Internet Explorer 11 
+#### ADMX info
- **GP name:** SendIntranetTraffictoInternetExplorer
+- **GP English name:** Send all intranet sites to Internet Explorer 11
- **GP path:** Windows Components/Microsoft Edge
+- **GP name:** SendIntranetTraffictoInternetExplorer
- **GP ADMX file name:** MicrosoftEdge.admx
+- **GP path:** Windows Components/Microsoft Edge
-
+- **GP ADMX file name:** MicrosoftEdge.admx
-#### MDM settings
+
- **MDM name:** Browser/[SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer)
+#### MDM settings
- **Supported devices:** Desktop
+- **MDM name:** Browser/[SendIntranetTraffictoInternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sendintranettraffictointernetexplorer)
- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer 
+- **Supported devices:** Desktop
- **Data type:** Integer
+- **URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SendIntranetTraffictoInternetExplorer
-
+- **Data type:** Integer
-#### Registry settings
+
- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
+#### Registry settings
- **Value name:** SendIntranetTraffictoInternetExplorer
+- **Path:** HKLM\\Software\\Policies\\Microsoft\\MicrosoftEdge\\Main
- **Value type:** REG_DWORD
+- **Value name:** SendIntranetTraffictoInternetExplorer
-
+- **Value type:** REG_DWORD
-### Related Policies
+
- [Configure the Enterprise Mode Site List](../available-policies.md#configure-the-enterprise-mode-site-list): [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)]
+### Related Policies
-
+- [Configure the Enterprise Mode Site List](../available-policies.md#configure-the-enterprise-mode-site-list): [!INCLUDE [configure-enterprise-mode-site-list-shortdesc](../shortdesc/configure-enterprise-mode-site-list-shortdesc.md)]
- [Show message when opening sites in Internet Explorer](../available-policies.md#show-message-when-opening-sites-in-internet-explorer): [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
+
-
+- [Show message when opening sites in Internet Explorer](../available-policies.md#show-message-when-opening-sites-in-internet-explorer): [!INCLUDE [show-message-when-opening-sites-in-ie-shortdesc](../shortdesc/show-message-when-opening-sites-in-ie-shortdesc.md)]
-
+
-### Related topics
+
- [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035). Many customers depend on legacy features only available in older versions of Internet Explorer and are familiar with our Enterprise Mode tools for IE11. The Enterprise Mode has been extended to support to Microsoft Edge by opening any site specified on the Enterprise Mode Site List in IE11. IT Pros can use their existing IE11 Enterprise Mode Site List, or they can create a new one specifically for Microsoft Edge. By keeping Microsoft Edge as the default browser in Windows 10 and only opening legacy line of business sites in IE11 when necessary, you can help keep newer development projects on track, using the latest web standards on Microsoft Edge. 
+### Related topics
-
+- [Blog: How Microsoft Edge and Internet Explorer 11 on Windows 10 work better together in the Enterprise](https://go.microsoft.com/fwlink/p/?LinkID=624035). Many customers depend on legacy features only available in older versions of Internet Explorer and are familiar with our Enterprise Mode tools for IE11. The Enterprise Mode has been extended to support to Microsoft Edge by opening any site specified on the Enterprise Mode Site List in IE11. IT Pros can use their existing IE11 Enterprise Mode Site List, or they can create a new one specifically for Microsoft Edge. By keeping Microsoft Edge as the default browser in Windows 10 and only opening legacy line of business sites in IE11 when necessary, you can help keep newer development projects on track, using the latest web standards on Microsoft Edge.
- [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377).  Learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
+
-
+- [Enterprise Mode for Internet Explorer 11 (IE11)](https://go.microsoft.com/fwlink/p/?linkid=618377).  Learn how to set up and use Enterprise Mode and the Enterprise Mode Site List Manager in your company.
- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager). You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
+
-
+- [Use the Enterprise Mode Site List Manager](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-site-list-manager). You can use IE11 and the Enterprise Mode Site List Manager to add individual website domains and domain paths and to specify whether the site renders using Enterprise Mode or the default mode.
-<hr>
+
 <hr>
--- a/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
+++ b/browsers/edge/microsoft-edge-kiosk-mode-deploy.md
@ -1,8 +1,8 @@
 ---
 title: Deploy Microsoft Edge Legacy kiosk mode
 description: Microsoft Edge Legacy kiosk mode works with assigned access to allow IT admins to create a tailored browsing experience designed for kiosk devices. To use Microsoft Edge Legacy kiosk mode, you must configure Microsoft Edge Legacy as an application in assigned access.
-ms.assetid: 
+ms.assetid:
-ms.reviewer: 
+ms.reviewer:
 audience: itpro
 manager: dansimp
 author: dansimp
@ -16,28 +16,28 @@ ms.date: 01/17/2020
 # Deploy Microsoft Edge Legacy kiosk mode
->Applies to: Microsoft Edge Legacy (version 45 and earlier) on Windows 10, version 1809 or later 
+> Applies to: Microsoft Edge Legacy (version 45 and earlier) on Windows 10, version 1809 or later
->Professional, Enterprise, and Education
+> Professional, Enterprise, and Education
 > [!NOTE]
 > You've reached the documentation for Microsoft Edge Legacy (version 45 and earlier.) To see the documentation for Microsoft Edge version 77 or later, go to the [Microsoft Edge documentation landing page](https://docs.microsoft.com/DeployEdge/). For information about kiosk mode in the new version of Microsoft Edge, see [Microsoft Edge kiosk mode](https://docs.microsoft.com/DeployEdge/microsoft-edge-kiosk-mode).
 In the Windows 10 October 2018 Update, we added the capability to use Microsoft Edge Legacy as a kiosk using assigned access. With assigned access, you create a tailored browsing experience locking down a Windows 10 device to only run as a single-app or multi-app kiosk.  Assigned access restricts a local standard user account so that it only has access to one or more Windows app, such as Microsoft Edge Legacy in kiosk mode.
-In this topic, you'll learn: 
+In this topic, you'll learn:
 - How to configure the behavior of Microsoft Edge Legacy when it's running in kiosk mode with assigned access.
- What's required to run Microsoft Edge Legacy kiosk mode on your kiosk devices.  
+- What's required to run Microsoft Edge Legacy kiosk mode on your kiosk devices.
- You'll also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or an other MDM service. 
+- You'll also learn how to set up your kiosk device using either Windows Setting or Microsoft Intune or an other MDM service.
-At the end of this topic, you can find a list of [supported policies](#supported-policies-for-kiosk-mode) for kiosk mode and a [feature comparison](#feature-comparison-of-kiosk-mode-and-kiosk-browser-app) of the kiosk mode policy and kiosk browser app.  You also find instructions on how to provide us feedback or get support. 
+At the end of this topic, you can find a list of [supported policies](#supported-policies-for-kiosk-mode) for kiosk mode and a [feature comparison](#feature-comparison-of-kiosk-mode-and-kiosk-browser-app) of the kiosk mode policy and kiosk browser app.  You also find instructions on how to provide us feedback or get support.
 ## Kiosk mode configuration types
->**Policy** = Configure kiosk mode (ConfigureKioskMode)
+> **Policy** = Configure kiosk mode (ConfigureKioskMode)
-Microsoft Edge Legacy kiosk mode supports four configurations types that depend on how Microsoft Edge Legacy is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario.  
+Microsoft Edge Legacy kiosk mode supports four configurations types that depend on how Microsoft Edge Legacy is set up with assigned access, either as a single-app or multi-app kiosk. These configuration types help you determine what is best suited for your kiosk device or scenario.
 - Learn about [creating a kiosk experience](https://docs.microsoft.com/windows-hardware/customize/enterprise/create-a-kiosk-image)
@ -50,9 +50,9 @@ Microsoft Edge Legacy kiosk mode supports four configurations types that depend
 ### Important things to note before getting started
- There are [required steps to follow](#setup- required-for-microsoft-edge-legacy-kiosk-mode) in order to use the following Microsoft Edge Legacy kiosk mode types either alongside the new version of Microsoft Edge or prevent the new version of Microsoft Edge from being installed on your kiosk device. 
+- There are [required steps to follow](#setup- required-for-microsoft-edge-legacy-kiosk-mode) in order to use the following Microsoft Edge Legacy kiosk mode types either alongside the new version of Microsoft Edge or prevent the new version of Microsoft Edge from being installed on your kiosk device.
-  The public browsing kiosk types run Microsoft Edge Legacy InPrivate mode to protect user data with a browsing experience designed for public kiosks. 
+-  The public browsing kiosk types run Microsoft Edge Legacy InPrivate mode to protect user data with a browsing experience designed for public kiosks.
 -  Microsoft Edge Legacy kiosk mode has a built-in timer to help keep data safe in public browsing sessions. When the idle time (no user activity) meets the time limit, a confirmation message prompts the user to continue, and if no user activity Microsoft Edge Legacy resets the session to the default URL. By default, the idle timer is 5 minutes, but you can choose a value of your own.
@ -67,7 +67,7 @@ Microsoft Edge Legacy kiosk mode supports four configurations types that depend
   - [Guidelines for choosing an app for assigned access (kiosk mode)](https://aka.ms/Ul7dw3).
-### Supported configuration types 
+### Supported configuration types
 [!INCLUDE [configure-kiosk-mode-supported-values-include](includes/configure-kiosk-mode-supported-values-include.md)]
@ -75,9 +75,9 @@ Microsoft Edge Legacy kiosk mode supports four configurations types that depend
 Now that you're familiar with the different kiosk mode configurations and have the one you want to use in mind, you can use one of the following methods to set up Microsoft Edge Legacy kiosk mode:
-   **Windows Settings.** Use only to set up a couple of single-app devices because you perform these steps physically on each device.  For a multi-app kiosk device, use Microsoft Intune or other MDM service. 
+-   **Windows Settings.** Use only to set up a couple of single-app devices because you perform these steps physically on each device.  For a multi-app kiosk device, use Microsoft Intune or other MDM service.
-   **Microsoft Intune or other MDM service.** Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge Legacy kiosk mode experience using any of the [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode).  
+-   **Microsoft Intune or other MDM service.** Use to set up several single-app or multi-app kiosk devices. Microsoft Intune and other MDM service providers offer more options for customizing the Microsoft Edge Legacy kiosk mode experience using any of the [Supported policies for kiosk mode](#supported-policies-for-kiosk-mode).
 ### Prerequisites
@ -89,14 +89,14 @@ Now that you're familiar with the different kiosk mode configurations and have t
 - URL to load when the kiosk launches. The URL that you provide sets the Home button, Start page, and New Tab page.
 - _**For Microsoft Intune or other MDM service**_, you must have the AppUserModelID (AUMID) to set up Microsoft Edge Legacy:
- 
+
  ```
  Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge
  ```
 ### Setup required for Microsoft Edge Legacy kiosk mode
-When the new version of Microsoft Edge Stable channel is installed, Microsoft Edge Legacy is hidden and all attempts to launch Microsoft Edge Legacy are redirected to the new version of Microsoft Edge. 
+When the new version of Microsoft Edge Stable channel is installed, Microsoft Edge Legacy is hidden and all attempts to launch Microsoft Edge Legacy are redirected to the new version of Microsoft Edge.
 To continue using Microsoft Edge Legacy kiosk mode on your kiosk devices take one of the following actions:
@ -104,11 +104,11 @@ To continue using Microsoft Edge Legacy kiosk mode on your kiosk devices take on
 - To prevent Microsoft Edge Stable channel from being installed on your kiosk devices deploy the Microsoft Edge [Allow installation default](https://docs.microsoft.com/DeployEdge/microsoft-edge-update-policies#installdefault) policy for Stable channel or consider using the [Blocker toolkit](https://docs.microsoft.com/DeployEdge/microsoft-edge-blocker-toolkit) to disable automatic delivery of Microsoft Edge.
 > [!NOTE]
-> For more information about accessing Microsoft Edge Legacy after installing Microsoft Edge, see [How to access the old version of Microsoft Edge](https://docs.microsoft.com/DeployEdge/microsoft-edge-sysupdate-access-old-edge).  
+> For more information about accessing Microsoft Edge Legacy after installing Microsoft Edge, see [How to access the old version of Microsoft Edge](https://docs.microsoft.com/DeployEdge/microsoft-edge-sysupdate-access-old-edge).
 ### Use Windows Settings
-Windows Settings is the simplest and the only way to set up one or a couple of single-app devices.  
+Windows Settings is the simplest and the only way to set up one or a couple of single-app devices.
 1.  On the kiosk device, open Windows Settings, and in the search field type **kiosk** and then select **Set up a kiosk (assigned access)**.
@ -120,9 +120,9 @@ Windows Settings is the simplest and the only way to set up one or a couple of s
 5.  Select how Microsoft Edge Legacy displays when running in kiosk mode:
-    -   **As a digital sign or interactive display** - Displays a specific site in full-screen mode, running Microsoft Edge Legacy InPrivate protecting user data.   
+    -   **As a digital sign or interactive display** - Displays a specific site in full-screen mode, running Microsoft Edge Legacy InPrivate protecting user data.
-    -   **As a public browser** - Runs a limited multi-tab version of Microsoft Edge Legacy, protecting user data.   
+    -   **As a public browser** - Runs a limited multi-tab version of Microsoft Edge Legacy, protecting user data.
 6.  Select **Next**.
@ -136,23 +136,23 @@ Windows Settings is the simplest and the only way to set up one or a couple of s
 11. Restart the kiosk device and sign in with the local kiosk account to validate the configuration.
-**_Congratulations!_** <p>You’ve just finished setting up a single-app kiosk device using Windows Settings. 
+**_Congratulations!_** <p>You’ve just finished setting up a single-app kiosk device using Windows Settings.
-**_What's next?_** 
+**_What's next?_**
 - User your new kiosk device. <p>
   OR<p>
 - Make changes to your kiosk device. In Windows Settings, on the **Set up a kiosk** page, make your changes to **Choose a kiosk mode** and **Set up Microsoft Edge Legacy**.
---  
+---
 ### Use Microsoft Intune or other MDM service
 With this method, you can use Microsoft Intune or other MDM services to configure Microsoft Edge Legacy kiosk mode in assigned access and how it behaves on a kiosk device. To learn about a few app fundamentals and requirements before adding them to Intune, see [Add apps to Microsoft Intune](https://docs.microsoft.com/intune/apps-add).
->[!IMPORTANT]
+> [!IMPORTANT]
->If you are using a local account as a kiosk account in Microsoft Intune, make sure to sign into this account and then sign out before configuring the kiosk device.
+> If you are using a local account as a kiosk account in Microsoft Intune, make sure to sign into this account and then sign out before configuring the kiosk device.
 1. In Microsoft Intune or other MDM service, configure [AssignedAccess](https://docs.microsoft.com/windows/client-management/mdm/assignedaccess-csp) to prevent users from accessing the file system, running executables, or other apps.
@ -166,7 +166,7 @@ With this method, you can use Microsoft Intune or other MDM services to configur
   | **[ConfigureHomeButton](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton)**<p>![](images/icon-thin-line-computer.png)  | Configure how the Home Button behaves.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/ConfigureHomeButton<p>**Data type:** Integer<p> **Allowed values:**<ul><li>**0 (default)** - Not configured. Show home button, and load the default Start page.</li><li>**1** - Enabled. Show home button and load New Tab page</li><li>**2** - Enabled. Show home button & set a specific page.</li><li>**3** - Enabled. Hide the home button.</li></ul>   |
   | **[SetHomeButtonURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl)**<p>![](images/icon-thin-line-computer.png)   | If you set ConfigureHomeButton to 2, configure the home button URL.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetHomeButtonURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.bing.com   |
   | **[SetNewTabPageURL](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser#browser-setnewtabpageurl)**<p>![](images/icon-thin-line-computer.png)   | Set a custom URL for the New Tab page.<p><p>**URI full path:** ./Vendor/MSFT/Policy/Config/Browser/SetNewTabPageURL <p>**Data type:** String<p>**Allowed values:** Enter a URL, for example, https://www.msn.com    |
-    
+
 **_Congratulations!_** <p>You’ve just finished setting up a kiosk or digital signage with policies for Microsoft Edge Legacy kiosk mode using Microsoft Intune or other MDM service.
@ -177,7 +177,7 @@ With this method, you can use Microsoft Intune or other MDM services to configur
 ## Supported policies for kiosk mode
-Use any of the Microsoft Edge Legacy policies listed below to enhance the kiosk experience depending on the Microsoft Edge Legacy kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser). 
+Use any of the Microsoft Edge Legacy policies listed below to enhance the kiosk experience depending on the Microsoft Edge Legacy kiosk mode type you configure. To learn more about these policies, see [Policy CSP - Browser](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-browser).
 Make sure to check with your provider for instructions.
@ -251,18 +251,18 @@ Make sure to check with your provider for instructions.
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ![Not supported](images/148766.png) = Not applicable or not supported <br>
 &nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; ![Supported](images/148767.png) = Supported
---  
+---
 ## Feature comparison of kiosk mode and kiosk browser app
 In the following table, we show you the features available in both Microsoft Edge Legacy kiosk mode and Kiosk Browser app available in Microsoft Store. Both kiosk mode and kiosk browser app work in assigned access.
-|                        **Feature**                        |                                                                  **Microsoft Edge Legacy kiosk mode**                                                                  |                                                             **Microsoft Kiosk browser app**                                                             |
+|                        **Feature**                        |                                                                  **Microsoft Edge Legacy kiosk mode**                                                           |                                                             **Microsoft Kiosk browser app**                                                             |
 |-----------------------------------------------------------|:---------------------------------------------------------------------------------------------------------------------------------------------------------------:|:-------------------------------------------------------------------------------------------------------------------------------------------------------:|
 |                       Print support                       |                                                                 ![Supported](images/148767.png)                                                                 |                                                           ![Not supported](images/148766.png)                                                           |
 |                     Multi-tab support                     |                                                                 ![Supported](images/148767.png)                                                                 |                                                           ![Not supported](images/148766.png)                                                           |
-|                  Allow/Block URL support                  | ![Not Supported](images/148766.png)                                                             ![Supported](images/148767.png)                                                             |
+|                  Allow/Block URL support                  |                                                             ![Not Supported](images/148766.png)                                                                 |                                                             ![Supported](images/148767.png)                                                             |
 |                   Configure Home Button                   |                                                                 ![Supported](images/148767.png)                                                                 |                                                             ![Supported](images/148767.png)                                                             |
 |                   Set Start page(s) URL                   |                                                                 ![Supported](images/148767.png)                                                                 |                                              ![Supported](images/148767.png) <p>*Same as Home button URL*                                               |
 |                   Set New Tab page URL                    |                                                                 ![Supported](images/148767.png)                                                                 |                                                           ![Not supported](images/148766.png)                                                           |
@ -280,6 +280,6 @@ To prevent access to unwanted websites on your kiosk device, use Windows Defende
 ## Provide feedback or get support
-To provide feedback on Microsoft Edge Legacy kiosk mode in Feedback Hub, select **Microsoft Edge** as the  **Category**, and **All other issues** as the subcategory. 
+To provide feedback on Microsoft Edge Legacy kiosk mode in Feedback Hub, select **Microsoft Edge** as the  **Category**, and **All other issues** as the subcategory.
 **_For multi-app kiosk only._** If you have set up the Feedback Hub in assigned access, you can you submit the feedback from the device running Microsoft Edge in kiosk mode in which you can include diagnostic logs. In the Feedback Hub, select **Microsoft Edge** as the **Category**, and **All other issues** as the subcategory.
--- a/browsers/edge/web-app-compat-toolkit.md
+++ b/browsers/edge/web-app-compat-toolkit.md
@ -1,6 +1,6 @@
 ---
 title: Web Application Compatibility lab kit
-ms.reviewer: 
+ms.reviewer:
 audience: itpro
 manager: dansimp
 description: Learn how to use the web application compatibility toolkit for Microsoft Edge.
@ -14,7 +14,7 @@ ms.localizationpriority: high
 # Web Application Compatibility lab kit
->Updated: October, 2017
+> Updated: October, 2017
 Upgrading web applications to modern standards is the best long-term solution to ensure compatibility with today’s web browsers, but using backward compatibility can save time and money. Internet Explorer 11 has features that can ease your browser and operating system upgrades, reducing web application testing and remediation costs. On Windows 10, you can standardize on Microsoft Edge for faster, safer browsing and fall back to Internet Explorer 11 just for sites that need backward compatibility.
@ -22,7 +22,7 @@ The Web Application Compatibility Lab Kit is a primer for the features and techn
 The Web Application Compatibility Lab Kit includes:
- A pre-configured Windows 7 and Windows 10 virtual lab environment with: 
+- A pre-configured Windows 7 and Windows 10 virtual lab environment with:
   - Windows 7 Enterprise Evaluation
   - Windows 10 Enterprise Evaluation (version 1607)
   - Enterprise Mode Site List Manager
@ -36,10 +36,10 @@ Depending on your environment, your web apps may "just work” using the methods
 There are two versions of the lab kit available:
- Full version (8 GB) - includes a complete virtual lab environment 
+- Full version (8 GB) - includes a complete virtual lab environment
 - Lite version (400 MB) - includes guidance for running the Lab Kit on your own Windows 7 or Windows 10 operating system
-The Web Application Compatibility Lab Kit is also available in the following languages: 
+The Web Application Compatibility Lab Kit is also available in the following languages:
 - Chinese (Simplified)
 - Chinese (Traditional)
@ -48,11 +48,11 @@ The Web Application Compatibility Lab Kit is also available in the following lan
 - Italian
 - Japanese
 - Korean
- Portuguese (Brazil) 
+- Portuguese (Brazil)
 - Russian
 - Spanish
 [DOWNLOAD THE LAB KIT](https://www.microsoft.com/evalcenter/evaluate-windows-10-web-application-compatibility-lab)
->[!TIP]
+> [!TIP]
->Please use a broad bandwidth to download this content to enhance your downloading experience. Lab environment requires 8 GB of available memory and 100 GB of free disk space.
+> Please use a broad bandwidth to download this content to enhance your downloading experience. Lab environment requires 8 GB of available memory and 100 GB of free disk space.
--- a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
@ -8,7 +8,7 @@ ms.prod: ie11
 title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
-ms.reviewer: 
+ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ---
@ -17,16 +17,16 @@ ms.author: dansimp
 **Applies to:**
-   Windows 10
+- Windows 10
-   Windows 8.1
+- Windows 8.1
-   Windows 7
+- Windows 7
-   Windows Server 2012 R2
+- Windows Server 2012 R2
-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
 Employees assigned to the Requester role can create a change request. A change request is used to tell the Approvers and the Administrator that a website needs to be added or removed from the Enterprise Mode Site List. The employee can navigate to each stage of the process by using the workflow links provided at the top of each page of the portal.
->[!Important]
+> [!Important]
->Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct. 
+> Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
 **To create a new change request**
 1. The Requester (an employee that has been assigned the Requester role) signs into the Enterprise Mode Site List Portal, and clicks **Create new request**.
@ -36,7 +36,7 @@ Employees assigned to the Requester role can create a change request. A change r
 2. Fill out the required fields, based on the group and the app, including:
    - **Group name.** Select the name of your group from the dropdown box.
-    
+
    - **App name.** Type the name of the app you want to add, delete, or update in the Enterprise Mode Site List.
        - **Search all apps.** If you can't remember the name of your app, you can click **Search all apps** and search the list.
@ -58,16 +58,16 @@ Employees assigned to the Requester role can create a change request. A change r
    - **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.
    - **Is an x-ua tag used?** Select **Yes** or **No** whether an x-ua-compatible tag is used by the app. For more info about x-ua-compatible tags, see the topics in [Defining document compatibility](https://msdn.microsoft.com/library/cc288325(v=vs.85).aspx).
-    
+
 4. Click **Save and continue** to save the request and get the app info sent to the pre-production environment site list for testing.
-    
+
    A message appears that the request was successful, including a **Request ID** number, saying that the change is being made to the pre-production environment site list.
 5. The Requester gets an email with a batch script, that when run, configures their test machine for the pre-production environment, along with the necessary steps to make sure the changed info is correct.
    - **If the change is correct.** The Requester asks the approvers to approve the change request by selecting **Successful** and clicking **Send for approval**.
-        
+
    - **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator.
 ## Next steps
-After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic.
+After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md).
--- a/browsers/enterprise-mode/enterprise-mode-features-include.md
+++ b/browsers/enterprise-mode/enterprise-mode-features-include.md
@ -1,4 +1,5 @@
 ### Enterprise Mode features
 Enterprise Mode includes the following features:
 - **Improved web app and website compatibility.** Through improved emulation, Enterprise Mode lets many legacy web apps run unmodified on IE11, supporting several site patterns that aren’t currently supported by existing document modes.
@ -8,9 +9,9 @@ Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microso
 - **Centralized control.** You can specify the websites or web apps to interpret using Enterprise Mode, through an XML file on a website or stored locally. Domains and paths within those domains can be treated differently, allowing granular control. Use Group Policy to let users turn Enterprise Mode on or off from the Tools menu and to decide whether the Enterprise browser profile appears on the Emulation tab of the F12 developer tools.
-    >[!Important]
+    > [!Important]
-    >All centrally-made decisions override any locally-made choices. 
+    > All centrally-made decisions override any locally-made choices.
 - **Integrated browsing.** When Enterprise Mode is set up, users can browse the web normally, letting the browser change modes automatically to accommodate Enterprise Mode sites.
- **Data gathering.** You can configure Enterprise Mode to collect local override data, posting back to a named server. This lets you "crowd source" compatibility testing from key users; gathering their findings to add to your central site list.
+- **Data gathering.** You can configure Enterprise Mode to collect local override data, posting back to a named server. This lets you "crowd source" compatibility testing from key users; gathering their findings to add to your central site list.
--- a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
@ -8,7 +8,7 @@ ms.prod: ie11
 title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
-ms.reviewer: 
+ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ---
@ -17,18 +17,18 @@ ms.author: dansimp
 **Applies to:**
-   Windows 10
+- Windows 10
-   Windows 8.1
+- Windows 8.1
-   Windows 7
+- Windows 7
-   Windows Server 2012 R2
+- Windows Server 2012 R2
-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
->[!Important]
+> [!Important]
->This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct. 
+> This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
 The Requester successfully submits a change request to the Enterprise Mode Site List Portal and then gets an email, including:
- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List. 
+- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List.
 - **Test steps**. The suggested steps about how to test the change request details to make sure they're accurate in the pre-production environment.
--- a/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
+++ b/browsers/includes/import-into-the-enterprise-mode-site-list-mgr-include.md
@ -1,22 +1,23 @@
---
+---
-author: eavena
+author: eavena
-ms.author: eravena
+ms.author: eravena
-ms.date:  10/02/2018
+ms.date:  10/02/2018
-ms.reviewer: 
+ms.reviewer:
-audience: itpro
manager: dansimp
+audience: itpro
-ms.prod: edge
+manager: dansimp
-ms.topic: include
+ms.prod: edge
---
+ms.topic: include
-
+---
-If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
+
-
+If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
->[!IMPORTANT]
+
->Importing your file overwrites everything that’s currently in the tool, so make sure it’s what want to do.
+> [!IMPORTANT]
-
+> Importing your file overwrites everything that’s currently in the tool, so make sure it’s what want to do.
-1.  In the Enterprise Mode Site List Manager, click **File \> Import**.
+
-
+1.  In the Enterprise Mode Site List Manager, click **File \> Import**.
-2.  Go to the exported .EMIE file.<p>For example, `C:\users\<user_name>\documents\sites.emie`
+
-
+2.  Go to the exported .EMIE file.<p>For example, `C:\users\<user_name>\documents\sites.emie`
-1.  Click **Open**.
+
-
+1.  Click **Open**.
-2.  Review the alert message about all of your entries being overwritten and click **Yes**.
+
 2.  Review the alert message about all of your entries being overwritten and click **Yes**.
--- a/browsers/includes/interoperability-goals-enterprise-guidance.md
+++ b/browsers/includes/interoperability-goals-enterprise-guidance.md
@ -26,8 +26,8 @@ You must continue using IE11 if web apps use any of the following:
 If you have uninstalled IE11, you can download it from the Microsoft Store or the [Internet Explorer 11 download page](https://go.microsoft.com/fwlink/p/?linkid=290956). Alternatively, you can use Enterprise Mode with Microsoft Edge to transition only the sites that need these technologies to load in IE11. 
->[!TIP]
+> [!TIP]
->If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714).  
+> If you want to use Group Policy to set Internet Explorer as your default browser, you can find the info here, [Set the default browser using Group Policy](https://go.microsoft.com/fwlink/p/?LinkId=620714).  
 |Technology  |Why it existed  |Why we don't need it anymore  |
@ -38,4 +38,3 @@ If you have uninstalled IE11, you can download it from the Microsoft Store or th
 ---
--- a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
@ -8,7 +8,7 @@ ms.prod: ie11
 title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
-ms.reviewer: 
+ms.reviewer:
 audience: itpro
 manager: dansimp
 ms.author: dansimp
@ -18,16 +18,16 @@ ms.author: dansimp
 **Applies to:**
-   Windows 10
+- Windows 10
-   Windows 8.1
+- Windows 8.1
-   Windows 7
+- Windows 7
-   Windows Server 2012 R2
+- Windows Server 2012 R2
-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
 Employees assigned to the Requester role can create a change request. A change request is used to tell the Approvers and the Administrator that a website needs to be added or removed from the Enterprise Mode Site List. The employee can navigate to each stage of the process by using the workflow links provided at the top of each page of the portal.
->[!Important]
+> [!Important]
->Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct. 
+> Each Requester must have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
 **To create a new change request**
 1. The Requester (an employee that has been assigned the Requester role) signs into the Enterprise Mode Site List Portal, and clicks **Create new request**.
@ -37,7 +37,7 @@ Employees assigned to the Requester role can create a change request. A change r
 2. Fill out the required fields, based on the group and the app, including:
    - **Group name.** Select the name of your group from the dropdown box.
-    
+
    - **App name.** Type the name of the app you want to add, delete, or update in the Enterprise Mode Site List.
        - **Search all apps.** If you can't remember the name of your app, you can click **Search all apps** and search the list.
@ -59,16 +59,17 @@ Employees assigned to the Requester role can create a change request. A change r
    - **App best viewed in.** Select the best browser experience for the app. This can be Internet Explorer 5 through Internet Explorer 11 or one of the IE7Enterprise or IE8Enterprise modes.
    - **Is an x-ua tag used?** Select **Yes** or **No** whether an x-ua-compatible tag is used by the app. For more info about x-ua-compatible tags, see the topics in [Defining document compatibility](https://msdn.microsoft.com/library/cc288325(v=vs.85).aspx).
-    
+
 4. Click **Save and continue** to save the request and get the app info sent to the pre-production environment site list for testing.
-    
+
    A message appears that the request was successful, including a **Request ID** number, saying that the change is being made to the pre-production environment site list.
 5. The Requester gets an email with a batch script, that when run, configures their test machine for the pre-production environment, along with the necessary steps to make sure the changed info is correct.
    - **If the change is correct.** The Requester asks the approvers to approve the change request by selecting **Successful** and clicking **Send for approval**.
-        
+
    - **If the change is incorrect.** The Requester can rollback the change in pre-production or ask for help from the Administrator.
 ## Next steps
-After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see the [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md) topic.
+
 After the change request is created, the Requester must make sure the suggested changes work in the pre-production environment. For these steps, see [Verify your changes using the Enterprise Mode Site List Portal](verify-changes-preprod-enterprise-mode-portal.md).
--- a/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/verify-changes-preprod-enterprise-mode-portal.md
@ -8,7 +8,7 @@ ms.prod: ie11
 title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
-ms.reviewer: 
+ms.reviewer:
 audience: itpro
 manager: dansimp
 ms.author: dansimp
@ -18,18 +18,18 @@ ms.author: dansimp
 **Applies to:**
-   Windows 10
+- Windows 10
-   Windows 8.1
+- Windows 8.1
-   Windows 7
+- Windows 7
-   Windows Server 2012 R2
+- Windows Server 2012 R2
-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
->[!Important]
+> [!Important]
->This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct. 
+> This step requires that each Requester have access to a test machine with Administrator rights, letting him or her get to the pre-production environment to make sure that the requested change is correct.
 The Requester successfully submits a change request to the Enterprise Mode Site List Portal and then gets an email, including:
- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List. 
+- **EMIE_RegKey**. A batch file that when run, sets the registry key to point to the local pre-production Enterprise Mode Site List.
 - **Test steps**. The suggested steps about how to test the change request details to make sure they're accurate in the pre-production environment.
--- a/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/what-is-enterprise-mode.md
@ -20,11 +20,11 @@ ms.date: 10/25/2018
 **Applies to:**
-   Windows 10
+- Windows 10
-   Windows 8.1
+- Windows 8.1
-   Windows 7
+- Windows 7
-   Windows Server 2012 R2
+- Windows Server 2012 R2
-   Windows Server 2008 R2 with Service Pack 1 (SP1)
+- Windows Server 2008 R2 with Service Pack 1 (SP1)
 Internet Explorer and Microsoft Edge can work together to support your legacy web apps, while still defaulting to the higher bar for security and modern experiences enabled by Microsoft Edge. Working with multiple browsers can be difficult, particularly if you have a substantial number of internal sites. To help manage this dual-browser experience, we are introducing a new web tool specifically targeted towards larger organizations: the [Enterprise Mode Site List Portal](https://github.com/MicrosoftEdge/enterprise-mode-site-list-portal).
@ -33,7 +33,7 @@ If you have specific websites and apps that you know have compatibility problems
 Using Enterprise Mode means that you can continue to use Microsoft Edge as your default browser, while also ensuring that your apps continue working on IE11.
->[!TIP]
+> [!TIP]
 > If you are running an earlier version of Internet Explorer, we recommend upgrading to IE11, so that any legacy apps continue to work correctly.
 For Windows 10 and Windows 10 Mobile, Microsoft Edge is the default browser experience. However, Microsoft Edge lets you continue to use IE11 for sites that are on your corporate intranet or included on your Enterprise Mode Site List. 
@ -54,8 +54,8 @@ Download the [Enterprise Mode Site List Manager (schema v.2)](https://go.microso
 - **Centralized control.** You can specify the websites or web apps to interpret using Enterprise Mode, through an XML file on a website or stored locally. Domains and paths within those domains can be treated differently, allowing granular control. Use Group Policy to let users turn Enterprise Mode on or off from the Tools menu and to decide whether the Enterprise browser profile appears on the Emulation tab of the F12 developer tools.
-    >[!Important]
+    > [!Important]
-    >All centrally-made decisions override any locally-made choices. 
+    > All centrally-made decisions override any locally-made choices. 
 - **Integrated browsing.** When Enterprise Mode is set up, users can browse the web normally, letting the browser change modes automatically to accommodate Enterprise Mode sites.
@ -121,11 +121,11 @@ There are 2 versions of this tool, both supported on Windows 7, Windows 8.1, and
 - [Enterprise Mode Site List Manager (schema v.1)](https://www.microsoft.com/download/details.aspx?id=42501). This is an older version of the schema that you must use if you want to create and update your Enterprise Mode Site List for devices running the v.1 version of the schema.
-	We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
+    We strongly recommend moving to the new schema, v.2. For more info, see [Enterprise Mode schema v.2 guidance](enterprise-mode-schema-version-2-guidance.md).
 - [Enterprise Mode Site List Manager (schema v.2)](https://www.microsoft.com/download/details.aspx?id=49974). The updated version of the schema, including new functionality. You can use this version of the schema to create and update your Enterprise Mode Site List for devices running the v.2 version of the schema.
-	If you open a v.1 version of your Enterprise Mode Site List using this version, it will update the schema to v.2, automatically. For more info, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
+    If you open a v.1 version of your Enterprise Mode Site List using this version, it will update the schema to v.2, automatically. For more info, see [Enterprise Mode schema v.1 guidance](enterprise-mode-schema-version-1-guidance.md).
 If your list is too large to add individual sites, or if you have more than one person managing the site list, we recommend using the Enterprise Site List Portal.
--- a/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md
+++ b/browsers/internet-explorer/ie11-faq/faq-ie11-blocker-toolkit.md
@ -5,8 +5,8 @@ description: Get answers to commonly asked questions about the Internet Explorer
 author: dansimp
 ms.author: dansimp
 ms.prod: ie11
-ms.assetid: 
+ms.assetid:
-ms.reviewer: 
+ms.reviewer:
 audience: itpro
 manager: dansimp
 title: Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions
@ -16,50 +16,50 @@ ms.date: 05/10/2018
 # Internet Explorer 11 Blocker Toolkit - Frequently Asked Questions
-Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.  
+Get answers to commonly asked questions about the Internet Explorer 11 Blocker Toolkit.
->[!Important]
+> [!Important]
->If you administer your company’s environment using an update management solution, such as Windows Server Update Services (WSUS) or System Center 2012 Configuration Manager, you don’t need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment.
+> If you administer your company’s environment using an update management solution, such as Windows Server Update Services (WSUS) or System Center 2012 Configuration Manager, you don’t need to use the Internet Explorer 11 Blocker Toolkit. Update management solutions let you completely manage your Windows Updates and Microsoft Updates, including your Internet Explorer 11 deployment.
-   [Automatic updates delivery process](#automatic-updates-delivery-process)
+- [Automatic updates delivery process](#automatic-updates-delivery-process)
-   [How the Internet Explorer 11 Blocker Toolkit works](#how-the-internet-explorer-11-blocker-toolkit-works)
+- [How the Internet Explorer 11 Blocker Toolkit works](#how-the-internet-explorer-11-blocker-toolkit-works)
-   [Internet Explorer 11 Blocker Toolkit and other update services](#internet-explorer-11-blocker-toolkit-and-other-update-services)
+- [Internet Explorer 11 Blocker Toolkit and other update services](#internet-explorer-11-blocker-toolkit-and-other-update-services)
 ## Automatic Updates delivery process
-**Q. Which users will receive Internet Explorer 11 as an important update?**  
+**Q. Which users will receive Internet Explorer 11 as an important update?**
-A. Users running either Windows 7 with Service Pack 1 (SP1) or the 64-bit version of Windows Server 2008 R2 with Service Pack 1 (SP1) will receive Internet Explorer 11 as an important update, if Automatic Updates are turned on. Windows Update is manually run. Automatic Updates will automatically download and install the Internet Explorer 11 files if it’s turned on. For more information about how Internet Explorer works with Automatic Updates and information about other deployment blocking options, see [Internet Explorer 11 Delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md).  
+A. Users running either Windows 7 with Service Pack 1 (SP1) or the 64-bit version of Windows Server 2008 R2 with Service Pack 1 (SP1) will receive Internet Explorer 11 as an important update, if Automatic Updates are turned on. Windows Update is manually run. Automatic Updates will automatically download and install the Internet Explorer 11 files if it’s turned on. For more information about how Internet Explorer works with Automatic Updates and information about other deployment blocking options, see [Internet Explorer 11 Delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md).
-  
+
-**Q. When is the Blocker Toolkit available?**  
+**Q. When is the Blocker Toolkit available?**
-A. The Blocker Toolkit is currently available from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=40722).  
+A. The Blocker Toolkit is currently available from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=40722).
-  
+
-**Q. What tools can I use to manage Windows Updates and Microsoft Updates in my company?**  
+**Q. What tools can I use to manage Windows Updates and Microsoft Updates in my company?**
-A. We encourage anyone who wants full control over their company’s deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You can also use the more advanced configuration management tool, [System Center 2012 Configuration Manager](https://technet.microsoft.com/library/gg682041.aspx).  
+A. We encourage anyone who wants full control over their company’s deployment of Windows Updates and Microsoft Updates, to use [Windows Server Update Services (WSUS)](https://docs.microsoft.com/windows-server/administration/windows-server-update-services/get-started/windows-server-update-services-wsus), a free tool for users of Windows Server. You can also use the more advanced configuration management tool, [System Center 2012 Configuration Manager](https://technet.microsoft.com/library/gg682041.aspx).
-  
+
-**Q. How long does the blocker mechanism work?**  
+**Q. How long does the blocker mechanism work?**
-A. The Internet Explorer 11 Blocker Toolkit uses a registry key value to permanently turn off the automatic delivery of Internet Explorer 11. This behavior lasts as long as the registry key value isn’t removed or changed.   
+A. The Internet Explorer 11 Blocker Toolkit uses a registry key value to permanently turn off the automatic delivery of Internet Explorer 11. This behavior lasts as long as the registry key value isn’t removed or changed.
-  
+
-**Q. Why should I use the Internet Explorer 11 Blocker Toolkit to stop delivery of Internet Explorer 11? Why can’t I just disable all of Automatic Updates?**  
+**Q. Why should I use the Internet Explorer 11 Blocker Toolkit to stop delivery of Internet Explorer 11? Why can’t I just disable all of Automatic Updates?**
-A. Automatic Updates provide you with ongoing critical security and reliability updates. Turning this feature off can leave your computers more vulnerable. Instead, we suggest that you use an update management solution, such as WSUS, to fully control your environment while leaving this feature running, managing how and when the updates get to your user’s computers.  
+A. Automatic Updates provide you with ongoing critical security and reliability updates. Turning this feature off can leave your computers more vulnerable. Instead, we suggest that you use an update management solution, such as WSUS, to fully control your environment while leaving this feature running, managing how and when the updates get to your user’s computers.
-  
+
 The Internet Explorer 11 Blocker Toolkit safely allows Internet Explorer 11 to download and install in companies that can’t use WSUS, Configuration Manager, or
-other update management solution.  
+other update management solution.
-  
+
-**Q. Why don’t we just block URL access to Windows Update or Microsoft Update?**  
+**Q. Why don’t we just block URL access to Windows Update or Microsoft Update?**
 A. Blocking the Windows Update or Microsoft Update URLs also stops delivery of critical security and reliability updates for all of the supported versions of the Windows operating system; leaving your computers more vulnerable.
 ## How the Internet Explorer 11 Blocker Toolkit works
-**Q. How should I test the Internet Explorer 11 Blocker Toolkit in my company?**  
+**Q. How should I test the Internet Explorer 11 Blocker Toolkit in my company?**
-A. Because the toolkit only sets a registry key to turn on and off the delivery of Internet Explorer 11, there should be no additional impact or side effects to your environment. No additional testing should be necessary.  
+A. Because the toolkit only sets a registry key to turn on and off the delivery of Internet Explorer 11, there should be no additional impact or side effects to your environment. No additional testing should be necessary.
-  
+
-**Q. What’s the registry key used to block delivery of Internet Explorer 11?**  
+**Q. What’s the registry key used to block delivery of Internet Explorer 11?**
-A. HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Setup\\11.0  
+A. HKLM\\SOFTWARE\\Microsoft\\Internet Explorer\\Setup\\11.0
-  
+
-**Q. What’s the registry key name and values?**  
+**Q. What’s the registry key name and values?**
 The registry key name is **DoNotAllowIE11**, where:
 -   A value of **1** turns off the automatic delivery of Internet Explorer 11 using Automatic Updates and turns off the Express install option.
@ -67,23 +67,23 @@ The registry key name is **DoNotAllowIE11**, where:
 -   Not providing a registry key, or using a value of anything other than **1**, lets the user install Internet Explorer 11 through Automatic Updates or a
    manual update.
-**Q. Does the Internet Explorer 11 Blocker Toolkit stop users from manually installing Internet Explorer 11?**  
+**Q. Does the Internet Explorer 11 Blocker Toolkit stop users from manually installing Internet Explorer 11?**
-A. No. The Internet Explorer 11 Blocker Toolkit only stops computers from automatically installing Internet Explorer 11 through Automatic Updates. Users can still download and install Internet Explorer 11 from the Microsoft Download Center or from external media.  
+A. No. The Internet Explorer 11 Blocker Toolkit only stops computers from automatically installing Internet Explorer 11 through Automatic Updates. Users can still download and install Internet Explorer 11 from the Microsoft Download Center or from external media.
-  
+
-**Q. Does the Internet Explorer 11 Blocker Toolkit stop users from automatically upgrading to Internet Explorer 11?**  
+**Q. Does the Internet Explorer 11 Blocker Toolkit stop users from automatically upgrading to Internet Explorer 11?**
-A. Yes. The Internet Explorer 11 Blocker Toolkit also prevents Automatic Updates from automatically upgrading a computer from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11.  
+A. Yes. The Internet Explorer 11 Blocker Toolkit also prevents Automatic Updates from automatically upgrading a computer from Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 to Internet Explorer 11.
-  
+
-**Q. How does the provided script work?**  
+**Q. How does the provided script work?**
 A. The script accepts one of two command line options:
 -   **Block:** Creates the registry key that stops Internet Explorer 11 from installing through Automatic Updates.
 -   **Unblock:** Removes the registry key that stops Internet Explorer 11 from installing through Automatic Updates.
-**Q. What’s the ADM template file used for?**  
+**Q. What’s the ADM template file used for?**
-A. The Administrative Template (.adm file) lets you import the new Group Policy environment and use Group Policy Objects to centrally manage all of the computers in your company.  
+A. The Administrative Template (.adm file) lets you import the new Group Policy environment and use Group Policy Objects to centrally manage all of the computers in your company.
-  
+
-**Q. Is the tool localized?**  
+**Q. Is the tool localized?**
 A. No. The tool isn’t localized, it’s only available in English (en-us). However, it does work, without any modifications, on any language edition of the supported operating systems.
 ## Internet Explorer 11 Blocker Toolkit and other update services
@ -91,17 +91,17 @@ A. No. The tool isn’t localized, it’s only available in English (en-us). How
 **Q: Is there a version of the Internet Explorer Blocker Toolkit that will prevent automatic installation of IE11?**<br>
 Yes. The IE11 Blocker Toolkit is available for download. For more information, see [Toolkit to Disable Automatic Delivery of IE11](https://go.microsoft.com/fwlink/p/?LinkId=328195) on the Microsoft Download Center.
-**Q. Does the Internet Explorer 11 blocking mechanism also block delivery of Internet Explorer 11 through update management solutions, like WSUS?**  
+**Q. Does the Internet Explorer 11 blocking mechanism also block delivery of Internet Explorer 11 through update management solutions, like WSUS?**
-A. No. You can still deploy Internet Explorer 11 using one of the upgrade management solutions, even if the blocking mechanism is activated. The Internet Explorer 11 Blocker Toolkit is only intended for companies that don’t use upgrade management solutions.  
+A. No. You can still deploy Internet Explorer 11 using one of the upgrade management solutions, even if the blocking mechanism is activated. The Internet Explorer 11 Blocker Toolkit is only intended for companies that don’t use upgrade management solutions.
-  
+
-**Q. If WSUS is set to 'auto-approve' Update Rollup packages (this is not the default configuration), how do I stop Internet Explorer 11 from automatically installing throughout my company?**  
+**Q. If WSUS is set to 'auto-approve' Update Rollup packages (this is not the default configuration), how do I stop Internet Explorer 11 from automatically installing throughout my company?**
 A. You only need to change your settings if:
-   You use WSUS to manage updates and allow auto-approvals for Update Rollup installation.  
+-   You use WSUS to manage updates and allow auto-approvals for Update Rollup installation.
    -and-
-   You have computers running either Windows 7 SP1 or Windows Server 2008 R2 (SP1) with Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 installed.  
+-   You have computers running either Windows 7 SP1 or Windows Server 2008 R2 (SP1) with Internet Explorer 8, Internet Explorer 9, or Internet Explorer 10 installed.
    -and-
@ -112,10 +112,10 @@ If these scenarios apply to your company, see [Internet Explorer 11 delivery thr
 ## Additional resources
-   [Internet Explorer 11 Blocker Toolkit download](https://www.microsoft.com/download/details.aspx?id=40722)
+- [Internet Explorer 11 Blocker Toolkit download](https://www.microsoft.com/download/details.aspx?id=40722)
-   [Internet Explorer 11 FAQ for IT pros](https://docs.microsoft.com/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
+- [Internet Explorer 11 FAQ for IT pros](https://docs.microsoft.com/internet-explorer/ie11-faq/faq-for-it-pros-ie11)
-   [Internet Explorer 11 delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md)
+- [Internet Explorer 11 delivery through automatic updates](../ie11-deploy-guide/ie11-delivery-through-automatic-updates.md)
-   [Internet Explorer 11 deployment guide](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/index)
+- [Internet Explorer 11 deployment guide](https://docs.microsoft.com/internet-explorer/ie11-deploy-guide/index)
--- a/browsers/internet-explorer/ie11-ieak/index.md
+++ b/browsers/internet-explorer/ie11-ieak/index.md
@ -14,12 +14,12 @@ manager: dansimp
 # Internet Explorer Administration Kit 11 (IEAK 11) - Administrator's Guide
-The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment. 
+The Internet Explorer Administration Kit (IEAK) simplifies the creation, deployment, and management of customized Internet Explorer packages. You can use the IEAK to configure the out-of-box Internet Explorer experience or to manage user settings after Internet Explorer deployment.
 Use this guide to learn about the several options and processes you'll need to consider while you're using the Internet Explorer Administration Kit 11 (IEAK 11) to customize, deploy, and manage Internet Explorer 11 for your employee's devices.
->[!IMPORTANT]
+> [!IMPORTANT]
->Because this content isn't intended to be a step-by-step guide, not all of the steps are necessary.
+> Because this content isn't intended to be a step-by-step guide, not all of the steps are necessary.
 ## Included technology
@ -41,7 +41,7 @@ IE11 and IEAK 11 offers differing experiences between Windows 7 and Windows 8.1
 ## Related topics
 - [IEAK 11 - Frequently Asked Questions](../ie11-faq/faq-ieak11.md)
- [Download IEAK 11](ieak-information-and-downloads.md) 
+- [Download IEAK 11](ieak-information-and-downloads.md)
 - [IEAK 11 administrators guide](https://docs.microsoft.com/internet-explorer/ie11-ieak/index)
 - [IEAK 11 licensing guidelines](licensing-version-and-features-ieak11.md)
 - [Internet Explorer 11 - FAQ for IT Pros](../ie11-faq/faq-for-it-pros-ie11.md)
--- a/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
+++ b/browsers/internet-explorer/ie11-ieak/licensing-version-and-features-ieak11.md
@ -6,7 +6,7 @@ author: dansimp
 ms.author: dansimp
 ms.prod: ie11
 ms.assetid: 69d25451-08af-4db0-9daa-44ab272acc15
-ms.reviewer: 
+ms.reviewer:
 audience: itpro
 manager: dansimp
 title: Determine the licensing version and features to use in IEAK 11 (Internet Explorer Administration Kit 11 for IT Pros)
@ -21,8 +21,8 @@ In addition to the Software License Terms for the Internet Explorer Administrati
 During installation, you must pick a version of IEAK 11, either **External** or **Internal**, based on your license agreement. Your version selection decides the options you can chose, the steps you follow to deploy your Internet Explorer 11 package, and how you manage the browser after deployment.
 -   **External Distribution as an Internet Service Provider (ISP), Internet Content Provider (ICP), or Developer.** If you are an ISP or an ICP, your license agreement also states that you must show the Internet Explorer logo on your packaging and promotional goods, as well as on your website.
-    >[!IMPORTANT]
+    > [!IMPORTANT]
-    >Original Equipment Manufacturers (OEMs) that install IEAK 11 as part of a Windows product, under an OEM license agreement with Microsoft, must use their appropriate Windows OEM Preinstallation document (OPD) as the guide for allowable customizations.
+    > Original Equipment Manufacturers (OEMs) that install IEAK 11 as part of a Windows product, under an OEM license agreement with Microsoft, must use their appropriate Windows OEM Preinstallation document (OPD) as the guide for allowable customizations.
 -   **Internal Distribution via a Corporate Intranet.** This version is for network admins that plan to directly deploy IE11 into a corporate environment.
@ -64,10 +64,10 @@ During installation, you must pick a version of IEAK 11, either **External** or
 Two installation modes are available to you, depending on how you are planning to use the customized browser created with the software. Each mode requires a separate installation of the software.
-   **External Distribution**  
+-   **External Distribution**
    This mode is available to anyone who wants to create a customized browser for distribution outside their company (for example, websites, magazines, retailers, non-profit organizations, independent hardware vendors, independent software vendors, Internet service providers, Internet content providers, software developers, and marketers).
-   **Internal Distribution**  
+-   **Internal Distribution**
    This mode is available to companies for the creation and distribution of a customized browser only to their employees over a corporate intranet.
 The table below identifies which customizations you may or may not perform based on the mode you selected.
@ -100,8 +100,8 @@ Support for some of the Internet Explorer settings on the wizard pages varies de
 Two installation modes are available to you, depending on how you are planning to use the customized browser created with the software. Each mode requires a separate installation of the software.
-   **External Distribution**  
+-   **External Distribution**
    You shall use commercially reasonable efforts to maintain the quality of (i) any non-Microsoft software distributed with Internet Explorer 11, and (ii) any media used for distribution (for example, optical media, flash drives), at a level that meets or exceeds the highest industry standards. If you distribute add-ons with Internet Explorer 11, those add-ons must comply with the [Microsoft browser extension policy](https://docs.microsoft.com/legal/windows/agreements/microsoft-browser-extension-policy).
-   **Internal Distribution - corporate intranet**  
+-   **Internal Distribution - corporate intranet**
    The software is solely for use by your employees within your company's organization and affiliated companies through your corporate intranet. Neither you nor any of your employees may permit redistribution of the software to or for use by third parties other than for third parties such as consultants, contractors, and temporary staff accessing your corporate intranet.
--- a/devices/hololens/hololens-known-issues.md
+++ b/devices/hololens/hololens-known-issues.md
@ -4,7 +4,7 @@ description: This is the list of known issues that may affect HoloLens developer
 keywords: troubleshoot, known issue, help
 author: mattzmsft
 ms.author: mazeller
-ms.date: 8/30/2019
+ms.date: 4/20/2020
 ms.topic: article
 ms.custom: 
 - CI 111456
@ -13,14 +13,60 @@ HoloLens and holograms: Frequently asked questions
 manager: jarrettr
 ms.prod: hololens
 appliesto:
- HoloLens 1
+- HoloLens (1st Gen)
 - HoloLens 2
 ---
 # Known issues for HoloLens
-This is the current list of known issues for HoloLens that affect developers. Check here first if you are seeing an odd behavior. This list will be kept updated as new issues are discovered or reported, or as issues are addressed in future HoloLens software updates.
+This is the current list of known issues for HoloLens devices. Check here first if you are seeing an odd behavior. This list will be kept updated as new issues are discovered or reported, or as issues are addressed in future HoloLens software updates.
-## Unable to connect and deploy to HoloLens through Visual Studio
+>[!NOTE]
 > - If you discover an issue that is not blocking you please report it on your HoloLens device via [Feedback Hub](hololens-feedback.md).
 > - If the issue you are facing is blocking you, in addtion to filing feedback, please  [file a support request](https://aka.ms/hlsupport).
 - [Known issues for all HoloLens generations](#known-issues-for-all-hololens-generations)
 - [Known issues for HoloLens 2 devices](#known-issues-for-hololens-2-devices)
 - [Known issues for HoloLens (1st Gen)](#known-issues-for-hololens-1st-gen)
 - [Known issues for HoloLens emulator](#known-issues-for-hololens-emulator)
 ## Known issues for all HoloLens generations
 ### Unity
 - See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Unity recommended for HoloLens development.
 - Known issues with the Unity HoloLens Technical Preview are documented in the [HoloLens Unity forums](https://forum.unity3d.com/threads/known-issues.394627/).
 ### Windows Device Portal
 - The Live Preview feature in Mixed Reality capture may exhibit several seconds of latency.
 - On the Virtual Input page, the Gesture and Scroll controls under the Virtual Gestures section are not functional. Using them will have no effect. The virtual keyboard on the same page works correctly.
 - After enabling Developer Mode in Settings, it may take a few seconds before the switch to turn on the Device Portal is enabled.
 ## Known issues for HoloLens 2 devices
 ### Blue screen is shown after unenrolling from Insider preview builds on a device reflashed with a Insider build
 This is an issue affecting that affects users who are were on an Insider preview build, reflashed their HoloLens 2 with a new insider preview build, and then unenrolled from the Insider program. 
 This does not affect:
 - Users who are not enrolled in Windows Insider 
 - Insiders:
    - If a device has been enrolled since Insider builds were version 18362.x
    - If they flashed a Insider signed 19041.x build AND stay enrolled in the Insider program 
 Work-around: 
 - Avoid the issue 
    - Flash a non-insider build. One of the regular monthly updates. 
    - Stay on Insider Preview
 - Reflash the device
    1. Put the [HoloLens 2 into flashing mode](https://review.docs.microsoft.com/hololens/hololens-recovery?branch=master#hololens-2) manually by fully powering down while not connect. Then while holding Volume up, tap the Power button.
    1. Connect to the PC and open Advanced Recovery Companion. 
    1. Flash the HoloLens 2 to the default build.   
 ## Known issues for HoloLens (1st Gen)
 ### Unable to connect and deploy to HoloLens through Visual Studio
 > [!NOTE]
 > Last Update: 8/8 @ 5:11PM - Visual Studio has released VS 2019 Version 16.2 which includes a fix to this issue. We recommend updating to this newest version to avoid experiencing this error.
@ -29,7 +75,7 @@ Visual Studio has released VS 2019 Version 16.2 which includes a fix to this iss
 Issue root-cause: Users who used Visual Studio 2015 or early releases of Visual Studio 2017 to deploy and debug applications on their HoloLens and then subsequently used the latest versions of Visual Studio 2017 or Visual Studio 2019 with the same HoloLens will be affected. The newer releases of Visual Studio deploy a new version of a component, but files from the older version are left over on the device, causing the newer version to fail.  This causes the following error message: DEP0100: Please ensure that target device has developer mode enabled. Could not obtain a developer license on \<ip\> due to error 80004005.
-### Workaround
+#### Workaround
 Our team is currently working on a fix. In the meantime, you can use the following steps to work around the issue and help unblock deployment and debugging:  
@ -79,7 +125,7 @@ Our team is currently working on a fix. In the meantime, you can use the followi
 We will provide further updates as they become available.
-## Issues launching the Microsoft Store and apps on HoloLens
+### Issues launching the Microsoft Store and apps on HoloLens
 > [!NOTE]
 > Last Update: 4/2 @ 10 AM - Issue resolved. 
@ -126,38 +172,27 @@ If your device is still unable to load apps, you can sideload a version of the .
 We appreciate your patience as we have gone through the process to get this issue resolved, and we look forward to continued working with our community to create successful Mixed Reality experiences.
-## Device Update
+### Device Update
 - 30 seconds after a new update, the shell may disappear one time. Please perform the **bloom** gesture to resume your session.
-## Visual Studio
+### Visual Studio
 - See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Visual Studio that is recommended for HoloLens development.
 - When deploying an app from Visual Studio to your HoloLens, you may see the error: **The requested operation cannot be performed on a file with a user-mapped section open. (Exception from HRESULT: 0x800704C8)**. If this happens, try again and your deployment will generally succeed.
-## Emulator
+### API
 - Not all apps in the Microsoft Store are compatible with the emulator. For example, Young Conker and Fragments are not playable on the emulator.
 - You cannot use the PC webcam in the Emulator.
 - The Live Preview feature of the Windows Device Portal does not work with the emulator. You can still capture Mixed Reality videos and images.
 ## Unity
 - See [Install the tools](https://docs.microsoft.com/windows/mixed-reality/install-the-tools) for the most up-to-date version of Unity recommended for HoloLens development.
 - Known issues with the Unity HoloLens Technical Preview are documented in the [HoloLens Unity forums](https://forum.unity3d.com/threads/known-issues.394627/).
 ## Windows Device Portal
 - The Live Preview feature in Mixed Reality capture may exhibit several seconds of latency.
 - On the Virtual Input page, the Gesture and Scroll controls under the Virtual Gestures section are not functional. Using them will have no effect. The virtual keyboard on the same page works correctly.
 - After enabling Developer Mode in Settings, it may take a few seconds before the switch to turn on the Device Portal is enabled.
 ## API
 - If the application sets the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) behind the user or the normal to camera.forward, holograms will not appear in Mixed Reality Capture photos or videos. Until this bug is fixed in Windows, if applications actively set the [focus point](https://docs.microsoft.com/windows/mixed-reality/focus-point-in-unity) they should ensure the plane normal is set opposite camera-forward (for example, normal = -camera.forward).
-## Xbox Wireless Controller
+### Xbox Wireless Controller
 - Xbox Wireless Controller S must be updated before it can be used with HoloLens. Ensure you are [up to date](https://support.xbox.com/xbox-one/accessories/update-controller-for-stereo-headset-adapter) before attempting to pair your controller with a HoloLens.
 - If you reboot your HoloLens while the Xbox Wireless Controller is connected, the controller will not automatically reconnect to HoloLens. The Guide button light will flash slowly until the controller powers off after 3 minutes. To reconnect your controller immediately, power off the controller by holding the Guide button until the light turns off. When you power your controller on again, it will reconnect to HoloLens.
 - If your HoloLens enters standby while the Xbox Wireless Controller is connected, any input on the controller will wake the HoloLens. You can prevent this by powering off your controller when you are done using it.
 ## Known issues for HoloLens emulator
 - Not all apps in the Microsoft Store are compatible with the emulator. For example, Young Conker and Fragments are not playable on the emulator.
 - You cannot use the PC webcam in the Emulator.
 - The Live Preview feature of the Windows Device Portal does not work with the emulator. You can still capture Mixed Reality videos and images.
--- a/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
+++ b/devices/surface-hub/hybrid-deployment-surface-hub-device-accounts.md
@ -144,7 +144,7 @@ Next, you enable the device account with [Skype for Business Online](#skype-for-
 To enable Skype for Business online, your tenant users must have Exchange mailboxes (at least one Exchange mailbox in the tenant is required). The following table explains which plans or additional services you need.
-| Skype room system scenario | If you have Office 365 Premium, Office 365 ProPlus, or Skype for Business Standalone Plan 2, you need: | If you have an Enterprise-based plan, you need: | If you have Skype for Business Server 2015 (on-premises or hybrid), you need: |
+| Skype room system scenario | If you have Office 365 Premium, Microsoft 365 Apps for enterprise, or Skype for Business Standalone Plan 2, you need: | If you have an Enterprise-based plan, you need: | If you have Skype for Business Server 2015 (on-premises or hybrid), you need: |
 | --- | --- | --- | --- |
 | Join a scheduled meeting | Skype for Business Standalone Plan 1 | E1, 3, 4, or 5 | Skype for Business Server Standard CAL |
 | Initiate an ad-hoc meeting | Skype for Business Standalone Plan 2 | E 1, 3, 4, or 5 | Skype for Business Server Standard CAL or Enterprise CAL |
--- a/devices/surface-hub/miracast-over-infrastructure.md
+++ b/devices/surface-hub/miracast-over-infrastructure.md
@ -41,7 +41,6 @@ If you have a Surface Hub or other Windows 10 device that has been updated to Wi
    - As a Miracast source, the Windows PC or phone must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection.
 - The DNS Hostname (device name) of the Surface Hub or device needs to be resolvable via your DNS servers. You can achieve this by either allowing your Surface Hub to register automatically via Dynamic DNS, or by manually creating an A or AAAA record for the Surface Hub's hostname. 
 - Windows 10 PCs must be connected to the same enterprise network via Ethernet or a secure Wi-Fi connection. 
 - On Windows 10 PCs, the **Projecting to this PC** feature must be enabled within System Settings, and the device must have a Wi-Fi interface enabled in order to respond to discovery requests. 
 It is important to note that Miracast over Infrastructure is not a replacement for standard Miracast. Instead, the functionality is complementary, and provides an advantage to users who are part of the enterprise network. Users who are guests to a particular location and don’t have access to the enterprise network will continue to connect using the Wi-Fi Direct connection method.
--- a/education/windows/deploy-windows-10-in-a-school-district.md
+++ b/education/windows/deploy-windows-10-in-a-school-district.md
@ -558,16 +558,16 @@ Complete the following steps to select the appropriate Office 365 Education lice
 1. Determine the number of faculty members and students who will use the classroom. Office 365 Education licensing plans are available specifically for faculty and students. You must assign faculty and students the correct licensing plan.</li>
-2. Determine the faculty members and students who need to install Microsoft Office applications on devices (if any). Faculty and students can use Office applications online (standard plans) or run them locally (Office 365 ProPlus plans). Table 8 lists the advantages and disadvantages of standard and Office 365 ProPlus plans.
+2. Determine the faculty members and students who need to install Microsoft Office applications on devices (if any). Faculty and students can use Office applications online (standard plans) or run them locally (Microsoft 365 Apps for enterprise plans). Table 8 lists the advantages and disadvantages of standard and Microsoft 365 Apps for enterprise plans.
    |Plan  |Advantages  |Disadvantages |
    |----- |----------- |------------- |
-    |Office 365 Education |<ul><li>Less expensive than Office 365 ProPlus</li><li>Can be run from any device</li><li>No installation necessary</li></ul> | <ul><li>Must have an Internet connection to use it</li><li>Does not support all the features found in Office 365 ProPlus</li></ul> |
+    |Office 365 Education |<ul><li>Less expensive than Microsoft 365 Apps for enterprise</li><li>Can be run from any device</li><li>No installation necessary</li></ul> | <ul><li>Must have an Internet connection to use it</li><li>Does not support all the features found in Microsoft 365 Apps for enterprise</li></ul> |
-    |Office 365 ProPlus |<ul><li>Only requires an Internet connection every 30 days (for activation)</li><li>Supports the full set of Office features</li><li>Can be installed on five devices per user (there is no limit to the number of devices on which you can run Office apps online)</li></ul> |<ul><li>Requires installation</li><li>More expensive than Office 365 Education</li></ul>|
+    |Microsoft 365 Apps for enterprise |<ul><li>Only requires an Internet connection every 30 days (for activation)</li><li>Supports the full set of Office features</li><li>Can be installed on five devices per user (there is no limit to the number of devices on which you can run Office apps online)</li></ul> |<ul><li>Requires installation</li><li>More expensive than Office 365 Education</li></ul>|
-    *Table 8. Comparison of standard and Office 365 ProPlus plans*
+    *Table 8. Comparison of standard and Microsoft 365 Apps for enterprise plans*
-    The best user experience is to run Office 365 ProPlus or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device.
+    The best user experience is to run Microsoft 365 Apps for enterprise or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device.
 3. Determine whether students or faculty need Azure Rights Management.
@ -1259,7 +1259,7 @@ Your MDT deployment share and Microsoft Endpoint Configuration Manager are now r
 ## Capture the reference image
-The reference device is a device that you use as the template for all the other devices in your district. On this device, you install any Windows desktop apps the classroom needs. For example, install the Windows desktop apps for Office 365 ProPlus if you selected that student license plan.
+The reference device is a device that you use as the template for all the other devices in your district. On this device, you install any Windows desktop apps the classroom needs. For example, install the Windows desktop apps for Microsoft 365 Apps for enterprise if you selected that student license plan.
 After you deploy Windows 10 and the desktop apps to the reference device, you capture an image of the device (the reference image). You import the reference image to an MDT deployment share or into Configuration Manager. Finally, you create a task sequence to deploy the reference image to faculty and student devices.
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@ -173,9 +173,9 @@ Complete the following steps to select the appropriate Office 365 Education lice
 <ol>
 <li>Determine the number of faculty members and students who will use the classroom.<br/>Office 365 Education licensing plans are available specifically for faculty and students. You must assign faculty and students the correct licensing plan.
 </li>
-<li>Determine the faculty members and students who need to install Office applications on devices (if any). Faculty and students can use Office applications online (standard plans) or run them locally (Office 365 ProPlus plans). Table 1 lists the advantages and disadvantages of standard and Office 365 ProPlus plans.</li>
+<li>Determine the faculty members and students who need to install Office applications on devices (if any). Faculty and students can use Office applications online (standard plans) or run them locally (Microsoft 365 Apps for enterprise plans). Table 1 lists the advantages and disadvantages of standard and Microsoft 365 Apps for enterprise plans.</li>
 <br/>
-<em>Table 1. Comparison of standard and Microsoft Office 365 ProPlus plans</em>
+<em>Table 1. Comparison of standard and Microsoft Microsoft 365 Apps for enterprise plans</em>
 <br/>
 <table>
 <colgroup>
@ -191,13 +191,13 @@ Complete the following steps to select the appropriate Office 365 Education lice
 </tr>
 </thead>
 <tbody>
-<tr><td>Standard</td><td><ul><li>Less expensive than Office 365 ProPlus</li><li>Can be run from any device</li><li>No installation necessary</li></ul></td><td><ul><li>Must have an Internet connection to use it</li><li>Does not support all the features found in Office 365 ProPlus</li></ul></td></tr>
+<tr><td>Standard</td><td><ul><li>Less expensive than Microsoft 365 Apps for enterprise</li><li>Can be run from any device</li><li>No installation necessary</li></ul></td><td><ul><li>Must have an Internet connection to use it</li><li>Does not support all the features found in Microsoft 365 Apps for enterprise</li></ul></td></tr>
 <tr><td>Office ProPlus</td><td><ul><li>Only requires an Internet connection every 30 days (for activation)</li><li>Supports full set of Office features</li></ul></td><td><ul><li>Requires installation</li><li>Can be installed on only five devices per user (there is no limit to the number of devices on which you can run Office apps online)</li></ul></td></tr>
 </tbody>
 </table>
 <br/>
-The best user experience is to run Office 365 ProPlus or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device.
+The best user experience is to run Microsoft 365 Apps for enterprise or use native Office apps on mobile devices. If neither of these options is available, use Office applications online. In addition, all Office 365 plans provide a better user experience by storing documents in OneDrive for Business, which is included in all Office 365 plans. OneDrive for Business keeps content in sync among devices and helps ensure that users always have access to their documents on any device.
 <br/>
 <li>Determine whether students or faculty need Azure Rights Management.<br/>You can use Azure Rights Management to protect classroom information against unauthorized access. Azure Rights Management protects your information inside or outside the classroom through encryption, identity, and authorization policies, securing your files and email. You can retain control of the information, even when it’s shared with people outside the classroom or your educational institution. Azure Rights Management is free to use with all Office 365 Education license plans. For more information, see <a href="https://technet.microsoft.com/library/jj585024.aspx" data-raw-source="[Azure Rights Management](https://technet.microsoft.com/library/jj585024.aspx)">Azure Rights Management</a>.</li>
 <li>Record the Office 365 Education license plans needed for the classroom in Table 2.<br/><br/>
@ -506,7 +506,7 @@ Assign SharePoint Online resource permissions to Office 365 security groups, not
 **Note**&nbsp;&nbsp;If your institution has AD DS, don’t create security accounts in Office 365. Instead, create the security groups in AD DS, and then use Azure AD integration to synchronize the security groups with your Office 365 tenant.
-For information about creating security groups, see [Create and manage Office 365 groups in Admin Center Preview](https://support.office.com/en-us/article/Create-and-manage-Office-365-groups-in-Admin-Center-Preview-93df5bd4-74c4-45e8-9625-56db92865a6e?ui=en-US&rs=en-US&ad=US).
+For information about creating security groups, see [Create and manage Microsoft 365 groups in Admin Center Preview](https://support.office.com/en-us/article/Create-and-manage-Office-365-groups-in-Admin-Center-Preview-93df5bd4-74c4-45e8-9625-56db92865a6e?ui=en-US&rs=en-US&ad=US).
 You can add and remove users from security groups at any time.
@ -520,7 +520,7 @@ You can create email distribution groups based on job role (such as teachers, ad
 **Note**&nbsp;&nbsp;Office 365 can take some time to complete the Exchange Online creation process. You will have to wait until Office 365 completes the Exchange Online creation process before you can perform the following steps. 
-For information about how to create security groups, see [Create and manage Office 365 groups in Admin Center Preview](https://support.office.com/en-us/article/Create-and-manage-Office-365-groups-in-Admin-Center-Preview-93df5bd4-74c4-45e8-9625-56db92865a6e?ui=en-US&rs=en-US&ad=US).
+For information about how to create security groups, see [Create and manage Microsoft 365 groups in Admin Center Preview](https://support.office.com/en-us/article/Create-and-manage-Office-365-groups-in-Admin-Center-Preview-93df5bd4-74c4-45e8-9625-56db92865a6e?ui=en-US&rs=en-US&ad=US).
 ### Summary
--- a/education/windows/education-scenarios-store-for-business.md
+++ b/education/windows/education-scenarios-store-for-business.md
@ -83,7 +83,7 @@ Applies to: IT admins
 Self-service sign up makes it easier for teachers and students in your organization to get started with **Minecraft: Education Edition**. If you have self-service sign up enabled in your tenant, teachers can assign **Minecraft: Education Edition** to students before they have a work or school account. Students receive an email that steps them through the process of signing up for a work or school account. For more information on self-service sign up, see [Using self-service sign up in your organization](https://support.office.com/article/Using-self-service-sign-up-in-your-organization-4f8712ff-9346-4c6c-bb63-a21ad7a62cbd?ui=en-US&rs=en-US&ad=US).
 ### Domain verification
-For education organizations, domain verification ensures you are on the academic verification list. As an admin, you might need to verify your domain using the Office 365 portal. For more information, see [Verify your Office 365 domain to prove ownership, nonprofit or education status](https://support.office.com/article/Verify-your-Office-365-domain-to-prove-ownership-nonprofit-or-education-status-or-to-activate-Yammer-87d1844e-aa47-4dc0-a61b-1b773fd4e590?ui=en-US&rs=en-US&ad=US).
+For education organizations, domain verification ensures you are on the academic verification list. As an admin, you might need to verify your domain using the Microsoft 365 admin center. For more information, see [Verify your Office 365 domain to prove ownership, nonprofit or education status](https://support.office.com/article/Verify-your-Office-365-domain-to-prove-ownership-nonprofit-or-education-status-or-to-activate-Yammer-87d1844e-aa47-4dc0-a61b-1b773fd4e590?ui=en-US&rs=en-US&ad=US).
 ## Acquire apps
 Applies to: IT admins and teachers
--- a/education/windows/set-up-school-pcs-whats-new.md
+++ b/education/windows/set-up-school-pcs-whats-new.md
@ -21,7 +21,7 @@ Learn what’s new with the Set up School PCs app each week. Find out about new
 ## Week of September 23, 2019  
 ### Easier way to deploy Office 365 to your classroom devices 
- Microsoft Office now appears as an option on the **Apps** screen. Select the app to add it to your provisioning package. Devices install Office 365 ProPlus. This version includes the cloud-connected and most current versions of apps such as Word, PowerPoint, Excel, and Teams.   
+ Microsoft Office now appears as an option on the **Apps** screen. Select the app to add it to your provisioning package. Devices install Microsoft 365 Apps for enterprise. This version includes the cloud-connected and most current versions of apps such as Word, PowerPoint, Excel, and Teams.   
 ## Week of June 24, 2019  
--- a/education/windows/teacher-get-minecraft.md
+++ b/education/windows/teacher-get-minecraft.md
@ -93,7 +93,7 @@ Enter email addresses for your students, and each student will get an email with
   ![Assign to people showing student name](images/minecraft-assign-to-people-name.png)
   You can assign the app to students with work or school accounts. </br>
-   If you don't find the student, you can still assign the app to them if self-service sign up is supported for your domain. Students will receive an email with a link to Office 365 portal where they can create an account, and then install **Minecraft: Education Edition**. Questions about self-service sign up? Check with your admin. 
+   If you don't find the student, you can still assign the app to them if self-service sign up is supported for your domain. Students will receive an email with a link to Microsoft 365 admin center where they can create an account, and then install **Minecraft: Education Edition**. Questions about self-service sign up? Check with your admin. 
 **To finish Minecraft install (for students)**
--- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v.md
@ -101,7 +101,7 @@ Before you deploy Office by using App-V, review the following requirements.
 <tr class="odd">
 <td align="left"><p>Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:</p>
 <ul>
-<li><p>Office 365 ProPlus</p></li>
+<li><p>Microsoft 365 Apps for enterprise</p></li>
 <li><p>Visio Pro for Office 365</p></li>
 <li><p>Project Pro for Office 365</p></li>
 </ul></td>
@ -640,7 +640,7 @@ Use the steps in this section to enable Office plug-ins with your Office package
 1.  Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet.
-2.  Sequence your plug-ins using the App-V 5.0 Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
+2.  Sequence your plug-ins using the App-V 5.0 Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Microsoft 365 Apps for enterprise(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
 3.  Create an App-V 5.0 package that includes the desired plug-ins.
--- a/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2013-by-using-app-v51.md
@ -100,7 +100,7 @@ Before you deploy Office by using App-V, review the following requirements.
 <tr class="odd">
 <td align="left"><p>Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:</p>
 <ul>
-<li><p>Office 365 ProPlus</p></li>
+<li><p>Microsoft 365 Apps for enterprise</p></li>
 <li><p>Visio Pro for Office 365</p></li>
 <li><p>Project Pro for Office 365</p></li>
 </ul></td>
@ -648,7 +648,7 @@ Use the steps in this section to enable Office plug-ins with your Office package
 1.  Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet.
-2.  Sequence your plug-ins using the App-V 5.1 Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
+2.  Sequence your plug-ins using the App-V 5.1 Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It is recommended you use Microsoft 365 Apps for enterprise(non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
 3.  Create an App-V 5.1 package that includes the desired plug-ins.
--- a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v.md
@ -102,7 +102,7 @@ Before you deploy Office by using App-V, review the following requirements.
 <tr class="odd">
 <td align="left"><p>Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:</p>
 <ul>
-<li><p>Office 365 ProPlus</p></li>
+<li><p>Microsoft 365 Apps for enterprise</p></li>
 <li><p>Visio Pro for Office 365</p></li>
 <li><p>Project Pro for Office 365</p></li>
 </ul></td>
@ -293,7 +293,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
      </tr>
      <tr class="even">
      <td align="left"><p>Channel (attribute of Add element)</p></td>
-      <td align="left"><p>Optional. Specifies the update channel for the product that you want to download or install. </p><p>For more information about update channels, see Overview of update channels for Office 365 ProPlus.</p></td>
+      <td align="left"><p>Optional. Specifies the update channel for the product that you want to download or install. </p><p>For more information about update channels, see Overview of update channels for Microsoft 365 Apps for enterprise.</p></td>
      <td align="left"><p><code>Channel=&quot;Deferred&quot;</code></p></td>
      </tr>
      </tbody>
@ -348,7 +348,7 @@ After you download the Office 2016 applications through the Office Deployment To
    The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make.
->**Note**&nbsp;&nbsp;You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
+>**Note**&nbsp;&nbsp;You can use the Office Deployment Tool to create App-V packages for Microsoft 365 Apps for enterprise. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
 <table>
 <colgroup>
@ -588,7 +588,7 @@ Use the steps in this section to enable Office plug-ins with your Office package
 1.  Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet.
-2.  Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
+2.  Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Microsoft 365 Apps for enterprise(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
 3.  Create an App-V package that includes the desired plug-ins.
--- a/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md
+++ b/mdop/appv-v5/deploying-microsoft-office-2016-by-using-app-v51.md
@ -102,7 +102,7 @@ Before you deploy Office by using App-V, review the following requirements.
 <tr class="odd">
 <td align="left"><p>Deploying any of the following products to a shared computer, for example, by using Remote Desktop Services:</p>
 <ul>
-<li><p>Office 365 ProPlus</p></li>
+<li><p>Microsoft 365 Apps for enterprise</p></li>
 <li><p>Visio Pro for Office 365</p></li>
 <li><p>Project Pro for Office 365</p></li>
 </ul></td>
@ -293,7 +293,7 @@ The XML file that is included in the Office Deployment Tool specifies the produc
      </tr>
      <tr class="even">
      <td align="left"><p>Branch (attribute of Add element)</p></td>
-      <td align="left"><p>Optional. Specifies the update branch for the product that you want to download or install. </p><p>For more information about update branches, see Overview of update branches for Office 365 ProPlus.</p></td>
+      <td align="left"><p>Optional. Specifies the update branch for the product that you want to download or install. </p><p>For more information about update branches, see Overview of update branches for Microsoft 365 Apps for enterprise.</p></td>
      <td align="left"><p><code>Branch = &quot;Business&quot;</code></p></td>
      </tr>
      </tbody>
@ -348,7 +348,7 @@ After you download the Office 2016 applications through the Office Deployment To
    The following table summarizes the values you need to enter in the CustomConfig.xml file for the licensing model you’re using. The steps in the sections that follow the table will specify the exact entries you need to make.
->**Note**&nbsp;&nbsp;You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
+>**Note**&nbsp;&nbsp;You can use the Office Deployment Tool to create App-V packages for Microsoft 365 Apps for enterprise. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
 <table>
 <colgroup>
@ -588,7 +588,7 @@ Use the steps in this section to enable Office plug-ins with your Office package
 1.  Add a Connection Group through App-V Server, System Center Configuration Manager, or a PowerShell cmdlet.
-2.  Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Office 365 ProPlus(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
+2.  Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer being used to sequence the plug-in. It is recommended you use Microsoft 365 Apps for enterprise(non-virtual) on the sequencing computer when you sequence Office 2016 plug-ins.
 3.  Create an App-V package that includes the desired plug-ins.
--- a/mdop/appv-v5/planning-for-using-app-v-with-office.md
+++ b/mdop/appv-v5/planning-for-using-app-v-with-office.md
@ -61,7 +61,7 @@ The following table lists the versions of Microsoft Office that App-V supports,
 </thead>
 <tbody>
 <tr class="odd">
-<td align="left"><p>Office 365 ProPlus</p>
+<td align="left"><p>Microsoft 365 Apps for enterprise</p>
 <p>Also supported:</p>
 <ul>
 <li><p>Visio Pro for Office 365</p></li>
--- a/mdop/appv-v5/planning-for-using-app-v-with-office51.md
+++ b/mdop/appv-v5/planning-for-using-app-v-with-office51.md
@ -40,7 +40,7 @@ Microsoft Visio and Microsoft Project do not provide support for the Thai Langua
 ## <a href="" id="bkmk-office-vers-supp-appv"></a>Supported versions of Microsoft Office
 See [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click) for a list of supported Office products.
->**Note**&nbsp;&nbsp;You must use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported. You cannot use the App-V Sequencer.
+>**Note**&nbsp;&nbsp;You must use the Office Deployment Tool to create App-V packages for Microsoft 365 Apps for enterprise. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported. You cannot use the App-V Sequencer.
--- a/smb/cloud-mode-business-setup.md
+++ b/smb/cloud-mode-business-setup.md
@ -21,12 +21,12 @@ ms.localizationpriority: medium
 **Applies to:**
-   Office 365 Business Premium, Azure AD Premium, Intune, Microsoft Store for Business, Windows 10
+-   Microsoft 365 Business Standard, Azure AD Premium, Intune, Microsoft Store for Business, Windows 10
 Are you ready to move your business to the cloud or wondering what it takes to make this happen with Microsoft cloud services and tools?
-In this walkthrough, we'll show you how to deploy and manage a full cloud IT solution for your small to medium business using Office 365 Business Premium, Microsoft Azure AD, Intune, Microsoft Store for Business, and Windows 10. We'll show you the basics on how to:
+In this walkthrough, we'll show you how to deploy and manage a full cloud IT solution for your small to medium business using Microsoft 365 Business Standard, Microsoft Azure AD, Intune, Microsoft Store for Business, and Windows 10. We'll show you the basics on how to:
- Acquire an Office 365 business domain
+- Acquire an Microsoft 365 for business domain
 - Add Microsoft Intune and Azure Active Directory (AD) Premium licenses to your business tenant
 - Set up Microsoft Store for Business and manage app deployment and sync with Intune
 - Add users and groups in Azure AD and Intune
@ -52,11 +52,11 @@ See <a href="https://support.office.com/en-us/article/Set-up-Office-365-for-busi
 - Create Office 365 accounts and how to add your domain.
 - Install Office
-To set up your Office 365 business tenant, see <a href="https://support.office.com/en-us/article/Get-started-with-Office-365-for-Business-d6466f0d-5d13-464a-adcb-00906ae87029" target="_blank">Get Started with Office 365 for business</a>.
+To set up your Microsoft 365 for business tenant, see <a href="https://support.office.com/en-us/article/Get-started-with-Office-365-for-Business-d6466f0d-5d13-464a-adcb-00906ae87029" target="_blank">Get Started with Microsoft 365 for business</a>.
 If this is the first time you're setting this up, and you'd like to see how it's done, you can follow these steps to get started:
-1. Go to the <a href="https://business.microsoft.com/en-us/products/office-365" target="_blank">Office 365</a> page in the <a href="https://business.microsoft.com" target="_blank">Microsoft Business site</a>. Select **Try now** to use the Office 365 Business Premium Trial or select **Buy now** to sign up for Office 365 Business Premium. In this walkthrough, we'll select **Try now**.
+1. Go to the <a href="https://products.office.com/en-us/business/office-365-affiliate-program-buy-business-premium" target="_blank">Office 365</a> page in the <a href="https://business.microsoft.com" target="_blank">Microsoft Business site</a>. Select **Try now** to use the Microsoft 365 Business Standard Trial or select **Buy now** to sign up for Microsoft 365 Business Standard. In this walkthrough, we'll select **Try now**.
   **Figure 1** - Try or buy Office 365
@ -68,14 +68,14 @@ If this is the first time you're setting this up, and you'd like to see how it's
   This step creates an onmicrosoft.com email address. You can use this email address to sign in to the various admin centers. Save your sign-in info so you can use it to sign into <a href="https://portal.office.com" target="_blank">https://portal.office.com</a> (the admin portal).
 4. Select **Create my account** and then enter the phone number you used in step 2 to verify your identity. You'll be asked to enter your verification code.
-5. Select **You're ready to go...** which will take you to the Office 365 portal.
+5. Select **You're ready to go...** which will take you to the Microsoft 365 admin center.
   > [!NOTE]  
-   > In the Office 365 portal, icons that are greyed out are still installing.
+   > In the Microsoft 365 admin center, icons that are greyed out are still installing.
-   **Figure 2** - Office 365 portal
+   **Figure 2** - Microsoft 365 admin center
-   ![Office 365 portal](images/office365_portal.png)
+   ![Microsoft 365 admin center](images/office365_portal.png)
 6. Select the **Admin** tile to go to the admin center.
@ -560,7 +560,7 @@ For other devices, such as those personally-owned by employees who need to conne
 9. You can confirm that the new device and user are showing up as Intune-managed by going to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a> and following the steps in [2.3 Verify the device is Azure AD joined](#23-verify-the-device-is-azure-ad-joined). It may take several minutes before the new device shows up so check again later.
 ### 4.2 Add a new user
-You can add new users to your tenant simply by adding them to the Office 365 groups. Adding new users to Office 365 groups automatically adds them to the corresponding groups in Microsoft Intune.
+You can add new users to your tenant simply by adding them to the Microsoft 365 groups. Adding new users to Microsoft 365 groups automatically adds them to the corresponding groups in Microsoft Intune.
 See [Add users to Office 365](https://support.office.com/en-us/article/Add-users-to-Office-365-for-business-435ccec3-09dd-4587-9ebd-2f3cad6bc2bc?ui=en-US&rs=en-US&ad=US&fromAR=1) to learn more. Once you're done adding new users, go to the <a href="https://manage.microsoft.com/" target="_blank">Intune management portal</a> and verify that the same users were added to the Intune groups as well.
--- a/store-for-business/release-history-microsoft-store-business-education.md
+++ b/store-for-business/release-history-microsoft-store-business-education.md
@ -45,7 +45,7 @@ Looking for info on the latest release? Check out [What's new in Microsoft Store
 - **Private store collection updates** - We’ve made it easier to find apps when creating private store collections – now you can search and filter results. 
 [Get more info](https://docs.microsoft.com/microsoft-store/manage-private-store-settings#private-store-collections) 
 - **Manage Skype Communication credits** - Office 365 customers that own Skype Communication Credits can now see and manage them in Microsoft Store for Business. You can view your account, add funds to your account, and manage auto-recharge settings.
- **Upgrade Office 365 trial subscription** - Customers with Office 365 can upgrade their subscription and automatically re-assign their user licenses over to a new target subscription. For example, you could upgrade your Office 365 Business to Office 365 Business Premium. 
+- **Upgrade Microsoft 365 trial subscription** - Customers with Office 365 can upgrade their subscription and automatically re-assign their user licenses over to a new target subscription. For example, you could upgrade your Office 365 for business subscription to a Microsoft 365 for business subscription.
 ## January and February 2018
 - **One place for apps, software, and subscriptions** - The new **Products &amp; services** page in Microsoft Store for Business and Education gives customers a single place to manage all products and services.
@ -61,7 +61,7 @@ Looking for info on the latest release? Check out [What's new in Microsoft Store
 - **Export list of Minecraft: Education Edition users** - Admins and teachers can now export a list of users who have Minecraft: Education Edition licenses assigned to them. Click **Export users**, and Store for Education creates an Excel spreadsheet for you, and saves it as a .csv file.
 ## October 2017
- Bug fixes and performance improvements.  
+- Bug fixes and performance improvements.
 ## September 2017
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@ -39,7 +39,7 @@ Before you deploy Office with App-V, review the following requirements.
 |---|---|
 |Packaging|All Office applications you wish to deploy to users must be in a single package.<br>In App-V and later, you must use the Office Deployment Tool to create packages. The Sequencer doesn't support package creation.<br>If you're deploying Microsoft Visio 2013 and Microsoft Project 2013 along with Office, you must include them in the same package with Office. For more information, see [Deploying Visio 2013 and Project 2013 with Office](#deploying-visio-2013-and-project-2013-with-office).|
 |Publishing|You can only publish one Office package per client computer.<br>You must publish the Office package globally, not to the user.|
-|Deploying Office 365 ProPlus, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer using Remote Desktop Services.|You must enable [shared computer activation](https://docs.microsoft.com/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus).<br>You don’t need to use shared computer activation if you’re deploying a volume licensed product, such as Office Professional Plus 2013, Visio Professional 2013, or Project Professional 2013.|
+|Deploying Microsoft 365 Apps for enterprise, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer using Remote Desktop Services.|You must enable [shared computer activation](https://docs.microsoft.com/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus).<br>You don’t need to use shared computer activation if you’re deploying a volume licensed product, such as Office Professional Plus 2013, Visio Professional 2013, or Project Professional 2013.|
 ### Excluding Office applications from a package
@ -285,7 +285,7 @@ Use the steps in this section to enable Office plug-ins with your Office package
 #### To enable plug-ins for Office App-V packages
 1. Add a Connection Group through App-V Server, Microsoft Endpoint Configuration Manager, or a Windows PowerShell cmdlet.
-2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It's a good idea to use Office 365 ProPlus (non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
+2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It's a good idea to use Microsoft 365 Apps for enterprise (non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
 3. Create an App-V package that includes the desired plug-ins.
 4. Add a Connection Group through App-V Server, Configuration Manager, or a Windows PowerShell cmdlet.
 5. Add the Office 2013 App-V package and the plug-ins package you sequenced to the Connection Group you created.
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@ -39,7 +39,7 @@ Before you deploy Office with App-V, review the following requirements.
 |-----------|-------------------|
 | Packaging.  | All Office applications that you deploy to users must be in a single package.<br>In App-V 5.0 and later, you must use the Office Deployment Tool to create packages. The Sequencer doesn't support package creation.<br>If you're deploying Microsoft Visio 2016 and Microsoft Project 2016 at the same time as Office, you must put them all in the same package. For more information, see [Deploying Visio 2016 and Project 2016 with Office](#deploying-visio-2016-and-project-2016-with-office). |
 | Publishing.   | You can only publish one Office package per client computer.<br>You must publish the Office package globally, not to the user. |
-| Deploying Office 365 ProPlus, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer with Remote Desktop Services. | You must enable [shared computer activation](https://docs.microsoft.com/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus). |
+| Deploying Microsoft 365 Apps for enterprise, Visio Pro for Office 365, or Project Pro for Office 365 to a shared computer with Remote Desktop Services. | You must enable [shared computer activation](https://docs.microsoft.com/DeployOffice/overview-of-shared-computer-activation-for-office-365-proplus). |
 ### Excluding Office applications from a package
@ -124,7 +124,7 @@ The XML file included in the Office Deployment Tool specifies the product detail
      | Language element     | Specifies which language the applications support.    | `Language ID="en-us"`   |
      | Version (attribute of **Add** element) | Optional. Specifies which build the package will use.<br>Defaults to latest advertised build (as defined in v32.CAB at the Office source).   | `16.1.2.3`    |
      | SourcePath (attribute of **Add** element)   | Specifies the location the applications will be saved to.    | `Sourcepath = "\\Server\Office2016"`     |
-      | Channel (part of **Add** element)       | Optional. Defines which channel will be used to update Office after installation.<br>The default is **Deferred** for Office 365 ProPlus and **Current** for Visio Pro for Office 365 and Project Desktop Client. <br>For more information about update channels, see [Overview of update channels for Office 365 ProPlus](https://docs.microsoft.com/DeployOffice/overview-of-update-channels-for-office-365-proplus). | `Channel="Current"`<br>`Channel="Deferred"`<br>`Channel="FirstReleaseDeferred"`<br>`Channel="FirstReleaseCurrent"`  |
+      | Channel (part of **Add** element)       | Optional. Defines which channel will be used to update Office after installation.<br>The default is **Deferred** for Microsoft 365 Apps for enterprise and **Current** for Visio Pro for Office 365 and Project Desktop Client. <br>For more information about update channels, see [Overview of update channels for Microsoft 365 Apps for enterprise](https://docs.microsoft.com/DeployOffice/overview-of-update-channels-for-office-365-proplus). | `Channel="Current"`<br>`Channel="Deferred"`<br>`Channel="FirstReleaseDeferred"`<br>`Channel="FirstReleaseCurrent"`  |
 After editing the **configuration.xml** file to specify the desired product, languages, and the location where the Office 2016 applications will be saved to, you can save the configuration file under a name of your choice, such as "Customconfig.xml."
 2. **Download the applications into the specified location:** Use an elevated command prompt and a 64-bit operating system to download the Office 2016 applications that will later be converted into an App-V package. The following is an example command:
@ -152,7 +152,7 @@ After you download the Office 2016 applications through the Office Deployment To
    The following table summarizes the values you need to enter in the **Customconfig.xml** file. The steps in the sections that follow the table will specify the exact entries you need to make.
 >[!NOTE]
->You can use the Office Deployment Tool to create App-V packages for Office 365 ProPlus. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
+>You can use the Office Deployment Tool to create App-V packages for Microsoft 365 Apps for enterprise. Creating packages for the volume-licensed versions of Office Professional Plus or Office Standard is not supported.
 | Product ID  | Subscription licensing  |
 |---|---|
@ -268,7 +268,7 @@ The following steps will tell you how to enable Office plug-ins with your Office
 #### Enable plug-ins for Office App-V packages
 1. Add a Connection Group through App-V Server, Microsoft Endpoint Configuration Manager, or a Windows PowerShell cmdlet.
-2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer that will be used to sequence the plug-in. We recommend that you use Office 365 ProPlus (non-virtual) on the sequencing computer when sequencing Office 2016 plug-ins.
+2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer that will be used to sequence the plug-in. We recommend that you use Microsoft 365 Apps for enterprise (non-virtual) on the sequencing computer when sequencing Office 2016 plug-ins.
 3. Create an App-V package that includes the plug-ins you want.
 4. Add a Connection Group through the App-V Server, Configuration Manager, or a Windows PowerShell cmdlet.
 5. Add the Office 2016 App-V package and the plug-ins package you sequenced to the Connection Group you created.
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@ -30,7 +30,7 @@ You can use the App-V Sequencer to create plug-in packages for language packs, l
 For a list of supported Office products, see [Microsoft Office Product IDs that App-V supports](https://support.microsoft.com/help/2842297/product-ids-that-are-supported-by-the-office-deployment-tool-for-click).
 >[!NOTE]
->You must use the Office Deployment Tool instead of the App-V Sequencer to create App-V packages for Office 365 ProPlus. App-V does not support package creation for volume-licensed versions of Office Professional Plus or Office Standard. Support for the [Office 2013 version of Office 365 ended in February 2017](https://support.microsoft.com/kb/3199744).
+>You must use the Office Deployment Tool instead of the App-V Sequencer to create App-V packages for Microsoft 365 Apps for enterprise. App-V does not support package creation for volume-licensed versions of Office Professional Plus or Office Standard. Support for the [Office 2013 version of Office 365 ended in February 2017](https://support.microsoft.com/kb/3199744).
 ## Using App-V with coexisting versions of Office
--- a/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md
+++ b/windows/client-management/join-windows-10-mobile-to-azure-active-directory.md
@ -31,7 +31,7 @@ When a device running Windows 10 Mobile is joined to Azure AD, the device can e
 -   Single sign-on (SSO) in applications like Mail, Word, and OneDrive using resources backed by Azure AD.
-   SSO in Microsoft Edge browser to Azure AD-connected web applications like Office 365 Portal, Visual Studio, and more than [2500 non-Microsoft apps](https://go.microsoft.com/fwlink/p/?LinkID=746211).
+-   SSO in Microsoft Edge browser to Azure AD-connected web applications like Microsoft 365 admin center, Visual Studio, and more than [2500 non-Microsoft apps](https://go.microsoft.com/fwlink/p/?LinkID=746211).
 -   SSO to resources on-premises.
@ -177,7 +177,7 @@ The OneDrive application also uses SSO, showing you all your documents and enabl
 ![onedrive](images/aadjonedrive.jpg)
-In addition to application SSO, Azure AD joined devices also get SSO for browser applications which trust Azure AD, such as web applications, Visual Studio, Office 365 portal, and OneDrive for Business.
+In addition to application SSO, Azure AD joined devices also get SSO for browser applications which trust Azure AD, such as web applications, Visual Studio, Microsoft 365 admin center, and OneDrive for Business.
 ![browser apps](images/aadjbrowser.jpg)
--- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
+++ b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
@ -45,7 +45,7 @@ Here's a step-by-step guide to adding an Azure Active Directory tenant, adding a
   ![login to office 365](images/azure-ad-add-tenant5.png)
-7. In the Office 365 portal, select **Purchase Services** from the left nagivation.
+7. In the Microsoft 365 admin center, select **Purchase Services** from the left nagivation.
   ![purchase service option in admin center menu](images/azure-ad-add-tenant6.png)
@ -67,7 +67,7 @@ Here's a step-by-step guide to adding an Azure Active Directory tenant, adding a
 If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, you have a free subscription to Azure AD. Here's a step-by-step guide to register your free Azure AD subscription using an Office 365 Premium Business subscription.
-1.  Sign in to the Office 365 portal at <https://portal.office.com> using your organization's account.
+1.  Sign in to the Microsoft 365 admin center at <https://portal.office.com> using your organization's account.
    ![register azuread](images/azure-ad-add-tenant10.png)
--- a/windows/client-management/mdm/get-seats.md
+++ b/windows/client-management/mdm/get-seats.md
@ -1,6 +1,6 @@
 ---
 title: Get seats
-description: The Get seats operation retrieves the information about active seats in the Micosoft Store for Business.
+description: The Get seats operation retrieves the information about active seats in the Micorsoft Store for Business.
 ms.assetid: 32945788-47AC-4259-B616-F359D48F4F2F
 ms.reviewer: 
 manager: dansimp
@ -14,7 +14,7 @@ ms.date: 09/18/2017
 # Get seats
-The **Get seats** operation retrieves the information about active seats in the Micosoft Store for Business.
+The **Get seats** operation retrieves the information about active seats in the Microsoft Store for Business.
 ## Request
--- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md
+++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
@ -151,13 +151,13 @@ We have updated Skype for Business to work with MAM. The following table explain
 <td>March 9 2017</td>
 <td><p>Visio Pro for Office 365</p>
 <p>Project Desktop Client</p>
-<p>Office 365 Business (the version of Office that comes with some Office 365 plans, such as Business Premium.)</p></td>
+<p>Microsoft 365 Apps for business (the version of Office that comes with some Microsoft 365 plans, such as Business Premium.)</p></td>
 </tr>
 <tr>
 <td><a href="https://technet.microsoft.com/library/mt455210.aspx#BKMK_CBB" data-raw-source="[Deferred channel](https://technet.microsoft.com/library/mt455210.aspx#BKMK_CBB)">Deferred channel</a></td>
 <td>Provide users with new features of Office only a few times a year.</td>
 <td>October 10 2017</td>
-<td>Office 365 ProPlus</td>
+<td>Microsoft 365 Apps for enterprise</td>
 </tr><tr>
 <td><a href="https://technet.microsoft.com/library/mt455210.aspx#BKMK_FRCBB" data-raw-source="[First release for deferred channel](https://technet.microsoft.com/library/mt455210.aspx#BKMK_FRCBB)">First release for Deferred channel</a></td>
 <td>Provide pilot users and application compatibility testers the opportunity to test the next Deferred Channel. </td>
--- a/windows/client-management/mdm/office-csp.md
+++ b/windows/client-management/mdm/office-csp.md
@ -65,7 +65,7 @@ The only supported operation is Get.
 ## Examples
-Sample SyncML to install Office 365 Business Retail from current channel.
+Sample SyncML to install Microsoft 365 Apps for business Retail from current channel.
 ```xml
 <SyncML xmlns="SYNCML:SYNCML1.2">
--- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
+++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
@ -21,7 +21,7 @@ If you have paid subscriptions to Office 365, Microsoft Dynamics CRM Online, Ent
 ## Register your free Azure Active Directory subscription
-1.  Sign in to the Office 365 portal at <https://portal.office.com> using your organization's account.
+1.  Sign in to the Microsoft 365 admin center at <https://portal.office.com> using your organization's account.
    ![register azuread](images/azure-ad-add-tenant10.png)
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@ -27,7 +27,7 @@ In Windows 10, version 1703, you can install multiple Universal Windows Platform
 When you add an app in a Windows Configuration Designer wizard, the appropriate settings are displayed based on the app that you select. For instructions on adding an app using the advanced editor in Windows Configuration Designer, see [Add an app using advanced editor](#adv).
 >[!IMPORTANT]
->If you plan to use Intune to manage your devices, we recommend using Intune to install Office 365 ProPlus 2016 apps (Access, Excel, OneDrive for Business, OneNote, Outlook, PowerPoint, Publisher, Skype for Business, Word, Project Desktop Client, and Visio Pro for Office 365 ProPlus). Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to assign Office 365 ProPlus 2016 apps using Microsoft Intune.](https://docs.microsoft.com/intune/apps-add-office365)
+>If you plan to use Intune to manage your devices, we recommend using Intune to install Microsoft 365 Apps for enterprise 2016 apps (Access, Excel, OneDrive for Business, OneNote, Outlook, PowerPoint, Publisher, Skype for Business, Word, Project Desktop Client, and Visio Pro for Microsoft 365 Apps for enterprise). Apps that are installed using a provisioning package cannot be managed or modified using Intune. [Learn how to assign Microsoft 365 Apps for enterprise 2016 apps using Microsoft Intune.](https://docs.microsoft.com/intune/apps-add-office365)
 ## Settings for UWP apps
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@ -36,7 +36,7 @@ New [Windows Autopilot](#windows-autopilot) content is available.<br>
 ## The Modern Desktop Deployment Center
-The [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) has launched with tons of content to help you with large-scale deployment of Windows 10 and Office 365 ProPlus.
+The [Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) has launched with tons of content to help you with large-scale deployment of Windows 10 and Microsoft 365 Apps for enterprise.
 ## Microsoft 365
@ -49,7 +49,7 @@ See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, whic
 ## Windows 10 servicing and support
- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Office 365 ProPlus updates, and Intune content, with Microsoft Endpoint Configuration Manager content coming soon! 
+- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Microsoft 365 Apps for enterprise updates, and Intune content, with Microsoft Endpoint Configuration Manager content coming soon! 
 - [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically logon as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.  
 - [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. 
 - **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
@ -58,7 +58,7 @@ See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, whic
 - **Intelligent active hours**: To further enhance active hours, users will now have the option to let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
 - **Improved update orchestration to improve system responsiveness**: This feature will improve system performance by intelligently coordinating Windows updates and Microsoft Store updates, so they occur when users are away from their devices to minimize disruptions.
-Microsoft previously announced that we are [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. This includes all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Office 365 ProPlus will continue to be supported for 18 months (there is no change for these editions).  These support policies are summarized in the table below.
+Microsoft previously announced that we are [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. This includes all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Microsoft 365 Apps for enterprise will continue to be supported for 18 months (there is no change for these editions).  These support policies are summarized in the table below.
 ![Support lifecycle](images/support-cycle.png)
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@ -160,10 +160,10 @@ Download all three items in this list to the D:\\Downloads folder on MDT01.
 ### Create configuration file: Microsoft Office 365 Professional Plus x64
 1. After downloading the most current version of the Office Deployment tool from the Microsoft Download Center using the link provided above, run the self-extracting executable file and extract the files to **D:\\Downloads\\Office365**.  The Office Deployment Tool (setup.exe) and several sample configuration.xml files will be extracted.
-2. Using a text editor (such as Notepad), create an XML file in the D:\\Downloads\\Office365 directory with the installation settings for Office 365 ProPlus that are appropriate for your organization. The file uses an XML format, so the file you create must have an extension of .xml but the file can have any filename.
+2. Using a text editor (such as Notepad), create an XML file in the D:\\Downloads\\Office365 directory with the installation settings for Microsoft 365 Apps for enterprise that are appropriate for your organization. The file uses an XML format, so the file you create must have an extension of .xml but the file can have any filename.
    For example, you can use the following configuration.xml file, which provides these configuration settings:
-      - Install the 64-bit version of Office 365 ProPlus in English directly from the Office Content Delivery Network (CDN) on the internet. Note: 64-bit is now the default and recommended edition. 
+      - Install the 64-bit version of Microsoft 365 Apps for enterprise in English directly from the Office Content Delivery Network (CDN) on the internet. Note: 64-bit is now the default and recommended edition. 
      - Use the Semi-Annual Channel and get updates directly from the Office CDN on the internet. 
      - Perform a silent installation. You won’t see anything that shows the progress of the installation and you won’t see any error messages.
@ -179,7 +179,7 @@ Download all three items in this list to the D:\\Downloads folder on MDT01.
     </Configuration>
     ```
-     By using these settings, any time you build the reference image you’ll be installing the most up-to-date Semi-Annual Channel version of Office 365 ProPlus.
+     By using these settings, any time you build the reference image you’ll be installing the most up-to-date Semi-Annual Channel version of Microsoft 365 Apps for enterprise.
 >[!TIP]
 >You can also use the web-based interface of the [Office Customization Tool](https://config.office.com/) to help you create your configuration.xml file.
@ -190,16 +190,16 @@ Download all three items in this list to the D:\\Downloads folder on MDT01.
    ![folder](../images/office-folder.png)
-  Assuming you have named the file "configuration.xml" as shown above, we will use the command "**setup.exe /configure configuration.xml**" when we create the application in MDT. This will perform the installation of Office 365 ProPlus using the configuration settings in the configuration.xml file. Do not perform this step yet.
+  Assuming you have named the file "configuration.xml" as shown above, we will use the command "**setup.exe /configure configuration.xml**" when we create the application in MDT. This will perform the installation of Microsoft 365 Apps for enterprise using the configuration settings in the configuration.xml file. Do not perform this step yet.
 >[!IMPORTANT]
- >After Office 365 ProPlus is installed on the reference image, do NOT open any Office programs. if you open an Office program, you are prompted to sign-in, which activates the installation of Office 365 ProPlus. Even if you don't sign in and you close the Sign in to set up Office dialog box, a temporary product key is installed. You don't want any kind of product key for Office 365 ProPlus installed as part of your reference image.
+ >After Microsoft 365 Apps for enterprise is installed on the reference image, do NOT open any Office programs. if you open an Office program, you are prompted to sign-in, which activates the installation of Microsoft 365 Apps for enterprise. Even if you don't sign in and you close the Sign in to set up Office dialog box, a temporary product key is installed. You don't want any kind of product key for Microsoft 365 Apps for enterprise installed as part of your reference image.
 Additional information
- Office 365 ProPlus is usually updated on a monthly basis with security updates and other quality updates (bug fixes), and possibly new features (depending on which update channel you’re using). That means that once you’ve deployed your reference image, Office 365 ProPlus will most likely need to download and install the latest updates that have been released since you created your reference image.
+- Microsoft 365 Apps for enterprise is usually updated on a monthly basis with security updates and other quality updates (bug fixes), and possibly new features (depending on which update channel you’re using). That means that once you’ve deployed your reference image, Microsoft 365 Apps for enterprise will most likely need to download and install the latest updates that have been released since you created your reference image.
- **Note**: By using installing Office Deployment Tool as part of the reference image, Office 365 ProPlus is installed immediately after the reference image is deployed to the user’s device, rather than including Office apps part of the reference image. This way the user will have the most up-to-date version of Office 365 ProPlus right away and won’t have to download any new updates (which is most likely what would happen if Office 365 ProPlus was installed as part of the reference image.)
+- **Note**: By using installing Office Deployment Tool as part of the reference image, Microsoft 365 Apps for enterprise is installed immediately after the reference image is deployed to the user’s device, rather than including Office apps part of the reference image. This way the user will have the most up-to-date version of Microsoft 365 Apps for enterprise right away and won’t have to download any new updates (which is most likely what would happen if Microsoft 365 Apps for enterprise was installed as part of the reference image.)
- - When you are creating your reference image, instead of installing Office 365 ProPlus directly from the Office CDN on the internet, you can install Office 365 ProPlus from a location on your local network, such as a file share. To do that, you would use the Office Deployment Tool in /download mode to download the installation files to that file share. Then you could use the Office Deployment Tool in /configure mode to install Office 365 ProPlus from that location on to your reference image. As part of that, you’ll need to point to that location in your configuration.xml file so that the Office Deployment Tool knows where to get the Office 365 ProPlus files. If you decide to do this, the next time you create a new reference image, you’ll want to be sure to use the Office Deployment Tool to download the most up-to-date installation files for Office 365 ProPlus to that location on your internal network. That way your new reference image will have a more up-to-date installation of Office 365 ProPlus.
+ - When you are creating your reference image, instead of installing Microsoft 365 Apps for enterprise directly from the Office CDN on the internet, you can install Microsoft 365 Apps for enterprise from a location on your local network, such as a file share. To do that, you would use the Office Deployment Tool in /download mode to download the installation files to that file share. Then you could use the Office Deployment Tool in /configure mode to install Microsoft 365 Apps for enterprise from that location on to your reference image. As part of that, you’ll need to point to that location in your configuration.xml file so that the Office Deployment Tool knows where to get the Microsoft 365 Apps for enterprise files. If you decide to do this, the next time you create a new reference image, you’ll want to be sure to use the Office Deployment Tool to download the most up-to-date installation files for Microsoft 365 Apps for enterprise to that location on your internal network. That way your new reference image will have a more up-to-date installation of Microsoft 365 Apps for enterprise.
 ### Connect to the deployment share using Windows PowerShell
@ -353,7 +353,7 @@ On **MDT01**:
    6. **State Restore > Custom Tasks (Pre-Windows Update)**: After the **Install - Microsoft NET Framework 3.5.1** action, add a new **Install Application** action (selected from the **General** group) with the following settings:
        1. Name: Microsoft Visual C++ Redistributable 2019 - x86
        2. Install a Single Application: browse to **Install - MSVC 2019 - x86**
-    7.  Repeat these steps (add a new **Install Application**) to add Microsoft Visual C++ Redistributable 2019 - x64 and Office 365 ProPlus as well.
+    7.  Repeat these steps (add a new **Install Application**) to add Microsoft Visual C++ Redistributable 2019 - x64 and Microsoft 365 Apps for enterprise as well.
 3. Click **OK**.
 ![apps](../images/mdt-apps.png) 
--- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
+++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
@ -31,15 +31,15 @@ To configure your environment for BitLocker, you will need to do the following:
 4. Configure the rules (CustomSettings.ini) for BitLocker.
 > [!NOTE]
-> Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery password in Active Directory. For additional information about this feature, see [Backing Up BitLocker and TPM Recovery Information to AD DS](https://docs.microsoft.com/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds).  
+> Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery password in Active Directory. For additional information about this feature, see [Backing Up BitLocker and TPM Recovery Information to AD DS](https://docs.microsoft.com/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds).
 If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
 > [!NOTE]
-> Backing up TMP to Active Directory was supported only on Windows 10 version 1507 and 1511.
+> Backing up TPM to Active Directory was supported only on Windows 10 version 1507 and 1511.
 >[!NOTE]
->Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For additional information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](https://go.microsoft.com/fwlink/p/?LinkId=619548). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
+>Even though it is not a BitLocker requirement, we recommend configuring BitLocker to store the recovery key and TPM owner information in Active Directory. For additional information about these features, see [Backing Up BitLocker and TPM Recovery Information to AD DS](https://docs.microsoft.com/previous-versions/windows/it-pro/windows-7/dd875529(v=ws.10)). If you have access to Microsoft BitLocker Administration and Monitoring (MBAM), which is part of Microsoft Desktop Optimization Pack (MDOP), you have additional management features for BitLocker.
- 
+
 For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, please see [Deploy Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-10-with-the-microsoft-deployment-toolkit.md).
 ## Configure Active Directory for BitLocker
@ -95,7 +95,7 @@ Following these steps, you enable the backup of BitLocker and TPM recovery infor
 ### Set permissions in Active Directory for BitLocker
-In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the [Add-TPMSelfWriteACE.vbs script](https://go.microsoft.com/fwlink/p/?LinkId=167133) from Microsoft to C:\\Setup\\Scripts on DC01.
+In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the [Add-TPMSelfWriteACE.vbs script](https://gallery.technet.microsoft.com/ScriptCenter/b4dee016-053e-4aa3-a278-3cebf70d1191) from Microsoft to C:\\Setup\\Scripts on DC01.
 1. On DC01, start an elevated PowerShell prompt (run as Administrator).
 2. Configure the permissions by running the following command:
--- a/windows/deployment/index.yml
+++ b/windows/deployment/index.yml
@ -45,7 +45,7 @@ sections:
    text: "
      <br>
      <table border='0'>
-      <tr><td>[Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) </td><td>Check out the new Modern Deskop Deployment Center and discover content to help you with your Windows 10 and Office 365 ProPlus deployments.</td>
+      <tr><td>[Modern Desktop Deployment Center](https://docs.microsoft.com/microsoft-365/enterprise/desktop-deployment-center-home) </td><td>Check out the new Modern Deskop Deployment Center and discover content to help you with your Windows 10 and Microsoft 365 Apps for enterprise deployments.</td>
      <tr><td>[What's new in Windows 10 deployment](deploy-whats-new.md) </td><td>See this topic for a summary of new features and some recent changes related to deploying Windows 10 in your organization. </td>
      <tr><td>[Windows 10 deployment scenarios](windows-10-deployment-scenarios.md) </td><td>To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the key capabilities and limitations of each, is a key task. </td>
      <tr><td>[Windows Autopilot](windows-autopilot/windows-autopilot.md) </td><td>Windows Autopilot enables an IT department to pre-configure new devices and repurpose existing devices with a simple process that requires little to no infrastructure.</td>
--- a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
+++ b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
@ -74,7 +74,7 @@ Because Windows To Go requires no additional software and minimal configuration,
 Windows To Go uses volume activation. You can use either Active Directory-based activation or KMS activation with Windows To Go. The Windows To Go workspace counts as another installation when assessing compliance with application licensing agreements.
-Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Please note, due to the retail subscription activation method associated with Office 365 ProPlus, Office 365 ProPlus subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This is available to organizations who purchase Office 365 ProPlus or Office 365 Enterprise SKUs containing Office 365 ProPlus via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](https://go.microsoft.com/fwlink/p/?LinkId=618922).
+Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Please note, due to the retail subscription activation method associated with Microsoft 365 Apps for enterprise, Microsoft 365 Apps for enterprise subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This is available to organizations who purchase Microsoft 365 Apps for enterprise or Office 365 Enterprise SKUs containing Microsoft 365 Apps for enterprise via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](https://go.microsoft.com/fwlink/p/?LinkId=618922).
 You should investigate other software manufacturer’s licensing requirements to ensure they are compatible with roaming usage before deploying them to a Windows To Go workspace.
--- a/windows/deployment/update/update-compliance-monitor.md
+++ b/windows/deployment/update/update-compliance-monitor.md
@ -18,9 +18,9 @@ ms.topic: article
 # Monitor Windows Updates with Update Compliance
 > [!IMPORTANT]
-> While [Windows Analytics was retired on January 31, 2020](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), support for Update Compliance has continued through the Azure Portal. A few retirements are planned, noted below, but are placed on hold until the current situation stabilizes. 
+> While [Windows Analytics was retired on January 31, 2020](https://docs.microsoft.com/windows/deployment/update/update-compliance-monitor), support for Update Compliance has continued through the Azure Portal. A few retirements are planned, noted below, but are placed **on hold** until the current situation stabilizes. 
-> * As of March 31, 2020, The Windows Defender Antivirus reporting feature of Update Compliance is no longer supported and will soon be retired. You can continue to review malware definition status and manage and monitor malware attacks with Microsoft Endpoint Manager's [Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune). Configuration Manager customers can monitor Endpoint Protection with [Endpoint Protection in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection).
+> * The Windows Defender Antivirus reporting feature of Update Compliance will soon be retired. You can continue to review malware definition status and manage and monitor malware attacks with Microsoft Endpoint Manager's [Endpoint Protection for Microsoft Intune](https://docs.microsoft.com/mem/intune/fundamentals/help-secure-windows-pcs-with-endpoint-protection-for-microsoft-intune). Configuration Manager customers can monitor Endpoint Protection with [Endpoint Protection in Configuration Manager](https://docs.microsoft.com/configmgr/protect/deploy-use/monitor-endpoint-protection).
-> * As of March 31, 2020, The Perspectives feature of Update Compliance is no longer supported and will soon be retired in favor of a better experience. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance.
+> * As of March 31, 2020, The Perspectives feature of Update Compliance will soon be retired in favor of a better experience. The Perspectives feature is part of the Log Search portal of Log Analytics, which was deprecated on February 15, 2019 in favor of [Azure Monitor Logs](https://docs.microsoft.com/azure/azure-monitor/log-query/log-search-transition). Your Update Compliance solution will be automatically upgraded to Azure Monitor Logs, and the data available in Perspectives will be migrated to a set of queries in the [Needs Attention section](update-compliance-need-attention.md) of Update Compliance.
 ## Introduction
--- a/windows/deployment/update/windows-as-a-service.md
+++ b/windows/deployment/update/windows-as-a-service.md
@ -125,7 +125,7 @@ Looking to learn more? These informative session replays from Microsoft Ignite 2
 [BRK3027: Deploying Windows 10: Making the update experience smooth and seamless](https://myignite.techcommunity.microsoft.com/sessions/64612#ignite-html-anchor)
-[BRK3039: Windows 10 and Microsoft Office 365 ProPlus lifecycle and servicing update](https://myignite.techcommunity.microsoft.com/sessions/66763#ignite-html-anchor)
+[BRK3039: Windows 10 and Microsoft Microsoft 365 Apps for enterprise lifecycle and servicing update](https://myignite.techcommunity.microsoft.com/sessions/66763#ignite-html-anchor)
 [BRK3211: Ask the Experts: Successfully deploying, servicing, managing Windows 10](https://myignite.techcommunity.microsoft.com/sessions/65963#ignite-html-anchor)
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@ -79,6 +79,9 @@ The following figure illustrates how deploying Windows 10 has evolved with each
 ### Windows 10 Enterprise requirements
 > [!NOTE]
 > The following requirements do not apply to general Windows 10 activation on Azure. Azure activation requires a connection to Azure KMS only, and supports workgroup, Hybrid, and Azure AD-joined VMs. In most scenarios, activation of Azure VMs happens automatically. For more information, see [Understanding Azure KMS endpoints for Windows product activation of Azure Virtual Machines](https://docs.microsoft.com/azure/virtual-machines/troubleshooting/troubleshoot-activation-problems#understanding-azure-kms-endpoints-for-windows-product-activation-of-azure-virtual-machines).
 For Microsoft customers with Enterprise Agreements (EA) or Microsoft Products & Services Agreements (MPSA), you must have the following: 
 - Windows 10 (Pro or Enterprise) version 1703 or later installed on the devices to be upgraded.
@ -191,6 +194,8 @@ When you have the required Azure AD subscription, group-based licensing is the p
 If you are running Windows 10, version 1803 or later, Subscription Activation will automatically pull the firmware-embedded Windows 10 activation key and activate the underlying Pro License. The license will then step-up to Windows 10 Enterprise using Subscription Activation. This automatically migrates your devices from KMS or MAK activated Enterprise to Subscription activated Enterprise. 
 Caution: Firmware-embedded Windows 10 activation happens automatically only when we go through OOBE(Out Of Box Experience)
 If you are using Windows 10, version 1607, 1703, or 1709 and have already deployed Windows 10 Enterprise, but you want to move away from depending on KMS servers and MAK keys for Windows client machines, you can seamlessly transition as long as the computer has been activated with a firmware-embedded Windows 10 Pro product key.
 If the computer has never been activated with a Pro key, run the following script. Copy the text below into a .cmd file and run the file from an elevated command prompt:
--- a/windows/deployment/windows-autopilot/autopilot-device-guidelines.md
+++ b/windows/deployment/windows-autopilot/autopilot-device-guidelines.md
@ -37,7 +37,7 @@ The following additional best practices ensure that devices can easily be provis
 ## Software best practice guidelines for Windows Autopilot
 - The Windows Autopilot device should be preinstalled with only a Windows 10 base image plus drivers.
- You can preinstall your licensed version of Office, such as [Office 365 ProPlus](https://docs.microsoft.com/deployoffice/about-office-365-proplus-in-the-enterprise).
+- You can preinstall your licensed version of Office, such as [Microsoft 365 Apps for enterprise](https://docs.microsoft.com/deployoffice/about-office-365-proplus-in-the-enterprise).
 - Unless explicitly requested by the customer, no other preinstalled software should be included.
  - Per OEM Policy, Windows 10 features, including built-in apps, should not be disabled or removed.
--- a/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
+++ b/windows/deployment/windows-autopilot/windows-autopilot-requirements.md
@ -78,7 +78,7 @@ If the WNS services are not available, the Autopilot process will still continue
 If the Microsoft Store is not accessible, the AutoPilot process will still continue without Microsoft Store apps.
-<tr><td><b>Office 365<b><td>As part of the Intune device configuration, installation of Office 365 ProPlus may be required. For more information, see <a href="https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2">Office 365 URLs and IP address ranges</a> (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above).
+<tr><td><b>Office 365<b><td>As part of the Intune device configuration, installation of Microsoft 365 Apps for enterprise may be required. For more information, see <a href="https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2">Office 365 URLs and IP address ranges</a> (includes all Office services, DNS names, IP addresses; includes Azure AD and other services that may overlap with those listed above).
 <tr><td><b>Certificate revocation lists (CRLs)<b><td>Some of these services will also need to check certificate revocation lists (CRLs) for certificates used in the services.  A full list of these is documented at <a href="https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2#bkmk_crl">Office 365 URLs and IP address ranges</a> and <a href="https://aka.ms/o365chains">Office 365 Certificate Chains</a>.
 <tr><td><b>Hybrid AAD join<b><td>The device can be hybrid AAD joined. The computer should be on corporate network for hybrid AAD join to work. See details at <a href="https://docs.microsoft.com/windows/deployment/windows-autopilot/user-driven-hybrid">Windows Autopilot user-driven mode</a>
 <tr><td><b>Autopilot Self-Deploying mode and Autopilot White Glove<b><td>Firmware TPM devices, which are only provided by Intel, AMD, or Qualcomm, do not include all needed certificates at boot time and must be able to retrieve them from the manufacturer on first use. Devices with discrete TPM chips (including devices from any other manufacturer) come with these certificates preinstalled. See <a href="https://docs.microsoft.com/windows/security/information-protection/tpm/tpm-recommendations">TPM recommendations</a> for more details. Make sure that these URLs are accessible for each firmware TPM provider so that certificates can be successfully requested: 
@ -106,7 +106,7 @@ To provide needed Azure Active Directory (automatic MDM enrollment and company b
 > Even when using Microsoft 365 subscriptions, you still need to [assign Intune licenses to the users](https://docs.microsoft.com/intune/fundamentals/licenses-assign).
 Additionally, the following are also recommended (but not required):
- [Office 365 ProPlus](https://www.microsoft.com/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services).
+- [Microsoft 365 Apps for enterprise](https://www.microsoft.com/p/office-365-proplus/CFQ7TTC0K8R0), which can be deployed easily via Intune (or other MDM services).
 - [Windows Subscription Activation](https://docs.microsoft.com/windows/deployment/windows-10-enterprise-subscription-activation), to automatically step up devices from Windows 10 Pro to Windows 10 Enterprise.
 ## Configuration requirements
--- a/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
+++ b/windows/privacy/configure-windows-diagnostic-data-in-your-organization.md
@ -201,7 +201,7 @@ IT pros can use various methods, including Group Policy and Mobile Device Manage
 Use the steps in this article to set and/or adjust the diagnostic data settings for Windows and Windows Server in your organization.
 > [!IMPORTANT]
-> These diagnostic data levels only apply to Windows and Windows Server components and apps that use the Connected User Experiences and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these diagnostic data levels. You should work with your app vendors to understand their diagnostic data policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses diagnostic data, see [Overview of privacy controls for Office 365 ProPlus](/deployoffice/privacy/overview-privacy-controls).
+> These diagnostic data levels only apply to Windows and Windows Server components and apps that use the Connected User Experiences and Telemetry component. Non-Windows components, such as Microsoft Office or other 3rd-party apps, may communicate with their cloud services outside of these diagnostic data levels. You should work with your app vendors to understand their diagnostic data policy, and how you can to opt in or opt out. For more information on how Microsoft Office uses diagnostic data, see [Overview of privacy controls for Microsoft 365 Apps for enterprise](/deployoffice/privacy/overview-privacy-controls).
 The lowest diagnostic data setting level supported through management policies is **Security**. The lowest diagnostic data setting supported through the Settings UI is **Basic**. The default diagnostic data setting for Windows Server is **Enhanced**.
--- a/windows/privacy/gdpr-win10-whitepaper.md
+++ b/windows/privacy/gdpr-win10-whitepaper.md
@ -296,7 +296,7 @@ Windows Information Protection helps people separate their work and personal dat
 For example, employees can’t send protected work files from a personal email account instead of their work account. They also can’t accidently post personal or sensitive data from a corporate site into a tweet. Windows Information Protection also helps ensure that they aren’t saving personal or sensitive data in a public cloud storage location. 
 #### Capabilities to classify, assign permissions and share data
-Windows Information Protection is designed to coexist with advanced data loss prevention (DLP) capabilities found in Office 365 ProPlus, Azure Information Protection, and Azure Rights Management. Advanced DLP prevents printing, for example, or protects work data that is emailed outside your company. 
+Windows Information Protection is designed to coexist with advanced data loss prevention (DLP) capabilities found in Microsoft 365 Apps for enterprise, Azure Information Protection, and Azure Rights Management. Advanced DLP prevents printing, for example, or protects work data that is emailed outside your company. 
 To continuously protect your data, regardless of where it is stored, with whom it is shared, or if the device is running iOS, Android or Windows, the classification and protection needs to be built into the file itself, so this protection can travel with the data wherever it goes. Microsoft Azure Information Protection (AIP) is designed to provide this persistent data protection both on-premises and in the cloud.
--- a/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
+++ b/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services.md
@ -10,7 +10,7 @@ ms.sitesec: library
 ms.localizationpriority: high
 audience: ITPro
 author: medgarmedgar
-ms.author: v-medgar
+ms.author: robsize
 manager: robsize
 ms.collection: M365-security-compliance
 ms.topic: article
@ -39,8 +39,8 @@ Microsoft provides a [Windows Restricted Traffic Limited Functionality Baseline]
 >[!Note]
 >Regarding the Windows Restricted Traffic Limited Functionality Baseline, the 1903 settings (folder) are applicable to 1909 Windows >Enterprise devices. There were no additional settings required for the 1909 release.
->[!Warning] 
+> [!Warning] 
->If a user executes the "Reset this PC" command (Settings -> Update & Security -> Recovery) with the "Keep my files" option (or the >"Remove Everything" option) the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied in order >re-restrict the device. Egress traffic may occur prior to the re-application of the Restricted Traffic Limited Functionality Baseline >settings.
+> If a user executes the **Reset this PC** command (Settings -> Update & Security -> Recovery) with the **Keep my files option** (or the **Remove Everything** option) the Windows Restricted Traffic Limited Functionality Baseline settings will need to be re-applied in order to re-restrict the device. Egress traffic may occur prior to the re-application of the Restricted Traffic Limited Functionality Baseline settings.
 To use Microsoft Intune cloud based device management for restricting traffic please refer to the [Manage connections from Windows 10 operating system components to Microsoft services using Microsoft Intune MDM Server](https://docs.microsoft.com/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services-using-mdm)
@ -1898,4 +1898,3 @@ For China releases of Windows 10 there is one additional Regkey to be set to pre
 To learn more, see [Device update management](https://msdn.microsoft.com/library/windows/hardware/dn957432.aspx) and [Configure Automatic Updates by using Group Policy](https://technet.microsoft.com/library/cc720539.aspx).
--- a/windows/privacy/manage-windows-1709-endpoints.md
+++ b/windows/privacy/manage-windows-1709-endpoints.md
@ -84,7 +84,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
 |----------------|----------|------------|
 |  |    | star-mini.c10r.facebook.com |
-The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office. 
+The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. 
 To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). 
 If you disable the Microsoft store, other Store apps cannot be installed or updated. 
 Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
@ -293,7 +293,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 ## Office
-The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
+The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
 You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
 If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
@ -304,7 +304,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen
 |   |    | *.e-msedge.net  |
 |   |    | *.s-msedge.net  |
-The following endpoint is used to connect to the Office 365 portal's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
+The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
 You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
 If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
--- a/windows/privacy/manage-windows-1803-endpoints.md
+++ b/windows/privacy/manage-windows-1803-endpoints.md
@ -85,7 +85,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
 |----------------|----------|------------|
 |  |    | star-mini.c10r.facebook.com |
-The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office. 
+The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. 
 To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). 
 If you disable the Microsoft store, other Store apps cannot be installed or updated. 
 Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
@ -297,7 +297,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 ## Office
-The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
+The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
 You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
 If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
@ -309,7 +309,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen
 |   |    | *.s-msedge.net  |
 |   | HTTPS | ocos-office365-s2s.msedge.net |
-The following endpoint is used to connect to the Office 365 portal's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
+The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
 You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
 If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
--- a/windows/privacy/manage-windows-1809-endpoints.md
+++ b/windows/privacy/manage-windows-1809-endpoints.md
@ -85,7 +85,7 @@ Additionally, the Microsoft Store won't be able to revoke malicious Store apps a
 |----------------|----------|------------|
 |  |    | star-mini.c10r.facebook.com |
-The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office. 
+The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. 
 To turn off traffic for this endpoint, either uninstall the Photos app or [disable the Microsoft Store](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore). 
 If you disable the Microsoft store, other Store apps cannot be installed or updated. 
 Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
@ -311,7 +311,7 @@ If you [turn off traffic for this endpoint](manage-connections-from-windows-oper
 ## Office
-The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
+The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
 You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
 If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
@ -325,7 +325,7 @@ If you turn off traffic for these endpoints, users won't be able to save documen
 |   | HTTPS | nexusrules.officeapps.live.com |
 |   | HTTPS | officeclient.microsoft.com |
-The following endpoint is used to connect to the Office 365 portal's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
+The following endpoint is used to connect to the Microsoft 365 admin center's shared infrastructure, including Office. For more info, see [Office 365 URLs and IP address ranges](https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2?ui=en-US&rs=en-US&ad=US#BKMK_Portal-identity). 
 You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps.
 If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.
--- a/windows/privacy/manage-windows-1903-endpoints.md
+++ b/windows/privacy/manage-windows-1903-endpoints.md
@ -57,7 +57,7 @@ The following methodology was used to derive these network endpoints:
 ||The following endpoint is used for OneNote Live Tile. To turn off traffic for this endpoint, either uninstall OneNote or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|cdn.onenote.net/livetile/?Language=en-US
 ||The following endpoint is used for Twitter updates. To turn off traffic for these endpoints, either uninstall Twitter or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|*.twimg.com*|
 ||The following endpoint is used for Candy Crush Saga updates. To turn off traffic for this endpoint, either uninstall Candy Crush Saga or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|TLS v1.2|candycrushsoda.king.com|
-||The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|evoke-windowsservices-tas.msedge.net|
+||The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office in a browser. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|evoke-windowsservices-tas.msedge.net|
 ||The following endpoint is used for by the Microsoft Wallet app. To turn off traffic for this endpoint, either uninstall the Wallet app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.|HTTPS|wallet.microsoft.com|
 ||The following endpoint is used by the Groove Music app for update HTTP handler status. If you turn off traffic for this endpoint, apps for websites won't work and customers who visit websites (such as mediaredirect.microsoft.com) that are registered with their associated app (such as Groove Music) will stay at the website and won't be able to directly launch the app.|HTTPS|mediaredirect.microsoft.com|
 ||The following endpoints are used when using the Whiteboard app. To turn off traffic for this endpoint disable the Microsoft Store.|HTTPS|int.whiteboard.microsoft.com|
@ -119,7 +119,7 @@ The following methodology was used to derive these network endpoints:
 |||HTTP |share.microsoft.com|
 |Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
 ||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
-|Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
+|Office|The following endpoints are used to connect to the Microsoft 365 admin center's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-windowsstore)|
 |||HTTP|*.c-msedge.net|
 |||HTTPS|*.e-msedge.net|
 |||HTTPS|*.s-msedge.net|
--- a/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1709-non-enterprise-editions.md
@ -65,7 +65,7 @@ We used the following methodology to derive these network endpoints:
 | candycrushsoda.king.com | TLSv1.2 | Used for Candy Crush Saga updates. |
 | cdn.content.prod.cms.msn.com | HTTP | Used to retrieve Windows Spotlight metadata. |
 | cdn.onenote.net | HTTP | Used for OneNote Live Tile. |
-| client-office365-tas.msedge.net | HTTP | Used to connect to the Office 365 portal’s shared infrastructure, including Office. |
+| client-office365-tas.msedge.net | HTTP | Used to connect to the Microsoft 365 admin center’s shared infrastructure, including Office. |
 | config.edge.skype.com | HTTP | Used to retrieve Skype configuration values. |
 | ctldl.windowsupdate.com | HTTP | Used to download certificates that are publicly known to be fraudulent. |
 | cy2.displaycatalog.md.mp.microsoft.com.akadns.net | TLSv1.2 | Used to communicate with Microsoft Store. |
@ -157,7 +157,7 @@ We used the following methodology to derive these network endpoints:
 | candycrushsoda.king.com | HTTPS | Used for Candy Crush Saga updates. |
 | cdn.content.prod.cms.msn.com | HTTP | Used to retrieve Windows Spotlight metadata. |
 | cdn.onenote.net | HTTPS | Used for OneNote Live Tile. |
-| client-office365-tas.msedge.net | HTTPS | Used to connect to the Office 365 portal’s shared infrastructure, including Office. |
+| client-office365-tas.msedge.net | HTTPS | Used to connect to the Microsoft 365 admin center’s shared infrastructure, including Office. |
 | config.edge.skype.com | HTTPS | Used to retrieve Skype configuration values. |
 | ctldl.windowsupdate.com | HTTP | Used to download certificates that are publicly known to be fraudulent. |
 | cs12.<span class="anchor" id="_Hlk500262422"></span>wpc.v0cdn.net | HTTP | Used by the Verizon Content Delivery Network to download content for Windows upgrades with Wireless Planning and Coordination (WPC). |
@ -167,7 +167,7 @@ We used the following methodology to derive these network endpoints:
 | definitionupdates.microsoft.com | HTTPS | Used for Windows Defender definition updates. |
 | displaycatalog.mp.microsoft.com | HTTPS | Used to communicate with Microsoft Store. |
 | download.windowsupdate.com | HTTP | Enables connections to Windows Update. |
-| evoke-windowsservices-tas.msedge.net | HTTPS | Used by the Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office. |
+| evoke-windowsservices-tas.msedge.net | HTTPS | Used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center’s shared infrastructure, including Office. |
 | fe2.update.microsoft.com | HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
 | fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
 | fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2\/HTTPS | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
@ -255,7 +255,7 @@ We used the following methodology to derive these network endpoints:
 | cy2.vortex.data.microsoft.com.akadns.net | TLSv1.2 | Used to retrieve Windows Insider Preview builds. |
 | dl.delivery.mp.microsoft.com | HTTPS | Enables connections to Windows Update. |
 | download.windowsupdate.com | HTTP | Enables connections to Windows Update. |
-| evoke-windowsservices-tas.msedge.net/ab | HTTPS | Used by the Photos app to download configuration files, and to connect to the Office 365 portal’s shared infrastructure, including Office. |
+| evoke-windowsservices-tas.msedge.net/ab | HTTPS | Used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center’s shared infrastructure, including Office. |
 | fe2.update.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store. |
 | fe3.delivery.dsp.mp.microsoft.com.nsatc.net | TLSv1.2 | Enables connections to Windows Update. |
 | fg.download.windowsupdate.com.c.footprint.net | HTTP | Used to download operating system patches and updates. |
--- a/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1803-non-enterprise-editions.md
@ -47,7 +47,7 @@ We used the following methodology to derive these network endpoints:
 | *.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/ | HTTP | Enables connections to Windows Update. |
 | arc.msn.com.nsatc.net	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
 | arc.msn.com/v3/Delivery/Placement	| HTTPS |	Used to retrieve Windows Spotlight metadata. |
-| client-office365-tas.msedge.net*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office. |
+| client-office365-tas.msedge.net*	| HTTPS |	Used to connect to the Microsoft 365 admin center’s shared infrastructure, including Office. |
 | config.edge.skype.com/config/*	| HTTPS |	Used to retrieve Skype configuration values. |
 | ctldl.windowsupdate.com/msdownload/update* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
 | cy2.displaycatalog.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
@ -67,7 +67,7 @@ We used the following methodology to derive these network endpoints:
 | location-inference-westus.cloudapp.net	| HTTPS |	Used for location data. |
 | maps.windows.com/windows-app-web-link	| HTTPS |	Link to Maps application. |
 | modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
-| ocos-office365-s2s.msedge.net*	| HTTPS | Used to connect to the Office 365 portal's shared infrastructure. |
+| ocos-office365-s2s.msedge.net*	| HTTPS | Used to connect to the Microsoft 365 admin center's shared infrastructure. |
 | ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
 | oneclient.sfx.ms*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
 | onecollector.cloudapp.aria.akadns.net	| HTTPS |	Office Telemetry |
@ -129,7 +129,7 @@ We used the following methodology to derive these network endpoints:
 | *geo-prod.do.dsp.mp.microsoft.com	| HTTPS |	Enables connections to Windows Update. |
 | au.download.windowsupdate.com* | HTTP | Enables connections to Windows Update. |
 | cdn.onenote.net/livetile/*	| HTTPS |	Used for OneNote Live Tile. |
-| client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office. |
+| client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Microsoft 365 admin center’s shared infrastructure, including Office. |
 | cloudtile.photos.microsoft.com.akadns.net	| HTTPS |	Photos App in MS Store 
 | config.edge.skype.com/*	| HTTPS |	Used to retrieve Skype configuration values.  |
 | ctldl.windowsupdate.com/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
@ -149,7 +149,7 @@ We used the following methodology to derive these network endpoints:
 | licensing.mp.microsoft.com/*	| HTTPS |	Used for online activation and some app licensing. |
 | maps.windows.com/windows-app-web-link	| HTTPS |	Link to Maps application |
 | modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
-| ocos-office365-s2s.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal's shared infrastructure. |
+| ocos-office365-s2s.msedge.net/*	| HTTPS |	Used to connect to the Microsoft 365 admin center's shared infrastructure. |
 | ocsp.digicert.com* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
 | oneclient.sfx.ms/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
 | onecollector.cloudapp.aria.akadns.net	| HTTPS |	Office telemetry | 
--- a/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1809-non-enterprise-editions.md
@ -65,7 +65,7 @@ We used the following methodology to derive these network endpoints:
 |\*wns.windows.com\*	| HTTPS, TLSv1.2 |	Used for the Windows Push Notification Services (WNS).
 |\*wpc.v0cdn.net*	| |	Windows Telemetry related traffic
 |auth.gfx.ms/16.000.27934.1/OldConvergedLogin_PCore.js	| |	MSA related
-|evoke-windowsservices-tas.msedge*	| HTTPS |	The following endpoint is used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
+|evoke-windowsservices-tas.msedge*	| HTTPS |	The following endpoint is used by the Photos app to download configuration files, and to connect to the Microsoft 365 admin center's shared infrastructure, including Office. To turn off traffic for this endpoint, either uninstall the Photos app or disable the Microsoft Store. If you disable the Microsoft store, other Store apps cannot be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious Store apps and users will still be able to open them.
 |fe2.update.microsoft.com\*	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
 |fe3.\*.mp.microsoft.com.\* 	|TLSv1.2/HTTPS |	Enables connections to Windows Update, Microsoft Update, and the online services of Microsoft Store.
 |fs.microsoft.com	| |	Font Streaming (in ENT traffic)
@ -133,7 +133,7 @@ We used the following methodology to derive these network endpoints:
 | *geo-prod.do.dsp.mp.microsoft.com	| HTTPS |	Enables connections to Windows Update. |
 | au.download.windowsupdate.com\* | HTTP | Enables connections to Windows Update. |
 | cdn.onenote.net/livetile/*	| HTTPS |	Used for OneNote Live Tile. |
-| client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal’s shared infrastructure, including Office. |
+| client-office365-tas.msedge.net/*	| HTTPS |	Used to connect to the Microsoft 365 admin center’s shared infrastructure, including Office. |
 | config.edge.skype.com/*	| HTTPS |	Used to retrieve Skype configuration values.  |
 | ctldl.windowsupdate.com/* | HTTP | Used to download certificates that are publicly known to be fraudulent. |
 | cy2.displaycatalog.md.mp.microsoft.com.akadns.net	| HTTPS |	Used to communicate with Microsoft Store. |
@ -151,7 +151,7 @@ We used the following methodology to derive these network endpoints:
 | licensing.mp.microsoft.com/*	| HTTPS |	Used for online activation and some app licensing. |
 | maps.windows.com/windows-app-web-link	| HTTPS |	Link to Maps application |
 | modern.watson.data.microsoft.com.akadns.net	| HTTPS |	Used by Windows Error Reporting. |
-| ocos-office365-s2s.msedge.net/*	| HTTPS |	Used to connect to the Office 365 portal's shared infrastructure. |
+| ocos-office365-s2s.msedge.net/*	| HTTPS |	Used to connect to the Microsoft 365 admin center's shared infrastructure. |
 | ocsp.digicert.com\* |	HTTP | CRL and OCSP checks to the issuing certificate authorities. |
 | oneclient.sfx.ms/*	| HTTPS |	Used by OneDrive for Business to download and verify app updates. |
 | settings-win.data.microsoft.com/settings/*	| HTTPS |	Used as a way for apps to dynamically update their configuration. |
--- a/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1903-non-enterprise-editions.md
@ -228,7 +228,7 @@ The following methodology was used to derive the network endpoints:
 |browser.pipe.aria.microsoft.com|HTTP|Used by OfficeHub to get the metadata of Office apps
 |cdn.onenote.net/livetile/*|HTTPS|Used for OneNote Live Tile
 |cds.p9u4n2q3.hwcdn.net|HTTP|Used by the Highwinds Content Delivery Network to perform Windows updates
-|client-office365-tas.msedge.net/*|HTTPS|Office 365 portal and Office in a browser
+|client-office365-tas.msedge.net/*|HTTPS|Microsoft 365 admin center and Office in a browser
 |ctldl.windowsupdate.com*|HTTP|Used to download certificates that are publicly known to be fraudulent
 |displaycatalog.mp.microsoft.com/*|HTTPS|Microsoft Store
 |dmd.metaservices.microsoft.com*|HTTP|Device Authentication
@ -248,7 +248,7 @@ The following methodology was used to derive the network endpoints:
 |maps.windows.com/windows-app-web-link|HTTPS|Maps application
 |modern.watson.data.microsoft.com.akadns.net|HTTPS|Used by Windows Error Reporting
 |msagfx.live.com|HTTPS|OneDrive 
-|ocos-office365-s2s.msedge.net/*|HTTPS|Used to connect to the Office 365 portal's shared infrastructure
+|ocos-office365-s2s.msedge.net/*|HTTPS|Used to connect to the Microsoft 365 admin center's shared infrastructure
 |ocsp.digicert.com*|HTTP|CRL and OCSP checks to the issuing certificate authorities
 |oneclient.sfx.ms/*|HTTPS|Used by OneDrive for Business to download and verify app updates
 |onecollector.cloudapp.aria.akadns.net|HTTPS|Microsoft Office 
--- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
@ -43,18 +43,20 @@ Before you can remotely reset PINs, you must on-board the Microsoft PIN reset se
 ### Connect Azure Active Directory with the PIN reset service
-1. Go to the [Microsoft PIN Reset Service Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=b8456c59-1230-44c7-a4a2-99b085333e84&resource=https%3A%2F%2Fgraph.windows.net&redirect_uri=https%3A%2F%2Fcred.microsoft.com&state=e9191523-6c2f-4f1d-a4f9-c36f26f89df0&prompt=admin_consent), and sign in using the tenant administrator account you use to manage your Azure Active Directory tenant.
+1. Go to the [Microsoft PIN Reset Service Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=b8456c59-1230-44c7-a4a2-99b085333e84&resource=https%3A%2F%2Fgraph.windows.net&redirect_uri=https%3A%2F%2Fcred.microsoft.com&state=e9191523-6c2f-4f1d-a4f9-c36f26f89df0&prompt=admin_consent), and sign in using the Global administrator account you use to manage your Azure Active Directory tenant.
-2. After you log in, click **Accept** to give consent for the PIN reset service to access your account.
+2. After you have logged in, choose **Accept** to give consent for the PIN reset service to access your account.
 ![PIN reset service application in Azure](images/pinreset/pin-reset-service-prompt.png)
-3. Go to the [Microsoft PIN Reset Client Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent), and sign in using the tenant administrator account you use to manage your Azure Active Directory tenant.
+3. Go to the [Microsoft PIN Reset Client Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent), and sign in using the Global administrator account you use to manage your Azure Active Directory tenant.
-4. After you log in, click **Accept** to give consent for the PIN reset client to access your account.
+4. After you have logged in, choose **Accept** to give consent for the PIN reset client to access your account.
 > [!NOTE]
 > After you have accepted the PIN reset service and client requests, you will land on a page that states "You do not have permission to view this directory or page." This behavior is expected. Be sure to confirm that the two PIN reset applications are listed for your tenant.
 ![PIN reset client application in Azure](images/pinreset/pin-reset-client-prompt.png)
 5. In the [Azure portal](https://portal.azure.com), verify that the Microsoft PIN Reset Service and Microsoft PIN Reset Client are integrated from the **Enterprise applications** blade. Filter to application status "Enabled" and both Microsoft Pin Reset Service Production and Microsoft Pin Reset Client Production will show up in your tenant.
 ![PIN reset service permissions page](images/pinreset/pin-reset-applications.png)
 >[!NOTE]
 >After you Accept the PIN reset service and client requests, you will land on a page that states "You do not have permission to view this directory or page." This behavior is expected. Be sure to confirm that the two PIN Reset applications are listed for your tenant.
 ### Configure Windows devices to use PIN reset using Group Policy
 You configure Windows 10 to use the Microsoft PIN Reset service using the computer configuration portion of a Group Policy object.
@ -70,8 +72,8 @@ To configure PIN reset on Windows devices you manage, use an [Intune Windows 10
 #### Create a PIN Reset Device configuration profile using Microsoft Intune
-1. Sign-in to [Azure Portal](https://portal.azure.com) using a tenant administrator account.
+1. Sign-in to [Azure Portal](https://portal.azure.com) using a Global administrator account.
-2. You need your tenant ID to complete the following task.  You can discovery your tenant ID viewing the **Properties** of your Azure Active Directory from the Azure Portal. It will be listed under Directory ID. You can also use the following command in a command Window on any Azure AD joined or hybrid Azure AD joined computer.</br>
+2. You need your tenant ID to complete the following task.  You can discover your tenant ID by viewing the **Properties** of your Azure Active Directory from the Azure Portal. It will be listed under Directory ID. You can also use the following command in a Command window on any Azure AD-joined or hybrid Azure AD-joined computer.</br>
    ```
    dsregcmd /status | findstr -snip "tenantid"
@ -86,9 +88,9 @@ To configure PIN reset on Windows devices you manage, use an [Intune Windows 10
 #### Assign the PIN Reset Device configuration profile using Microsoft Intune
-1. Sign-in to [Azure Portal](https://portal.azure.com) using a tenant administrator account. 
+1. Sign in to the [Azure Portal](https://portal.azure.com) using a Global administrator account. 
-2. Navigate to the Microsoft Intune blade. Click **Device configuration**. Click **Profiles**. From the list of device configuration profiles, click the profile that contains the PIN reset configuration.
+2. Navigate to the Microsoft Intune blade. Choose **Device configuration** > **Profiles**. From the list of device configuration profiles, choose the profile that contains the PIN reset configuration.
-3. In the device configuration profile, click **Assignments**.
+3. In the device configuration profile, select **Assignments**.
 4. Use the **Include** and/or **Exclude** tabs to target the device configuration profile to select groups.
 ## On-premises Deployments
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@ -644,28 +644,28 @@ Sign-in a workstation with access equivalent to a _domain user_.
 3. Select **Device Configuration**, and then click **Profiles**.
 4. Select **Create Profile**.
   ![Intune Device Configuration Create Profile](images/aadjcert/intunedeviceconfigurationcreateprofile.png)
-5. Next to **Name**, type **WHFB Certificate Enrollment**.
+5. Select **Windows 10 and later** from the **Platform** list.
-6. Next to **Description**, provide a description meaningful for your environment.
+6. Choose **SCEP certificate** from the **Profile** list, and select **Create**.
-7. Select **Windows 10 and later** from the **Platform** list.
+7. The **SCEP Certificate** wizard should open. Next to **Name**, type **WHFB Certificate Enrollment**.
-8. Select **SCEP certificate** from the **Profile** list.
+8. Next to **Description**, provide a description meaningful for your environment, then select **Next**.
-   ![WHFB Scep Profile Blade](images/aadjcert/intunewhfbscepprofile-00.png)
+9. Select **User** as a certificate type.
-9. The **SCEP Certificate** blade should open. Configure **Certificate validity period** to match your organization.
+10. Configure **Certificate validity period** to match your organization.
   > [!IMPORTANT]
-    > Remember that you need to configure your certificate authority to allow Microsoft Intune to configure certificate validity.
+   > Remember that you need to configure your certificate authority to allow Microsoft Intune to configure certificate validity.
-10. Select **Enroll to Windows Hello for Business, otherwise fail (Windows 10 and later)** from the **Key storage provider (KSP)** list.
+11. Select **Enroll to Windows Hello for Business, otherwise fail (Windows 10 and later)** from the **Key storage provider (KSP)** list.
-11. Select **Custom** from the **Subject name format** list.
+12. Select **Custom** from the **Subject name format** list.
-12. Next to **Custom**, type **CN={{OnPrem_Distinguished_Name}}** to make the on-premises distinguished name the subject of the issued certificate.
+13. Next to **Custom**, type **CN={{OnPrem_Distinguished_Name}}** to make the on-premises distinguished name the subject of the issued certificate.
-13. Specify **User Principal Name (UPN)** as a **Subject Alternative Name** value.
+14. Specify **User Principal Name (UPN)** as a **Subject Alternative Name** value.
-14. Refer to the "Configure Certificate Templates on NDES" task for how you configured the **AADJ WHFB Authentication** certificate template in the registry. Select the appropriate combination of key usages from the **Key Usages** list that map to configured NDES template in the registry. In this example, the **AADJ WHFB Authentication** certificate template was added to the **SignatureTemplate** registry value name. The **Key usage** that maps to that registry value name is **Digital Signature**.
+15. Refer to the "Configure Certificate Templates on NDES" task for how you configured the **AADJ WHFB Authentication** certificate template in the registry. Select the appropriate combination of key usages from the **Key Usages** list that map to configured NDES template in the registry. In this example, the **AADJ WHFB Authentication** certificate template was added to the **SignatureTemplate** registry value name. The **Key usage** that maps to that registry value name is **Digital Signature**.
-15. Select a previously configured **Trusted certificate** profile that matches the root certificate of the issuing certificate authority.
+16. Select a previously configured **Trusted certificate** profile that matches the root certificate of the issuing certificate authority.
    ![WHFB SCEP certificate profile Trusted Certificate selection](images/aadjcert/intunewhfbscepprofile-01.png)
-16. Under **Extended key usage**, type **Smart Card Logon** under **Name**. Type **1.3.6.1.4.1.311.20.2.2** under **Object identifier**. Click **Add**.
+17. Under **Extended key usage**, type **Smart Card Logon** under **Name**. Type **1.3.6.1.4.1.311.20.2.2** under **Object identifier**. Click **Add**.
-17. Type a percentage (without the percent sign) next to **Renewal Threshold** to determine when the certificate should attempt to renew. The recommended value is **20**.
+18. Type a percentage (without the percent sign) next to **Renewal Threshold** to determine when the certificate should attempt to renew. The recommended value is **20**.
    ![WHFB SCEP certificate Profile EKUs](images/aadjcert/intunewhfbscepprofile-03.png)
-18. Under **SCEP Server URLs**, type the fully qualified external name of the Azure AD Application proxy you configured. Append to the name **/certsrv/mscep/mscep.dll**. For example, https://ndes-mtephendemo.msappproxy.net/certsrv/mscep/mscep.dll. Click **Add**. Repeat this step for each additional NDES Azure AD Application Proxy you configured to issue Windows Hello for Business certificates. Microsoft Intune round-robin load balances requests among the URLs listed in the SCEP certificate profile.
+19. Under **SCEP Server URLs**, type the fully qualified external name of the Azure AD Application proxy you configured. Append to the name **/certsrv/mscep/mscep.dll**. For example, https://ndes-mtephendemo.msappproxy.net/certsrv/mscep/mscep.dll. Click **Add**. Repeat this step for each additional NDES Azure AD Application Proxy you configured to issue Windows Hello for Business certificates. Microsoft Intune round-robin load balances requests among the URLs listed in the SCEP certificate profile.
-19. Click **OK**.
+20. Click **Next**.
-20. Click **Create**.
+21. Click **Next** two more times to skip the **Scope tags** and **Assignments** steps of the wizard and click **Create**.
 ### Assign Group to the WHFB Certificate Enrollment Certificate Profile
 Sign-in a workstation with access equivalent to a _domain user_.
--- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
+++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
@ -15,40 +15,42 @@ manager: dansimp
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 10/18/2017
+ms.date: 4/16/2017
 ---
 # Manage Windows Hello for Business in your organization
 **Applies to**
-   Windows 10
+- Windows 10
 You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10.
 >[!IMPORTANT]
->The Group Policy setting **Turn on PIN sign-in** does not apply to Windows Hello for Business. It still prevents or enables the creation of a convenience PIN for Windows 10, version 1507 and 1511. 
+>The Group Policy setting **Turn on PIN sign-in** does not apply to Windows Hello for Business. It still prevents or enables the creation of a convenience PIN for Windows 10, version 1507 and 1511.
 >
->Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting **Turn on convenience PIN sign-in**. 
+>Beginning in version 1607, Windows Hello as a convenience PIN is disabled by default on all domain-joined computers. To enable a convenience PIN for Windows 10, version 1607, enable the Group Policy setting **Turn on convenience PIN sign-in**.
 >
 >Use **PIN Complexity** policy settings to manage PINs for Windows Hello for Business.
- 
+
 ## Group Policy settings for Windows Hello for Business
-The following table lists the Group Policy settings that you can configure for Windows Hello use in your workplace. These policy settings are available in both **User configuration** and **Computer Configuration** under **Policies** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Hello for Business**.
+The following table lists the Group Policy settings that you can configure for Windows Hello use in your workplace. These policy settings are available in **User configuration** and **Computer Configuration** under **Policies** &gt; **Administrative Templates** &gt; **Windows Components** &gt; **Windows Hello for Business**.
 > [!NOTE]
 > Starting with Windows 10, version 1709, the location of the PIN complexity section of the Group Policy is: **Computer Configuration** &gt; **Administrative Templates** &gt; **System** &gt; **PIN Complexity**.
- 
+
 <table>
 <tr>
 <th colspan="2">Policy</th>
 <th>Scope</th>
 <th>Options</th>
 </tr>
 <tr>
 <td>Use Windows Hello for Business</td>
 <td></td>
 <td>Computer or user</td>
 <td>
-<p><b>Not configured</b>: Users can provision Windows Hello for Business, which encrypts their domain password.</p>
+<p><b>Not configured</b>: Device does not provision Windows Hello for Business for any user.</p>
 <p><b>Enabled</b>: Device provisions Windows Hello for Business using keys or certificates for all users.</p>
 <p><b>Disabled</b>: Device does not provision Windows Hello for Business for any user.</p>
 </td>
@ -56,15 +58,41 @@ The following table lists the Group Policy settings that you can configure for W
 <tr>
 <td>Use a hardware security device</td>
 <td></td>
 <td>Computer</td>
 <td>
 <p><b>Not configured</b>: Windows Hello for Business will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.</p>
-<p><b>Enabled</b>: Windows Hello for Business will only be provisioned using TPM.</p>
+<p><b>Enabled</b>: Windows Hello for Business will only be provisioned using TPM. This feature will provision Windows Hello for Business using TPM 1.2 unless the option to exclude them is explicitly set.</p>
 <p><b>Disabled</b>: Windows Hello for Business will be provisioned using TPM if available, and will be provisioned using software if TPM is not available.</p>
 </td>
 </tr>
 <tr>
 <td>Use certificate for on-premises authentication</td>
 <td></td>
 <td>Computer or user</td>
 <td>
 <p><b>Not configured</b>: Windows Hello for Business enrolls a key that is used for on-premises authentication.</p>
 <p><b>Enabled</b>: Windows Hello for Business enrolls a sign-in certificate using ADFS that is used for on-premises authentication.</p>
 <p><b>Disabled</b>: Windows Hello for Business enrolls a key that is used for on-premises authentication.</p>
 </td>
 </tr>
 <td>Use PIN recovery</td>
 <td></td>
 <td>Computer</td>
 <td>
 <p>Added in Windows 10, version 1703</p>
 <p><b>Not configured</b>: Windows Hello for Business does not create or store a PIN recovery secret. PIN reset does not use the Azure-based PIN recovery service.</p>
 <p><b>Enabled</b>: Windows Hello for Business uses the Azure-based PIN recovery service for PIN reset.</p>
 <p><b>Disabled</b>: Windows Hello for Business does not create or store a PIN recovery secret. PIN reset does not use the Azure-based PIN recovery service.</p>
 <p>
 For more information about using the PIN recovery service for PIN reset see [Windows Hello for Business PIN Reset](hello-feature-pin-reset.md).
 </p>
 </td>
 </tr>
 <tr>
 <td>Use biometrics</td>
 <td></td>
 <td>Computer</td>
 <td>
 <p><b>Not configured</b>: Biometrics can be used as a gesture in place of a PIN.</p>
 <p><b>Enabled</b>: Biometrics can be used as a gesture in place of a PIN.</p>
@ -74,6 +102,7 @@ The following table lists the Group Policy settings that you can configure for W
 <tr>
 <td rowspan="8">PIN Complexity</td>
 <td>Require digits</td>
 <td>Computer</td>
 <td>
 <p><b>Not configured</b>: Users must include a digit in their PIN.</p>
 <p><b>Enabled</b>: Users must include a digit in their PIN.</p>
@ -82,6 +111,7 @@ The following table lists the Group Policy settings that you can configure for W
 </tr>
 <tr>
 <td>Require lowercase letters</td>
 <td>Computer</td>
 <td>
 <p><b>Not configured</b>: Users cannot use lowercase letters in their PIN.</p>
 <p><b>Enabled</b>: Users must include at least one lowercase letter in their PIN.</p>
@ -90,6 +120,7 @@ The following table lists the Group Policy settings that you can configure for W
 </tr>
 <tr>
 <td>Maximum PIN length</td>
 <td>Computer</td>
 <td>
 <p><b>Not configured</b>: PIN length must be less than or equal to 127.</p>
 <p><b>Enabled</b>: PIN length must be less than or equal to the number you specify.</p>
@ -98,6 +129,7 @@ The following table lists the Group Policy settings that you can configure for W
 </tr>
 <tr>
 <td>Minimum PIN length</td>
 <td>Computer</td>
 <td>
 <p><b>Not configured</b>: PIN length must be greater  than or equal to 4.</p>
 <p><b>Enabled</b>: PIN length must be greater than or equal to the number you specify.</p>
@ -106,6 +138,7 @@ The following table lists the Group Policy settings that you can configure for W
 </tr>
 <tr>
 <td>Expiration</td>
 <td>Computer</td>
 <td>
 <p><b>Not configured</b>: PIN does not expire.</p>
 <p><b>Enabled</b>: PIN can be set to expire after any number of days between 1 and 730, or PIN can be set to never expire by setting policy to 0.</p>
@ -114,6 +147,7 @@ The following table lists the Group Policy settings that you can configure for W
 </tr>
 <tr>
 <td>History</td>
 <td>Computer</td>
 <td>
 <p><b>Not configured</b>: Previous PINs are not stored.</p>
 <p><b>Enabled</b>: Specify the number of previous PINs that can be associated to a user account that can&#39;t be reused.</p>
@ -124,6 +158,7 @@ The following table lists the Group Policy settings that you can configure for W
 </tr>
 <tr>
 <td>Require special characters</td>
 <td>Computer</td>
 <td>
 <p><b>Not configured</b>: Users cannot include a special character in their PIN.</p>
 <p><b>Enabled</b>: Users must include at least one special character in their PIN.</p>
@ -132,6 +167,7 @@ The following table lists the Group Policy settings that you can configure for W
 </tr>
 <tr>
 <td>Require uppercase letters</td>
 <td>Computer</td>
 <td>
 <p><b>Not configured</b>: Users cannot include an uppercase letter in their PIN.</p>
 <p><b>Enabled</b>: Users must include at least one uppercase letter in their PIN.</p>
@ -139,9 +175,9 @@ The following table lists the Group Policy settings that you can configure for W
 </td>
 </tr>
 <tr>
-<td>&gt;Phone Sign-in</td>
+<td>Phone Sign-in</td>
-<td>
+<td>Use Phone Sign-in</td>
-<p>Use Phone Sign-in</p>
+<td>Computer</td>
 </td>
 <td>
 <p>Not currently supported.</p>
@ -154,7 +190,7 @@ The following table lists the Group Policy settings that you can configure for W
 The following table lists the MDM policy settings that you can configure for Windows Hello for Business use in your workplace. These MDM policy settings use the [PassportForWork configuration service provider (CSP)](https://go.microsoft.com/fwlink/p/?LinkId=692070).
 >[!IMPORTANT]
->Starting in Windows 10, version 1607, all devices only have one PIN associated with Windows Hello for Business. This means that any PIN on a device will be subject to the policies specified in the PassportForWork CSP. The values specified take precedence over any complexity rules set via Exchange ActiveSync (EAS) or the DeviceLock CSP. 
+>Starting in Windows 10, version 1607, all devices only have one PIN associated with Windows Hello for Business. This means that any PIN on a device will be subject to the policies specified in the PassportForWork CSP. The values specified take precedence over any complexity rules set via Exchange ActiveSync (EAS) or the DeviceLock CSP.
 <table>
 <tr>
@ -166,7 +202,7 @@ The following table lists the MDM policy settings that you can configure for Win
 <tr>
 <td>UsePassportForWork</td>
 <td></td>
-<td>Device</td>
+<td>Device or user</td>
 <td>True</td>
 <td>
 <p>True: Windows Hello for Business will be provisioned for all users on the device.</p>
@ -178,7 +214,7 @@ The following table lists the MDM policy settings that you can configure for Win
 <tr>
 <td>RequireSecurityDevice</td>
 <td></td>
-<td>Device</td>
+<td>Device or user</td>
 <td>False</td>
 <td>
 <p>True: Windows Hello for Business will only be provisioned using TPM.</p>
@ -186,6 +222,32 @@ The following table lists the MDM policy settings that you can configure for Win
 </td>
 </tr>
 <tr>
 <td>ExcludeSecurityDevice</td>
 <td>TPM12</td>
 <td>Device</td>
 <td>False</td>
 <td>
 <p>Added in Windows 10, version 1703</p>
 <p>True: TPM revision 1.2 modules will be disallowed from being used with Windows Hello for Business.</p>
 <p>False: TPM revision 1.2 modules will be allowed to be used with Windows Hello for Business.</p>
 </td>
 </tr>
 <tr>
 <td>EnablePinRecovery</td>
 <td></td>
 <td>Device or user</td>
 <td>False</td>
 <td>
 <p>Added in Windows 10, version 1703</p>
 <p>True: Windows Hello for Business uses the Azure-based PIN recovery service for PIN reset.</p>
 <p>False: Windows Hello for Business does not create or store a PIN recovery secret. PIN reset does not use the Azure-based PIN recovery service.</p>
 <p>
 For more information about using the PIN recovery service for PIN reset see [Windows Hello for Business PIN Reset](hello-feature-pin-reset.md).
 </p>
 </td>
 </tr>
 <tr>
 <td rowspan="2">Biometrics</td>
 <td>
 <p>UseBiometrics</p>
@ -216,19 +278,41 @@ The following table lists the MDM policy settings that you can configure for Win
 <tr>
 <td>Digits </td>
 <td>Device or user</td>
-<td>2 </td>
+<td>1 </td>
 <td>
-<p>1: Numbers are not allowed. </p>
+<p>0: Digits are allowed. </p>
-<p>2: At least one number is required.</p>
+<p>1: At least one digit is required.</p>
 <p>2: Digits are not allowed. </p>
 </td>
 </tr>
 <tr>
 <td>Lowercase letters </td>
 <td>Device or user</td>
-<td>1 </td>
+<td>2</td>
 <td>
-<p>1: Lowercase letters are not allowed. </p>
+<p>0: Lowercase letters are allowed. </p>
-<p>2: At least one lowercase letter is required.</p>
+<p>1: At least one lowercase letter is required.</p>
 <p>2: Lowercase letters are not allowed. </p>
 </td>
 </tr>
 <tr>
 <td>Special characters</td>
 <td>Device or user</td>
 <td>2</td>
 <td>
 <p>0: Special characters are allowed. </p>
 <p>1: At least one special character is required. </p>
 <p>2: Special characters are not allowed.</p>
 </td>
 </tr>
 <tr>
 <td>Uppercase letters</td>
 <td>Device or user</td>
 <td>2</td>
 <td>
 <p>0: Uppercase letters are allowed. </p>
 <p>1: At least one uppercase letter is required.</p>
 <p>2: Uppercase letters are not allowed. </p>
 </td>
 </tr>
 <tr>
@ -252,7 +336,7 @@ The following table lists the MDM policy settings that you can configure for Win
 <td>Device or user</td>
 <td>0</td>
 <td>
-<p>Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user’s PIN will never expire. 
+<p>Integer value specifies the period of time (in days) that a PIN can be used before the system requires the user to change it. The largest number you can configure for this policy setting is 730. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then the user's PIN will never expire.
 </p>
 </td>
 </tr>
@ -261,29 +345,11 @@ The following table lists the MDM policy settings that you can configure for Win
 <td>Device or user</td>
 <td>0</td>
 <td>
-<p>Integer value that specifies the number of past PINs that can be associated to a user account that can’t be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not required. 
+<p>Integer value that specifies the number of past PINs that can be associated to a user account that can't be reused. The largest number you can configure for this policy setting is 50. The lowest number you can configure for this policy setting is 0. If this policy is set to 0, then storage of previous PINs is not required.
 </p>
 </td>
 </tr>
 <tr>
 <td>Special characters</td>
 <td>Device or user</td>
 <td>1</td>
 <td>
 <p>1: Special characters are not allowed. </p>
 <p>2: At least one special character is required.</p>
 </td>
 </tr>
 <tr>
 <td>Uppercase letters</td>
 <td>Device or user</td>
 <td>1</td>
 <td>
 <p>1: Uppercase letters are not allowed </p>
 <p>2: At least one uppercase letter is required</p>
 </td>
 </tr>
 <tr>
 <td>Remote</td>
 <td>
 <p>UseRemotePassport</p>
@ -297,20 +363,53 @@ The following table lists the MDM policy settings that you can configure for Win
 </table>
 >[!NOTE]
-> If policy is not configured to explicitly require letters or special characters, users will be restricted to creating a numeric PIN.
+> In Windows 10, version 1709 and later, if policy is not configured to explicitly require letters or special characters, users can optionally set an alphanumeric PIN. Prior to version 1709 the user is required to set a numeric PIN.
- 
+
 ## Policy conflicts from multiple policy sources
 Windows Hello for Business is designed to be managed by Group Policy or MDM but not a combination of both. If policies are set from both sources it can result in a mixed result of what is actually enforced for a user or device.
 Policies for Windows Hello for Business are enforced using the following hierarchy: User Group Policy > Computer Group Policy > User MDM > Device MDM > Device Lock policy. All PIN complexity policies are grouped together and enforced from a single policy source.
 Use a hardware security device and RequireSecurityDevice enforcement are also grouped together with PIN complexity policy. Conflict resolution for other Windows Hello for Business policies is enforced on a per policy basis.  
 >[!NOTE]
 > Windows Hello for Business policy conflict resolution logic does not respect the ControlPolicyConflict/MDMWinsOverGP policy in the Policy CSP.
 ><b>Examples</b>
 >
 >The following are configured using computer Group Policy:
 >
 >- Use Windows Hello for Business - Enabled
 >- User certificate for on-premises authentication - Enabled
 >- Require digits - Enabled
 >- Minimum PIN length - 6
 >
 >The following are configured using device MDM Policy:
 >
 >- UsePassportForWork - Disabled
 >- UseCertificateForOnPremAuth - Disabled
 >- MinimumPINLength - 8
 >- Digits - 1
 >- LowercaseLetters - 1
 >- SpecialCharacters - 1
 >
 >Enforced policy set:
 >
 >- Use Windows Hello for Business - Enabled
 >- Use certificate for on-premises authentication - Enabled
 >- Require digits - Enabled
 >- Minimum PIN length - 6d
 ## How to use Windows Hello for Business with Azure Active Directory
-There are three scenarios for using Windows Hello for Business in Azure AD–only organizations: 
+There are three scenarios for using Windows Hello for Business in Azure AD–only organizations:
- **Organizations that use the version of Azure AD included with Office 365**. For these organizations, no additional work is necessary. When Windows 10 was released to general availability, Microsoft changed the behavior of the Office 365 Azure AD stack. When a user selects the option to join a work or school network, the device is automatically joined to the Office 365 tenant’s directory partition, a certificate is issued for the device, and it becomes eligible for Office 365 MDM if the tenant has subscribed to that feature. In addition, the user will be prompted to log on and, if MFA is enabled, to enter an MFA proof that Azure AD sends to his or her phone. 
+- **Organizations that use the version of Azure AD included with Office 365**. For these organizations, no additional work is necessary. When Windows 10 was released to general availability, Microsoft changed the behavior of the Office 365 Azure AD stack. When a user selects the option to join a work or school network, the device is automatically joined to the Office 365 tenant's directory partition, a certificate is issued for the device, and it becomes eligible for Office 365 MDM if the tenant has subscribed to that feature. In addition, the user will be prompted to log on and, if MFA is enabled, to enter an MFA proof that Azure AD sends to his or her phone.
- **Organizations that use the free tier of Azure AD**. For these organizations, Microsoft has not enabled automatic domain join to Azure AD. Organizations that have signed up for the free tier have the option to enable or disable this feature, so automatic domain join won’t be enabled unless and until the organization’s administrators decide to enable it. When that feature is enabled, devices that join the Azure AD domain by using the Connect to work or school dialog box will be automatically registered with Windows Hello for Business support, but previously joined devices will not be registered. 
+- **Organizations that use the free tier of Azure AD**. For these organizations, Microsoft has not enabled automatic domain join to Azure AD. Organizations that have signed up for the free tier have the option to enable or disable this feature, so automatic domain join won't be enabled unless and until the organization's administrators decide to enable it. When that feature is enabled, devices that join the Azure AD domain by using the Connect to work or school dialog box will be automatically registered with Windows Hello for Business support, but previously joined devices will not be registered. 
 - **Organizations that have subscribed to Azure AD Premium** have access to the full set of Azure AD MDM features. These features include controls to manage Windows Hello for Business. You can set policies to disable or force the use of Windows Hello for Business, require the use of a TPM, and control the length and strength of PINs set on the device.
-If you want to use Windows Hello for Business with certificates, you’ll need a device registration system. That means that you set up Configuration Manager, Microsoft Intune, or a compatible non-Microsoft MDM system and enable it to enroll devices. This is a prerequisite step to use Windows Hello for Business with certificates, no matter the IDP, because the enrollment system is responsible for provisioning the devices with the necessary certificates. 
+If you want to use Windows Hello for Business with certificates, you'll need a device registration system. That means that you set up Configuration Manager, Microsoft Intune, or a compatible non-Microsoft MDM system and enable it to enroll devices. This is a prerequisite step to use Windows Hello for Business with certificates, no matter the IDP, because the enrollment system is responsible for provisioning the devices with the necessary certificates.
 ## Related topics
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@ -53,7 +53,7 @@ Microsoft has made a concerted effort to enlighten several of our more popular a
 - Mobile Office apps, including Word, Excel, PowerPoint, OneNote, and Outlook Mail and Calendar
- Office 365 ProPlus apps, including Word, Excel, PowerPoint, OneNote, and Outlook
+- Microsoft 365 Apps for enterprise apps, including Word, Excel, PowerPoint, OneNote, and Outlook
 - OneDrive app
@ -99,7 +99,7 @@ You can add any or all of the enlightened Microsoft apps to your allowed apps li
 |                  PowerPoint Mobile                   |                                                                                                                                   **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.PowerPoint<br>**App Type:** Universal app                                                                                                                                    |
 |                       OneNote                        |                                                                                                                                     **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Office.OneNote<br>**App Type:** Universal app                                                                                                                                     |
 |              Outlook Mail and Calendar               |                                                                                                                               **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** microsoft.windowscommunicationsapps<br>**App Type:** Universal app                                                                                                                                |
-| Office 365 ProPlus and Office 2019 Professional Plus | Office 365 ProPlus and Office 2019 Professional Plus apps are set up as a suite. You must use the [O365 ProPlus - Allow and Exempt AppLocker policy files (.zip files)](https://download.microsoft.com/download/7/0/D/70D72459-D72D-4673-B309-F480E3BEBCC9/O365%20ProPlus%20-%20WIP%20Enterprise%20AppLocker%20Policy%20Files.zip) to turn the suite on for WIP.<br>We don't recommend setting up Office by using individual paths or publisher rules. |
+| Microsoft 365 Apps for enterprise and Office 2019 Professional Plus | Microsoft 365 Apps for enterprise and Office 2019 Professional Plus apps are set up as a suite. You must use the [O365 ProPlus - Allow and Exempt AppLocker policy files (.zip files)](https://download.microsoft.com/download/7/0/D/70D72459-D72D-4673-B309-F480E3BEBCC9/O365%20ProPlus%20-%20WIP%20Enterprise%20AppLocker%20Policy%20Files.zip) to turn the suite on for WIP.<br>We don't recommend setting up Office by using individual paths or publisher rules. |
 |                   Microsoft Photos                   |                                                                                                                                     **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.Windows.Photos<br>**App Type:** Universal app                                                                                                                                     |
 |                     Groove Music                     |                                                                                                                                       **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.ZuneMusic<br>**App Type:** Universal app                                                                                                                                        |
 |                Microsoft Movies & TV                 |                                                                                                                                       **Publisher:** `CN=Microsoft Corporation, O=Microsoft Corporation, L=Redmond, S=Washington, C=US`<br>**Product Name:** Microsoft.ZuneVideo<br>**App Type:** Universal app                                                                                                                                        |
--- a/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
+++ b/windows/security/information-protection/windows-information-protection/how-wip-works-with-labels.md
@ -1,122 +0,0 @@
 ---
 title: How Windows Information Protection (WIP) protects files with a sensitivity label (Windows 10)
 description: Explains how Windows Information Protection works with other Microsoft information protection technologies to protect files that have a sensitivity label.
 keywords: sensitivity, labels, WIP, Windows Information Protection, EDP, Enterprise Data Protection
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: dulcemontemayor
 ms.author: dansimp
 manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/30/2019
 ms.reviewer: 
 ---
 # How Windows Information Protection (WIP) protects a file that has a sensitivity label 
 **Applies to:**
 - [Windows Defender Advanced Threat Protection (Windows Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
 - Windows 10, version 1903
 - Windows 10, version 1809
 >[!IMPORTANT]
 >Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
 This topic explains how Windows Information Protection works with other Microsoft information protection technologies to protect files that have a sensitivity label. 
 Microsoft information protection technologies work together as an integrated solution to help enterprises:
 - Discover corporate data on endpoint devices
 - Classify and label information based on its content and context
 - Protect corporate data from unintentionally leaving to non-business environments
 - Enable audit reports of user interactions with corporate data on endpoint devices
 Microsoft information protection technologies include:
 - [Windows Information Protection (WIP)](protect-enterprise-data-using-wip.md) is built in to Windows 10 and protects local data at rest on endpoint devices, and manages apps to protect local data in use. Data that leaves the endpoint device, such as email attachment, is not protected by WIP. 
 - [Azure Information Protection](https://docs.microsoft.com/azure/information-protection/what-is-information-protection) is a cloud-based solution that can be purchased either standalone or as part of Microsoft 365 Enterprise. It helps an organization classify and protect its documents and emails by applying labels. Azure Information Protection is applied directly to content, and roams with the content as it's moved between locations and cloud services.
 - [Microsoft Cloud App Security](https://docs.microsoft.com/cloud-app-security/what-is-cloud-app-security) is a cloud access security broker (CASB) solution that allows you to discover, classify, protect, and monitor user data in first-party and third-party Software-as-a-Service (SaaS) apps used by your organization.
 ## How WIP protects sensitivity labels with endpoint data loss prevention
 You can create and manage [sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) in the Microsoft 365 compliance center. 
 When you [create a sensitivity label](https://docs.microsoft.com/microsoft-365/compliance/create-sensitivity-labels), you can specify that endpoint data loss prevention applies to content with that label. 
 ![Endpoint data loss prevention](images/sensitivity-label-endpoint-dlp.png)
 Office app users can choose a sensitivity label from a menu and apply it to a file.
 ![Sensitivity labels](images/sensitivity-labels.png)
 WIP enforces default endpoint protection as follows: 
 - If endpoint data loss prevention is enabled, the device enforces work protection for any file with the label
 - If endpoint data loss prevention is not enabled:
  - The device enforces work protection to a file downloaded from a work site 
  - The device does not enforce work protection to a file downloaded from a personal site
 Here's an example where a file remains protected without any work context beyond the sensitivity label: 
 1. Sara creates a PDF file on a Mac and labels it as **Confidential**.
 1. She emails the PDF from her Gmail account to Laura.
 1. Laura opens the PDF file on her Windows 10 device. 
 1. Windows Defender Advanced Threat Protection (Windows Defender ATP) scans Windows 10 for any file that gets modified or created, including files that were created on a personal site. 
 1. Windows Defender ATP triggers WIP policy.
 1. WIP policy protects the file even though it came from a personal site.
 ## How WIP protects automatically classified files
 The next sections cover how Windows Defender ATP extends discovery and protection of sensitive information with improvements in Windows 10 version 1903. 
 ### Discovery
 Windows Defender ATP can extract the content of the file itself and evaluate whether it contains sensitive information types such as credit card numbers or employee ID numbers. 
 When you create a sensitivity label, you can specify that the label be added to any file that contains a sensitive information type. 
 ![Sensitivity labels](images/sensitivity-label-auto-label.png)
 A default set of [sensitive information types](https://docs.microsoft.com/office365/securitycompliance/what-the-sensitive-information-types-look-for) in Microsoft 365 compliance center includes credit card numbers, phone numbers, driver's license numbers, and so on.
 You can also [create a custom sensitive information type](https://docs.microsoft.com/office365/securitycompliance/create-a-custom-sensitive-information-type), which can include any keyword or expression that you want to evaluate. 
 ### Protection
 When a file is created or edited on a Windows 10 endpoint, Windows Defender ATP extracts the content and evaluates if it contains any default or custom sensitive information types that have been defined. 
 If the file has a match, Windows Defender ATP applies endpoint data loss prevention even if the file had no label previously. 
 Windows Defender ATP is integrated with Azure Information Protection for data discovery and reports sensitive information types that were discovered. 
 Azure Information Protection aggregates the files with sensitivity labels and the sensitive information types they contain across the enterprise. 
 ![Image of Azure Information Protection - Data discovery](images/azure-data-discovery.png)
 You can see sensitive information types in Microsoft 365 compliance under **Classifications**. Default sensitive information types have Microsoft as the publisher. The publisher for custom types is the tenant name.
 ![Sensitive information types](images/sensitive-info-types.png)
 >[!NOTE]
 >Automatic classification does not change the file itself, but it applies protection based on the label. 
 >WIP protects a file that contains a sensitive information type as a work file.
 >Azure Information Protection works differently in that it extends a file with a new attribute so the protection persists if the file is copied. 
 ## Prerequisites
 - Endpoint data loss prevention requires Windows 10, version 1809
 - Auto labelling requires Windows 10, version 1903
 - Devices need to be onboarded to [Windows Defender ATP](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-atp/windows-defender-advanced-threat-protection), which scans content for a label and applies WIP policy
 - [Sensitivity labels](https://docs.microsoft.com/office365/securitycompliance/labels) need to be configured in Microsoft 365 compliance center
 - WIP policy needs to be applied to endpoint devices by using [Intune](create-wip-policy-using-intune-azure.md) or [Microsoft Endpoint Configuration Manager](overview-create-wip-policy-configmgr.md)
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@ -7,8 +7,8 @@ ms.prod: w10
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
-ms.author: dansimp
+ms.author: macapara
-author: DulceMontemayor
+author: mjcaparas
 ms.localizationpriority: medium
 manager: dansimp
 audience: ITPro
@ -19,6 +19,9 @@ ms.topic: conceptual
 # Threat Protection
 [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559) is a unified platform for preventative protection, post-breach detection, automated investigation, and response. Microsoft Defender ATP protects endpoints from cyber threats; detects advanced attacks and data breaches, automates security incidents and improves security posture.
 >[!TIP]
 > Enable your users to access cloud services and on-premises applications with ease and enable modern management capabilities for all devices. For more information, see [Secure your remote workforce](https://docs.microsoft.com/enterprise-mobility-security/remote-work/). 
 <center><h2>Microsoft Defender ATP</center></h2>
 <table>
 <tr>
--- a/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center.md
@ -18,7 +18,9 @@ ms.topic: article
 # View details and results of automated investigations
-Pending and completed [remediation actions](manage-auto-investigation.md#remediation-actions) are listed in the **Action center** ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) and the **Investigations** page ([https://securitycenter.windows.com/investigations](https://securitycenter.windows.com/investigations)).
+During and after an automated investigation, certain remediation actions can be identified. Depending on the threat and how [Microsoft Defender Advanced Threat Protection](https://docs.microsoft.com/windows/security/threat-protection) (Microsoft Defender ATP) is configured for your organization, some remediation actions are taken automatically. 
 If you're part of your organization's security operations team, you can view pending and completed [remediation actions](manage-auto-investigation.md#remediation-actions) in the **Action center** ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)). You can also use the **Investigations** page ([https://securitycenter.windows.com/investigations](https://securitycenter.windows.com/investigations)) to view details about an investigation.
 >[!NOTE]
 >If your organization has implemented role-based access to manage portal access, only authorized users or user groups who have permission to view the machine or machine group will be able to view the entire investigation. 
@ -27,12 +29,13 @@ Pending and completed [remediation actions](manage-auto-investigation.md#remedia
 ![Action center page](images/action-center.png)
-The action center consists of two main tabs, as described in the following table.
+The action center consists of two main tabs: **Pending actions** and **History**.
-
+- **Pending actions**  Displays a list of ongoing investigations that require attention. Recommended actions are presented that your security operations team can approve or reject. The Pending tab appears only if there are pending actions to be approved (or rejected). 
-|Tab  |Description  |
+- **History**  Acts as an audit log for all of the following items: <br/>
-|---------|---------|
+   - Remediation actions that were taken as a result of an automated investigation
-|Pending actions     |Displays a list of ongoing investigations that require attention. Recommended actions are presented that your security operations team can approve or reject. <br/><br/>**NOTE**: The Pending tab appears only if there are pending actions to be approved (or rejected).        |
+   - Remediation actions that were approved by your security operations team (some actions, such as sending a file to quarantine, can be undone) 
-|History     |Acts as an audit log for all of the following: <br/>- All actions taken by automated investigation and remediation in Microsoft Defender ATP <br/>Actions that were approved by your security operations team (some actions, such as sending a file to quarantine, can be undone) <br/>- All commands ran and remediation actions that were applied in Live Response sessions (some actions can be undone) <br/>- Remediation actions that were applied by Windows Defender Antivirus (some actions can be undone) |
+   - Commands that were run and remediation actions that were applied in Live Response sessions (some actions can be undone)
   - Remediation actions that were applied by Windows Defender Antivirus (some actions can be undone) 
 Use the **Customize columns** menu to select columns that you'd like to show or hide. 
@ -58,29 +61,30 @@ On the **Investigations** page, you can view details and use filters to focus on
 |---------|---------|
 |**Status**     |(See [Automated investigation status](#automated-investigation-status))         |
 |**Triggering alert** | The alert that initiated the automated investigation |
-|**Detection source** |The source of the alert that initiated the automated investigation. |
+|**Detection source** |The source of the alert that initiated the automated investigation |
-|**Entities** | These can include device or machines, and machine groups. You can filter the automated investigations list to zone in a specific machine to see other investigations related to the machine, or to see specific machine groups that you might have created. |
+|**Entities** | Entities can include device or machines, and machine groups. You can filter the automated investigations list to zone in a specific machine to see other investigations related to the machine, or to see specific machine groups that were created. |
-|**Threat** |The category of threat detected during the automated investigation. |
+|**Threat** |The category of threat detected during the automated investigation |
-|**Tags** |Filter using manually added tags that capture the context of an automated investigation.|
+|**Tags** |Filter using manually added tags that capture the context of an automated investigation|
-|**Comments** |Select between filtering the list between automated investigations that have comments and those that don't.|
+|**Comments** |Select between filtering the list between automated investigations that have comments and those that don't|
 ## Automated investigation status
-An automated investigation can be have one of the following status values:
+An automated investigation can have one of the following status values:
 |Status  |Description  |
 |---------|---------|
-| No threats found | No malicious entities found during the investigation. |
+| Running    | The investigation process has started and is underway. Malicious artifacts that are found are remediated.    |
-| Failed  | A problem has interrupted the investigation, preventing it from completing.       |
+| Partially investigated      | Entities directly related to the alert have been investigated. However, a problem stopped the investigation of collateral entities. Check the investigation log ([https://securitycenter.windows.com/investigations](https://securitycenter.windows.com/investigations)) for specific details. |
-| Partially remediated  | A problem prevented the remediation of some malicious entities.  |
+| No threats found | The investigation has finished and no threats were identified. <br/>If you suspect something was missed (such as a false negative), you can use [advanced hunting](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/advanced-hunting-overview). |
-| Pending action  | Remediation actions require review and approval.   |
+| Pending action  | The investigation has found a threat, and an action to remediate that threat is awaiting approval. The Pending Action state is triggered when any threat with a corresponding action is found. However, the list of pending actions can increase as an investigation runs. Check the investigation log ([https://securitycenter.windows.com/investigations](https://securitycenter.windows.com/investigations)) to see if other items are still pending completion.  |
 | Remediated   | The investigation finished and all actions were approved (fully remediated). |
 | Partially remediated  | The investigation resulted in remediation actions, and some were approved and completed. Other actions are still pending. |
 | Terminated by system  | The investigation stopped. An investigation can stop for several reasons:<br/>- The investigation's pending actions expired. Pending actions can time out after awaiting approval for an extended period of time. <br/>- There are too many actions in the list.<br/>Visit the Action center ([https://securitycenter.windows.com/action-center](https://securitycenter.windows.com/action-center)) to view and approve any pending actions.     |
 | Failed  | At least one investigation analyzer ran into a problem where it could not complete properly. <br/><br/>If an investigation fails after remediation actions were approved, the remediation actions might still have succeeded. Check the investigation log ([https://securitycenter.windows.com/investigations](https://securitycenter.windows.com/investigations)) for detailed results.      |
 | Queued    | An investigation is being held in a queue. When other investigations complete, queued investigations begin.  |
 | Waiting for machine | Investigation paused. The investigation will resume as soon as the machine is available. |
 | Queued    |   Investigation has been queued and will resume as soon as other remediation activities are completed.      |
 | Running    | Investigation ongoing. Malicious entities found will be remediated.    |
 | Remediated   | Malicious entities found were successfully remediated.       |
 | Terminated by system  | Investigation was stopped by the system.                 |
 | Terminated by user    | A user stopped the investigation before it could complete.  |
-| Partially investigated      | Entities directly related to the alert have been investigated. However, a problem stopped the investigation of collateral entities. |
+
 ## View details about an automated investigation
@ -92,7 +96,7 @@ In this view, you'll see the name of the investigation, when it started and ende
 ### Investigation graph
-The investigation graph provides a graphical representation of an automated investigation. All investigation related information is simplified and arranged in specific sections. Clicking on any of the icons brings you the relevant section where you can view more information.
+The investigation graph provides a graphical representation of an automated investigation. All investigation-related information is simplified and arranged in specific sections. Clicking on any of the icons brings you the relevant section where you can view more information.
 A progress ring shows two status indicators:
 - Orange ring - shows the pending portion of the investigation
@ -108,7 +112,7 @@ From this view, you can also view and add comments and tags about the investigat
 ### Alerts
-The **Alerts** tab for an automated investigation shows details such as a short description of the alert that initiated the automated investigation, severity, category, the machine associated with the alert, user, time in queue, status, investigation state, and who the investigation is assigned to. 
+The **Alerts** tab for an automated investigation shows details such as a short description of the alert that initiated the automated investigation, severity, category, the machine associated with the alert, user, time in queue, status, investigation state, and to whom the investigation is assigned. 
 Additional alerts seen on a machine can be added to an automated investigation as long as the investigation is ongoing. 
@ -124,7 +128,7 @@ Machines that show the same threat can be added to an ongoing investigation and
 Selecting a machine using the checkbox brings up the machine details pane where you can see more information such as machine details and logged-on users.
-Clicking on an machine name brings you the machine page.
+Clicking on a machine name brings you the machine page.
 ### Evidence
@ -146,7 +150,7 @@ You can also click on an action to bring up the details pane where you'll see in
 ### Pending actions
-If there are pending actions on an automated investigation, you'll see a pop up similar to the following image. 
+If there are pending actions on an automated investigation, you'll see a pop-up similar to the following image. 
 ![Image of pending actions](images/pending-actions.png)
--- a/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/configure-endpoints-vdi.md
@ -15,7 +15,7 @@ manager: dansimp
 audience: ITPro
 ms.collection: M365-security-compliance 
 ms.topic: article
-ms.date: 04/24/2018
+ms.date: 04/16/2020
 ---
 # Onboard non-persistent virtual desktop infrastructure (VDI) machines
@ -81,15 +81,15 @@ The following steps will guide you through onboarding VDI machines and will high
 6. Test your solution:
-      a. Create a pool with one machine.
+    a. Create a pool with one machine.
-      b. Logon to machine.
+    b. Logon to machine.
-      c. Logoff from machine.
+    c. Logoff from machine.
-      d. Logon to machine with another user.
+    d. Logon to machine with another user.
-      e. **For single entry for each machine**: Check only one entry in Microsoft Defender Security Center.<br>
+    e. **For single entry for each machine**: Check only one entry in Microsoft Defender Security Center.<br>
    **For multiple entries for each machine**: Check multiple entries in Microsoft Defender Security Center.
 7. Click **Machines list** on the Navigation pane.
@ -111,22 +111,26 @@ For more information on DISM commands and offline servicing, please refer to the
 - [DISM Image Management Command-Line Options](https://docs.microsoft.com/windows-hardware/manufacture/desktop/dism-image-management-command-line-options-s14)
 - [Reduce the Size of the Component Store in an Offline Windows Image](https://docs.microsoft.com/windows-hardware/manufacture/desktop/reduce-the-size-of-the-component-store-in-an-offline-windows-image)
- If offline servicing is not a viable option for your non-persistent VDI environment, then the following steps should be taken to ensure consistency and sensor health:
+If offline servicing is not a viable option for your non-persistent VDI environment, the following steps should be taken to ensure consistency and sensor health:
 1. After booting the master image for online servicing or patching, run an offboarding script to turn off the Microsoft Defender ATP sensor. For more information, see [Offboard machines using a local script](configure-endpoints-script.md#offboard-machines-using-a-local-script).
-2. Ensure the sensor is off by running 'sc query sense'.
+2. Ensure the sensor is stopped by running the command below in a CMD window:
    ```
    sc query sense
    ```
 3. Service the image as needed.
 4. Run the below commands using PsExec.exe (which can be downloaded from https://download.sysinternals.com/files/PSTools.zip) to cleanup the cyber folder contents that the sensor may have accumulated since boot:
-```
+    ```
-PsExec.exe -s cmd.exe
+    PsExec.exe -s cmd.exe
-cd "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber"
+    cd "C:\ProgramData\Microsoft\Windows Defender Advanced Threat Protection\Cyber"
-del *.* /f /s /q
+    del *.* /f /s /q
-exit
+    exit
-```
+    ```
 5. Re-seal the golden/master image as you normally would.
--- a/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/import-export-exploit-protection-emet-xml.md
@ -21,11 +21,11 @@ manager: dansimp
 **Applies to:**
-* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](https://go.microsoft.com/fwlink/p/?linkid=2069559)
+* [Microsoft Defender Advanced Threat Protection (Microsoft Defender ATP)](microsoft-defender-advanced-threat-protection.md)
 Exploit protection applies helps protect devices from malware that use exploits to spread and infect. It consists of a number of mitigations that can be applied at either the operating system level, or at the individual app level.
-Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://technet.microsoft.com/security/jj653751) are now included in exploit protection.
+Many of the features that are part of the [Enhanced Mitigation Experience Toolkit (EMET)](https://support.microsoft.com/help/2458544/) are now included in exploit protection.
 You use the Windows Security app or PowerShell to create a set of mitigations (known as a configuration). You can then export this configuration as an XML file and share it with multiple machines on your network so they all have the same set of mitigation settings.
@ -33,7 +33,7 @@ You can also convert and import an existing EMET configuration XML file into an
 This topic describes how to create a configuration file and deploy it across your network, and how to convert an EMET configuration.
-The [Evaluation Package](https://aka.ms/mp7z2w) contains a sample configuration file (name *ProcessMitigation-Selfhost-v4.xml* that you can use to see how the XML structure looks. The sample file also contains settings that have been converted from an EMET configuration. You can open the file in a text editor (such as Notepad) or import it directly into exploit protection and then review the settings in the Windows Security app, as described further in this topic.
+The [Evaluation Package](https://demo.wd.microsoft.com/Page/EP) contains a sample configuration file (name *ProcessMitigation.xml* (Selfhost v4) that you can use to see how the XML structure looks. The sample file also contains settings that have been converted from an EMET configuration. You can open the file in a text editor (such as Notepad) or import it directly into exploit protection and then review the settings in the Windows Security app, as described further in this topic.
 ## Create and export a configuration file
@ -53,27 +53,28 @@ When you have configured exploit protection to your desired state (including bot
 3. At the bottom of the **Exploit protection** section, click **Export settings** and then choose the location and name of the XML file where you want the configuration to be saved.
-> [!IMPORTANT]
+    > [!IMPORTANT]
-> If you want to use Default configuration, use the settings "On by default" instead of "Use Default (On)" to get the settings exported correctly on the XML file.
+    > If you want to use Default configuration, use the settings "On by default" instead of "Use Default (On)" to get the settings exported correctly on the XML file.
-![Highlight of the Export Settings option](../images/wdsc-exp-prot-export.png)
+    ![Highlight of the Export Settings option](../images/wdsc-exp-prot-export.png)
-> [!NOTE]
+    > [!NOTE]
-> When you export the settings, all settings for both app-level and system-level mitigations are saved. This means you don't need to export a file from both the **System settings** and **Program settings** sections - either section will export all settings.
+    > When you export the settings, all settings for both app-level and system-level mitigations are saved. This means you don't need to export a file from both the **System settings** and **Program settings** sections—either section will export all settings.
 ### Use PowerShell to export a configuration file
-1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**.
 2. Enter the following cmdlet:
    ```PowerShell
    Get-ProcessMitigation -RegistryConfigFilePath filename.xml
    ```
-Change `filename` to any name or location of your choosing.
+    Change `filename` to any name or location of your choosing.
-Example command
+    Example command:
-**Get-ProcessMitigation -RegistryConfigFilePath C:\ExploitConfigfile.xml**
+
    **Get-ProcessMitigation -RegistryConfigFilePath C:\ExploitConfigfile.xml**
 > [!IMPORTANT]
 > When you deploy the configuration using Group Policy, all machines that will use the configuration must be able to access the configuration file. Ensure you place the file in a shared location.
@ -86,17 +87,18 @@ After importing, the settings will be instantly applied and can be reviewed in t
 ### Use PowerShell to import a configuration file
-1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**.
 2. Enter the following cmdlet:
    ```PowerShell
    Set-ProcessMitigation -PolicyFilePath filename.xml
    ```
-Change `filename` to the location and name of the exploit protection XML file.
+    Change `filename` to the location and name of the exploit protection XML file.
-Example command
+    Example command:
-**Set-ProcessMitigation -PolicyFilePath C:\ExploitConfigfile.xml**
+
    **Set-ProcessMitigation -PolicyFilePath C:\ExploitConfigfile.xml**
 > [!IMPORTANT]
 >
@ -116,14 +118,14 @@ You can only do this conversion in PowerShell.
 >
 > You can then convert that file using the PowerShell cmdlet described here before importing the settings into Exploit protection.
-1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**
+1. Type **powershell** in the Start menu, right click **Windows PowerShell** and click **Run as administrator**.
 2. Enter the following cmdlet:
    ```PowerShell
    ConvertTo-ProcessMitigationPolicy -EMETFilePath emetFile.xml -OutputFilePath filename.xml
    ```
-Change `emetFile` to the name and location of the EMET configuration file, and change `filename` to whichever location and file name you want to use.
+    Change `emetFile` to the name and location of the EMET configuration file, and change `filename` to whichever location and file name you want to use.
 > [!IMPORTANT]
 >
@ -141,7 +143,7 @@ You can use Group Policy to deploy the configuration you've created to multiple
 ### Use Group Policy to distribute the configuration
-1. On your Group Policy management machine, open the [Group Policy Management Console](https://technet.microsoft.com/library/cc731212.aspx), right-click the Group Policy Object you want to configure and click **Edit**.
+1. On your Group Policy management machine, open the [Group Policy Management Console](https://docs.microsoft.com/previous-versions/windows/desktop/gpmc/group-policy-management-console-portal), right-click the Group Policy Object you want to configure and click **Edit**.
 2. In the **Group Policy Management Editor** go to **Computer configuration** and click **Administrative templates**.
@ -151,14 +153,14 @@ You can use Group Policy to deploy the configuration you've created to multiple
 4. Double-click the **Use a common set of Exploit protection settings** setting and set the option to **Enabled**.
-5. In the **Options::** section, enter the location and filename of the Exploit protection configuration file that you want to use, such as in the following examples:
+5. In the **Options::** section, enter the location and file name of the Exploit protection configuration file that you want to use, such as in the following examples:
    * C:\MitigationSettings\Config.XML
    * \\\Server\Share\Config.xml
    * https://localhost:8080/Config.xml
    * C:\ExploitConfigfile.xml
-6. Click **OK** and [Deploy the updated GPO as you normally do](https://msdn.microsoft.com/library/ee663280(v=vs.85).aspx).
+6. Click **OK** and [Deploy the updated GPO as you normally do](https://docs.microsoft.com/windows/win32/srvnodes/group-policy).
 ## Related topics
--- a/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/linux-support-connectivity.md
@ -64,6 +64,9 @@ $ curl -x http://proxy_address:port -w ' %{url_effective}\n' 'https://x.cp.wd.mi
 Ensure that you use the same proxy address and port as configured in the `/lib/system/system/mdatp.service` file. Check your proxy configuration if there are errors from the above commands.
 > [!WARNING]
 > The static proxy cannot be configured through a system-wide `HTTPS_PROXY` environment variable. Instead, ensure that `HTTPS_PROXY` is properly set in the `/lib/system/system/mdatp.service` file.
 To use a static proxy, the `mdatp.service` file must be modified. Ensure the leading `#` is removed to uncomment the following line from `/lib/systemd/system/mdatp.service`:
 ```bash
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-auto-investigation.md
@ -21,39 +21,39 @@ ms.topic: conceptual
 ## Remediation actions
-When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *Clean*. Depending on the type of threat and resulting verdict, remediation actions occur automatically or upon approval by your organization’s security operations team. For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed.  
+When an automated investigation runs, a verdict is generated for each piece of evidence investigated. Verdicts can be *Malicious*, *Suspicious*, or *No threats found*. Depending on the type of threat and resulting verdict, remediation actions occur automatically or upon approval by your organization’s security operations team. For example, some actions, such as removing malware, are taken automatically. Other actions require review and approval to proceed.  
 When a verdict of *Malicious* is reached for a piece of evidence, Microsoft Defender Advanced Threat Protection takes one of the following remediation actions automatically:
- Quarantine file
+- Quarantine a file
- Remove registry key
+- Remove a registry key
- Kill process
+- Kill a process
- Stop service
+- Stop a service
- Remove registry key
+- Remove a registry key
- Disable driver
+- Disable a driver
- Remove scheduled task
+- Remove a scheduled task
-Evidence determined as *Suspicious* results in pending actions that require approval. As a best practice, make sure to [approve (or reject) pending actions](#review-pending-actions) as soon as possible. This helps your automated investigations complete in a timely manner. 
+Evidence determined as *Suspicious* results in pending actions that require approval. As a best practice, make sure to [approve (or reject) pending actions](#review-pending-actions) as soon as possible so that you automated investigations complete in a timely manner. 
-No actions are taken when evidence is determined to be *Clean*. 
+No actions are taken when a verdict of *No threats found* is reached for a piece of evidence. 
 In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and viewable in the Microsoft Defender Security Center](#review-completed-actions).
 ## Review pending actions
-1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. This takes you to your Security dashboard.
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. You'll see the Security dashboard.
 2. On the Security dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**.
 3. Review any items on the **Pending** tab. 
-    Selecting an investigation from any of the categories opens a panel where you can approve or reject the remediation. Other details such as file or service details, investigation details, and alert details are displayed. From the panel, you can click on the **Open investigation page** link to see the investigation details.
+    Select an investigation from any of the categories to open a panel where you can approve or reject remediation actions. Other details such as file or service details, investigation details, and alert details are displayed. From the panel, you can click on the **Open investigation page** link to see the investigation details.
    You can also select multiple investigations to approve or reject actions on multiple investigations. 
 ## Review completed actions
-1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. This takes you to your Security dashboard.
+1. Go to the Microsoft Defender Security Center ([https://securitycenter.windows.com](https://securitycenter.windows.com)) and sign in. You'll see the Security dashboard.
 2. On the Security dashboard, in the navigation pane on the left, choose **Automated investigations** > **Action center**.
@ -61,6 +61,12 @@ In Microsoft Defender Advanced Threat Protection, all verdicts are [tracked and
 4. Select an item to view more details about that remediation action.
 ## Next steps
 - [View details and results of automated investigations](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/auto-investigation-action-center)
 - [Get an overview of live response](https://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-atp/live-response)
 ## Related articles
 - [Automated investigation and response in Office 365 Advanced Threat Protection](https://docs.microsoft.com/microsoft-365/security/office-365-security/office-365-air)
--- a/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/manage-indicators.md
@ -1,7 +1,7 @@
 ---
 title: Manage indicators 
 ms.reviewer: 
-description: Create indicators for a file hash, IP address, URLs or domains that define the detection, prevention, and exclusion of entities.
+description: Create indicators for a file hash, IP address, URLs, or domains that define the detection, prevention, and exclusion of entities.
 keywords: manage, allowed, blocked, whitelist, blacklist, block, clean, malicious, file hash, ip address, urls, domain
 search.product: eADQiWindows 10XVcnh
 search.appverid: met150
@ -26,7 +26,7 @@ ms.topic: article
 >Want to experience Microsoft Defender ATP? [Sign up for a free trial.](https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp?ocid=docs-wdatp-automationexclusionlist-abovefoldlink)
-Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability is available in Microsoft Defender ATP and gives SecOps the ability to set a list of indicators for detection and for blocking (prevention and response).
+Indicator of compromise (IoCs) matching is an essential feature in every endpoint protection solution. This capability gives SecOps the ability to set a list of indicators for detection and for blocking (prevention and response).
 Create indicators that define the detection, prevention, and exclusion of entities. You can define the action to be taken as well as the duration for when to apply the action as well as the scope of the machine group to apply it to.
@ -54,7 +54,7 @@ You can create an indicator for:
 - URLs/domains
 >[!NOTE]
->There is a limit of 5000 indicators per tenant. 
+>There is a limit of 15,000 indicators per tenant. 
 ![Image of indicators settings page](images/rules-indicators.png)
@ -103,17 +103,17 @@ One of the options when taking [response actions on a file](respond-file-alerts.
 When you add an indicator hash for a file, you can choose to raise an alert and block the file whenever a machine in your organization attempts to run it.
-Files automatically blocked by an indicator won't show up in the files's Action center, but the alerts will still be visible in the Alerts queue.
+Files automatically blocked by an indicator won't show up in the file's Action center, but the alerts will still be visible in the Alerts queue.
 ## Create indicators for IPs and URLs/domains (preview)
 Microsoft Defender ATP can block what Microsoft deems as malicious IPs/URLs, through Windows Defender SmartScreen for Microsoft browsers, and through Network Protection for non-Microsoft browsers or calls made outside of a browser.
 The threat intelligence data set for this has been managed by Microsoft.
-By creating indicators for IPs and URLs or domains, you can now allow or block IPs, URLs or domains based on your own threat intelligence. You can do this through the settings page or by machine groups if you deem certain groups to be more or less at risk than others.
+By creating indicators for IPs and URLs or domains, you can now allow or block IPs, URLs, or domains based on your own threat intelligence. You can do this through the settings page or by machine groups if you deem certain groups to be more or less at risk than others.
 ### Before you begin
-It's important to understand the following prerequisites prior to creating indicators for IPS, URLs or domains:
+It's important to understand the following prerequisites prior to creating indicators for IPS, URLs, or domains:
 - URL/IP allow and block relies on the Microsoft Defender ATP component Network Protection to be enabled in block mode. For more information on Network Protection and configuration instructions, see [Protect your network](network-protection.md).
 - The Antimalware client version must be 4.18.1906.x or later. 
 - Supported on machines on Windows 10, version 1709 or later. 
@ -132,7 +132,7 @@ It's important to understand the following prerequisites prior to creating indic
 >[!NOTE]
 >There may be up to 2 hours latency (usually less) between the time the action is taken, and the URL and IP being blocked. 
-### Create an indicator for IPs, URLs or domains from the settings page
+### Create an indicator for IPs, URLs, or domains from the settings page
 1. In the navigation pane, select **Settings** > **Indicators**.  
@ -163,8 +163,33 @@ You can also choose to upload a CSV file that defines the attributes of indicato
 Download the sample CSV to know the supported column attributes.
 1. In the navigation pane, select **Settings** > **Indicators**.
 2. Select the tab of the entity type you'd like to import indicators for.
 3. Select **Import** > **Choose file**. 
 4. Select **Import**. Do this for all the files you'd like to import. 
 5. Select **Done**.
 The following table shows the supported parameters.
 Parameter |	Type	|	Description
 :---|:---|:---
 indicatorType | Enum | Type of the indicator. Possible values are: "FileSha1", "FileSha256", "IpAddress", "DomainName" and "Url". **Required**
 indicatorValue | String | Identity of the [Indicator](ti-indicator.md) entity. **Required**
 action | Enum | The action that will be taken if the indicator will be discovered in the organization. Possible values are: "Alert", "AlertAndBlock", and "Allowed". **Required**
 title | String | Indicator alert title. **Required**
 description | String |  Description of the indicator. **Required**
 expirationTime | DateTimeOffset | The expiration time of the indicator in the following format YYYY-MM-DDTHH:MM:SS.0Z. **Optional**
 severity | Enum | The severity of the indicator. Possible values are: "Informational", "Low", "Medium" and "High". **Optional**
 recommendedActions | String | TI indicator alert recommended actions. **Optional**
 rbacGroupNames | String | Comma-separated list of RBAC group names the indicator would be applied to. **Optional**
 ## Related topic
 - [Create contextual IoC](respond-file-alerts.md#add-indicator-to-block-or-allow-a-file)
 - [Use the Microsoft Defender ATP indicators API](ti-indicator.md)
 - [Use partner integrated solutions](partner-applications.md)
--- a/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
+++ b/windows/security/threat-protection/microsoft-defender-atp/post-ti-indicator.md
@ -71,6 +71,7 @@ description | String | Description of the indicator. **Required**
 expirationTime | DateTimeOffset | The expiration time of the indicator. **Optional**
 severity | Enum | The severity of the indicator. possible values are: "Informational", "Low", "Medium" and "High". **Optional**
 recommendedActions | String | TI indicator alert recommended actions. **Optional**
 rbacGroupNames | String | Comma-separated list of RBAC group names the indicator would be applied to. **Optional**
 ## Response
@ -87,16 +88,18 @@ Here is an example of the request.
 POST https://api.securitycenter.windows.com/api/indicators
 Content-type: application/json
 {
-	"indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f",
+    "indicatorValue": "220e7d15b011d7fac48f2bd61114db1022197f7f",
-	"indicatorType": "FileSha1",
+    "indicatorType": "FileSha1",
-	"title": "test",
+    "title": "test",
-	"application": "demo-test",
+    "application": "demo-test",
-	"expirationTime": "2020-12-12T00:00:00Z",
+    "expirationTime": "2020-12-12T00:00:00Z",
-	"action": "AlertAndBlock",
+    "action": "AlertAndBlock",
-	"severity": "Informational",
+    "severity": "Informational",
-	"description": "test",
+    "description": "test",
-	"recommendedActions": "nothing"
+    "recommendedActions": "nothing",
    "rbacGroupNames": ["group1", "group2"]
 }
 ```
 ## Related topic
 - [Manage indicators](manage-indicators.md)
--- a/windows/security/threat-protection/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/security-compliance-toolkit-10.md
@ -41,7 +41,7 @@ The Security Compliance Toolkit consists of:
    -   Windows Server 2012 R2
 -   Microsoft Office security baseline
-    -   Office 365 ProPlus (Sept 2019)
+    -   Microsoft 365 Apps for enterprise (Sept 2019)
 -   Microsoft Edge security baseline
    -   Version 80
--- a/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
+++ b/windows/security/threat-protection/security-policy-settings/interactive-logon-dont-display-username-at-sign-in.md
@ -2,7 +2,7 @@
 title: Interactive logon Don't display username at sign-in (Windows 10)
 description: Describes the best practices, location, values, and security considerations for the Interactive logon Don't display username at sign-in security policy setting.
 ms.assetid: 98b24b03-95fe-4edc-8e97-cbdaa8e314fd
-ms.reviewer: 
+ms.reviewer:
 ms.author: dansimp
 ms.prod: w10
 ms.mktglfcycl: deploy
@ -20,9 +20,9 @@ ms.date: 04/19/2017
 # Interactive logon: Don't display username at sign-in
 **Applies to**
-   Windows Server 2003, Windows Vista, Windows XP, Windows Server 2008, Windows 7, Windows 8.1, Windows Server 2008 R2, Windows Server 2012 R2, Windows Server 2012, Windows 8, Windows 10
+- Windows 10, Windows Server 2019
-Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting. 
+Describes the best practices, location, values, and security considerations for the **Interactive logon: Don't display username at sign-in** security policy setting.
 ## Reference
@ -56,7 +56,7 @@ Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\Sec
 | Domain controller effective default settings | Not defined|
 | Member server effective default settings | Not defined|
 | Effective GPO default settings on client computers | Not defined|
- 
+
 ## Policy management
 This section describes features and tools that are available to help you manage this policy.
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@ -129,9 +129,9 @@ Wildcards can be used at the beginning or end of a path rule; only one wildcard
 ## Windows Defender Application Control filename rules
-File name rule levels provide administrators to specify the file attributes off which to base a file name rule. File name rules do not provide the same security guarantees that explicit signer rules do, as they are based on mutable access permissions. Specification of the file name level occurs when creating new policy rules. In addition, to combine file name levels found in multiple policies, you can merge multiple policies. 
+File name rule levels provide administrators to specify the file attributes off which to base a file name rule. File name rules provide the same security guarantees that explicit signer rules do, as they are based on non-mutable file attributes. Specification of the file name level occurs when creating new policy rules. In addition, to combine file name levels found in multiple policies, you can merge multiple policies. 
-Use Table 3 to select the appropriate file name level for your available administrative resources and Windows Defender Application Control deployment scenario.
+Use Table 3 to select the appropriate file name level for your available administrative resources and Windows Defender Application Control deployment scenario. For instance, an LOB or production application and its binaries (eg. DLLs) may all share the same product name. This allows users to easily create targeted policies based on the Product Name filename rule level.  
 **Table 3. Windows Defender Application Control policy - filename levels**
--- a/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
+++ b/windows/security/threat-protection/windows-defender-application-guard/reqs-wd-app-guard.md
@ -42,4 +42,3 @@ Your environment needs the following software to run Windows Defender Applicatio
 |Operating system|Windows 10 Enterprise edition, version 1709 or higher<br>Windows 10 Professional edition, version 1803 or higher<br>Windows 10 Professional for Workstations edition, version 1803 or higher<br>Windows 10 Professional Education edition version 1803 or higher<br>Windows 10 Education edition, version 1903 or higher<br>Professional editions are only supported for non-managed devices; Intune or any other 3rd party mobile device management (MDM) solutions are not supported with WDAG for Professional editions. |
 |Browser|Microsoft Edge and Internet Explorer|
 |Management system<br> (only for managed devices)|[Microsoft Intune](https://docs.microsoft.com/intune/)<br><br>**-OR-**<br><br>[Microsoft Endpoint Configuration Manager](https://docs.microsoft.com/configmgr/)<br><br>**-OR-**<br><br>[Group Policy](https://technet.microsoft.com/library/cc753298(v=ws.11).aspx)<br><br>**-OR-**<br><br>Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product.|
 |Windows Defender Exploit Protection settings|The following settings should be configured or verified in the **Windows Security** app under **App & browser control** > **Exploit protection** > **Exploit protection settings** > **System Settings**.<br><br>**Control flow guard (CFG)** must be set to **Use default (On)** or **Off by default**. If set to **On by default**, [Windows Defender Application Guard](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-application-guard) will not launch.<br><br>**Randomize memory allocations (Bottom-up ASLR)** must be set to **Use default (On)** or **Off by default**. If set to "On by default", the `Vmmem` process will have high CPU utilization while a Windows Defender Application Guard window is open.|
--- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md
+++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md
@ -1,7 +1,7 @@
 ---
-title: Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings (Windows 10)
+title: Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings (Windows 10)
-description: A list of all available settings for Windows Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
+description: A list of all available settings for Microsoft Defender SmartScreen using Group Policy and mobile device management (MDM) settings.
-keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen
+keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
@ -13,13 +13,13 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ---
-# Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings
+# Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings
 **Applies to:**
 - Windows 10
 - Windows 10 Mobile
-Windows Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Windows Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely.
+Microsoft Defender SmartScreen works with Intune, Group Policy, and mobile device management (MDM) settings to help you manage your organization's computer settings. Based on how you set up Microsoft Defender SmartScreen, you can show employees a warning page and let them continue to the site, or you can block the site entirely.
 See [Windows 10 (and later) settings to protect devices using Intune](https://docs.microsoft.com/intune/endpoint-protection-windows-10#windows-defender-smartscreen-settings) for the controls you can use in Intune.
@ -35,7 +35,7 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor
 <tr>
 <td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure Windows Defender SmartScreen<p><strong>Windows 10, Version 1607 and earlier:</strong><br>Administrative Templates\Windows Components\File Explorer\Configure Windows SmartScreen</td>
 <td>At least Windows Server 2012, Windows 8 or Windows RT</td>
-<td>This policy setting turns on Windows Defender SmartScreen.<p>If you enable this setting, it turns on Windows Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Windows Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).<p>If you disable this setting, it turns off Windows Defender SmartScreen and your employees are unable to turn it on.<p>If you don't configure this setting, your employees can decide whether to use Windows Defender SmartScreen.</td>
+<td>This policy setting turns on Microsoft Defender SmartScreen.<p>If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off. Additionally, when enabling this feature, you must also pick whether Microsoft Defender SmartScreen should Warn your employees or Warn and prevent bypassing the message (effectively blocking the employee from the site).<p>If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.<p>If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.</td>
 </tr>
 <tr>
 <td>Administrative Templates\Windows Components\Windows Defender SmartScreen\Explorer\Configure App Install Control</td>
@ -45,38 +45,38 @@ SmartScreen uses registry-based Administrative Template policy settings. For mor
 <tr>
 <td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Configure Windows Defender SmartScreen<p><strong>Windows 10, Version 1607 and earlier:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Configure Windows SmartScreen</td>
 <td>Microsoft Edge on Windows 10 or later</td>
-<td>This policy setting turns on Windows Defender SmartScreen.<p>If you enable this setting, it turns on Windows Defender SmartScreen and your employees are unable to turn it off.<p>If you disable this setting, it turns off Windows Defender SmartScreen and your employees are unable to turn it on.<p>If you don't configure this setting, your employees can decide whether to use Windows Defender SmartScreen.</td>
+<td>This policy setting turns on Microsoft Defender SmartScreen.<p>If you enable this setting, it turns on Microsoft Defender SmartScreen and your employees are unable to turn it off.<p>If you disable this setting, it turns off Microsoft Defender SmartScreen and your employees are unable to turn it on.<p>If you don't configure this setting, your employees can decide whether to use Microsoft Defender SmartScreen.</td>
 </tr>
 <tr>
 <td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for files<p><strong>Windows 10, Version 1511 and 1607:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for files</td>
 <td>Microsoft Edge on Windows 10, version 1511 or later</td>
-<td>This policy setting stops employees from bypassing the Windows Defender SmartScreen warnings about potentially malicious files.<p>If you enable this setting, it stops employees from bypassing the warning, stopping the file download.<p>If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.</td>
+<td>This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious files.<p>If you enable this setting, it stops employees from bypassing the warning, stopping the file download.<p>If you disable or don't configure this setting, your employees can bypass the warnings and continue to download potentially malicious files.</td>
 </tr>
 <tr>
 <td><strong>Windows 10, version 1703:</strong><br>Administrative Templates\Windows Components\Windows Defender SmartScreen\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites<p><strong>Windows 10, Version 1511 and 1607:</strong><br>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows SmartScreen prompts for sites</td>
 <td>Microsoft Edge on Windows 10, version 1511 or later</td>
-<td>This policy setting stops employees from bypassing the Windows Defender SmartScreen warnings about potentially malicious sites.<p>If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.<p>If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.</td>
+<td>This policy setting stops employees from bypassing the Microsoft Defender SmartScreen warnings about potentially malicious sites.<p>If you enable this setting, it stops employees from bypassing the warning, stopping them from going to the site.<p>If you disable or don't configure this setting, your employees can bypass the warnings and continue to visit a potentially malicious site.</td>
 </tr>
 <tr>
 <td>Administrative Templates\Windows Components\Internet Explorer\Prevent managing SmartScreen Filter</td>
 <td>Internet Explorer 9 or later</td>
-<td>This policy setting prevents the employee from managing Windows Defender SmartScreen.<p>If you enable this policy setting, the employee isn't prompted to turn on Windows Defender SmartScreen. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the employee.<p>If you disable or don't configure this policy setting, the employee is prompted to decide whether to turn on Windows Defender SmartScreen during the first-run experience.</td>
+<td>This policy setting prevents the employee from managing Microsoft Defender SmartScreen.<p>If you enable this policy setting, the employee isn't prompted to turn on Microsoft Defender SmartScreen. All website addresses that are not on the filter's allow list are sent automatically to Microsoft without prompting the employee.<p>If you disable or don't configure this policy setting, the employee is prompted to decide whether to turn on Microsoft Defender SmartScreen during the first-run experience.</td>
 </tr>
 <tr>
 <td>Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings</td>
 <td>Internet Explorer 8 or later</td>
-<td>This policy setting determines whether an employee can bypass warnings from Windows Defender SmartScreen.<p>If you enable this policy setting, Windows Defender SmartScreen warnings block the employee.<p>If you disable or don't configure this policy setting, the employee can bypass Windows Defender SmartScreen warnings.</td>
+<td>This policy setting determines whether an employee can bypass warnings from Microsoft Defender SmartScreen.<p>If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.<p>If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.</td>
 </tr>
 <tr>
 <td>Administrative Templates\Windows Components\Internet Explorer\Prevent bypassing SmartScreen Filter warnings about files that are not commonly downloaded from the Internet</td>
 <td>Internet Explorer 9 or later</td>
-<td>This policy setting determines whether the employee can bypass warnings from Windows Defender SmartScreen. Windows Defender SmartScreen warns the employee about executable files that Internet Explorer users do not commonly download from the Internet.<p>If you enable this policy setting, Windows Defender SmartScreen warnings block the employee.<p>If you disable or don't configure this policy setting, the employee can bypass Windows Defender SmartScreen warnings.</td>
+<td>This policy setting determines whether the employee can bypass warnings from Microsoft Defender SmartScreen. Microsoft Defender SmartScreen warns the employee about executable files that Internet Explorer users do not commonly download from the Internet.<p>If you enable this policy setting, Microsoft Defender SmartScreen warnings block the employee.<p>If you disable or don't configure this policy setting, the employee can bypass Microsoft Defender SmartScreen warnings.</td>
 </tr>
 </table>
 ## MDM settings
 If you manage your policies using Microsoft Intune, you'll want to use these MDM policy settings. All settings support both desktop computers (running Windows 10 Pro or Windows 10 Enterprise, enrolled with Microsoft Intune) and Windows 10 Mobile devices.  <br><br> 
-For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP - InternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer).
+For Microsoft Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP - InternetExplorer](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-internetexplorer).
 <table>
 <tr>
 <th align="left">Setting</th>
@ -91,8 +91,8 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
 <li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/Browser/AllowSmartScreen</li>
 <li><strong>Data type.</strong> Integer</li>
 <li><strong>Allowed values:</strong><ul>
-<li><strong>0 .</strong> Turns off Windows Defender SmartScreen in Edge.</li>
+<li><strong>0 .</strong> Turns off Microsoft Defender SmartScreen in Edge.</li>
-<li><strong>1.</strong> Turns on Windows Defender SmartScreen in Edge.</li></ul></li></ul>
+<li><strong>1.</strong> Turns on Microsoft Defender SmartScreen in Edge.</li></ul></li></ul>
 </td>
 </tr>
 <tr>
@ -115,8 +115,8 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
 <li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/SmartScreen/EnableSmartScreenInShell</li>
 <li><strong>Data type.</strong> Integer</li>
 <li><strong>Allowed values:</strong><ul>
-<li><strong>0 .</strong> Turns off Windows Defender SmartScreen in Windows for app and file execution.</li>
+<li><strong>0 .</strong> Turns off Microsoft Defender SmartScreen in Windows for app and file execution.</li>
-<li><strong>1.</strong> Turns on Windows Defender SmartScreen in Windows for app and file execution.</li></ul></li></ul>
+<li><strong>1.</strong> Turns on Microsoft Defender SmartScreen in Windows for app and file execution.</li></ul></li></ul>
 </td>
 </tr>
 <tr>
@ -127,8 +127,8 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
 <li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/SmartScreen/PreventOverrideForFilesInShell</li>
 <li><strong>Data type.</strong> Integer</li>
 <li><strong>Allowed values:</strong><ul>
-<li><strong>0 .</strong> Employees can ignore Windows Defender SmartScreen warnings and run malicious files.</li>
+<li><strong>0 .</strong> Employees can ignore Microsoft Defender SmartScreen warnings and run malicious files.</li>
-<li><strong>1.</strong> Employees can't ignore Windows Defender SmartScreen warnings and run malicious files.</li></ul></li></ul>
+<li><strong>1.</strong> Employees can't ignore Microsoft Defender SmartScreen warnings and run malicious files.</li></ul></li></ul>
 </td>
 </tr>
 <tr>
@ -139,8 +139,8 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
 <li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/Browser/PreventSmartscreenPromptOverride</li>
 <li><strong>Data type.</strong> Integer</li>
 <li><strong>Allowed values:</strong><ul>
-<li><strong>0 .</strong> Employees can ignore Windows Defender SmartScreen warnings.</li>
+<li><strong>0 .</strong> Employees can ignore Microsoft Defender SmartScreen warnings.</li>
-<li><strong>1.</strong> Employees can't ignore Windows Defender SmartScreen warnings.</li></ul></li></ul>
+<li><strong>1.</strong> Employees can't ignore Microsoft Defender SmartScreen warnings.</li></ul></li></ul>
 </td>
 </tr>
 <tr>
@ -151,16 +151,16 @@ For Windows Defender SmartScreen Internet Explorer MDM policies, see [Policy CSP
 <li><strong>URI full path.</strong> ./Vendor/MSFT/Policy/Config/Browser/PreventSmartScreenPromptOverrideForFiles</li>
 <li><strong>Data type.</strong> Integer</li>
 <li><strong>Allowed values:</strong><ul>
-<li><strong>0 .</strong> Employees can ignore Windows Defender SmartScreen warnings for files.</li>
+<li><strong>0 .</strong> Employees can ignore Microsoft Defender SmartScreen warnings for files.</li>
-<li><strong>1.</strong> Employees can't ignore Windows Defender SmartScreen warnings for files.</li></ul></li></ul>
+<li><strong>1.</strong> Employees can't ignore Microsoft Defender SmartScreen warnings for files.</li></ul></li></ul>
 </td>
 </tr>
 </table>
 ## Recommended Group Policy and MDM settings for your organization
-By default, Windows Defender SmartScreen lets employees bypass warnings. Unfortunately, this can let employees continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Windows Defender SmartScreen to block high-risk interactions instead of providing just a warning.
+By default, Microsoft Defender SmartScreen lets employees bypass warnings. Unfortunately, this can let employees continue to an unsafe site or to continue to download an unsafe file, even after being warned. Because of this possibility, we strongly recommend that you set up Microsoft Defender SmartScreen to block high-risk interactions instead of providing just a warning.
-To better help you protect your organization, we recommend turning on and using these specific Windows Defender SmartScreen Group Policy and MDM settings.
+To better help you protect your organization, we recommend turning on and using these specific Microsoft Defender SmartScreen Group Policy and MDM settings.
 <table>
 <tr>
 <th align="left">Group Policy setting</th>
@ -168,7 +168,7 @@ To better help you protect your organization, we recommend turning on and using
 </tr>
 <tr>
 <td>Administrative Templates\Windows Components\Microsoft Edge\Configure Windows Defender SmartScreen</td>
-<td><strong>Enable.</strong> Turns on Windows Defender SmartScreen.</td>
+<td><strong>Enable.</strong> Turns on Microsoft Defender SmartScreen.</td>
 </tr>
 <tr>
 <td>Administrative Templates\Windows Components\Microsoft Edge\Prevent bypassing Windows Defender SmartScreen prompts for sites</td>
@ -191,7 +191,7 @@ To better help you protect your organization, we recommend turning on and using
 </tr>
 <tr>
 <td>Browser/AllowSmartScreen</td>
-<td><strong>1.</strong> Turns on Windows Defender SmartScreen.</td>
+<td><strong>1.</strong> Turns on Microsoft Defender SmartScreen.</td>
 </tr>
 <tr>
 <td>Browser/PreventSmartScreenPromptOverride</td>
@ -203,7 +203,7 @@ To better help you protect your organization, we recommend turning on and using
 </tr>
 <tr>
 <td>SmartScreen/EnableSmartScreenInShell</td>
-<td><strong>1.</strong> Turns on Windows Defender SmartScreen in Windows.<p>Requires at least Windows 10, version 1703.</td>
+<td><strong>1.</strong> Turns on Microsoft Defender SmartScreen in Windows.<p>Requires at least Windows 10, version 1703.</td>
 </tr>
 <tr>
 <td>SmartScreen/PreventOverrideForFilesInShell</td>
@ -214,7 +214,7 @@ To better help you protect your organization, we recommend turning on and using
 ## Related topics
 - [Threat protection](../index.md)
- [Windows Defender SmartScreen overview](windows-defender-smartscreen-overview.md)
+- [Microsoft Defender SmartScreen overview](windows-defender-smartscreen-overview.md)
 - [Available Group Policy and Mobile Device Management (MDM) settings for Microsoft Edge](/microsoft-edge/deploy/available-policies)
--- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md
+++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-overview.md
@ -1,7 +1,7 @@
 ---
-title: Windows Defender SmartScreen overview (Windows 10)
+title: Microsoft Defender SmartScreen overview (Windows 10)
-description: Conceptual info about Windows Defender SmartScreen.
+description: Conceptual info about Microsoft Defender SmartScreen.
-keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen
+keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
@ -15,7 +15,7 @@ ms.reviewer:
 manager: dansimp
 ---
-# Windows Defender SmartScreen
+# Microsoft Defender SmartScreen
 **Applies to:**
@ -23,53 +23,53 @@ manager: dansimp
 - Windows 10 Mobile
 - Microsoft Edge
-Windows Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.
+Microsoft Defender SmartScreen protects against phishing or malware websites and applications, and the downloading of potentially malicious files.
-**Windows Defender SmartScreen determines whether a site is potentially malicious by:**
+**Microsoft Defender SmartScreen determines whether a site is potentially malicious by:**
- Analyzing visited webpages looking for indications of suspicious behavior. If Windows Defender SmartScreen determines that a page is suspicious, it will show a warning page to advise caution.
+- Analyzing visited webpages looking for indications of suspicious behavior. If Microsoft Defender SmartScreen determines that a page is suspicious, it will show a warning page to advise caution.
- Checking the visited sites against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, Windows Defender SmartScreen shows a warning to let the user know that the site might be malicious.
+- Checking the visited sites against a dynamic list of reported phishing sites and malicious software sites. If it finds a match, Microsoft Defender SmartScreen shows a warning to let the user know that the site might be malicious.
-**Windows Defender SmartScreen determines whether a downloaded app or app installer is potentially malicious by:**
+**Microsoft Defender SmartScreen determines whether a downloaded app or app installer is potentially malicious by:**
- Checking downloaded files against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, Windows Defender SmartScreen shows a warning to let the user know that the site might be malicious.
+- Checking downloaded files against a list of reported malicious software sites and programs known to be unsafe. If it finds a match, Microsoft Defender SmartScreen shows a warning to let the user know that the site might be malicious.
- Checking downloaded files against a list of files that are well known and downloaded by many Windows users. If the file isn't on that list, Windows Defender SmartScreen shows a warning, advising caution.
+- Checking downloaded files against a list of files that are well known and downloaded by many Windows users. If the file isn't on that list, Microsoft Defender SmartScreen shows a warning, advising caution.
-## Benefits of Windows Defender SmartScreen
+## Benefits of Microsoft Defender SmartScreen
-Windows Defender SmartScreen provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially-engineered attack. The primary benefits are:
+Microsoft Defender SmartScreen provide an early warning system against websites that might engage in phishing attacks or attempt to distribute malware through a socially-engineered attack. The primary benefits are:
- **Anti-phishing and anti-malware support.** Windows Defender SmartScreen helps to protect users from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed. For more info about drive-by attacks, see [Evolving Windows Defender SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/SmartScreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97)
+- **Anti-phishing and anti-malware support.** Microsoft Defender SmartScreen helps to protect users from sites that are reported to host phishing attacks or attempt to distribute malicious software. It can also help protect against deceptive advertisements, scam sites, and drive-by attacks. Drive-by attacks are web-based attacks that tend to start on a trusted site, targeting security vulnerabilities in commonly used software. Because drive-by attacks can happen even if the user does not click or download anything on the page, the danger often goes unnoticed. For more info about drive-by attacks, see [Evolving Microsoft Defender SmartScreen to protect you from drive-by attacks](https://blogs.windows.com/msedgedev/2015/12/16/SmartScreen-drive-by-improvements/#3B7Bb8bzeAPq8hXE.97)
- **Reputation-based URL and app protection.** Windows Defender SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate has an established reputation, users won't see any warnings. If, however, there's no reputation, the item is marked as a higher risk and presents a warning to the user.
+- **Reputation-based URL and app protection.** Microsoft Defender SmartScreen evaluates a website's URLs to determine if they're known to distribute or host unsafe content. It also provides reputation checks for apps, checking downloaded programs and the digital signature used to sign a file. If a URL, a file, an app, or a certificate has an established reputation, users won't see any warnings. If, however, there's no reputation, the item is marked as a higher risk and presents a warning to the user.
- **Operating system integration.** Windows Defender SmartScreen is integrated into the Windows 10 operating system, meaning that it checks any files an app (including 3rd-party browsers and email clients) attempts to download and run.
+- **Operating system integration.** Microsoft Defender SmartScreen is integrated into the Windows 10 operating system, meaning that it checks any files an app (including 3rd-party browsers and email clients) attempts to download and run.
- **Improved heuristics and diagnostic data.** Windows Defender SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files.
+- **Improved heuristics and diagnostic data.** Microsoft Defender SmartScreen is constantly learning and endeavoring to stay up-to-date, so it can help to protect you against potentially malicious sites and files.
- **Management through Group Policy and Microsoft Intune.** Windows Defender SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md).
+- **Management through Group Policy and Microsoft Intune.** Microsoft Defender SmartScreen supports using both Group Policy and Microsoft Intune settings. For more info about all available settings, see [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](windows-defender-smartscreen-available-settings.md).
 - **Blocking URLs associated with potentially unwanted applications.** In Microsoft Edge (based on Chromium), SmartScreen blocks URLs associated with potentially unwanted applications, or PUAs. For more information on blocking URLs associated with PUAs, see [Detect and block potentially unwanted applications](../windows-defender-antivirus/detect-block-potentially-unwanted-apps-windows-defender-antivirus.md).
 > [!IMPORTANT]
 > SmartScreen protects against malicious files from the internet. It does not protect against malicious files on internal locations or network shares, such as shared folders with UNC paths or SMB/CIFS shares.
-## Submit files to Windows Defender SmartScreen for review
+## Submit files to Microsoft Defender SmartScreen for review
 If you believe a warning or block was incorrectly shown for a file or application, or if you believe an undetected file is malware, you can [submit a file](https://www.microsoft.com/wdsi/filesubmission/) to Microsoft for review. For more info, see [Submit files for analysis](https://docs.microsoft.com/windows/security/threat-protection/intelligence/submission-guide). 
 When submitting Microsoft Defender Smartscreen products, make sure to select **Microsoft Defender SmartScreen** from the product menu.
-![Windows Security, Windows Defender SmartScreen controls](images/Microsoft-defender-smartscreen-submission.png)
+![Windows Security, Microsoft Defender SmartScreen controls](images/Microsoft-defender-smartscreen-submission.png)
-## Viewing Windows Defender SmartScreen anti-phishing events
+## Viewing Microsoft Defender SmartScreen anti-phishing events
-When Windows Defender SmartScreen warns or blocks a user from a website, it's logged as [Event 1035 - Anti-Phishing](https://technet.microsoft.com/scriptcenter/dd565657(v=msdn.10).aspx).
+When Microsoft Defender SmartScreen warns or blocks a user from a website, it's logged as [Event 1035 - Anti-Phishing](https://technet.microsoft.com/scriptcenter/dd565657(v=msdn.10).aspx).
-## Viewing Windows event logs for Windows Defender SmartScreen
+## Viewing Windows event logs for Microsoft Defender SmartScreen
-Windows Defender SmartScreen events appear in the Microsoft-Windows-SmartScreen/Debug log in Event Viewer.
+Microsoft Defender SmartScreen events appear in the Microsoft-Windows-SmartScreen/Debug log in Event Viewer.
 Windows event log for SmartScreen is disabled by default, users can use Event Viewer UI to enable the log or use the command line to enable it:
@ -89,4 +89,4 @@ EventID | Description
 ## Related topics
 - [Threat protection](../index.md)
- [Available Windows Defender SmartScreen Group Policy and mobile device management (MDM) settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings)
+- [Available Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings](https://docs.microsoft.com/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings)
--- a/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md
+++ b/windows/security/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-set-individual-device.md
@ -1,7 +1,7 @@
 ---
-title: Set up and use Windows Defender SmartScreen on individual devices (Windows 10)
+title: Set up and use Microsoft Defender SmartScreen on individual devices (Windows 10)
-description: Learn how employees can use Windows Security to set up Windows Defender SmartScreen. Windows Defender SmartScreen protects users from running malicious apps.
+description: Learn how employees can use Windows Security to set up Microsoft Defender SmartScreen. Microsoft Defender SmartScreen protects users from running malicious apps.
-keywords: SmartScreen Filter, Windows SmartScreen, Windows Defender SmartScreen
+keywords: SmartScreen Filter, Windows SmartScreen, Microsoft Defender SmartScreen
 ms.prod: w10
 ms.mktglfcycl: explore
 ms.sitesec: library
@ -14,22 +14,22 @@ manager: dansimp
 ms.author: macapara
 ---
-# Set up and use Windows Defender SmartScreen on individual devices
+# Set up and use Microsoft Defender SmartScreen on individual devices
 **Applies to:**
 - Windows 10, version 1703
 - Windows 10 Mobile
 - Microsoft Edge
-Windows Defender SmartScreen helps to protect users if they try to visit sites previously reported as phishing or malware websites, or if a user tries to download potentially malicious files.
+Microsoft Defender SmartScreen helps to protect users if they try to visit sites previously reported as phishing or malware websites, or if a user tries to download potentially malicious files.
-## How users can use Windows Security to set up Windows Defender SmartScreen
+## How users can use Windows Security to set up Microsoft Defender SmartScreen
-Starting with Windows 10, version 1703, users can use Windows Security to set up Windows Defender SmartScreen for an individual device; unless and administrator has used Group Policy or Microsoft Intune to prevent it.
+Starting with Windows 10, version 1703, users can use Windows Security to set up Microsoft Defender SmartScreen for an individual device; unless an administrator has used Group Policy or Microsoft Intune to prevent it.
 >[!NOTE]
 >If any of the following settings are managed through Group Policy or mobile device management (MDM) settings, it appears as unavailable to the employee.
-**To use Windows Security to set up Windows Defender SmartScreen on a device**
+**To use Windows Security to set up Microsoft Defender SmartScreen on a device**
 1. Open the Windows Security app, and then select **App & browser control** > **Reputation-based protection settings**.
 2. In the **Reputation-based protection** screen, choose from the following options:
@ -38,13 +38,13 @@ Starting with Windows 10, version 1703, users can use Windows Security to set up
       - **On.** Warns users that the apps and files being downloaded from the web are potentially dangerous but allows the action to continue.
-       - **Off.** Turns off Windows Defender SmartScreen, so a user isn't alerted or stopped from downloading potentially malicious apps and files.
+       - **Off.** Turns off Microsoft Defender SmartScreen, so a user isn't alerted or stopped from downloading potentially malicious apps and files.
-   - In the **Windows Defender SmartScreen for Microsoft Edge** area:
+   - In the **Microsoft Defender SmartScreen for Microsoft Edge** area:
       - **On.** Warns users that sites and downloads are potentially dangerous but allows the action to continue while running in Microsoft Edge.
-       - **Off.** Turns off Windows Defender SmartScreen, so a user isn't alerted or stopped from downloading potentially malicious apps and files.
+       - **Off.** Turns off Microsoft Defender SmartScreen, so a user isn't alerted or stopped from downloading potentially malicious apps and files.
   - In the **Potentially unwanted app blocking** area:
      - **On.** Turns on both the 'Block apps' and 'Block downloads settings. To learn more, see [How Microsoft identifies malware and potentially unwanted applications](https://docs.microsoft.com/windows/security/threat-protection/intelligence/criteria#potentially-unwanted-application-pua).
@ -54,21 +54,21 @@ Starting with Windows 10, version 1703, users can use Windows Security to set up
      - **Off.** Turns off Potentially unwanted app blocking, so a user isn't alerted or stopped from downloading or installing potentially unwanted apps.
-   - In the **Windows Defender SmartScreen from Microsoft Store apps** area:
+   - In the **Microsoft Defender SmartScreen from Microsoft Store apps** area:
     - **On.** Warns users that the sites and downloads used by Microsoft Store apps are potentially dangerous but allows the action to continue.
-     - **Off.** Turns off Windows Defender SmartScreen, so a user isn't alerted or stopped from visiting sites or from downloading potentially malicious apps and files.
+     - **Off.** Turns off Microsoft Defender SmartScreen, so a user isn't alerted or stopped from visiting sites or from downloading potentially malicious apps and files.
-       ![Windows Security, Windows Defender SmartScreen controls](images/windows-defender-smartscreen-control-2020.png)
+       ![Windows Security, Microsoft Defender SmartScreen controls](images/windows-defender-smartscreen-control-2020.png)
-## How Windows Defender SmartScreen works when a user tries to run an app
+## How Microsoft Defender SmartScreen works when a user tries to run an app
-Windows Defender SmartScreen checks the reputation of any web-based app the first time it's run from the Internet, checking digital signatures and other factors against a Microsoft-maintained service. If an app has no reputation or is known to be malicious, Windows Defender SmartScreen can warn the user or block the app from running entirely, depending on how you've configured the feature to run in your organization.
+Microsoft Defender SmartScreen checks the reputation of any web-based app the first time it's run from the Internet, checking digital signatures and other factors against a Microsoft-maintained service. If an app has no reputation or is known to be malicious, Microsoft Defender SmartScreen can warn the user or block the app from running entirely, depending on how you've configured the feature to run in your organization.
-By default, users can bypass Windows Defender SmartScreen protection, letting them run legitimate apps after accepting a warning message prompt. You can also use Group Policy or Microsoft Intune to block your employees from using unrecognized apps, or to entirely turn off Windows Defender SmartScreen (not recommended).
+By default, users can bypass Microsoft Defender SmartScreen protection, letting them run legitimate apps after accepting a warning message prompt. You can also use Group Policy or Microsoft Intune to block your employees from using unrecognized apps, or to entirely turn off Microsoft Defender SmartScreen (not recommended).
 ## How users can report websites as safe or unsafe
-Windows Defender SmartScreen can be configured to warn users from going to a potentially dangerous site. Users can then choose to report a website as safe from the warning message or as unsafe from within Microsoft Edge and Internet Explorer 11.
+Microsoft Defender SmartScreen can be configured to warn users from going to a potentially dangerous site. Users can then choose to report a website as safe from the warning message or as unsafe from within Microsoft Edge and Internet Explorer 11.
 **To report a website as safe from the warning message**
 - On the warning screen for the site, click **More Information**, and then click **Report that this site does not contain threats**. The site info is sent to the Microsoft feedback site, which provides further instructions.
@ -82,7 +82,7 @@ Windows Defender SmartScreen can be configured to warn users from going to a pot
 ## Related topics
 - [Threat protection](../index.md)
- [Windows Defender SmartScreen overview](windows-defender-smartscreen-overview.md)
+- [Microsoft Defender SmartScreen overview](windows-defender-smartscreen-overview.md)
 >[!NOTE]
 >Help to make this topic better by providing us with edits, additions, and feedback. For info about how to contribute to this topic, see [Contributing to TechNet content](https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md).
--- a/windows/security/threat-protection/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-baselines.md
@ -1,6 +1,6 @@
 ---
 title: Windows security baselines
-description: Learn how to use Windows security baselines in your organization. Specific to Windows 10, Windows Server, and Office 365 ProPlus.
+description: Learn how to use Windows security baselines in your organization. Specific to Windows 10, Windows Server, and Microsoft 365 Apps for enterprise.
 keywords: virtualization, security, malware
 ms.prod: w10
 ms.mktglfcycl: deploy
@ -21,7 +21,7 @@ ms.reviewer:
 -   Windows 10
 -   Windows Server 
-   Office 365 ProPlus 
+-   Microsoft 365 Apps for enterprise 
 ## Using security baselines in your organization 
@ -64,7 +64,7 @@ The security baselines are included in the [Security Compliance Toolkit (SCT)](s
 ## Community
-[![Microsoft Security Guidance Blog](images/community.png)](https://blogs.technet.microsoft.com/secguide/) 
+[![Microsoft Security Guidance Blog](images/community.png)](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bd-p/Security-Baselines) 
 ## Related Videos
@ -73,9 +73,9 @@ You may also be interested in this msdn channel 9 video:
 ## See Also
-   [Microsoft Endpoint Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager)
+- [Microsoft Endpoint Configuration Manager](https://www.microsoft.com/cloud-platform/system-center-configuration-manager)
-   [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite)
+- [Operations Management Suite](https://www.microsoft.com/cloud-platform/operations-management-suite)
-   [Configuration Management for Nano Server](https://blogs.technet.microsoft.com/grouppolicy/2016/05/09/configuration-management-on-servers/)
+- [Configuration Management for Nano Server](https://docs.microsoft.com/archive/blogs/grouppolicy/configuration-management-on-servers/)
-   [Microsoft Security Guidance Blog](https://blogs.technet.microsoft.com/secguide/)
+- [Microsoft Security Guidance Blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines)
-   [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319)
+- [Microsoft Security Compliance Toolkit Download](https://www.microsoft.com/download/details.aspx?id=55319)
-   [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319) 
+- [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=55319) 
--- a/windows/whats-new/whats-new-windows-10-version-1903.md
+++ b/windows/whats-new/whats-new-windows-10-version-1903.md
@ -53,7 +53,7 @@ SetupDiag is a command-line tool that can help diagnose why a Windows 10 update
 ## Servicing
- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Office 365 ProPlus updates, and Intune content, with Microsoft Endpoint Configuration Manager content coming soon! 
+- [**Delivery Optimization**](https://docs.microsoft.com/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with of [new policies](https://docs.microsoft.com/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Microsoft 365 Apps for enterprise updates, and Intune content, with Microsoft Endpoint Configuration Manager content coming soon! 
 - [**Automatic Restart Sign-on (ARSO)**](https://docs.microsoft.com/windows-insider/at-work-pro/wip-4-biz-whats-new#automatic-restart-and-sign-on-arso-for-enterprises-build-18305): Windows will automatically logon as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.  
 - [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. 
 - **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
--- a/windows/whats-new/whats-new-windows-10-version-1909.md
+++ b/windows/whats-new/whats-new-windows-10-version-1909.md
@ -72,7 +72,7 @@ This update includes 5 fixes to allow the host to run down-level containers on u
 [Windows Virtual Desktop](https://docs.microsoft.com/azure/virtual-desktop/overview) (WVD) is now generally available globally!
-Windows Virtual Desktop is a comprehensive desktop and app virtualization service running in the cloud. It’s the only virtual desktop infrastructure (VDI) that delivers simplified management, multi-session Windows 10, optimizations for Office 365 ProPlus, and support for Remote Desktop Services (RDS) environments. Deploy and scale your Windows desktops and apps on Azure in minutes, and get built-in security and compliance features. Windows Virtual Desktop requires a Microsoft E3 or E5 license, or a Microsoft 365 E3 or E5 license, as well as an Azure tenant.
+Windows Virtual Desktop is a comprehensive desktop and app virtualization service running in the cloud. It’s the only virtual desktop infrastructure (VDI) that delivers simplified management, multi-session Windows 10, optimizations for Microsoft 365 Apps for enterprise, and support for Remote Desktop Services (RDS) environments. Deploy and scale your Windows desktops and apps on Azure in minutes, and get built-in security and compliance features. Windows Virtual Desktop requires a Microsoft E3 or E5 license, or a Microsoft 365 E3 or E5 license, as well as an Azure tenant.
 ## Deployment